IT'S NOT EVERY day that security researchers discover a new state-sponsored hacking group. Even rarer is the emergence of one whose spyware has 80 distinct components, capable of strange and unique cyberespionage tricks—and who's kept those tricks under wraps for more than five years.

In what seems like a broken record, Facebook is facing another scandal related to the transparency of its user data. The UpGuard cybersecurity firm reports that it uncovered two cases in which massive buckets of third-party Facebook app data were left exposed on the public internet. In one such case, a Mexico-based media company named Cultura Colectiva amassed 146 gigabytes of data with more than 540 million records. The records are said to include user comments, likes, reactions, account names, Facebook IDs and more.

From top to bottom, technology is riddled with security errors. At the lowest level, we have hardware errors such as Intel's Meltdown and Spectre bugs. Just above those, we have programming language security holes, and boy, do we have a lot of those! WhiteSource, an open-source security company, recently did a study of open source security vulnerabilities in the seven most widely used languages over the past decade.

Since it began selling its powerful smartphone spyware to governments in 2011, the Israeli cyber-intelligence firm NSO Group has cultivated an air of strict secrecy befitting its image as a haven for ex-military hackers. The company has tried to change its name multiple times, and when a Fast Company reporter called an NSO office in 2017, the man who answered said they didn’t speak to journalists, and hung up.

The security chief for Amazon chief executive Jeff Bezos said on Saturday that the Saudi government had access to Bezos’ phone and gained private information from it. Gavin De Becker, a longtime security consultant, said he had concluded his investigation into the publication in January of leaked text messages between Bezos and Lauren Sanchez, a former television anchor who the National Enquirer tabloid newspaper said Bezos was dating.

When Facebook revealed last week that it had stored millions of people’s account passwords in an insecure format, it underlined the importance of a security setting that many of us neglect to use: two-factor authentication. That might sound like a mouthful, but it has become essential for our digital protection. What it stands for is basically two steps to verify that you are who you say you are, so that even if a password falls into the hands of the wrong people, they cannot pretend to be you.

Jan Krissler used high resolution photos, including one from a government press office, to successfully recreate the fingerprints of Germany’s defence minister

Distributed Denial of Service (DDoS) attacks may now cost the UK economy up to £1bn each year, representing a serious financial burden to businesses. A DDoS attack is when a network is flooded with more traffic than it can handle, meaning that it cannot be used. These attacks are often carried out using botnets, vast networks of internet-connected devices infected with malware.

Research duo who hacked Tesla car win the competition's overall standings. They also get to keep the car.

The operation was run by a local restauranteur who was placed under US sanctions for attempting to interfere with US elections. Slaying online trolls can be a lonely business. Just ask Russia's Lyudmila Savchuk, who first exposed the story of Russia's disinformation campaign back in 2014. The journalist and 33-year-old mother of two, Savchuk started noticing websites and social media accounts attacking local opposition activists in her hometown of Saint Petersburg with a frequency she hadn't seen before.

A data breach is almost inevitable because we continue to make the same security mistakes. Here are five of the bigs ones, according to experts, and why you simply have to fix them.

Global action is required to tackle the web's "downward plunge to a dysfunctional future", its inventor Sir Tim Berners-Lee has told the BBC. He made the comments in an exclusive interview to mark 30 years since he submitted his proposal for the web. Sir Tim said people had realised how their data could be "manipulated" after the Cambridge Analytica scandal.

Huawei would have no choice but to hand over network data to the Chinese government if Beijing asked for it, because of espionage and national security laws in the country, experts told CNBC. Major governments including the United States, Japan and Australia have blocked the Chinese telecommunications equipment maker from providing hardware for next-generation mobile networks known as 5G. The U.S. has said Huawei equipment could provide backdoors for the Chinese government into American networks — a claim the company has repeatedly denied.

At the endless booths of this week's RSA security trade show in San Francisco, an overflowing industry of vendors will offer any visitor an ad nauseam array of "threat intelligence" and "vulnerability management" systems. But it turns out that there's already a decent, free feed of vulnerability information that can tell systems administrators what bugs they really need to patch, updated 24/7: Twitter. And one group of researchers has not only measured the value of Twitter's stream of bug data but is also building a piece of free software that automatically tracks it to pull out hackable software flaws and rate their severity.

As an experienced cyber first responder, Julian Gutmanis had been called plenty of times before to help companies deal with the fallout from cyberattacks. But when the Australian security consultant was summoned to a petrochemical plant in Saudi Arabia in the summer of 2017, what he found made his blood run cold.

In the world of digital thievery, a business model pivot is apparently underway. Over the past year cybercriminals have shifted their focus from ransomware attacks to so-called cryptojacking. That’s the marquee finding out of a new threat report published by IBM this week: Instances of the former money-making scheme were down 45% in 2018, while occurrences of the latter surged 450% in the same timespan, per IBM’s data.

North Korean hackers who have targeted American and European businesses for 18 months kept up their attacks last week even as President Trump was meeting with North Korea’s leader in Hanoi. The attacks, which include efforts to hack into banks, utilities and oil and gas companies, began in 2017, according to researchers at the cybersecurity company McAfee, a time when tensions between North Korea and the United States were flaring.

The US agency responsible for military cyber operations cut off internet connectivity at the Internet Research Agency in Russia on the day of the 2018 midterm elections, according to a report in The Washington Post on Tuesday. The US Cyber Command "basically took the IRA offline," according to an unnamed source that spoke with the Post.

Huawei’s rotating chairman Guo Ping kicked off a keynote speech this morning at the world’s biggest mobile industry tradeshow with a wry joke. “There has never been more interest in Huawei,” he told delegates at Mobile World Congress. “We must be doing something right!” The Chinese company is seeking to dispel suspicion around the security of its 5G network equipment which has been accelerated by U.S. president Trump who has been urging U.S. allies not to buy kit or services from Huawei. (And some, including Australia, have banned carriers from using Huawei kit.)

A new report suggests that password managers aren’t quite as secure as you might first think, and they contain some worrying flaws on the security front, including – in some cases – storing the master password for the app in the PC’s memory in a plaintext form. First off, though, before everybody starts hitting the panic button and considering uninstalling their password manager program, let’s clarify that the security researchers behind this report still advocate the use of these applications.