Forty targets in 16 countries were attacked using advanced attack tools and techniques that match the capabilities documented via the "Vault 7" stash of alleged CIA network exploitation documents released by WikiLeaks, Symantec says.
A zero-day flaw in Microsoft Office is being targeted via in-the-wild attacks, security firms warn, including by the notorious Dridex botnet. While there is a workaround, Microsoft says it plans to issue a full fix this week as part of its regularly scheduled security updates.
Spanish police arrested Russian computer programmer Pyotr Levashov, apparently while he was vacationing with his family. Authorities say his arrest relates to alleged Kelihos spam botnet and pump-and-dump stock campaigns, not to Russia's alleged interference in the 2016 U.S. presidential election.
Twitter has dropped a federal lawsuit that sought to quash an administrative summons, which the government subsequently withdrew, seeking records for an account that's critical of U.S. policy. It's one of many accounts suspected to have been created by disgruntled government employees.
A Texas-based pediatric practice is the latest healthcare entity to report a major data breach following a recent ransomware attack, despite the organization's efforts to mitigate the incident quickly.
Legislation to direct the National Institute of Standards and Technology to create a set of tools, best practices and guidance to help small businesses protect their digital assets is heading to the U.S. Senate.
Federal regulators are warning healthcare sector organizations about the threat of man-in-the-middle attacks and related risks associated with the use of some Secure Hypertext Transport Protocol, or HTTPS interception products for end-to-end security.
A North Korean IP address has turned up in an investigation by Kaspersky Lab into attacks against banks' SWIFT systems. The finding is a strong indication that the Lazarus hacking group may be run by North Korea.
The FCC is warning that a scam focuses on tricking people into saying the word "yes" on the phone, which fraudsters record and later reuse as a voice signature in an attempt to make fraudulent charges on utility or credit card accounts.
Brexit is off to a messy start, with Britain making law enforcement intelligence sharing - including Europol and European Cybercrime Center participation - a bargaining chip in its EU divorce proceedings. Some European officials have slammed the move as blackmail.
A scareware campaign has been locking iOS devices with faux ransomware, demanding a payoff via virtual iTunes gift cards, security researchers warn. A fix for the exploited iOS flaw is included in a massive batch of product patches and updates released by Apple.
Google has run out of patience with Symantec's digital certificate business. It has outlined a plan that over time will have its Chrome browser reject all of Symantec's existing digital certificates and force all of its future certificates to be reissued every nine months.