The CCleaner Attack Was Worse Than We Knew

When Avast announced that 2.27 million people had downloaded a malware-riddled copy of its performance optimisation software CCleaner, it was initially believed that a second payload—that can control a system—was never delivered to victims. It’s now clear that wasn’t the case, and it appears the attackers may have been targeting tech firms for the purposes of industrial espionage. Read More >>

A Smart Pump Used by Hospitals to Deliver IV Drugs Is Vulnerable to Wireless Attacks

The last place you should have to worry about being hacked is laid out in a hospital bed. But as wireless devices continue to fill patient rooms, those fears can’t help but grow. Read More >>

Mexican Tourism Company Leaked Tens of Thousands of Credit Cards and Passports Online

Security researchers last month discovered a trove of scanned images depicting the credit cards and passports of more than 88,600 international travellers. It’s unknown for how long the documents, which were secured on Wednesday, had been sitting online, just waiting to be stolen. Read More >>

Lenovo Gets a Slap On the Wrist For Loading Up Computers With Dangerous Adware

Users who purchased a Lenovo PC between September 2014 and January 2015 got an extra special surprise in the form of adware that left them wide open to malicious attacks. After two and a half years of legal wrangling, America's Federal Trade Commission (FTC) settled its lawsuit against the company, and it’s hard to imagine that executives learned their lesson. Read More >>

How Spammers Hijack Abandoned URLs to Spread SEO Garbage Across the Internet

“Was The Morningside Post website hacked?” a friend asked me. The site, which I once co-edited, seemed to have died, and returned as a zombie version of itself. About five months ago, my successors at TMP—the student-run news publication at Columbia University’s School of International and Public Affairs—accidentally allowed their site’s web domain registration to lapse. A mysterious new owner snapped the site up, cloned its content, and transformed it all into sloppy, spammy garbage. Read More >>

Instagram Got Hacked

Instagram, Facebook’s hotter, snootier subsidiary, may have a massive data breach on its hands. Read More >>

Security Researchers Discover Spammer List of Over 711 Million Email Accounts

An unknown hacker has gathered up to 711 million email accounts stored on an “open and accessible” server in the Netherlands, ZDNet reported. The server contains passwords to both email addresses and servers which are apparently being used to send large amounts of spam through legitimate accounts, thereby bypassing filters. Read More >>

FBI Arrest Chinese National Linked to US Government Agency Data Breach

A 36-year-old Chinese national was arrested in Los Angeles this week in connection with a computer hacking conspiracy involving malware linked to the 2014 US Office of Personnel Management (OPM) data breach. The OPM is responsible for managing civil service employment for the federal government, meaning the hacking incident was a national-level breach of privacy. Read More >>

DNA Testing Data Is Disturbingly Vulnerable to Hackers

Hidden within our genetic code is a vast treasure trove of personal information about our health, relationships, personality and family history. Given all the sensitive details that a DNA test can reveal, you would hope that the people and programs handling that information would be vigilant in safeguarding its security. But it turns out that’s not necessarily the case. Read More >>

Top Security Firm May Be Leaking ‘Terabytes’ of Confidential Data From Major Companies

A leading American security firm and purveyor of anti-malware detection services is waking up to a damning report about a massive vulnerability in its flagship product. The report describes an unimaginable leak, the scope of which covers a wide range of confidential data, including customer credentials and financial records, among other sensitive files. Read More >>

The WannaCry Ransomware Attackers Are Cashing Out Their Bitcoin at a Dangerous Time

When the WannaCry ransomware attack hit back in May, it was really good at causing chaos but not so great at generating ransom money. Some analysts said that the attackers were amateurish in their methods. If the people behind the malware are as clumsy as they seem, they should be worried, because they recently started moving what Bitcoin they did collect during a particularly perilous time for cybercriminals. Read More >>

A Conference of Hackers Totally Pwned American Voting Machines

A noisy cheer went up from the crowd of hackers clustered around the voting machine tucked into the back corner of a casino conference room—they’d just managed to load Rick Astley’s “Never Gonna Give You Up” onto the WinVote, effectively rickrolling democracy. Read More >>

The US Wants to Force ‘Smart’ Device Makers to Secure Their Shit

The swarm of internet-connected security cameras, kitchen appliances, wearables, and other gadgets that make up the Internet of Things are notoriously insecure. Two US senators want to fix that—at least for tech acquired by the federal government—and are introducing bipartisan legislation intended to force manufacturers to include basic security features in their products. Read More >>

Hackers Breach Cybersecurity Company in Apparent Revenge on Employee

A threat analyst at the cybersecurity firm Mandiant has been hacked and the attackers are claiming to have lurked on his computer for a year, collecting his login credentials for various sites and tracking his location. Read More >>

A Hacker’s Guide to Protecting Your Privacy While Dating 

Love makes people do dumb stuff. But there are practical, easy steps we can take to maintain our privacy during romantic relationships, and changing one simple behaviour now could keep us safe later on if the relationship ends badly. Read More >>