Three Nigerian nationals who were convicted of a range of charges - including identity theft and payment card fraud - have been sentenced in the U.S. to serve up to 115 years in jail. Prosecutors says they were part of a "large-scale international fraud network" and involved in so-called "romance scams."
In a rare acknowledgment of a data breach by an Indian company, online restaurant guide and food ordering service Zomata says 17 million users' email addresses and hashed passwords were stolen from its database. The company was hacked by a white-hat hacker back in 2015.
Hackers have reportedly exploited the SS7 mobile telecommunications signaling protocol to drain money from online bank accounts used by O2 mobile phone subscribers. Despite rising security worries relating to SS7, many telcos have yet to explore related fixes.
Score another one for social engineering: A phishing campaign used a bogus "Google Docs" app to trick people into surrendering full access to their Google accounts and contacts. Before Google squashed the campaign, up to 1 million of its users may have fallen victim.
The purported hacking of computers of French presidential candidate Emmanuel Macron, by the same Russian group that targeted Hillary Clinton's campaign, signifies an expansion of the goals of the attackers that extend beyond trying to influence the outcome of Western elections.
President Donald Trump last week failed to meet a self-imposed, 90-day deadline to issue a report on "hacking defenses." But let's not nit-pick. After all, cybersecurity is complex - something the president is likely discovering along with healthcare and tax reform.
Free advice for breached businesses: Once you admit that you've suffered a data breach or that you're investigating a security incident, disseminate that message far and wide so no one can accuse you of trying to cover it up. That's the lesson from an incident at BlowOut Cards, a sports card trading site.
The Department of Health and Human Services has issued a warning for consumers to be on alert for fraudsters pretending to be calling from a HHS' Office of Inspector General hotline with requests for personal information.
Cyberattackers love not having to reinvent the wheel. At least, that's the tactic favored by the Callisto group, an "advanced threat actor" that's been using leaked Hacking Team spyware to infect targets, says security firm F-Secure.
When she first joined the Los Angeles County district attorney's office, Maria Ramirez prosecuted street gangs. Now she's cracking down on cyber gangs and is opening her case file to share lessons learned from cases involving business email compromise and ransomware.
Many media outlets have suggested that the recent arrest of a Russian computer programmer ties to the 2016 U.S. presidential election meddling blamed on Russia. But the only source for this supposed connection traces to a Russian propaganda arm that's been blamed for participating in said meddling.
A scareware campaign has been locking iOS devices with faux ransomware, demanding a payoff via virtual iTunes gift cards, security researchers warn. A fix for the exploited iOS flaw is included in a massive batch of product patches and updates released by Apple.
Not too fast, not too slow. Notwithstanding regulations and contractual obligations, that's legal and security experts' consensus on how quickly organizations that suspect they've been breached should notify individuals whose information may have been exposed.