Viry a Červi

The two were able to hack into the SEC's computer systems due to phishing attacks that stole credentials and spread malware.

Leaky Fortnite single sign-on mechanism could have allowed hackers to access game accounts.

The threat group also has a new subsidiary, Magecart Group 12.

A tale of XSS, SQL injection and OAuth implementation

Crafty infosec bods exploited XSS vulns on dusty corners of Epic Games’ web infrastructure to steal Fortnite gamers’ login tokens and compromise their accounts – using a genuine Epic Games URL to phish their marks.…

VOIPO acknowledged that a development server had been accidentally left publicly accessible, and took the server offline.

Whoa - is that an Access 97 iceberg dead ahead?

Microsoft has released a second raft of fixes for Windows 10 following the monthly Patch Tuesday excitement last week. It has also issued some fixes for its latest Windows Insider build.…

Abby Fuller got a shock when she logged into WhatsApp using a new telephone number. She found someone else’s messages waiting for her.

Of the six advisories Intel released last week, the most interesting is a flaw discovered in the company’s Software Guard Extensions (SGX).

Credit card thieves are laundering money by purchasing the in-game currency V-Bucks, then selling it back at a discount to players.

The landmark decision asserts the same legal protection for biometrics that we're given for passcodes.

Crooks banked $270,000 in just one move, it is claimed

A pair of Ukranian hackers broke into America's financial watchdog to swipe insider info for stock traders, it is claimed.…

Multiple hardcoded passwords allow attackers to create badges to gain building entry, access video surveillance feeds, manipulate databases and more.

Security hole can still be exploited to tamper with journeys, warn infosec bods

Exclusive  A security hole in a widely used airline reservation system remains open to exploit, allowing miscreants to edit strangers' travel details online, The Register has learned. A fix to close the vulnerability was incomplete, and thus ineffective, it is claimed.…

January is off to a running start on the data breach front, while Experian is predicting new attack frontiers ahead.

A ruling found that coercing suspects to open their phones using biometrics violates the fourth and fifth amendments.

Brand damage, loss of productivity, falling stock prices and more contribute to significant business impacts in the wake of a breach.

Authentication is simply AWOL for remote RF control equipment, says Trend Micro

Did you know that the manufacturing and construction industries use radio-frequency remote controllers to operate cranes, drilling rigs, and other heavy machinery? Doesn't matter: they're alarmingly vulnerable to being hacked, according to Trend Micro.…

Microsoft has vexed its Windows 7 users with a misbehaving update that caused licensing and networking errors.

In an interesting move for villainy, a thief who stole over $1 million from the Ethereum Classic blockchain has given some of it back.

Facebook's relying on demotion instead of removal, so users will still be able to share content, even if Full Fact rates it inaccurate.