Electronic toys maker VTech has recently been a victim of a cyber-attack, which has seen the data of more than 6.3 million children exposed. The hackers got access to chat logs and photos.

Following the breach, VTech has updated its End User License Agreement, saying the company can’t provide a 100 percent guarantee that it won’t be hacked. It also shifts the responsibility back to the parents:

Continue reading →

Hackers have leaked the contact information of 20,000 FBI employees, which follows the previous day's release of 10,000 Homeland Security employees' data.

The hackers communicating through Twitter, claimed "Well folks, it looks like @TheJusticeDept has finally realized their computer has been breached after one week".

Continue reading →

The energy industry is mostly unprepared for cyber-threats, a new study by Tripwire suggests.

The global provider of advanced threat, security and compliance solutions announced these results in a study conducted for it by Dimensional Research. The study looked at cyber-security challenges faced by organizations in the energy sectors, and includes answers from more than 150 IT professionals.

Continue reading →

There are numerous ways to keep your smartphone safe from prying eyes, and a lock screen protected with a passcode is a popular choice. But a newly discovered vulnerability in iOS 8 and iOS 9 means that iPhones and iPads could be accessed by attackers.

The vulnerability was discovered by security analyst Benjamin Kunz Mejri and it has been assigned a Common Vulnerability Scoring System (CVSS) count of 6.0, as well as a 'high' severity rating. Apple has been aware of the issue since late last year, but has yet to issue a patch.

Continue reading →

With its well-known habit of uncompromising surveillance, the NSA has earned itself something of a poor reputation among internet users. But while the spying side of the agency is what it is most famous for, it is actually made up of two different divisions: offensive and defensive.

Later this week the NSA is expected to announce an internal restructuring that will see the two divisions merging. This presents the agency with an interesting predicament: does it continue to work to fight the efforts of hackers, or does it adopt hacker-like techniques to help gather data? Experts says that the merger is a mistake, largely because the aim and modus operandi of the two departments are diametrically opposed.

Continue reading →

An interesting talk happened recently during the Usenix Enigma security conference in San Francisco. It was held by Rob Joyce, basically the number one hacker of the US. He is the head of NSA's Tailored Access Operations, or TAO. That's pretty much the government's hacking team, tasked with breaking and entering into the systems of its enemies. Or allies, if need be.

This man, who assumed the position of hacker-in-chief just a few months before Edward Snowden blew the whistle on the whole ordeal, spoke about a lot of things which Wired summed up in one smart sentence -- he explained how to keep people like him out of your systems.

Continue reading →

Kaspersky Lab has released its report into DDoS attacks for the fourth quarter of 2015, and it claims that the global reach of attacks shrunk, but the sophistication of those attacks grew.

According to the report, in the fourth quarter of 2015, resources in a total of 69 countries were attacked. In the previous quarter, that number stood at 79. Similar to the previous quarter, in the last three months of 2015 the majority of attacks (94.9 percent) took place in just ten countries, with the US, China and South Korea being the most affected of the bunch.

Continue reading →

Security researchers have discovered a vulnerability in LG G3 smartphones which could be exploited to run arbitrary JavaScript to steal data. The issue has been named Snap, and was discovered by Israeli security firms BugSec and Cynet.

What is particularly concerning about Snap is that it affects the Smart Notice which is installed on all LG G3s by default. By embedding malicious script in a contact, it is possible to use WebView to run server side code via JavaScript. If exploited, the vulnerability could be used to gather information from SD cards, steal data from the likes of WhatsApp, and steal private photos.

Continue reading →

As workers eagerly awaited the arrival of their first payday of 2016, and others rushed to file their tax returns ahead of Sunday's deadline, HSBC's online banking services were knocked offline today.

The banking giant was hit by a DDoS, but it is not yet clear who is responsible. The attack meant that customers were unable to access their online accounts, and it is just the latest in a strong of high-profile security issues to affect well-known sites.

Continue reading →

There have numerous instances of credit card breaches recently, with many popular companies affected by the problems. News of one more seems to be expected these days, and now it is beginning to break that a fast food chain may be the latest in this growing line.

Before you panic, this is only being investigated at the moment, so everything may be fine. So far all that's known is that several banks reported a pattern of fraud charges and the common link was that each had been used at a Wendy's location.

Continue reading →

We're only a couple of weeks into a brand new year, and the outlook for security isn't looking particularly better. That doesn't mean you'll be hacked or malware will run wild on your computer, but it does mean you'll still need to be vigilant.

Now the popular Angler exploit kit has a brand new threat contained within it and this one could be especially scary. CryptoWall aims to lock up your files and hold them for ransom, an attack method that has been around now for sometime.

Continue reading →

There’s a good chance that the recent DDoS attack against the BBC was the biggest one, yet. That depends on whether the hackers behind the attack are exaggerating or not.

According to a CSO Online report, the hackers claimed the attack on the BBC website, which occurred on New Year’s Eve, reached 602Gbps. If that turns out to be true, that will be almost twice the size of the current biggest attack which sits at 334Gbps.

Continue reading →

My colleague Brian Fagioli has referred to the web being rather like the Wild West. I'm inclined to agree, but that's not to say that we have reached the same conclusion for the same reasons. For me, the web -- like the Wild West -- is not a world filled with danger, but one occupied by vigilantes. As a proponent of free speech, I find this concerning. One of the most highly-lauded of vigilantes is the disparate group marching under the ragged banner of Anonymous.

One of its taglines is 'We Are Anonymous', a phrase that can be uttered by anyone as there is no membership process -- if you say you are part of Anonymous, you are part of Anonymous. The group is not, for the most part, organized. Individuals and factions can fight for or against whatever cause they want, just like real-world vigilante groups. But Anonymous is not alone. There are hacking collectives and other online crusaders who see fit to take the law into their own hands. This might sound wonderful, but it's not necessarily a good thing. As New World Hackers demonstrate, attacks can target the wrong people and restrict free speech.

Continue reading →

A huge DDoS attack took the BBC's websites offline on Thursday, as well as the broadcaster's iPlayer streaming service. The disruption lasted for several hours, and now a US-based group of 'cyber hackers' that usually targets ISIS has claimed responsibility.

The New World Hacking group is a self-proclaimed hacktivist group that supports Anonymous. It says that despite effectively knocking the BBC from the face of the web, it was only meant to be a test of server power rather than a targeted attack on the corporation.

Continue reading →

Yesterday we reported that Microsoft will warn users of 'state-sponsored' attacks on their accounts. Sounds great, but does it actually mean anything? Is it a useful service by the tech giant, or just PR bluster?

Considering the covert nature of spying and digital attacks, coupled with legislation around the world, it seems likely that the announcement is little more than meaningless hot air. In the UK, for instance, the planned snooper's charter would make it illegal for companies to alert users to hacking and surveillance by British agencies.

Continue reading →