We all fall victim to the dangerous belief that if an app or extension is listed in an official repository - be it the App Store, Google Play, the Microsoft Store, Mozilla's Add-Ons directory or so on - it must be legitimate. After all, the big tech companies surely use a lot of automated systems (and real human beings) to ensure that their customers aren't downloading harmful things. Right?

Here we go again. Radware's threat research group recently announced that more than 40,000 Facebook users were duped into downloading a "Relieve Stress Paint" application, via a crafty phishing email, that stole their login credentials and browser cookies while they pretend-painted in the app. Worse, the attack was clever enough to avoid being flagged by a typical antivirus app.

Minecraft fans, beware of what you install. Anti-virus makers Avast have announced that over the last 30 days, they have identified malware that has infected almost 50,000 Minecraft players, malware designed to "reformat hard-drives and delete backup data and system programs,".

Nobody likes an operating system that's full of unnecessary stray files, 20 annoying apps that start up when you fire up your computer, and other crap that slows down your system, makes your desktop feel disorganized, or gives you a headache whenever you're trying to work (or game). Thankfully, there are a number of free apps that can help you clean your Windows PC.

The disclosure of the Meltdown and Spectre computer vulnerabilities on January 2, 2018 was in many ways unprecedented. It shocked – and scared – even the experts. The vulnerabilities bypass traditional security measures in the computer and affect billions of devices, from mobile phones to massive cloud servers.

We have, unfortunately, grown used to attacks on computer systems that exploit the inevitable flaws resulting from vast conceptual complexity. Our computer systems are the most complex artefacts humans have ever built, and the growth of complexity has far outstripped our ability to manage it.

Most internet users wouldn't want to share their browsing history with the rest of the world. (It's one of the reasons incognito mode is so popular.) This is especially true of people who look at questionable online material. So what would you be willing to pay if someone had a secret recording of you watching porn, taken on your webcam?

Security researchers revealed disastrous flaws in processors manufactured by Intel and other companies this week. The vulnerabilities, which were discovered by Google's Project Zero and nicknamed Meltdown and Spectre, can cause data to leak from kernel memory -- which is really not ideal since the kernel is central to operating systems and handles a bunch of sensitive processes.

There have been plenty of stories recently about websites, often connected to content piracy and other dodgy activities, running background software that harnesses your computer's resources to mine cryptocurrency wile you're on their site. But, once you close the browser window, the CPU thieves lost access to your processor and associated resources. Malwarebytes has found that some have resorted to a clever trick to keep mining for cryptocurrency even when you've closed the offending browser window.

Evernote has a bit of a malware problem. For the past few years (starting in early 2014) spammers have been sending fake emails that claim to come from the note-organising service but include links to install malicious software on your computer.

Threat actors, Group 74, have targeted people attending the Cyber Conflict US Conference being held in Washington next month. They have distributed a flyer that delivers a VBA payload. Cleverly, the bad guys copied the text from the real flyer from the conference website and used that to craft their attack. While this isn't a new technique it's interesting that they are specifically focussing on security experts, presumably as a way of boosting their credibility in the hacker community.

Although Adobe has made the decision to send Flash out to pasture, the application most of us love to hate isn't letting its reputation for being the malware vector of choice fade away. A new zero day, dubbed BlackOasis, has popped up according to researchers from Kaspersky Labs.

Some computer security myths and stories that keep getting passed around, even though they're clearly not true. We sat down with computer security experts to separate fact from fiction.

Most security reports are pretty dull. They tell the same story. The bad guys can get into almost any system, spend weeks or months there, exfitrate data and generally run amok. They use social engineering attacks or exploit vulnerabilities to find their way into networks. But the Carbon Black report, released today focusses on something else - the malware marketplace.

This morning, Piriform, developer of PC maintenance tool CCleaner, announced it was breached by hackers who infected an estimated two million users with malware. Prifirom says the incident has since been resolved, but encourages users to update the software to prevent further compromises.

According to its parent company Avast, more than 130 million people use the performance optimisation software CCleaner. And today all of those people need to be sure they have installed the latest update because some nasty malware has managed to make it into one of the builds.

File-sharing websites are not exactly known for their sterling reputation, though a few such as famed torrent site the Pirate Bay have been around for long enough while generally avoiding shady behaviour they have acquired a certain cachet with the internet community.

Famed white hat hacker Marcus Hutchins -- better known as "MalwareTech" -- was arrested by the FBI yesterday while trying to fly home to the United Kingdom from Las Vegas. The 22-year-old security researcher gained mainstream fame earlier this year as the guy who stopped the destructive WannaCry ransomware from spreading, and had been partying with friends near the Black Hat and Defcon hacker conferences before his arrest. Now, he faces serious federal charges for allegedly creating the Kronos banking trojan. But he's supposed to be the good guy!

Security researcher Abhinav Singh works with security firm Netskope and is the author of the Metasploit Penetration Testing Cookbook and Instant Wireshark. I spoke with him at the recent RSA Conference Held in Singapore about how the cloud is the new vector being exploited by threat actors.

Although Apple recently patched macOS to detect and block a piece of malware called Fruitfly, that can capture screenshots, keystrokes, webcam images, and information about infected Macs, a variant was discovered by security researchers. And there's no way to stop it yet.