Uber suffers 57 million record data breach, then pays hush-money to prevent disclosure to customers in shocking cover-up that has now been exposed
IT Security Thing was honoured to be one of the judges for the IoT, Cloud & Cybersecurity Innovation Awards 2017 during the NetEvents Global 2017 Press & Analyst Summit in San Jose, we can now reveal the results
Avast owned CCleaner software delivered backdoor trojan as payload in supply chain breach targeting unknown number of large tech enterprises
Equifucked: Legal clauses, stock sales and 143 million breached accounts leave Equifax’s reputation in tatters
The credit monitoring giant Equifax has confirmed it has suffered a mahoosive data breach. Files that could potentially impact 143 million customers in the US.
What if I told you your email could be weaponized post-delivery? Courtesy of the ROPEMAKER exploit, email could quite literally never be the same again
If you thought that leaving the EU meant leaving behind the potential impact of GDPR, you thought wrong. The new legislation will simply bring GDPR wholesale into UK law.
The smart gun has moved out of science fiction, and is now science fact. But just how smart, and how secure, are they?
IT Security Thing has been getting a handle on the industry perspective regarding WannaCrypt0r and the attack on the NHS
I’ve had my hands on the iStorage diskAshur PRO 2 – what is being described as the ‘most secure hard drive ever made’ for more than a week now and I have been able to put it to the test
Giuliani Security, his company, has a website that has found to be wanting, to say the least, when it comes to cybersecurity defences.
If 500 million hacked accounts wasn’t bad enough news, now Yahoo admits that a billion more were also hacked the year before.
Researchers from cyber security consultancy Hacker House, as part of a Sky News investigation, have found a number of NHS trusts fall short when it comes to online data security.
Some new ransomware code, CryPy, developed entirely in Python, has escaped into the wild and it’s a nasty piece of work.
Active threats that can exploit Apple devices are not commonplace. That said, Apple has just fixed an exploit that uses no less than three critical iOS zero-day threats.
Donald Trump is less secure than Hillary Clinton on the ecommerce front, HTTP/2 falls short as well. Google, however, gets HTTP security just about right.
Pokemon GO is the biggest app sensation around; earning millions per day by way of in-game purchases. So here’s a Pokemon GO security round-up.
Forgotten your password? A new form of biometric authentication technology is looking into using your skull, and not fingerprints, to log you in.
Zero-days double as security threat report reveals 75 per cent of websites have unpatched vulnerabilities and that the UK is the most targeted nation.
Adobe Flash 0day proves, yet again, why this pile of insecure crap must be put out of its misery in order to relieve ours.
Emails with zipped file attachments containing the Nemucod payload are spreading globally – this malicious downloader will install TeslaCrypt or, more likely, Locky ransomware on target machines.
Users of Linux Mint and the official support forums, are being warned that both the site and the software were hacked over the weekend.
Two Google staffers have posted details of a Linux glibc (GNU C Library) stack-based buffer overflow vulnerability and showed how it can be exploited
If proof were needed of just how broken Internet of Things security is right now, then you only have to go looking for hacked cameras connected to the web
LastPass has, over the weekend of 16-17 January 2016, been back in the news courtesy of yet another weakness courtesy of the LostPass attack.
Working together, a collection of security companies and law enforcement agencies from a variety of countries have combined to take on the Dorkbot malware.
Here at IT Security Thing we are on a mission to inform, educate and engage and that’s why we cannot get fully behind 11 year old Mira Modi who is selling secure passwords from her bedroom in New York City.
Canonical has shown that it takes security seriously by responding to the discovery of an Ubuntu Phone zero-day exploit with an investigation and initial fix in under six hours.
As T-Mobile data from the Experian data breach starts to go up for sale on the dark web, IT Security Thing explores what the IT security industry thinks of this debacle.
DDoS mitigation experts CloudFlare has revealed that when it comes to the attack surface, theory has once again turned into reality with an attack by Chinese smartphones.
What if you could just walk up to an ATM machine and rob the bank right there? What if you also used two factor authentication to stop other robbers doing the same? That’s what Proofpoint researchers have discovered is happening with GreenDispenser ATM malware.
There’s no point being an Internet of Things denier, it’s too late for that. It’s not too late, however, to start accepting that security could be a lot better. Which is where the launch of the Internet of Things Security Foundation comes in.
Have you patched Bugzilla against PerimeterX privilege-escalation vulnerability yet?
Researchers from the University of Illinois have published a paper entitled MoLe: Motion Leaks through Smartwatch Sensors, which, if you believed everything you read online, might lead you to think that your smartwatch is at risk to hackers.
The Android MMS message vulnerability reported to Google back in April, and made public in July, is still not fixed even if you have already patched it.
A suspected Chinese hacking group has targeted the Japanese Pension Service resulting in the theft of a million personal records; and the Blue Termite group appears to remain actively targeting other Japanese business and government sites.
The Hacking Team breach just keeps on giving, and now researchers have uncovered evidence of a fully weaponised Masque Attack infrastructure in the wild courtesy of the compromised documentation dump.
BIND 9 is the most widely used of the available name server software options, used to implement Domain Name System (DNS) protocols that make the Internet usable and the only sure-fire way to fix the exploit is with timely patching.