Retailer Hudson’s Bay Co on Sunday disclosed that it was the victim of a security breach that compromised data on payment cards used at Saks and Lord & Taylor stores in North America.

One cyber security firm said that it has evidence that millions of cards may have been compromised, which would make the breach one of the largest involving payment cards over the past year, but added that it was too soon to confirm whether that was the case. Toronto-based Hudson’s Bay said in a statement that it had “taken steps to contain” the breach but did not say it had succeeded in confirming that its network was secure. 

As discerning dark web drug dealers and pseudonymous hackers have figured that Bitcoin is not magically private money, many have turned to Monero, a digital coin that promises a far higher degree of anonymity and untraceability baked into its design.

But one group of researchers has found that Monero's privacy protections, while better than Bitcoin's, still aren’t the cloak of invisibility they might seem. Monero is designed to mix up any given Monero "coin" with other payments, so that anyone scouring Monero's blockchain can't link it to any particular identity or previous transaction from the same source. 

A Boeing production plant in Charleston, South Carolina was hit by the WannaCry ransomwear cyberattack on Wednesday. Mike VanderWel, the chief engineer at Boeing Commercial Airplane production engineering, sent out a company-wide memo calling for “all hands on deck.”

“It is metastasizing rapidly out of North Charleston and I just heard 777 may have gone down,” reads VanderWel’s memo. The company worries the virus may hit equipment used in functional airplane tests, which could lead to it spreading to airplane software. WannaCry, which the Trump administration blames on the cyberterrorism unit of North Korea as of December 2017, attacked mainly via a critical Windows vulnerability.

Authenticating with your face seems like a natural choice when it comes to smartphones. Talk about convenient — you were going to look at the phone anyway, right? The smartphone industry as a whole seems to agree.

Apple wasn’t the first company to come up with the idea of unlocking a smartphone with a face, but after Apple introduced it, in the iPhone X, the whole smartphone industry followed — as it always does. Almost every phone showcased at Mobile World Congress 2018 had this function. It’s a really bad trend, and here’s why. Actually, I don’t think that face recognition is bad per se. Quite the opposite — done right, it’s probably better then authentication based on fingerprints or PIN codes.

A newly-discovered keylogger malware has been found infecting computers in the wild. Though the malware is far from advanced, it's efficient at stealing passwords.

Researchers at Cybereason, a Boston, Mass.-based security firm, call the malware "Fauxpersky," as it impersonates the Russian antivirus software Kaspersky. The keylogger is built off a popular app, AutoHotKey, which lets users write small scripts for automating tasks, and compile the script into an executable file. In this case, the app was abused to build a keylogger, which spreads through USB drives and infects Windows PCs -- and replicates on the computer's listed drives.

Ecuador has cut Julian Assange’s communications with the outside world from its London embassy, where the founder of the whistleblowing WikiLeaks website has been living for nearly six years.

The Ecuadorian government said in statement that it had acted because Assange had breached “a written commitment made to the government at the end of 2017 not to issue messages that might interfere with other states”. It said Assange’s recent behaviour on social media “put at risk the good relations [Ecuador] maintains with the United Kingdom, with the other states of the European Union, and with other nations”. 

Github announced the discovery of more than 4 million vulnerabilities located in 500,000 plus repositories.

In 2017, the code sharing site started vulnerability scanning for known Common Vulnerabilities and Exposures in its Ruby and JavaScript libraries, according to a March 21 blog post. The libraries are operated through the company's Dependency Graph which matches the code against the vulnerabilities. Shortly after the program was launched, Github said 450,000 of the identified flaws had been resolved by Dec. 1, 2017 and its rate of vulnerabilities resolved in the first seven days of detection has been about 30 percent. 

A Canadian political data firm called AggregateIQ left a large code repository downloadable online, according to a security researcher, exposing the political data and microtargeting tools that various Republican campaigns used to try to influence voters in the United States' 2016 election cycle.

The exposed data reveals AIQ's ties to the embattled data analytics firm Cabridge Analytica -- and, by extension, its ties to the campaigns of conservative Texas politicians Sen. Ted Cruz and Gov. Greg Abbott. They also reveal AggregateIQ (AIQ)'s connection to Ukrainian steel magnate Serhiy Taruta, head Ukraine's newly formed Osnova party. 

Opinion polls published on Sunday in the United States and Germany cast doubt over the level of trust people have in Facebook over privacy, as the firm ran advertisements in British and U.S. newspapers apologizing to users.

Fewer than half of Americans trust Facebook to obey U.S. privacy laws, according to a Reuters/Ipsos poll released on Sunday, while a survey published by Bild am Sonntag, Germany’s largest-selling Sunday paper, found 60 percent of Germans fear that Facebook and other social networks are having a negative impact on democracy. Facebook founder and chief executive Mark Zuckerberg apologized for “a breach of trust”.

Drupal developers are being asked to give themselves extra time next week to fix a “highly critical” flaw in Drupal 7 and 8 core.

In an advisory sent to developers on Wednesday, Drupal notified them that, “there will be a security release of Drupal 7.x, 8.3.x, 8.4.x, and 8.5.x on March 28th 2018 between 18:00 – 19:30 UTC.” The security advisory did not identify the bug, only describing it as a “highly critical security vulnerability.” “The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days,” according to the post.