The Retefe trojan banking malware campaign has returned and is now leveraging EternalBlue -- the leaked NSA surveillance exploit -- to target Swiss financial institutions. Read more.
There's a vulnerability in High Sierra and earlier versions of macOS that allows rogue applications to steal plaintext passwords stored in the Mac keychain, a security researcher said Monday, the same day the widely anticipated update was released. Read more.
Hackers breached the U.S. Securities and Exchange Commission’s computer system last year by taking advantage of companies that used authentic financial data when they were testing the agency’s corporate filing system, according to sources familiar with the matter. The sources spoke anonymously because it is not a public investigation. Read more.
In a story broken by KrebsOnSecurity, Sonic Drive-In, a fast-food chain with nearly 3,600 locations across 45 U.S. states, has acknowledged a breach affecting an unknown number of store payment systems. The ongoing breach may have led to a fire sale of millions of stolen credit and debit card accounts that are now being peddled in shadowy underground cybercrime stores. Read more.
Open Whisper Systems, the non-profit behind Signal, is launching an experimental new method that will prevent users from needing to share their contact lists with Signal while still letting them use their existing address books to make encrypted calls and send encrypted texts. Signal's creators, like the developers of so many other social apps, have long considered that contact-sharing request a necessary evil, designed to make the app as easy to use as your normal calling and texting features. Read more.
Security researcher Manuel Caballero disclosed a bug in Internet Explorer that leaks any text typed into the search bar to the current website in the user’s browser. The technique can expose sensitive information a user didn't intend to be viewed by remote websites, including the Web address the user is about to visit. Read more.