hacking

South Korea's Daewoo Shipbuilding was reportedly hacked last year and around 40,000 documents were stolen.

An unknown hacker reportedly put up millions of sensitive records stolen from Malaysian telecoms and network operators for sale on the dark web.

"In terms of targets, Ursnif malware configurations can be a mixed bag at times," IBM's X-Force research team said.

This week in cybersecurity was defined by major attacks and global concern - here are the biggest cybersecurity stories of the week as chosen by the IBTimes UK tech desk.

The National Audit Office (NAO) led an investigation into NHS response to the cyberattack, one of the largest to hit the healthcare service.

The lawsuit by voting transparency activists sought a review of the state's voting systems and called for an overhaul of its outdated election technology.

The Basetools site went offline shortly after the hacker dumped a sample of Basetools' database and posted the ransom demand.

The scam involves hackers tricking victims into divulging their wallet account passwords, which they would then use to clear out the victims' wallets.

Appleby's long list of clients, while not named publicly, include banks, corporations, FTSE 100 and Fortune 500 companies and "high net worth individuals".

The analysts found a cache of files belonging to the Equation Group, an extraordinarily powerful band of hackers that would later be exposed as an arm of the NSA.

Dark web vendors are selling credentials to hacked Remote Desktop Protocol (RDP) servers, which allow hackers to spy on and steal data from companies, without using malware.

The news comes nearly a year after disclosures from the Panama Papers shook the global political elite and triggered investigations into prominent figures worldwide.

The data of Tarte Cosmetics' customers was left publicly exposed via two unsecured MongoDB databases, which were later accessed by the Cru3lty ransomware gang.

The hackers reportedly had control over Coinhive's domain name for around six hours.

The botnet has now been christened "Reaper" and is said to be expanding at a rapid pace, using unpatched vulnerabilities to infect millions of devices.

The malware is capable of stealing victims' contacts, reading and sending SMS messages and locking out users from accessing their phones.

The London Bridge Plastic Surgery confirmed the hack and the data theft, adding that it is still working on determining what kind of data was compromised.

So far, the ongoing FBI investigation has resulted in three cases against defendants across the US.

NCSC head Ciaran Martin confirmed that "hostile" nation-state hackers had hit Northern Ireland infrastructure in "significant" attacks.

Experts from ESET, a Slovakian antivirus company, said this week (23 October) that both Google and the real Poloniex crypto exchange have been notified.

The Anonymous group is known to use distributed denial of service (DDoS) cyberattacks in order to overwhelm website servers with traffic and force them offline.

The two-page file, lifted from the conference's website, was created on 4 October and researchers from Cisco Talos said attacks peaked three days later.

The DHS and FBI said in a joint report that the threat actors are "actively pursuing their ultimate objectives over a long-term campaign".

Hackers infected the installers of the Eltima Player and Folx apps with the Proton malware, which in turn was downloaded by unsuspecting users.

Research suggested that the new botnet is evolving at a rapid pace, and could soon be weaponised to launch cyberattacks in the same fashion as "Mirai" last year.

The programme encourages researchers to scour for bugs in select popular apps created by Google as well as third-party developers,

The zero-day vulnerability, which was previously exploited by the BlackOasis group, was made public and patched on 16 October.

Malaysian technology website Lowyat reported that the files were offered for sale by an unknown user of its forums.

Don Meij insisted that the firm does not store credit card information on its systems and stressed: "No financial data was accessed in this incident."

The leaked records contained citizen ID numbers, names, genders, martial statuses, home ownership information, employment details and income data.