Latest News


IoT Smartwatch Exposes Kids’ Personal, GPS Data

Researchers are warning parents that a children’s connected smartwatch has vulnerabilities that leak users’ personal and GPS data, and allow attackers to listen in on and manipulate conversations. Worse, the smartwatch in question, SMA M2, is currently used by 5,000 children worldwide.

Chinese manufacturer Shenzhen Smart Care Technology Ltd. (SMA) said that the SMA M2 smartwatch, which costs $35, helps parents track their children using a companion app that tracks the smartwatch’s GPS location and allows them to send messages or make phone calls.

T-Mobile confirms customers' personal data accessed in hack

It's been a rough month for customers who care about their privacy, with data breaches affecting businesses as diverse as high-end department stores, camgirl websites and online domain registrars. Yet another cybersecurity issue has allowed hackers to access data about prepaid customers of popular US and European telecom brand T-Mobile, as revealed by blog TmoNews.

Data-Enriched Profiles on 1.2B People Exposed in Gigantic Leak

An open Elasticsearch server has exposed the rich profiles of more than 1.2 billion people to the open internet.

First found on October 16 by researchers Bob Diachenko and Vinny Troia, the database contains more than 4 terabytes of data. It consists of scraped information from social media sources like Facebook and LinkedIn, combined with names, personal and work email addresses, phone numbers, Twitter and Github URLs, and other data commonly available from data brokers – i.e., companies which specialize in supporting targeted advertising, marketing and messaging services.

Macy’s Suffers Data Breach by Magecart Cybercriminals

The department store Macy’s is warning that web skimmer malware was discovered on collecting customers’ payment card information. The attack has been linked to Magecart, a notorious umbrella group made up of various cybercriminal affiliates that is known for injecting payment card skimmers into ecommerce websites.

According to a data breach notice sent to customers, “an unauthorized third party added unauthorized computer code” to on Oct. 7. The code, which was discovered and removed on Oct. 15, was collecting customers’ first and last names, addresses, phone number and email addresses, payment card information (including number, security code, and expiration dates).

‘Windows Update’ Installs Cyborg Ransomware

A malicious spam campaign that informs victims it contains a “critical Windows update” instead leads to the installation of Cyborg ransomware, researchers have found. Further, they were able to access its builder, which can be used to create malware variants.

The email-based threat, discovered recently by researchers at Trustwave, is unique in a few ways, researchers unveiled in a blog post on Tuesday. For instance, the attached file purports to be in .jpg format, even though it opens an .exe file.