Imagine a plane: large, wings, lots of passengers — you get the picture. And it can be hacked, or so it seems. Such a theoretical possibility has been voiced more than a few times by more than a few people; a plane, like any other modern craft, is after all a network of computers, some of which are connected to the Internet. Now such theorizing seems to have been confirmed in practice.

The claim was made by none other than a representative of the US Department of Homeland Security. In the space of two days, Robert Hickey managed to gain access to the internal systems of an aircraft parked at an airport, without having physical access to the aircraft or any insider assistance. 

A consumer group is urging major retailers to withdraw a number of “connected” or “intelligent” toys likely to be popular at Christmas, after finding security failures that it warns could put children’s safety at risk.

Tests carried out by Which? with the German consumer group Stiftung Warentest, and other security research experts, found flaws in Bluetooth and wifi-enabled toys that could enable a stranger to talk to a child. The investigation found that four out of seven of the tested toys could be used to communicate with the children playing with them. Security failures were discovered in the Furby Connect, i-Que Intelligent Robot, Toy-Fi Teddy and CloudPets. 

The US government doesn't get along with hackers. That's just how it is. Hacking protected systems, even to reveal their weaknesses, is illegal under the Computer Fraud and Abuse Act, and the Department of Justice has repeatedly made it clear that it will enforce the law.

In the last 18 months, a new Department of Defense project called "Hack the Pentagon" has offered real glimmers of hope that these prejudices could change. The government's longstanding defensive posture makes some sense in theory—it has important secrets to keep—but in practice experts have long criticized the stance as a fundamental misunderstanding of how cybersecurity works. 

When Apple released the iPhone X, it touched off an immediate race among hackers around the world to be the first to fool the company's futuristic new form of authentication.

A week later, hackers on the actual other side of the world claim to have successfully duplicated someone's face to unlock his iPhone X—with what looks like a simpler technique than some security researchers believed possible. Bkav released a blog post and video showing that—by all appearances—they'd cracked Face ID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. 

A hacking group previously linked to the Vietnamese government or working on its behalf has broken into the computers of neighboring countries as well as a grouping of Southeast Asian nations, according to cybersecurity company Volexity.

Steven Adair, founder and CEO, said the hacking group was still active, and had compromised the website of the Association of Southeast Asian Nations over several high-profile summit meetings. ASEAN is holding another summit of regional leaders in the Philippines capital Manila this week. In May, cybersecurity company FireEye reported that the group was actively targeting foreign multinationals and dissidents in Vietnam. 

A threat actor is mass-scanning the Internet for Ethereum mining equipment running ethOS that is still using the operating system's default SSH credentials. The attacker is using these creds to gain access to the mining rig and replace the owner's Ethereum wallet address with his own.

Replacing this wallet ID sends all subsequent mining revenue to the attacker instead of the equipment's real owner. Scans started on Monday. The attacks started on Monday and were first detected by a honeypot set up by Romanian cyber-security firm Bitdefender. Honeypot logs showed attackers trying two peculiar SSH username and password combos. 

Britain said on Friday it believed North Korea was behind the “WannaCry” cyber attack in May that disrupted businesses and government services worldwide, including the National Health Service (NHS) in England.

Security Minister Ben Wallace said Britain believed “quite strongly” that the ransomware attack came from a foreign state. "North Korea was the state that we believe was involved in this worldwide attack on our systems," he told BBC radio. “We can be as sure as possible - I can’t obviously go into the detailed intelligence but it is widely believed in the community and across a number of countries that North Korea had taken this role.” 

An unknown hacker appears to have breached a dark web marketplace called Basetools and leaked samples of its database online.

The hacker has threatened to leak the dark web market operator's identity as well as Basetools' data to US authorities, including the FBI, DHS, DoJ and others, unless a ransom of $50,000 (£38,112) is paid. Basetools is an underground marketplace often advertised in Russian-speaking cybercrime forums and markets, which allows dark web vendors to sell spamming tools, credit card data, hacked customer accounts, among other things. 

Got a robot hoover buzzing around your home? It's time to take a look at its security, especially if its an LG device. Researchers from Israeli firm Check Point reported a hack of the LG SmartThinQ app that allowed them to remotely take control of the manufacturer's Hom-Bot hoover and use the video feed to spy on anything in the device's vicinity.

And, the researchers said, the attack could also compromise refrigerators, ovens, dishwashers, washing machines, dryers and air conditioners -- any connected thing controlled by the LG app. Users should update to the latest version of the app. 

On Tuesday, reports surfaced that a new kind of malware was spreading around Europe. The apparent ransomware which researchers are calling Bad Rabbit bubbled up in Russia and Ukraine and appears to also be affecting Turkey and Germany, though spread isn’t fully known at this time.

Initial targets include Ukraine’s Ministry of Infrastructure and Kiev’s public transportation system. The Russian news service Interfax also issued an official update stating that it had been hacked and that it was working to restore its systems. Russian news group Fontanka.ru was also affected and focuses on the trend of targeted media outlets.