Users of UK newsagent chain WHSmith’s online services have reported large amounts of email arriving in their inboxes, containing personal contact data on other users. The leak appears to be related to an online “Contact Us” form, with numerous users claiming that attempting to report the issue via the form led to further barrages of...

Charlie Miller and Chris Valasek, security researchers who caused huge headaches for Fiat Chrysler when they showed the world how to remotely hack a Jeep, have hacked their way into new jobs with Uber. Miller and Valasek are joining Uber’s new Advanced Technologies Center, where they will help the company to develop self-driving cars. The duo’s first...

A former Secret Service special agent yesterday pleaded guilty to diverting $800,000 worth of bitcoins into his own account during an investigation into online black market site Silk Road. Appearing in a San Francisco federal court, Shaun Bridges also admitted money laundering and obstruction of justice charges. Computer forensics expert Bridges belonged to the Baltimore Silk Road...

Intransigent sort-of hacker collective Lizard Squad is back. Apparently. Last week, the UK’s National Crime Agency (NCA) announced the arrest of six youngsters, aged 15 to 18, for alleged DDoS cybercrimes. DDoS is short for Distributed Denial of Service, and it’s a type of cyberattack in which a crook gets anywhere from hundreds to hundreds...

Amongst the hyperbole and horror of the Ashley Madison hack there is a bit of good news. OK, perhaps not exactly good news, but some more bad news that might have happened and didn’t. There isn’t a trove of millions of cracked Ashley Madison passwords. If a username and password can be stolen from one...

The FBI is warning businesses to be on the lookout for emails sent by scammers to trick them into transferring money to fraudulent accounts. Email scams have been around for decades, but old-school Advance Fee Fraud scams these are not. The FBI calls this family of scams “Business Email Compromise” (BEC) scams, because they use phony emails that...

Adobe’s Flash will face a double setback tomorrow, 1 September 2015. Amazon’s outright ban on Flash ads kicks in. And Google’s Chrome browser will start blocking Flash, too. Well, sort of. Like Amazon, Google’s anti-Flash stance is neither altruistic nor security-focused. Ironically, it’s aimed at making your ad experience better for advertisers, amongst other things,...

It’s recently been discovered that PHP File Manager user database in file ‘/db/valid.users’ is completely unprotected and can be freely downloaded via any web browser. Password hashes stored in the user database are unsalted and are generated via the deprecated MD5 hash algorithm. Most of these hashes can be instantly reverted back to their original...

Nigerian scammers are using more sophisticated techniques to scam businesses especially those in Asia. The scammers are now trying to inject themselves in between transactions in the hope of diverting funds into their accounts. Typically, the Microsoft Word Intruder exploit kit to create infected word documents which are then emailed to specific targets. Once opened the...

Zimperium zLabs has discovered a flaw in the android operating system that allows the device to be compromised simply by sending it malware infected media via MMS Users don’t necessarily need to open the message for the code to run either, which is one of the worst parts of this vulnerability. The researchers also say...