College student Zachary Shames, who's pleaded guilty to developing and selling Limitless Logger spyware, was outed to the FBI by security firm Trend Micro after Shames failed to compartmentalize his online activities. Turns out hiding your identity online is harder than it might appear.
The many companies in the Middle East that do business in Europe - and handle Europeans' data - now must comply with the European Union's new General Data Protection Regulation. And some security experts say that could lead to a boost in data security practices in the region.
Two Florida men have pleaded guilty to helping operate an unlicensed bitcoin exchange, Coin.mx, as a result of a wide-ranging government investigation into a massive scheme that involved hacking into multiple financial institutions, including JPMorgan Chase.
Information security researchers have charted a steep decline in Locky ransomware and Dridex banking Trojan distribution in recent weeks. While that's good news, it may only reflect that a cybercrime gang is on vacation.
Dutch police reveal they arrested an e-commerce website developer on charges of installing backdoors that allowed him to siphon 20,000 email addresses and passwords, which he then allegedly used to commit fraud using some old-school tactics.
Malware designed to get ATMs to spit out their cash - advanced when it first debuted - has been upgraded, according to a report from FireEye. Now, the Ploutus-D malware talks to legitimate ATM middleware, enabling it to target machines from 40 vendors. What does this mean for financial institutions?
A researcher claims WhatsApp has dismissed his finding that there's a backdoor in the application that could allow attackers to unlock encrypted messages. But the controversy is more nuanced - and for most of us, much less threatening - than it might first appear.
Yet another study reveals that millions of people are picking weak passwords, with "123456" remaining our collective favorite. Rules requiring stronger passwords and not forcing passwords to expire both could help boost security.
Yet another power blackout in Ukraine was the result of attackers striking via spear-phishing emails and malware, researchers have confirmed. Ukraine's president blamed the campaign on Russia and said it disrupted a number of critical infrastructure targets.
A list of "super user" passwords - and a default username - now circulating online appears to allow unauthorized access to some webcam video streams, security researchers warn. If confirmed, it would be yet another massive internet of things security failure by a device manufacturer.
The website of Hindustan Petroleum Corp. Ltd. has been hijacked by hackers, according to Arctos Threat Research Co. Arctos claims it discovered that HPCL's website was infected with Cerber ransomware. But HPCL is awaiting the results of CERT-In's investigation into whether the website, indeed, is infected.
Seven state insurance commissioners conclude in a new in-depth report that the massive cyberattack on Anthem Inc. was carried out by a hacker on behalf of a nation-state. But they stop short of naming the nation involved or penalizing Anthem for the breach that affected 80 million.
The KillDisk disk-wiping malware, previously tied to espionage operations, has been updated with crypto-locking capabilities and now targets Linux as well as Windows systems. But security experts warn that attackers using the Linux variant have no way to furnish a decryption key.