Top 10 Stories

A Los Angeles Times' website has been silently mining crypto-coins using visitors' web browsers and PCs for several days – after hackers snuck mining code onto its webpages. The newspaper's IT staffers left at least one of the publication's Amazon Web Services S3 cloud storage buckets wide open to anyone on the internet to freely change, update, and tamper. Miscreants seized upon this security blunder to slip CoinHive's Monero-mining JavaScript code into the LA Times' interactive county...

A Los Angeles Times' website has been silently mining crypto-coins using visitors' web browsers and PCs for several days – after hackers snuck mining code onto its webpages. The newspaper's IT staffers left at least one of the publication's Amazon Web Services S3 cloud storage buckets wide open to anyone on the internet to freely change, update, and tamper. Miscreants seized upon this security blunder to slip CoinHive's Monero-mining JavaScript code into the LA Times' interactive county...

Colorado Department of Transportation employees resorted to pen and paper on Wednesday after nasty ransomware hijacked computer files and demanded payment in bitcoin for their safe return. Security officials didn’t flinch and shut down more than 2,000 employee computers while they investigated the attack. “This ransomware virus was a variant and the state worked with its antivirus software provider to implement a fix today. The state has robust backup and security tools and has no...

In a press release published on Tuesday, Intel announced it resumed the deployment of CPU microcode firmware updates. These updates are meant to mitigate the Spectre Variant 2 vulnerability —CVE-2017-5715. The Meltdown (CVE-2017-5754) and Spectre variant 1 (CVE-2017-5753) vulnerabilities —which became public at the start of the year— were fixed through software updates at the OS level. Intel paused the deployment of Spectre v2 CPU microcode updates on January 22 after receiving reports that the initial...

The Notifiable Data Breaches (NDB) scheme comes into effect today, requiring agencies and organisations in Australia that are covered by the Privacy Act to notify individuals whose personal information is involved in a data breach that is likely to result in "serious harm", as soon as practicable after becoming aware of a breach. Launching the new legislative direction on Thursday, Australia's outgoing Information and Privacy Commissioner Timothy Pilgrim said the NDB represents a significant boost to privacy...

The Notifiable Data Breaches (NDB) scheme comes into effect today, requiring agencies and organisations in Australia that are covered by the Privacy Act to notify individuals whose personal information is involved in a data breach that is likely to result in "serious harm", as soon as practicable after becoming aware of a breach. Launching the new legislative direction on Thursday, Australia's outgoing Information and Privacy Commissioner Timothy Pilgrim said the NDB represents a significant boost to privacy...

Chief information security officers are increasingly turning to AI to combat the mounting scale and intensity of malware attacks, new research has revealed. Cisco’s annual survey of CISOs found that 39 per cent are reliant on automation, while 34 per cent depend on machine learning and 32 per cent rely on AI. The research revealed that one in five UK respondents observed between 250,000 and 500,000 security alerts a day last year. But the report indicates...

The U.S. Securities and Exchange Commission published on Wednesday updated guidance on how public companies should disclose cyber security risks and breaches. The SEC unanimously approved the additional guidance Tuesday, saying it would promote "clearer and more robust disclosure" by companies facing cyber security issues, according to Chairman Jay Clayton. The new guidance says that companies should disclose cyber security risks that have not yet been targeted by hackers. It also states that company executives must not trade in...

A security researcher hijacked hundreds of GitLab domains in just a few seconds by exploiting a weakness in how the company handles domain verification -- a security issue that the company has now fixed. GitLab, a web-based git repository manager that lets developers track and collaborate on source code and project development, also allows users to host their own content and projects with a custom domain name. But the company said in a security notification on February...

While most ransomware is created to actually generate revenue, some developers create them to show off their "skills".  Such is the case with a new ransomware based off of the horror movie franchise Annabelle. Discovered by security researcher Bart, Annabelle Ransomware includes everything but the kitchen sink when it comes to screwing up a computer. This includes terminating numerous security programs, disabling Windows Defender, turning off the firewall, encrypting your files, trying to spread through USB drives, making it...