The U.S. suffered 34 percent of global ransomware infections last year - and it's no wonder why, with 64 percent of Americans willing to pay to retrieve their encrypted files, compared to 34 percent of victims worldwide, according to Symantec.
Researchers in the UK have uncovered a technique for malicious websites to spy on smart device owners and even decipher their screen touches and PIN number entries by secretly monitoring their devices' sensor data.
In a recent poll of more than 1,200 Americans, 92 percent agreed that Internet providers should not be allowed to monitor their activity online and sell that data to third parties without consent -- a strong indictment of Senate Joint Resolution 34, which lifted FCC restrictions that would have prevented ISPs from engaging in this practice.
West Africa may be on the verge of developing its own fully realized underground cybercrime market, buoyed by a combination of traditional 419 advance-fee fraudsters and more sophisticated actors that prefer business email compromise and tax scams.
An analysis of two DHS reports focusing on Russia's reputed interference in the 2016 U.S. election revealed common bonds between the infamous hacking campaign, dubbed Grizzly Steppe, and activity by the Carbanak cyber gang. However, an expert with ESET doesn't think the overlap is significant.
Eighty-eight percent of hackers surveyed at the 2016 DEF CON conference claimed they can compromise a target in less than 12 hours, while 81 percent said they can identify and exfiltrate a target's data in the same amount of time.
The number of cyberattacks targeting financial institutions and their customers soared to new heights in 2016, according to Kaspersky Lab, which observed nearly 1.09 million banking trojan attacks on users in 2016.
Malware samples recovered from watering hole attacks recently targeting banks across the globe contain false flags that fraudulently suggest Russian actors are behind the campaign, even though the most likely culprit is the Lazarus Group.
A recent spate of attempted malware attacks intended to infect government entities in the Middle East with a customized version of the Quasar remote access trojan appears to be linked to the Hamas-linked Gaza Cybergang.
A new report predicts that the number of passwords used among humans and machines worldwide will grow to 300 billion by 2020 - all of which will require cyber protection.
In a classic case of putting the cart before the horse, too many organizations are deploying emerging technologies before they can shore up appropriate levels of data security, according to a new report from Thales e-Security and 451 Research.
The downloader Terdot Zloader and its accompanying Zbot banking trojan payload abuse a legitimate certificate application to spy on users and modify web content via man-in-the-middle attacks against browsers, an in-depth code analysis shows.
A newly identified version of the Android malware "Rootnik" features anti-debugging and anti-hooking capabilities designed to hinder analysts' efforts to reverse engineer it.
Researchers may have found a tenuous link between a cyberespionage organization's credentials-stealing trojan and the Shamoon hacking group that's been targeting Saudi energy companies with Disttrack disk-wiping malware.
A security researcher discovered a remote code execution vulnerability on Facebook's website that earned him a $40,000 bounty, while another uncovered a privacy issue that reveals private phone numbers linked to Facebook users' accounts.
A new research report from website security firm Sucuri provides an inside look at what happens when two competing malicious codes battle for the same territory.
Registered users of McDonald's website are susceptible to credential theft due to the combination of a cross-site scripting (XSS) vulnerability and a cryptographic storage vulnerability, a researcher has found.
Researchers have discovered two connected advertising fraud campaigns that compromise legitimate web sites and abuse Google AdSense, using tactics that are almost polar opposites of each other.
The long-lived ElTest malware campaign that infects victims through compromised websites evolved once again in the last quarter of 2016, ending its use of exploit kit gates and obfuscation, according to researchers with Palo Alto Networks' Unit 42 threat research team.
You lose, Grinch: DeriaLock ransomware discovered on Christmas Eve, but researchers devise decryptors
A rapidly evolving ransomware family called DeriaLock made its ignominious debut over the 2016 holidays, but researchers quickly created decryptor software to rescue the files of those unlucky enough to receive this unwanted "gift."
Personal data belonging to health care professionals working for the U.S. military was sitting exposed on an insecure server operated by a medical services subcontractor, a security researcher from MacKeeper reported on Saturday.
The KillDisk disk-wiper program that was used in conjunction with BlackEnergy malware to attack Ukrainian energy utilities now includes a ransomware component, according to researchers at CyberX.
A newly discovered Android trojan can sabotage entire Wi-Fi networks and the users who connect to them by accessing the router that an infected device is communicating with and executing a Domain Name System hijack attack.
Older versions of the code library PHPMailer contain a critical vulnerability that remote attackers can leverage to take over a web server account and compromise a targeted web application via arbitrary code execution.
A proprietary spyware tool that was recently found infecting Ukrainian military forces battling Russian separatists is an Android version of the same malware that helped hackers steal files from the Democratic National Committee, CrowdStrike has reported.
According to a research report, hackers are using Punycode, a technique for encoding domain names with Unicode characters, to bypass anti-phishing protections in Office 365 productivity software.