Samsung Pay Leaks Mobile Device Information

Researcher at Black Hat Europe will show how Samsung Pay's security falls short and ways attackers could potentially bypass it.

Massive Cloud Leak Exposes Alteryx, Experian, US Census Bureau Data

A misconfigured Amazon Web Services S3 storage bucket exposed sensitive data on consumers' financial histories, contact information, and mortgage ownership.

Microsoft Azure AD Connect Flaw Elevates Employee Privilege

An improper default configuration gives employees unnecessary administrative privilege without their knowledge, making them ideal targets for hackers.

Phishing Campaign Underscores Threat from Low Budget, Low Skilled Attackers

For just over $1,000, a phishing operation successfully spied on members of the Tibetan community for 19 months, Toronto University's Citizen Lab found.

17 Things We Should Have Learned in 2017, but Probably Didn’t

The worm has returned and the Yahoos have all been exposed, but did 2017 teach us any genuinely new lessons we shouldn't already have known?

Git Some Security: Locking Down GitHub Hygiene

In the age of DevOps and agile development practices that lean heavily on GitHub and other cloud resources, strong controls are more important than ever.

New Banking Trojan Similar to Dridex, Zeus, Gozi

IBM researchers uncover a new form of banking malware distributed as a second-stage infection via the Emotet Trojan.

New Cryptocurrency Mining Malware Has Links to North Korea

A malware tool for stealthily installing software that mines the Monero virtual currency looks like the handiwork of North Korean threat actors, AlienVault says.

LockPoS Malware Sneaks onto Kernel via new Injection Technique

"Alarming evolution" of Flokibot bypasses antivirus software and was likely built by a group of advanced attackers, researchers say.

Kaspersky Lab Warns of Extremely Sophisticated Android Spyware Tool

Skygofree appears to have been developed for lawful intercept, offensive surveillance purposes.

Kaspersky Lab Seeks Injunction Against US Government Ban

Revenues and reputation have taken a hit in the wake of the US Department of Homeland Security's decision to prohibit use of its products and services by the feds, the company says.

Lazarus Group Targets Bitcoin Company

The cybercrime group blamed for attacks on the SWIFT financial network launches a spearphishing campaign to steal employee credentials at a London cryptocurrency company.