Top 10 Stories

A recent surge in Android banking malware can be traced back to December 2016, when a malware coder under the name of Maza-in uploaded a tutorial on how to build Android malware on an underground hacking forum named Exploit.in.   View Full Story  ORIGINAL SOURCE: Bleeping Computer

Another banking malware variant has been spotted in the wild, and it's using UPnP to pop home routers to expose unsuspecting home users, recruited as part of the botnet.   View Full Story  ORIGINAL SOURCE: The Register

Several security vulnerabilities in systems used to manage Georgia's election technology, exposing the records of 6.7 million voters months before the nation most expensive House race slated for June 20, has raised the fears that the election could be disrupted.   Read Full Story  ORIGINAL SOURCE: SC Magazine

A new report is “conservatively” forecasting that European finance organisations are about to shell out €4.7 billion in first three years after the GDPR comes into power thanks to data breaches which they don't currently have to declare. Consult Hyperion, which commissioned AllClear ID to carry out the research said in a press release, “this forecast is conservative and excludes compensation claims, costs associated with lost customers, damaged reputations and senior executive resignations.” View Full...

Names and personal data of about a million people may have been compromised in a burglary involving Washington State University property. This month the university started alerting people who could be impacted. A Washington State University researcher noticed the breach in April. An 85 pound safe holding a hard drive was missing from a WSU storage unit in Olympia. That drive contains names of about a million people — and social security numbers and health...

The WannaCry ransomware attack that affected more than 150 countries and crippled parts of the NHS came from North Korea, British and US security officials believe. The attack affected more than 60 NHS trusts and an estimated 300,000 people worldwide, by locking data and demanding money to release it again. British cyber experts analysing the software worm believe it was created by a prolific North Korean cyber gang called the Lazarus Group. View Full Story...

A PayPal phishing campaign is luring victims to a hacked site where a clone of the PayPal login page is trying to trick users into giving away their PayPal credentials, payment card details, and ... a selfie of the user holding his ID card. Brought to Bleeping Computer's attention by security researchers from PhishMe, the crook behind this operation relies on spam emails to drive users toward a PayPal phishing page hosted on a compromised...

A year-long investigation has uncovered evidence that British armaments conglomerate BAE Systems has been selling internet surveillance equipment to Middle Eastern regimes with questionable human rights records. BAE has its fingers in many pies, including the online sphere, and in 2011 it bought Danish firm ETI and added it to its Systems Applied Intelligence division. ETI had invented an online surveillance tool called Evident. "You'd be able to intercept any internet traffic," a former employee told the...

Leaked secret documents have revealed that the CIA has been targeting and compromising home, office, and public wireless routers for years in an effort to carry out clandestine surveillance. The documents, which could not be immediately verified, are part of an ongoing series of leaks released by the website WikiLeaks, revealing the work of the CIA's elite hacking unit, dubbed the Engineering Development Group. Among the dozens of files are user and installation guides, manuals, and other...

In one of the more bizarre data breaches to surface recently, hackers made off with 6 million accounts for CashCrate, a site where users can be paid to complete online surveys, according to a database obtained by Motherboard. In short, CashCrate connects users to companies that need people to test new products and services, or take part in daily surveys in exchange for cash. The data includes user email addresses, names, passwords, and physical addresses....