I've been at CloudSec 2016 in London, listening to various security professionals from the likes of Trend Micro and Microsoft talk about the challenges businesses face in securing their data in the cloud.

As you could probably have guessed, talks have centered around the ever-expanding threat landscape, the continued industrialization of cybercrime through various underground marketplaces around the world and general cyber security trends.

Continue reading →

It seems that serious data breaches are all but an everyday occurrence at the moment. At the same time, there have also been instances of historical hacks suddenly coming to light such as the 2012 breach of Dropbox.

But Dropbox was not the only company to suffer an attack in 2012 -- so did music site Last.fm. Now, four years after the hack, details of 43 million accounts have been leaked.

Continue reading →

OurMine is a hacking collective that gets its jollies by causing havoc in the name of security. For instance, the group often takes over Twitter accounts, causing distress to the handle owner. Heck, just last month it hacked TechCrunch. Ultimately, OurMine never seems to cause real damage -- its antics are an inconvenience more than anything.

Today, OurMine hacks Variety.com and takes its mischief to a new level. You see, the hackers not only infiltrated the company's newsletter database, but OurMine sent spam to the contained subscriber email addresses too. Apparently it was not just one spam email, but many.

Continue reading →

Remember how Dropbox asked all those that haven't changed their passwords since 2012 to do so now? Remember how they said they did it for no particular reason, just as a precaution? Turns out, it was much more than that.

As a matter of fact, back in 2012, more than 68 million accounts were hacked.

Continue reading →

Russian internet giant Mail.ru has been hacked once again, and some 25 million accounts associated with forums run by the company have been compromised.

Among the data that was stolen are usernames, passwords (easily crackable, according to Secure CloudLink), email addresses, phone numbers, birthdays and IP addresses.

Continue reading →

Opera Software is advising all users of the sync feature of its Opera browser to change their passwords following a security breach. Details are a little scant at the moment, but the company says that servers were breached earlier in the week and user data may have been compromised.

Opera Sync is used to synchronize user data between different computers but it is apparently used by under "0.5% of the total Opera user base". However, with a user base of 350 million this means that upwards of 1.7 million people could be affected.

Continue reading →

Reusing a password on multiple sites is a recipe for disaster. Why? Well, the password is now only as safe as the weakest site. For example, if you use the same user credentials for a shopping site that you do for a banking site, and the shopping site is hacked, your banking password is now exposed. Bad guys will try stolen credentials on various sites looking for where they might work.

Today, Epic Games, maker of  popular games like Unreal and Infinity Blade, announces that its forums have been hacked. Now, if you don't reuse passwords, that isn't a huge deal, right? Sort of. True, your discussions about games might not be particularly sensitive, but you may still feel pain.

Continue reading →

Hacking by its very nature tends to be an activity that takes place in the shadows. However, analysts at security awareness specialist Digital Shadows have identified a growing trend of some hackers actively seeking the limelight to promote their businesses.

Just as in the legitimate commercial world, reputation is important and players without one are less likely to be trusted. In order to boost their profiles therefore some cyber criminals have been using publicity to add to their credibility.

Continue reading →

The NSA has (or had...) a collection of malware in its cyber arsenal. It has been stolen by hackers. It is now available to buy.

A group of hackers going by the name of Shadow Brokers claims to have stolen a range of hacking and malware tools from Equation Group's servers -- Equation Group is itself closely linked with the NSA. The group is offering the tools for auction and will sell them to the highest bidder. If bidding reaches one million Bitcoins, however, the group says it will make the tools publicly available to all.

Continue reading →

Professional social network LinkedIn is suing 100 anonymous individuals for data scraping. It is hoped that a court order will be able to reveal the identities of those responsible for using bots to harvest user data from the site.

The Microsoft-owned service takes pride in the relationship it has with its users and the security it offers their data. Its lawsuit seeks to use the data scrapers' IP addresses and then discover their true identity in order to take action against them.

Continue reading →

As many as 20 hotels in the US have been hit by malware, and fears are spreading that customer data, including credit card information, was stolen.

According to a Reuters report, hotels under attack include Starwood, Marriott, Hyatt and Intercontinental -- all part of the HEI Hotels & Restaurants.

Continue reading →

Another day, another major data breach. This time it’s Oracle’s MICROS, its point-of-sale division, that got hurt. According to security researcher Brian Krebs, who first disclosed the breach in a blog post (you can read it here), chances are that a Russian organized cyber-crime group is behind this.

The group, called Carbanak, is believed to have inserted malicious code in the company’s software and, apparently, 700 internal systems were compromised as a result.

Continue reading →

Following uncertainty around who was responsible for the compromise of the Democratic National Committee’s (DNC) servers in the US -- which was first blamed on the Russian Government and then claimed by an individual named Guccifer 2.0 -- Fidelis Cybersecurity was approached by personnel handling the investigation for the DNC to undertake an independent investigation in order to provide its perspective on the intrusion.

As part of this investigation, Fidelis analyzed the same malware and data (including file names, file sizes and IP addresses) that were used in the DNC incident. Here are the main findings.

Continue reading →

The theft of 119,756 Bitcoin from the Bitfinex exchange has seen the price of the cryptocurrency plummet by 23 percent. In what has been described as the second biggest Bitcoin theft after MtGox, $72 million worth of Bitcoins vanished from user's accounts.

It seems that Bitfinex suffered a massive security breach when it was hit by hackers who started to filter money out of segregated wallets. Despite the hack, the exchange says that this incident doesn’t "expose any weaknesses in the security of a blockchain".

Continue reading →

As more and more devices get connected to the Internet of Things, so their susceptibility to hacking increases too.

New research from enterprise data protection company Vormetric in conjunction with Wakefield Research shows that this is a concern for many people.

Continue reading →