How sloppy OPSEC gave researchers an inside look at the exploit industry

New information from Lookout has given the public unique insights into how nation-states buy and develop surveillance exploits.

technology news

Senators worry that new D.C. Metro railcars could carry cyber risk

by Sean Lyngaas • 3 hours ago

The lawmakers exhorted the subway system's leadership to “take the necessary steps to mitigate growing cyber risks" to new railcars that could be produced by a Chinese company.

Former WPML employee hacks plugin website to spam customers

by Zaid Shoorbajee • 3 hours ago

The makers of the WPML plugin said they're taking legal action against the attacker.

Accused 'Methbot' ringleader pleads not guilty after extradition to U.S.

by Jeff Stone • 3 days ago

Aleksandr Zhukov is the lead defendant in the “Methbot” case, in which he is accused of renting more than 1,900 computer servers to simulate ad views.

Sneaky motion-detection feature found on Android malware

by Jeff Stone • 3 days ago

The logic seems to be that if a hacked phone was moving, the device probably wasn’t a research tool being used by a security company trying to detect malware, Trend Micro researchers said.

New code-validation project tries to spot the next industrial supply chain attack

by Sean Lyngaas • 4 days ago

A new DHS-funded project traces the provenance of software code.

Nearly 773 million email addresses leaked, spelling trouble for people who re-use passwords

by Jeff Stone • 4 days ago

Some 140 million email addresses and 10 million passwords are new to Hunt’s Have I Been Pwned website, the free service that tracks whether user credentials have been made available in data dumps.

Cryptojacking malware gets past cloud security programs by uninstalling them

by Zaid Shoorbajee • 4 days ago

Palo Alto Networks says this type of evasive technique is likely to keep popping up.

New 'Magecart' group used ad plugin to steal payment data from hundreds of websites

by Zaid Shoorbajee • 5 days ago

The attack bears similarity to Magecart activity, but researchers say a new Magecart group is behind it.

System restore: How stressed security bosses unwind from the daily grind

by Jeff Stone • 5 days ago

Cybersecurity professionals are saddled with stress. Here's how some decompress after playing defense against hackers on the daily.

Epic Games login tokens were susceptible to theft, research shows

by Zaid Shoorbajee • 5 days ago

Researchers say it was possible to hijack old Epic Games domains and use them break into other users' accounts.

TwitterFacebookLinkedInRedditGoogle Gmail