A security flaw in WPA2, the security protocol for most modern WiFi systems, could allow an attacker to steal sensitive data including emails, credit card numbers and passwords, Researchers at Belgian university KU Leuven reported Monday. Depending on the network configuration, the flaw also could allow an attacker to inject or manipulate information in the system.

Malicious code has been discovered in two versions of Piniform's CCleaner housekeeping utility, the company disclosed on Monday. Piniform is owned by Avast, whose security products are used by more than 400 million people. The malware infecting CCleaner could give hackers control over the devices of more than 2 million users. CCleaner is designed to rid computers and mobile phones of junk.

In a rare move, the U.S. Federal Trade Commission on Thursday confirmed that it has opened an investigation into the data breach at Equifax that compromised the sensitive personal information of 143 million U.S. consumers. The FTC announcement came less than a week after Equifax revealed that an unknown party had gained access to names, addresses, Social Security Numbers and other data belonging to nearly half the U.S. population.

Consumer credit reporting agency Equifax suffered a major criminal data breach that exposed personal information of as many as 143 million consumers in the U.S. between mid-May and July of this year. The attack exposed a range of sensitive personal data, including names, addresses, Social Security Numbers, dates of birth, and in some cases driver's license numbers, Equifax said.

The hacker group known as "Dragonfly" is behind sophisticated wave of recent cyberattacks on the energy sectors of Europe and North America, Symantec reported. The attacks could provide the group with the means to severely disrupt energy operations on both continents. Dragonfly launched a simililar campaign from 2011 to 2014, but it entered a quiet period in 2014 after its activities were exposed.

A relatively new form of cybercrime recently has been plaguing American consumers. Thieves have been hijacking mobile phone account numbers and then transferring services to a different device. Further, hackers have begun using mobile numbers to raid digital wallets and similar accounts. This type of theft has been successful even against the most sophisticated of consumers.

Ask any security practitioner about ransomware nowadays, and chances are good you'll get an earful. Recent outbreaks like Petya and WannaCry have left organizations around the world reeling, and statistics show that ransomware is on the rise. For example, 62 percent of participants surveyed for ISACA's recent "Global State of Cybersecurity" survey experienced a ransomware attack in 2016.

In a stunning twist, U.S. authorities have arrested a British cyber-researcher credited with stopping the spread of the WannaCry ransomware virus on charges he helped develop and deploy the Kronos banking trojan that attacked financial institutions around the world in 2014. A federal grand jury in Wisconsin last month handed down a six-count indictment against Marcus Hutchins, a citizen of the UK.

HBO on Wednesday admitted that it had been targeted by a cyberattack, confirming an anonymous email the alleged hackers distributed to media outlets last weekend. Among the content that may have been compromised were upcoming episodes of the series Ballers, Barry and Room 104, along with script outlines of the channel's hit show Games of Thrones.

A grand jury in the Northern District of California indicted a Russian man for running a massive money laundering operation through the BTC-e bitcoin exchange, a group of federal officials announced Wednesday. The exchange allegedly received up to $4 billion in proceeds from various criminal activities, including the 2014 hack of the Mt. Gox bitcoin exchange.

Recent ransomware threats have escalated into a global crisis, and cybersecurity experts and government authorities have redoubled their investigative efforts. Of grave concern is the possibility that the recent Petya attack had more sinister motives than typical ransomware operations, and that state actors were involved behind the scenes. The Petya attack actually used ransomware as a cover.

Malware targeting Linux systems is growing, largely due to a proliferation of devices created to connect to the Internet of Things. That is one of the findings in a report WatchGuard Technologies released last week. The report, which analyzes data gathered from more than 26,000 appliances worldwide, found three Linux malware programs in the top 10 for the first quarter of the year.

A new ransomware exploit dubbed "Petya" struck major companies and infrastructure sites this week, following last month's WannaCry ransomware attack, which struck more than 300,000 computers worldwide. Petya is believed to be linked to the same set of hacking tools as WannaCry. Petya already has impacted a Ukrainian international airport and shut down radiation monitoring systems at Chernobyl.

Federal and state officials have confirmed that cyberattacks against state voting systems during the 2016 election were more widespread than previously disclosed to the public, but they said the heightened activity did not impact final vote tallies. The confirmations follow a report that attempts to influence the 2016 presidential election were much greater than previously disclosed.

The WannaCry ransom attack that quickly circled the globe last week is not yet fully contained. So far, it has impacted more than 300,000 computers in 150 countries. However, one of the remarkable things about it is that only a trifling $100,000 in ransom, give or take, apparently has been paid. That represents a surprisingly low response from an attack generally considered the biggest ever.

Microsoft this weekend unleashed its wrath on the National Security Agency, alleging it was responsible for the ransomware attack that began last week and has spread to thousands of corporate, government and individual computer systems around the world. Microsoft Chief Legal Officer Brad Smith launched a blistering attack on the NSA and governments worldwide.

Authorities are investigating a massive ransomware attack that reportedly hit more than 45,000 computers in 74 countries worldwide, including the UK's NHS England national health service, international delivery service FedEx, and Spanish telecom firm Telefonica. Security experts have linked the exploit to an earlier leak by the Shadow Brokers, who allegedly pilfered hacking tools from the NSA.

More than 8,600 retail locations will shut down this year, following the 5,077 that closed last year, based on data from Credit Suisse. Moreover, 2017 could surpass 2008 -- the worst year for retail closures on record -- when 6,163 stores shut down operations. However, unlike 2008, when overall consumer spending declined with the onset of a global recession.

Just as the Shadow Brokers hacker group started crowing about a dump of never-seen-before flaws in Windows, Microsoft announced it already had fixed most of the exploits. "Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers," said Microsoft Principal Security Group Manager Phillip Misner. "Most of the exploits are already patched."

An alleged spam kingpin with possible ties to election meddling in the U.S. was arrested in Spain last week under a U.S. international warrant. Pyotr Levashov had been vacationing in Barcelona with his family. Levashov was arrested for interfering with the 2016 U.S. presidential elections, the Russian news outlet RT reported, but the DoJ said the arrest was not connected to national security.

Protecting the data in electronic health records did not start with the advent of HIPAA, as many people think. Protecting health records has been a critical requirement in the healthcare space since the computers became a fixture in hospitals. However, HIPAA added public reports of fines issued for covered entities' failure to properly protect data contained within EHRs.

Apple has received a ransom threat from a hacking group claiming to have access to data for up to 800 million iCloud accounts. The hackers, said to be a group called the "Turkish Crime Family," have threatened to reset passwords and remotely wipe the iPhones of millions of iCloud users if Apple fails to hand over a total of $700,000. They have given the company an ultimatum to respond by April 7.

A Dun & Bradstreet database, 52 GB in size and containing more than 33.6 million records with very specific details, has been exposed. Cybersecurity researcher Troy Hunt, who received it for study, on Wednesday confirmed that the records already were organized and developed as if intended for distribution to a potential client. The database apparently was compiled for the use of marketers.

Gmail users recently have been targeted by a sophisticated series of phishing attacks that use emails from a known contact. The emails contain an image of an attachment that appears to be legitimate, according to Wordfence. The sophisticated attack displays "accounts.gmail.com" in the browser's location bar and leads users to what appears to be a legitimate Google sign-in page.

Hundreds, if not thousands, of Twitter users, many of them high-profile, were hacked Tuesday by someone who appeared to support Turkey in its diplomatic row with the Netherlands. Their accounts displayed a Swastika -- reversed to face to the right -- as well as the Turkish flag and hashtags to the Nazialmanya and Nazihollanda accounts, which displayed comments on the attack.

The Justice Department has announced charges against four individuals, including two officers of Russia's FSB, for carrying out a massive cyberbreach that affected about 500 million Yahoo account holders. A federal grand jury in Northern California charged the defendants -- the FSB officials and two Russian cybercriminals -- with using stolen data to gain illegal access to numerous accounts.

Following WikiLeaks' publication earlier this week of classified documents stolen from the CIA, major technology companies, including Apple, Samsung, Microsoft and Cisco, have been scrambling to assess the risks posed to their customers by the revelations. The so-called "Vault 7" leak includes information about methods and tools the CIA crafted to hack into products produced by those companies.

WikiLeaks on Tuesday dumped thousands of classified documents onto the Internet, exposing hacking programs used by the CIA. The torrent of data is just the first in a series of dumps WikLeaks is calling "Vault 7." This first installment includes 8,761 documents and files stolen from an isolated high-security network within the CIA's Center for Cyber Intelligence in Langley, Virginia.

Twitter on Wednesday announced that over the next few months it will roll out changes designed to increase the safety of users, including the following: Its algorithms will help identify accounts as they engage in abusive behavior, so the burden no longer will be on victims to report it; and users will be able to restrict their tweets to followers for a set amount of time.

Even though D-Link expressly promised that many of its wireless devices had the highest level of security available, the FTC last month filed a lawsuit that alleges otherwise. The FTC filing includes copies of online marketing materials and technical specifications for D-Link's products, and flatly declares that "thousands of Defendants' routers and cameras have been vulnerable to attacks."