Two weeks ago, officials in the private and public sectors warned that hackers working for the Russian government infected more than 500,000 consumer-grade routers in 54 countries with malware that could be used for a range of nefarious purposes.

Now, researchers say additional analysis shows that the malware is more powerful than originally thought and runs on a much broader base of models, many from previously unaffected manufacturers. The most notable new capabilities found in VPNFilter, as the malware is known, come in a newly discovered module that performs an active man-in-the-middle attack on incoming Web traffic. 

The Trump administration issued a fresh warning Tuesday about malicious North Korean cyber activity, as that nation's leader dispatched a top adviser to New York to prepare for a possible summit on its nuclear arsenal.

The technical alert from the FBI and the Department of Homeland Security highlighted two pieces of malware said to have been used to target U.S. infrastructure and aerospace, financial and media companies for at least nine years to steal information and remotely manipulate networks. In recent years, the US has accused North Korea of launching a slew of cyberattacks, and it wasn't immediately clear if there was any significance to the timing of the latest warning.

Researchers at Avast Threat Labs say that more than 100 different low-cost Android devices from manufacturers like ZTE, Archos, and myPhone come with malware pre-installed. Users in more than 90 countries, including the US, are said to be infected. The good news is there’s a fix.

According to the report, this adware variant has been in the wild for three years. It’s called “Cosiloon” and was first noticed by Dr. Web in 2016. Because it’s located in the device’s firmware, it’s extremely difficult to remove. Avast has detected its presence on 18,000 of its users’ devices, so far. 

It's starting to feel like everyone in charge of our sensitive data might be incompetent. It's only been a day since Securus, the company that helps police track phones, was apparently hacked. Now, according to security site KrebsOnSecurity, tracking firm LocationSmart leaked real-time location data on its own web site.

LocationSmart aggregates real-time data on the location of subscribers' mobile phones. It's all opt-in, but Krebs reported that anyone could access this information for any AT&T, Sprint, T-Mobile and Verizon phones on the company's web site without a password or any other form of authentication. The vulnerability has been taken offline, said Krebs, but man what a mistake.

Four of the largest cell giants in the US are selling your real-time location data to a company that you've probably never heard about before.

In case you missed it, a senator last week sent a letter demanding the Federal Communications Commission (FCC) investigate why Securus, a prison technology company, can track any phone "within seconds" by using data obtained from the country's largest cell giants, including AT&T, Verizon, T-Mobile, and Sprint, through an intermediary, LocationSmart. The story blew up because a former police sheriff snooped on phone location data without a warrant. The sheriff has pleaded not guilty to charges of unlawful surveillance.

Vulnerabilities on the Wi-Fi networks of a number of rail operators could expose customers' credit card information, according to infosec biz Pen Test Partners this week. The research was conducted over several years, said Pen Test's Ken Munro. "In most cases they are pretty secure, although whether the Wi-Fi works or not is another matter," he added.

But in a handful of cases Munro was able to bridge the wireless network to the wired network and find a database server containing default credentials, enabling him to access the credit card data of customers paying for the Wi-Fi, including the passenger's name, email address and card details. 

Data from millions of Facebook users who used a popular personality app, including their answers to intimate questionnaires, was left exposed online for anyone to access.

Academics at the University of Cambridge distributed the data from the personality quiz app myPersonality to hundreds of researchers via a website with insufficient security provisions, which led to it being left vulnerable to access for four years. Gaining access illicitly was relatively easy. The data was highly sensitive, revealing personal details of Facebook users, such as the results of psychological tests.

Many people have grown accustomed to talking to their smart devices, asking them to read a text, play a song or set an alarm. But someone else might be secretly talking to them, too.

Over the last two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple’s Siri, Amazon’s Alexa and Google’s Assistant. Inside university labs, the researchers have been able to secretly activate the artificial intelligence systems on smartphones and smart speakers, making them dial phone numbers or open websites. 

A new malware campaign has been uncovered on Facebook which not only steals account credentials but also installs scripts for covert cryptocurrency mining.

Cybersecurity firm Radware said in a blog post on Thursday that Nigelthorn is a new campaign which focuses on the Facebook social network. The malware is so called due to the abuse of a legitimate Google Chrome extension called "Nigelify," which replaces images displayed on a web page with pictures of Nigel Thornberry, a cartoon character from the television show The Wild Thornberrys. 

An advanced type of malware can spy on nearly every Android smartphone function and steal passwords, photos, video, screenshots and data from WhatsApp, Telegram and other apps. "ZooPark" targets subjects in the Middle East and was likely developed by a state actor, according to Kaspersky Lab, which first spotted and identified it.

ZooPark has evolved over four generations, having started as simple malware that could "only" steal device account details and address book contacts. The last generation, however, can monitor and exfiltrate keylogs, clipboard data, browser data.