New breach: Ticketfly had 26M records posted publicly including email and physical addresses, names and phone numbers. 68% were already in Have I Been Pwned. Read more: motherboard.vice.com/en_us/article/…

The current wave of #GandCrab V4 infections in Germany arrives via fake job application emails with a photo of a young woman and .zip attachment. The email text is very well written German. Example ZIP name: "Viktoria Hagen - Bewerbung und Lebenslauf - 31.08.2018.zip"

This is a sad day for #India. In an order, the Ministry of Home Affairs authorised 10 agencies the "interception, monitoring and decryption [...] of any information generated, transmitted, received or stored in any computer resource" You are entering in a mass surveillance era

BitGrail lost $170 million worth of Nano XRB tokens because... the checks for whether you had a sufficient balance to withdraw were only implemented as client-side JavaScript reddit.com/r/CryptoCurren…

Security experts have discovered the first case of a #SCADA network infected with a #cryptocurrency mining #Malware securityaffairs.co/wordpress/6893…

A cryptocurrency miner hidden in a favicon.ico - welcome to 2018 via @chrskly

Attackers leveraging the CVE-2017-1000353 RCE vulnerability in the Jenkins Java deserialization implementation to mine Monero securityaffairs.co/wordpress/6923…

The digital era has made crime easier than ever, says a new report from McAfee and the Center for Strategic and International Studies cnet.com/news/cybercrim…

Cisco released its 2018 Annual Cybersecurity Report (ACR), revealing insights from its own efforts, as well as a survey of 3,600 CISOs eweek.com/security/cisco…

This is a top 300 Alexa website. And yet this happens 🤭 archive.is/g4X3Y #sysadmin #fail

Bicho supports multiple attack payloads and it can be used against any vehicle that supports CAN, without limitations regarding manufacturer or model helpnetsecurity.com/2018/03/05/bac…

Thales e-Security reveals that 48 percent of US healthcare organizations reported getting breached in the last year betanews.com/2018/03/05/hal…

Researchers bypass the password-protected Windows 10 lock screen and install malware from a website through Microsoft’s Cortana guru3d.com/news-story/sec…

Panerabread.com, the Web site for the bakery-cafe chain by the same name, leaked millions of customer records -- including names, DOBs, email/street addresses, last 4 of credit card -- until today: krebsonsecurity.com/2018/04/panera… Worst part: They were first notified 8 months ago

Google will try to purge the Chrome Web Store of extensions that hijack machines’ CPU resources helpnetsecurity.com/2018/04/03/chr…

Cynerio offers a platform that provides visibility into medical device behavior on the network to detect and halt nefarious activity. darkreading.com/risk/medical-d…

US Department of Homeland Security (DHS) detected strange fake cellphone towers – known as IMSI catchers – in America's capital. theregister.co.uk/2018/04/03/ims…

Don't give away historic details about yourself. Today's post looks at how countless social media users are doing just that, responding to quizzes that ask you to give away answers to commonly asked "secret questions." krebsonsecurity.com/2018/04/dont-g…

Remember how my iPhone got stolen by bikers who snatched it from my hand last week? I have reason to believe that the thieves are now trying to get me to reveal my iCloud password to reset it using an ingenious scam. It's useless to them without the iCloud password (thread)

Here’s an example of getting around 2FA with social engineering. 😬🤖 Dang. Thanks ABBO for sharing this.