Top 10 Stories

Moscow and Washington are in talks to create a joint cyber security working group, a Russian news agency has reported. In its report, RIA news agency cited Russia’s special envoy on cyber security, Andrey Krutskikh. “Different proposals are being exchanged and are being studied, nobody is avoiding the need for negotiations and contacts,” Mr Krutskikh said, according to the agency. “There is no need to overdramatise the working process, it is underway without doubts, it is difficult taking...

A vulnerability in Valve's Source SDK, a library used by game vendors to support custom mods and other features, allows a malicious actor to execute code on a user's computer, and optionally install malware, such as ransomware, cryptocurrency miners, banking trojans, and others. The issue came to light today when security researcher Justin Taft of One Up Security published a report detailing his findings. The vulnerability is a simple buffer overflow in the Source SDK. The...

A highly sophisticated cyberespionage group called DarkHotel, which has been around for decades, is back in business.The hacker group is known for going after targets in the business sector, using luxury hotel's Wi-Fi to hack and spy on victims. However, DarkHotel hackers have now changed their strategy and are targeting political figures instead of CEO's, according to security experts. Although DarkHotel hackers previously typically used zero-day exploits in their campaigns, the cyberespionage group's new multi-pronged attack vector includes a...

Apple released a security patch on Wednesday that you should really consider updating to if you enjoy using Wi-Fi on your iOS devices. So, you know, just about everybody should update. The iOS 10.3.3 update addresses vulnerabilities with your Contacts, Messages, Notifications, Safari and other issues. One of the more potentially damaging exploits was hidden in the iPhone's Wi-Fi chipset, where an attacker could take over a device remotely if it was searching for a signal. For...

A Russian man who prosecutors say helped develop and distribute malware designed to steal personal financial information was sentenced Wednesday to five years in prison. Mark Vartanyan, also known as "Kolypto," was sentenced by US District Court Judge Mark Cohen in Atlanta after pleading guilty in March to computer fraud, federal prosecutors said. Vartanyan received two years of credit for time served, including more than two years in custody in Norway following his arrest there in October...

New "operational" samples of the NukeBot banking trojan have emerged months after its original creator published its source code. NukeBot's source code leak, which occurred in late March 2017, apparently attracted the attention of malware developers seeking to push out their own threats. Kaspersky Lab's Sergey Yunakovsky spotted some of those new samples in the wild. A few are "active," but most of them only in a limited form. View Full Story ORIGINAL SOURCE: Graham Cluley

Ninebot, the company behind Segway hoverboards, has issued new firmware to fix various security flaws that allow an attacker to connect to and take over users' devices. The flaws were discovered last year by Thomas Kilbride, a security researcher for IOActive, who contacted the company in private and disclosed his findings. In a report published today, Kilbride details three major issues. The first is that anyone can connect via Bluetooth to another person's hoverboard. This happens because...

Imagine logging onto your bank account just by glancing at your phone. That's what some TSB customers will be able to do from September when the bank introduces iris recognition to its mobile banking app. It will be the first bank in Europe to introduce the technology, but its arrival will test customers' trust in biometric technology. Customers will need the latest Samsung Galaxy S8 to use the new way of accessing their TSB accounts....

Google is making it even harder to accidentally install a malicious plugin. Today, the company announced new changes to the way Google services handle plugins, adding new warnings for users and a more involved verification system for apps. The result is more scrutiny on apps plugging into Google services, and more active involvement from Google when an app seems suspicious. The changes come after a sophisticated phishing worm hit Google Drive users in May, masquerading as an invitation...

Details of thousands of children and their adoptive parents have been leaked by Newcastle city council workers who accidentally attached them to invitations for a summer party. The council admitted the adoption data breach, which it blamed on “human error”, and apologised. It has taken steps to contact all those involved. It could face a fine of up to £50,000. The attachment contained the names, addresses and birth dates of 2,743 individuals. Adoption advisers said...