Cyber crooks have targeted travel firm Booking.com in a bid to steal hundreds of thousands of pounds from customers. Users were sent WhatsApp and text messages claiming a security breach meant they needed to change their password.

But the link gave hackers access to bookings and they then sent follow-up messages demanding full payment for holidays in advance with bogus bank details provided. These appeared genuine as they included personal data including names, addresses, phone numbers, dates and prices of bookings, and reference numbers. Marketing manager David Watts got a WhatsApp message but realised it was a scam. 

Russia's Fancy Bear APT group is likely behind the malicious command and control domains found in Lojack agents, according to the Arbor Security Engineering & Response Team.

LoJack, a popular laptop recovery solution, “makes an excellent double-agent due to appearing as legit software while natively allowing remote code execution,” researchers said, noting that while “the initial intrusion vector for this activity remains unknown, Fancy Bear often utilizes phishing email to deliver payloads.” Because many antivirus programs don't flag the malware as a concern, it's largely able to do its dirty work without detection.

At midnight ET last night, MyEtherWallet users started noticing something odd. Connecting to the service, users were faced with an unsigned SSL certificate, a broken link in the site’s verification. It was unusual, but it’s the kind of thing web users routinely click through without thinking.

But anyone who clicked through this certificate warning was redirected to a server in Russia, which proceeded to empty the user’s wallet. Judging by wallet activity, the attackers appear to have taken at least $13,000 in Ethereum during two hours before the attack was shut down. The attackers’ wallet already contains more than $17 million in Ethereum. MyEtherWallet confirmed the attack in a statement on Reddit. 

A hacking group is using updated cyber-attacks as part of a campaign targeting a European government, in what's thought to be a continued attempt to conduct espionage and surveillance.

The latest campaign by the Fancy Bear group -- also known as Sofacy and APT28, and believed to be linked to the Kremlin -- has been uncovered by researchers. They observed the campaign taking place on March 12, and then again on March 14. In these attacks, the Sofacy group employs an updated version of DealersChoice, a platform that exploits a Flash vulnerability to stealthily deliver a malicious payload of trojan malware. 

Manufacturers of modern vessels didn’t escape the common trend of connecting various parts of their ships to the Internet. As a result, any modern yacht now contains not only navigation systems, but also a pack of IoT devices with routers and switches — regardless of whether they’re really necessary.

As a result, yachts have the same security problems as other devices that suddenly became Internet-friendly: Technologies developed before modern security standards, navigation and infotainment systems connected to the same network, unprotected Internet connections on board, and more. 

Cybercriminals have found another way to spread their malware: uploading cryptocurrency mining code to GitHub, according to security researchers at security company Avast.

Developers 'fork' projects on GitHub, which means making a copy of someone else's project in order to build on it. In this case, the cybercriminals fork random projects and then hide malicious executables in the directory structure of these new projects, the researchers said. Users don't need to download the malicious executables directly from GitHub. Instead, the malware is spread via a phishing ad campaign.

One of the most interesting revelations from researchers at Kaspersky Security Analyst Summit (SAS) this year was a report on a highly sophisticated cyberespionage campaign called Slingshot.

The first part to understand is the means of infection. What makes this initial attack vector unique is that, according to research, many victims were attacked through compromised routers made by MikroTik. Routers download and run various DLL files in the normal course of business. Attackers found a way to compromise the devices by adding a malicious DLL to an otherwise legitimate package of other DLLs. 

The team of security researchers—who last month demonstrated how attackers could steal data from air-gapped computers protected inside a Faraday cage—are back with its new research showing how two (or more) air-gapped PCs placed in the same room can covertly exchange data via ultrasonic waves.

Air-gapped computers are believed to be the most secure setup wherein the systems remain isolated from the Internet and local networks, requiring physical access to access data via a USB flash drive or other removable media. 

Often, the best way to get something is to simply ask for it. That’s probably what the Israeli government thought when it sent an email to several American researchers and firms who make so-called zero-days, tools that take advantage of vulnerabilities in software that are unknown to the company that makes the software.

Experts have obtained a copy of the letter, which more than half a dozen sources described as unsolicited and unusual in how blunt and direct it was. Experts confirmed that at least five American firms received the letter, and multiple sources told us it was sent to many more.

Attackers have generated $3,900 so far in an ongoing campaign that's exploiting the popular rTorrent application to install currency-mining software on computers running Unix-like operating systems, researchers said Thursday.

The misconfiguration vulnerabilities are similar in some respects to ones Google Project Zero researcher Tavis Ormandy reported recently in the uTorrent and Transmission BitTorrent apps. Proof-of-concept attacks Ormandy developed exploited weaknesses in the programs' JSON-RPC interface, which allows websites a user is visiting to initiate downloads and control other key functions.