Cyberthreat trends: 2019 cybersecurity threat review

Dropbox has announced via their blog that 68 million user email addresses with hashed and salted passwords have been exposed. Dropbox has verified that the information is indeed legitimate.

Last year, the Norton team brought you a new look into cybercrime via the documentary In Search Of The Most Dangerous Town On The Internet. Through...

Every February, users both single and coupled tend to increase their downloads of Valentines Day-centric apps.

Data leak exposes millions of bank loan and mortgage documents. Here’s what you need to know.

VPNFilter malware targets over 500,000 routers. Here's how to help protect yourself.

Recently, there have been reports about state sponsored, targeted attacks moving into the router and IoT security space. Read more to see how this affects you.

An unusual strain of ransomware has shown up on the scene, and it isn’t playing nicely at all. Dubbed “Jigsaw,” the ransomware was created in early March and made its way to the black market a week later, selling for around $140 USD. So far, it seems that there has been minimal sales of the malware. Luckily, it is not widespread yet.

A distributed denial-of-service (DDoS) can bring down websites. Here’s what you need to know.

DoS attacks generally take one of two forms. They either flood web services or crash them. Learn how they work.

The dark web is often used by cybercriminals. But it’s also visited by journalists, law enforcement agencies and others.

Massive data breach at large hotel brand affects up to 500 million guests, potentially exposing them to identity theft and other crimes.

Your vote counts. Before casting your ballot, take a look at these 7 tips for election security.

496,951 Google+ users’ full names, birth dates, gender, profile photos, addresses, occupation and relationship status were exposed.

A zero-day vulnerability is a software issue with no known patches. Until a fix is available, cybercriminals could exploit it.

Cyber security threats evolve, and so do cyber security facts. Here are 10 cyber security facts for 2018 to help give you the big picture.

Everything you need to know about Facebook’s 50 million compromised accounts.

The threat group dubbed “Magecart” has been targeting the payment information entered into forms on various websites.

Tablets and smartphones can be vulnerable to online threats and need security software

Did you know that your ISP can see what you do while you’re online? From making purchases to looking up medical conditions, your actions create a digital trail of data that can paint a very detailed picture of you.

Don’t let cyber con artists trick you into handing over personal information, money and more. Here’s what to know to help protect yourself.

A U.S. judge sentences a Canadian man to five years in prison for his role in the 2014 Yahoo data breach.

MyHeritage DNA testing and family tree website investigating email and password breach, resetting all user passwords.

Reported breach may affect 5 million debit and credit cards at Saks, Saks OFF 5TH and Lord & Taylor stores in North America.

Spectre Next Generation — reportedly a new set of vulnerabilities in computer processors — could put your data at risk.

More than 120 million U.S. households had information exposed in a data leak, potentially raising the risk of identity theft for the impacted American families.

Ride sharing company Uber has announced that hackers have stolen the personal information of about 57 million customers and drivers.

Several malicious apps have been downloaded from the Google Play Store millions of times, disguised as legitimate versions of the popular messaging platform “WhatsApp.”

In today’s connected world, cybercrime is a reality we all face. Therefore, you must choose trustworthy companies to handle your information

Until your Wi-Fi enabled devices have a security patch for the KRACK vulnerability here are some steps to take to help secure your devices.

A bug discovered in the Firefox web browser could allow attackers to gain access to files stored on a computer through malicious code injected into the browser’s built-in PDF viewer.

The healthcare industry is a prime target for attackers because healthcare data is a treasure trove to cybercriminals. By targeting a hospital’s records rather than just a credit card number or financial data, an attacker can easily gather additional personal information from these sources, especially if their goal is identity theft.

Two vulnerabilities, which are security holes in software, in Mac OS X operating systems affecting OS X versions Mavericks 10.9.5 up to Yosemite 10.10.5 have been confirmed.

Last week, the cyber attack against the hackers-for-hire firm Hacking Team, led to a theft of 400gb of data that exposed two Adobe Flash Player vulnerabilities.

A group of hackers known as Team GhostShell, claims to have hacked a multitude of organizations, including financial institutions, government agencies, political groups, law enforcement entities, and universities.

On February 25th, 2015, with the help of Symantec and other industry partners, Europol was able to seize servers used by the cybercriminal group behind the Ramnit Botnet.

Its all over the news: headlines claiming that Starbucks was hacked or that hackers broke into the Starbucks mobile app. What is true is that cybercriminals are targeting Starbucks accounts, but not...

Security researchers have discovered a new software bug known as the “Bash Bug” or “Shellshock,” or to those more technically “in-the-know” as GNU Bash Remote Code Execution Vulnerability

Since the large-scale August 19th data breach revealing millions of user profiles and email addresses from the Ashley Madison online dating site, we have found and blocked a surge in email spam activity related to the Ashley Madison data breach.

The holidays are just around the corner, and that means many of us will be making purchases online to avoid large crowds and busy mall traffic. While online shopping has made our lives easier, it...

Two researchers have designed a worm that can spread itself via the firmware of Apple OS X computers and peripherals, without the aid of connecting to the Internet. Firmware is software that resides on a chip in your device, and provides instructions to the hardware on how to power up properly and then load the operating system.

A popular photo printing website has announced that customer credit card data collected by a third party vendor may have been breached. As a precautionary measure, the company has temporarily disabled their website while the investigation into the breach is still pending.

When hacking was first introduced in film and television, it was nowhere near as prevalent as it is today. The threat landscape was years away from becoming what it is now, so hacking and cybercrime...

The Norton Cyber Security Insights Report sets out to understand how consumers are personally impacted by cybercrime and puts a human face on the headlines dominating the news.

Cyber criminals are not run-of-the-mill street hooligans. Assailants of online crimes are educated, tech-savvy, sophisticated individuals who dont care if you prefer PC to Mac or vice versa. There...

Cybercriminals have reportedly stolen over 225,000 Apple ID account credentials from jailbroken iOS devices, using a type of malware called, “Keyraider”. The criminals have been using the stolen credentials to make in-app purchases with user accounts.

This year, Norton visited DefCon 24, a hacking conference held in Las Vegas. Established in 1993, this conference is designed to bring together people from all realms of the...

On Tuesday October 14th, a new vulnerability was discovered in Microsoft Windows Operating Systems, affecting all supported versions of Windows, from Windows Vista Service Pack 2 up to Windows 8.1. According to the security firm, iSIGHT, this vulnerability has been exploited by a cyberespionage group known as Sandworm, to deliver malware to targeted organizations.

A new weakness in OpenSSL could allow attackers to hijack secure communications by tricking a targeted computer into accepting invalid and untrusted SSL certificates as valid certificates. This could help facilitate man-in-the-middle (MITM) attacks, where attackers eavesdrop on connections with secure websites such as online banking, ecommerce or email.

An independent security researcher recently discovered that some Apple Macs older than a year are susceptible to a nasty bug that would allow attackers to gain access to a computer once it wakes from “Sleep mode”.

The security hole in Internet Explorer could allow an attacker to take over a computer. Once the attacker has gained control, they can potentially install programs, view, change, or delete data and more.

A serious vulnerability has been discovered in Internet Explorer that could potentially allow attackers to steal information from a website, as well as inject information into other websites

A newly discovered vulnerability, dubbed, “FREAK”, that could allow attackers to intercept and decrypt encrypted traffic between browsers and web sites via a Man-in-the-Middle (MitM) attack

Researchers from the University of Indiana discovered a bug in Apple’s operating system that could allow cybercriminals new ways to use apps to hijack passwords.

Tens of thousands of Android devices have potentially been affected by a new variant of the Simplocker ransomware. Ransomware is a malicious type of software that either locks or encrypts your files or device, and leaves an alarming message demanding that the owner of the device pay a “ransom” to get their files or control of their device back.

Researchers have discovered a new type of Android ransomware that takes advantage of a potentially embarrassing situation to extort the user into paying a ransom. The malicious software is distributed through an app named "Adult Player," which is a pornographic video player.

A new Adobe Zero-day exploit was discovered by Trend Micro on February 2nd, 2015. A Zero-day exploit is when there is an unpatched bug in a software program that allows hackers access to inject malware into your computer.

To celebrate May the Fourth we’re taking a look at vulnerabilities that nearly ended the Empire. Whichever side you choose, don’t become a victim to software vulnerabilities.

Since our personal safety takes precedence over everything, it’s safe to say that our digital security is a close second. This brings us to one the biggest challenges of Internet security – free vs paid internet security.

As more and more people lean towards reading in a digital format, here are a few things to keep in mind when reading ebooks.

You may have noticed growing reports in the media about the dangers of using USB memory sticks. A malicious USB device can install malware such as backdoor Trojans, information stealers and much more.

The who, where and how of malware: who writes the code, where does malware come from, and how you can protect yourself.

Cybercriminals use sophisticated tactics that make it extremely difficult for law enforcement alone to collect evidence, capture the suspect and prosecute them.

Sophisticated cybercriminals have devised a way to steal email credentials that bypasses two-factor authentication security and doesnt rely on otherwise easy-to-spot phishing methods. Heres what you...

A new zero-day vulnerability in Adobe Flash Player was discovered via a cyberattack against the hackers-for-hire firm Hacking Team (link is external). A large amount of internal information leaked by the attackers contained data on the exploit, which could crash a computer and allow a remote attacker to then take control of the machine.

There are multiple layers to the Internet that you may not be aware of. The first, or top layer is called the surface web, and it is the part of the web that is crawled by search engines. Thats the...

Customers of over 1,000 banks and other financial institutions around the world have recently fallen victim to a malicious piece of software, called the Dyre financial Trojan.

Did you know that an attacker can flood your house via the water dispenser on your connected refrigerator? Or that bluetooth enabled locks can be picked from of a mile away using radio frequencies?...

Symantec, the parent company of Norton, has uncovered a highly-complex cyber-espionage malware program known as Regin. This malware has been developed for use in spying campaigns against international targets, such as government organizations, businesses, academic organizations, service providers and even private individuals.

Corporate espionage group Butterfly has compromised a series of major corporations over the past three years, targeting confidential information and intellectual property. Symantec has been monitoring this group and working with its victims to track the attackers over the past two years.

A critical new vulnerability that can be used to forcibly install software on MacBooks without the users’ consent or administrator password has been discovered on MacBooks running OS X Yosemite, version 10.10. Doing so allows a malicious program to run as though it is the administrator of the computer.

On March 19th, 2015, website developers who use OpenSSL learned of several bugs, including a severe bug that could allow hackers to render a webserver or website unavailable to users.

Researchers discovered a new vulnerability in Apples mobile iOS platform that has the potential to trick users into divulging their passwords to scammers. A bug lurking in Apples iOS mail app on both...

A new zero-day vulnerability has been discovered in Adobe Flash. Security researcher Kafeine reports that this vulnerability is currently being exploited in the wild.

Hot on the heels of another large data breach, Sonic, America’s Drive-In, appears to be the latest victim of a potential data breach. This could mean almost 5 million customers may end up with their credit card information traded in the underground economy.

Equifax has announced that cybercriminals have exploited a vulnerability in their website, allowing them to gain access to certain files. The data breach appears to have taken place from mid-May through July 2017.

Android smartphone users should be aware of a dangerous new type of malware that spreads via spam SMS or MMS messages that link to a malicious app file.

Symantecs Global Intelligence Network (GIN) team has updated their intelligence page, which provides the most up-to-date analysis of cybersecurity threats.

Its sad to say, but cybercriminals have learned how to use our emotions against us.

A new variant of ransomware has been discovered on Tuesday (February 16), known as Locky, and has been spreading swiflty since it first appeared.

Patch Tuesday is an unofficial term used in the technology industry, which is when software companies regularly release security patches for their products.

Attackers are setting their sights on stealing users Netflix credentials in order to sell them on the black market, providing access to the streaming service for less expensive prices.

Symantec has found a variant of Android ransomware that uses clickjacking tactics to try and trick users into giving the malware device administrator rights.

Symantec has recently identified thousands of websites that have been compromised with malicious code, which is used to redirect users to a compromised website.

iOS device users- update your software now! Apple released an update to iOS 9 this week, which fixes a three-year old cookie theft bug.

2015 was a banner year for cybercriminals. We reported on 53 events that made it into the headlines, however that was just what we reported. There were many more than that occurred.

Malicious software that uses encryption to hold data for ransom has become wildly successful over the last few years. The purpose of this software is to extort money from the victims with promises of restoring encrypted data.

Today, Norton released findings from a survey of more than 5,000 consumers from U.S., U.K., Canada, Australia and Japan about their fears of and forays into the connected world. The survey makes clear that there are two types of people: those who understand smartphones and IoT devices come with risks, and those who do not.

Since streaming video content has become mostly commonplace, cybercriminals have taken notice, and are spreading spyware and malware on many social media platforms via comments

A vulnerability in Apple’s AirDrop feature has been discovered by Australian security researcher Mark Dowd. AirDrop is an “over-the-air” file sharing service that uses Bluetooth and WiFi, and is built into iOS and Mac OS X products.

Adobe has released a patch for a newly discovered vulnerability, CVE-2016-1019, which affects Adobe Flash Player.

The vulnerability affects Adobe Flash Player versions 21.0.0.197 and earlier for Windows, Mac, Linux, and Chrome operating systems. Adobe has now released the patch for the vulnerability.

Tax season is a ripe time for phishing and spreading malware; without fail, tax-related online scams remain a most popular type of phishing scam each and every year. Through our threat intelligence network, we have identified four types of tax scams that individuals and businesses should be wary of as they’re preparing to file their taxes in 2016.

Hackers have figured out a way to hijack cell phones and steal the valuable information contained in them. Find out how criminals go after emails, photographs and payment apps to commit larger crimes like blackmail, fraud and theft. Learn how to keep your identity safe.

Researcher Patrick Wardle has discovered a security weakness in Apple’s Mac OS X Gatekeeper technology that could allow attackers to run unverified, and possibly malicious applications.

It has been recently discovered that some Dell computers are vulnerable to man-in-the-middle attacks because of an issue with a root certification authority. Root certificates help your web browser verify that websites you visit are legitimate and are who they say they are.

A proof-of-concept (PoC) discovery means that this is not an actual outbreak, but that it has been created in a lab by researchers simply to see prove if it is possible. The researchers that perform these tasks are considered white hat hackers.

You may have read about Apple pulling over 250 iOS apps from the App Store for various privacy violations. This was because these apps used the Youmi advertising software development kit (SDK), which is also used in Android app development.

A key figure behind an online banking scam dubbed “Dridex,” which has been stealing millions of dollars from online bank accounts, was recently arrested. After a coordinated effort between the FBI and National Crime Agency, with support from authorities across Europe, this effort helped cyber security experts and law enforcement cut off thousands of compromised computers from the botnet’s control.

A new variant of Android ransomware has been discovered, which is displayed on the lockscreen’s user interface (UI). This threat, Android.Lockdroid.E, creates a lockscreen that appears more sophisticated and official by displaying fraudulent legal notices coupled with personal information gathered from the device.

You may have seen one of those posts floating around on your newsfeeds recently, about Facebook charging you to keep your private information private. But the truth lies in Facebook's privacy policy.

In late July 2015, a bug dubbed Stagefright was discovered, that had the ability to secretly sneak onto Android phones via Multi Media Text Messages (MMS), affecting Android phones running OS 2.2 and later. Since its discovery, Google has released several patches.

iOS apps popular mainly in China have been infected with a piece of malware that can steal your data, and even get you to reveal things like usernames and passwords via phishing.

One of the most prevalent Android ransomware threats in the West has now expanded to Asia, choosing Japan as its first target. Android.Lockdroid was spotted on March 11th, and disguises itself as a system update.

There’s a perception that OS X is impenetrable, especially when compared to Windows. In recent times this assumption is being proven wrong. The latest in a series of flaws discovered in OS X and iOS is a vulnerability in Apple’s security system.

According to the Symantec report titled “Financial Threats 2015,” cyber thieves are developing stronger attacks on banks and other institutions to try to access our hard-earned money. Here’s an inside look at the top threats financial companies faced in 2015, plus tips on keeping your own bank accounts secure.

Apple has released a slew of software updates this week for various products. These vulnerabilities and others are also affecting other versions of Apple’s OS, so it’s a good idea to take a moment and update all your iDevices.

Last weekend several mainstream websites, fell victim to a massive malvertising campaign. The tainted ads in these websites may have directed thousands of unsuspecting users to a landing page hosting the notorious Angler Exploit Kit, a kit that stealthily installs crypto-ransomware and other malware on computers.

Cybercriminals regularly use exploit kits to innovatively find vulnerabilities in systems and infect users with malware. A recent victim of this Angler Exploit Kit is ‘Burrp’, a popular local food and restaurant recommendation website based in India.

The discovery of a critical Adobe Flash Player zero-day vulnerability, CVE-2016-1010, “that could potentially allow an attacker to take control of the affected system” prompted Adobe to issue an emergency patch on March 10. Adobe says the vulnerability has been identified as “being used in limited, targeted attacks.”

Symantec recently discovered a phishing site for Amazon.com, which didn't seem out of the norm, at first. However, when taking a closer look at the HTML source code, an interesting comment from the attacker was uncovered. The "brag tag," found details that consisted of the name of the scam, "Scama Amazon 2016,” along with the attacker's name, website, and even a YouTube channel.

Between March 4th and 5th, 2016, Apple customers were the targets of the first Mac-focused ransomware campaign executed by cybercriminals.

With the IRS’s due date of April 18th looming overhead, fraudsters are rapidly trying to cash in on tax refunds. In this scam, the scammer pretends to be a member of upper management, and targets a more junior member of the organization. The phishing email requests that the target send employees’ W2 forms for inspection.

A recent vulnerability involving the handling of SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates dubbed as DROWN, has been discovered by researchers. DROWN stands for “Decrypting RSA with Obsolete and Weakened eNcryption.”

Earlier this week, white hat hacker Chris Vickery announced that he was able to gain access to over 13 million MacKeeper user accounts. A vulnerability was exploited in the company’s servers, which exposed the usernames, email addresses and other personal information of 13 million customers.

It has been discovered that attack groups behind the [ransomware](https://community.norton.com/en/blogs/norton-protection-blog /ransomware-when-cybercriminals-hold-your-computer-hostage) known as...

I was sitting in my home office when my home phone line rang.It was late. 10:30 p.m. to be exact, but I often use this quiet timeafter my kids have gone to bedto catch up on email.Despite my home...

This week, VTech, a global company that manufactures Internet connected learning products for young children announced that they have been involved in a massive data breach. The companys learning...

A new, sneaky variant of Android.Mobilespy has been discovered. This malware steals information, and displays advertisements, however it executes it in a different way than most malware. It tries to...

Petya ransomware is spreading using the EternalBlue exploit similar to the WannaCry attack. Here's what to do when it comes to ransomware.

When it comes to free apps, there still may be a price, although it doesn’t always cost the user. There are other ways applications can earn revenue, such as running advertisements within the app itself.

The mobile threat landscape is rapidly evolving due to the fact that mobile phones are increasingly becoming an attractive and abundant target to cybercriminals. It seems that there are new threats evolving on a daily basis, and it is vital to be proactive in our defenses against them.

Recently, a Windows 10 ransomware scam has been discovered in the form of phishing emails impersonating Microsoft.

A new, extremely dangerous flaw dubbed Stagefright, has been discovered within the multimedia text message (MMS) capabilities on Android phones running OS 2.2 and later.

As a Norton customer, you are always entitled to download the latest version of your Norton product for free during your service period. Existing customers are...

Yesterday, security firm Palo Alto Networks, reported on a new family of malware that affects Apple’s OS X and iOS devices called WireLurker. WireLurker has been used to inject malicious code into Mac applications hosted on a third party Mac app store in China.

Not all hackers are inherently bad. When used in mainstream media, the word, hacker, is usually used in relation to cyber criminals, but a hacker can actually be anyone, regardless of their...

Selecting the right antivirus software for your devices is one of the most important things you can do for your digital safety. Know what to look for before you choose an antivirus.

A form of phishing, smishing is when someone tries to trick you into giving them your private...

If youre like most Internet users, youve never even heard of grayware, adware or madware. Thats because these are all lower on the threat scale in the world of malicious programming. Whats more, they...

Youve heard of malware, ransomware, botnets, and the like. What you dont hear about is the technology behind these threats. These threats all have to come from somewhere, theyre not just out there...

Today we are proud to announce the launch of the second installment in our documentary series The

Introducing Zero Days, the real-life cyber warfare documentary featuring Symantec cyber-security experts Eric Chien and Liam O'Murchu. You may have heard about the Stuxnet virus in the media over...

Cyber criminals are finding new ways to steal your money through your Android device. Lately, the use of Android malware that steals your banking credentials, with names such as Acecard or GMbot, is on the rise.

Researchers at Symantec have recently discovered a malicious app that can steal photos and videos from the popular instant messaging and VoIP app Viber.

Although Dridex (W32.Cridex) and Locky (Trojan.Cryptolocker.AF) have been unusually quiet, a new type of ransomware may be taking their place on the online threat landscape.

Are your Apple AirPorts suddenly flashing yellow? That’s because Apple has sent out a major update to your AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations.

Overnight sensation Pokémon GO! has continued to explode over a week after its New Zealand, Australia, and the US on Wed July 6. July 13th the game was released in Germany and the following day for the UK.

Cyber espionage, also known as cyber spying, is grabbing a lot of headlines lately. The most recent incident affects Apple’s iOS. Researchers at Citizen Lab Have discovered that a highly sophisticated cyber espionage group has deployed a very rare, advanced form of spyware, which can break an iPhone wide open.

If you have a Yahoo account, you need to change your password now. If you reuse that password on any other online accounts, you should change that too.

Hundreds of malicious apps are showing up on the Google Play Store, disguised as legitimate applications.