In new spear-phishing campaigns observed this month, the Cobalt hacking group targeted banks in Russia and Romania with emails containing two payloads pointing to two different command and control servers.
Last month, Google announced their Titan Security Key - a FIDO based security key that allows you to easily perform 2-step verification with compatible devices, browsers, and sites. While previously only available to Google Cloud users, Google has now made the key available to U.S. customers for $50 through the Google Play Store.
A new family of spyware for Android grabbed the attention of security researchers through its unusual set of features and their original implementation.
Earlier this week a security researcher released exploit code for a Windows zero-day affecting the Task Scheduler ALPC interface. Today, cyber-security firm Acros Security published a temporary fix (called a micropatch) that prevents exploitation of that particular zero-day.
The website of Banco de España, the national central bank of Spain, was taken offline at the beginning of the week by a DDoS attack claimed by hacktivist group Anonymous Catalonia.
Internal system broadcasts happening inside the Android OS expose sensitive user and device details that apps installed on the phone can access without the user's knowledge or permission.
Four years after its public disclosure, the Misfortune Cookie vulnerability continues to be a threat, this time affecting medical equipment that connects bedside devices to the hospital's network infrastructure.
Some PC owners may need to apply motherboard firmware updates in the near future to address two attacks on TPM chips detailed earlier this month by four researchers from the National Security Research Institute of South Korea.
Air Canada informed today 20,000 of its mobile app users that information listed under their profile may have been accessed without authorization.
OpenSSH continues to be vulnerable to oracle attacks, and the issue affects all versions of the suite since September 2011. Developers fixed a similar bug less than a week ago.
A popular vendor of cell-site simulators (also known as IMSI catchers or stingray devices) has told a US Senator that its equipment may interfere with 911 emergency calls.
The maintainers of Packagist, the PHP ecosystem's largest package repository, have fixed a critical vulnerability on their official website that could have allowed an attacker to hijack their service.
A new malspam campaign is underway that pretends to be shipping documents and contains an attachment that installs the DarkComet remote access Trojan. When DarkComet is installed, the malware has the ability to log your keystrokes, application usage, take screenshots, and more, which is then sent back to the malware developer.
A hacker is selling the personal details of over 130 million hotel guests for 8 Bitcoin ($56,000) on a Chinese Dark Web forum.
Instagram announced today plans to improve its two-factor authentication (2FA) mechanism by adding support for third-party authenticator apps.
After last week a security researcher revealed a vulnerability in Apache Struts, a piece of very popular enterprise software, active exploitation attempts have started this week.
A security researcher has published on Twitter details about a vulnerability in the Windows OS. The vulnerability is a "local privilege escalation" issue that allows an attacker to elevate the access of malicious code from a limited USER role to an all-access SYSTEM account.
Security researchers from Booz Allen Hamilton have spotted a previously unseen and undocumented malware strain that targets point-of-sale (POS) systems.