A massive botnet that remained under the radar for the past five years managed to infect around half a million computers and allows operators to “execute anything on the infected host,” ESET researchers warn.

Dubbed Stantinko, the botnet has powered a massive adware campaign active since 2012, mainly targeting Russia and Ukraine, but remained hidden courtesy of code encryption and the ability to rapidly adapt to avoid detection by anti-malware solutions. Targeting users looking for pirated software, the actors behind the malware use an app called FileTour as the initial infection vector. The program installs a variety of programs on the victim’s machine.

Some $32 million worth of ether cryptocurrency has been stolen by hackers. Ether, a digital currency, resides on the ethereum network and is now a rival to Bitcoin. The monumental theft was carried out due to a bug on a wallet software program.

The hacking into Parity wallet started Tuesday night and continued into Wednesday, July 19. Parity wallet allows users to access to a large number of cryptocurrencies within the ethereum network. The tool had a vulnerability that hackers took advantage of in order to steal 153,000 units of the currency. Three separate accounts in particular were attacked. 

Android often makes the news for being the mobile platform that’s most susceptible to malware. But that doesn’t mean that iOS is completely safe. In fact, it turns out that hackers can take over your iPhone, iPad, or iPod touch and control it without your knowledge.

So you’d better update your device to the latest iOS version, which was just released. Even your brand new iPhone 7 is a potential target, so don’t think that just because it’s fresh hardware, it can’t be attacked by malicious individuals. Apple says on its support pages that iPhone 5 or later, iPad 4th generation or later and iPod touch 6th generation are all affected by this serious bug.

Almost two months ago, we reported about a 7-year-old critical remote code execution vulnerability in Samba networking software, allowing a hacker to remotely take full control of a vulnerable Linux and Unix machines.

We dubbed the vulnerability as SambaCry, because of its similarities to the Windows SMB vulnerability exploited by the WannaCry ransomware that wreaked havoc across the world over two months ago. Despite being patched in late May, the vulnerability is currently being leveraged by a new piece of malware to target the Internet of Things (IoT) devices, particularly Network Attached Storage (NAS) appliances, researchers at Trend Micro warned.

A scooter you can also remote control sounds cool, until you find out it can be hacked. Then it's not cool at all — it's terrifying. Every Friday, I ride an electric Segway/Ninebot miniPRO around the office. It's my favorite rideable (A.K.A. balance board, A.K.A., hoverboard).

It's also the only one that includes a remote control that I can use to send it running around the office on its own. The remote control does not work when I'm standing on the Segway miniPRO, which itself is essentially a tiny version of the original self-balancing mobility device introduced 16 years ago by inventor Dean Kamen.

As part of its ongoing Vault 7 leaks, the whistleblower organisation WikiLeaks today revealed about a CIA contractor responsible for analysing advanced malware and hacking techniques being used in the wild by cyber criminals.

According to the documents leaked by WikiLeaks, Raytheon Blackbird Technologies, the Central Intelligence Agency contractor, submitted nearly five such reports to CIA as part of UMBRAGE Component Library (UCL) project between November 2014 and September 2015. These reports contain brief analysis about proof-of-concept ideas and malware attack vectors.

A misconfigured database on an Amazon S3 server may have exposed the data of between two and four million Dow Jones & Co. customers, a report on the incident stated.

Dow Jones confirmed to that at it believes 2.2 million records were potentially exposed to public viewing, an event it described as a “data over-exposure”, not a breach” but UpGuard's Cyber Risk Team “conservatively” pushed that number up to 4 million. UpGuard's Director of Cyber Risk Research Chris Vickery on May 30 came across the Amazon S3 cloud-based data repository discovering it was accessible to AWS authenticated users.

The security woes of the internet of things stem from more than just connecting a bunch of cheap gadgets to a cruel and hacker-infested internet. Often dozens of different vendors run the same third-party code across an array of products.

That means a single bug can impact a startling number of disparate devices. Or, as one security company's researchers recently found, a vulnerability in a single internet-connected security camera can expose a flaw that leaves thousands of different models of device at risk. On Tuesday, the internet-of-things-focused security firm Senrio revealed a hackable flaw it's calling "Devil's Ivy."

Large shipping vessels and aircraft are often equipped with VSAT systems, allowing crewmembers to send and receive messages and access the Internet during voyages. Turns out, some of these VSAT systems are profoundly insecure, and could allow an attacker to gain access, and disrupt communications.

Security researcher x0rz discovered that many VSAT systems can be reached from the public Internet. Not only does this mean they can be tracked through services like Shodan, but some are configured in a way that could see a remote attacker gain access using default credentials. TNW spoke to the x0rz over the messaging app, Signal.

If you haven’t deleted your decade-plus old Myspace account yet, now may be the time to do it. As it turns out, it’s been embarrassingly easy for someone to break into and steal any account on the site.

Security researcher Leigh-Anne Galloway posted details of the flaw on her blog this morning after months of trying to get Myspace to fix it — and hearing nothing back from the company. Only today, after the issue became widely publicized, did Myspace finally remove the flaw. The flaw came from Myspace’s now-defunct account recovery page, which was meant to let people regain access to an account they’ve lost the password to.