The decision to award the bug has been welcomed but one security researcher has said that they need to do more to compensate those who find bugs A US teenager has been given a rare bug bounty by Apple after he discovered a security flaw in Apple’s FaceTime video-calling service. Grant Thompson, a 14-year-old from

Cryptocurrency stealers that replace a wallet address in the clipboard are no longer limited to Windows or shady Android app stores For security reasons, addresses of online cryptocurrency wallets are composed of long strings of characters. Instead of typing them, users tend to copy and paste the addresses using the clipboard. A type of malware,

ESET researchers have discovered new versions of the DanaBot Trojan, updated with a more complicated protocol for C&C communication and slight modifications to architecture and campaign IDs The fast-evolving, modular Trojan DanaBot has undergone further changes, with the latest version featuring an entirely new communication protocol. The protocol, introduced to DanaBot at the end of

The new tool aims to help in an age when billions of login credentials are floating around the internet Google has released a new extension for Chrome that will alert you if one of your username/password combinations is known to be already out ‘in the wild’, according to the company’s blog post. Whenever you enter

The watch has been found to expose its wearers to a high level of risk of being contacted and monitored by attackers The European Commission has issued a recall order for a smartwatch aimed at children due to concerns that it represents a serious risk for the privacy and security of its wearers. The watch,

Citing an ongoing investigation, the company wouldn’t say how or when the incident occurred Online home design biz Houzz revealed late last week that it had been hit by a data breach recently, but didn’t disclose when the incident had occurred or how many people had actually been affected. “Houzz recently learned that a file

ESET researchers have detected a substantial new wave of the “Love you” malspam campaign, updated to target Japan and spread GandCrab 5.1 While finishing our analysis on a recent surge in malicious spam targeting Russia, we noticed another, unrelated, JavaScript-fueled campaign reaching new heights in our telemetry. Apparently, the “Love You” malspam campaign from mid-January

A closer look at cybercrime as a service on the dark web The cybercrime industry cost the world three trillion dollars in 2015 and it is predicted that this amount will rise to six trillion by 2021, according to this 2018 Cybersecurity Ventures post.  When we say cost, we are talking about all the expenses

The recently discovered tranches of stolen login credentials freely floating around the internet total 2.2 billion records Two weeks ago, reports that a vast compilation of stolen access credentials was being widely circulated, not only in the internet’s dark recesses, made the headlines. Before long, additional reports began to pour in that this trove of data,

Smart devices were targeted by more than one-half of cyberattacks detected in the country in 2017 Japan has approved a plan to test the security of around 200 million Internet-of-Things (IoT) devices in the country in a bid to beef up their cyber-resilience, according to a report by Japan’s public broadcaster NHK World. Armed with

First closing in on operators, now on users, as the hunt continues and law enforcement in many countries is about to swoop on people who bought DDoS attacks on WebStresser Remember last year’s takedown of the then biggest marketplace for hiring distributed denial-of-service (DDoS) attacks? The global law enforcement operation, called Power OFF, that shut

The company is rushing to fix a glitch that may let other iPhone users hear and see you – before you answer the call Apple has promised to issue a software update later this week to fix a serious bug in Apple’s video and audio call app FaceTime that can be easily exploited to spy

Among the increased number of malicious JavaScript email attachments observed in January 2019, ESET researchers have spotted a large wave of ransomware-spreading spam targeting Russian users January 2019 has seen a dramatic uptick in detections of malicious JavaScript email attachments, an attack vector that mostly lay dormant throughout 2018.  Among the “New Year edition” of

A strong password is a great start, but there are more ways to make sure that your email is as secure as possible Email is a crucial part of most people’s daily lives, but few people consider how it’s secured, apart from entering a password to access our accounts. What options are available or even

Study shows the majority of Americans fear the misuse of their personal data supplied to websites, and view cybercrime as a threat to their country Seventy percent of Americans surveyed by ESET are worried about the misuse of personal data supplied to websites when banking or shopping online, and an overwhelming majority of Americans now

Everybody loves quizzes. So why not take this one and hone your phish-spotting prowess? Google’s technology incubator Jigsaw has revealed a quiz that tests users’ abilities to identify phishing attacks. In asking you to distinguish legitimate emails from phishing scams, the test reveals some of the most common scenarios that fraudsters use with a view

The plugin’s users are recommended to change their passwords on WPML’s website following havoc reportedly wrought by a disgruntled ex-employee The company behind the widely-used WordPress plugin WPML has been through a tumultuous few days after many of its customers received an email this past weekend that purported to warn them about “a bunch of

France’s data protection watchdog issues the first major penalty under the EU’s new privacy regime France’s data protection watchdog CNIL has slapped Google with a fine of €50 million (almost US$57 million) for what the authority views as the tech giant’s failure to adhere to its obligations that stem from the European Union’s (EU) data

If you use Twitter for Android and want your tweets to be private, you may want to play safe and review your settings Twitter has disclosed that it’s fixed a bug that, for more than four years, made the private (aka ‘protected’) tweets of some of the platform’s users public. The flaw affected an unknown

As another thing to improve this year, you may want to route your focus on a device that is the nerve center of your network and, if poorly secured, the epicenter of much potential trouble How do you secure your network? For the most part, this honor goes to the one device that talks to

The hacking duo is believed to have exploited a software flaw and compromised several SEC workstations with malware in order to take early peeks at financial disclosures Two Ukrainian men are facing charges over their roles in an international stock-trading scheme that began with the pair’s breaking into the computer systems of the US Securities

The vast dossier of stolen login details appears to have been gathered from data stolen in many breaches Nearly 773 million unique email addresses and more than 21.2 million unique, plain-text passwords were there for the taking recently in a massive data dump that’s been dubbed Collection #1. The news comes from security researcher Troy

The electric car maker is raising the ante in automotive security, putting one of its swanky models as a target at a hacking contest White-hat hackers who can break into a Tesla Model 3 will soon be in the running for, yes, a Tesla Model 3, according to a report on Teslarati. Driven by considerations

Forget balaclavas or hoodies; these cybercriminals are hiding in plain sight In my days when I worked for the police, we would constantly try to profile criminals because it made our investigations easier. We would even regularly use specialist criminal profilers and psychologists to help with slow cases in order to gather additional clues, which

In our final report from CES we take a look at smart city initiatives This year at CES there was an entire section devoted to smart city initiatives municipalities are rolling out in many cities around the world, or planning to. As we noted in our look at automotive security and IoT security previously, the

What’s in store for automotive security once cars morph into mobile living rooms and working spaces? And how about transportation at large? There is a certain singularity to CES (Consumer Electronics Show), where vehicles, security, and a host of other technologic doodads unite around a given platform, in this case the car. As these converge,

No 3D-printed heads or realistic masks were needed to trick even a handful of high-end handset models into unlocking their screens A Dutch non-profit has tested facial recognition on 110 smartphones to see just how well their implementations of this method of biometric authentication secure the devices – and found that the picture isn’t pretty.

There’s a digital treasure trove to be had in your home so you should take steps to protect it There isn’t a square meter of the show floor here at CES that doesn’t have some gadget connected to the internet. Whether tiny robots, your next house lighting controller, or new-fangled drink machine, it’s all connected.

In case there are some blank entries in your laundry list of New Year’s resolutions, we have a few tips for a bit of cybersecurity ‘soul searching’. Here’s the first batch, looking at how you can fix your good ol’ passwords. Many of us entered 2019 with a boatload of New Year’s resolutions. Doing more

The program with a prize pool of almost US$1 million aims to leverage the ‘power of the crowd’ in order to prevent another Heartbleed The European Union (EU) is rolling out a bug bounty scheme on some of the most popular free and open source software around in a bid to ultimately make the internet