Emerging Threats

Cyber security market to reach $120B by 2017

By

Driven by increasing use of cloud and mobile services, and cyber criminal activity from hacktivists, terrorist groups, nation-state actors and those out for financial gain, the global cyber security market is expected to grow by 11.3 percent each year.

Take mobile defense seriously

Take mobile defense seriously

There is no doubt that data security and privacy concerns have almost completely migrated to the mobile channel.

Hired Guns: What's in the name CyberPMC or CyberPSC?

In 2011 and the new age of cyberwarfare, what differentiates a military corporation from a security corporation? Are you now working in a cyberwarfare capacity? If so, what restrictions on global trade should CIOs be concerned with?

Ten years of evolving threats: A look back at the impact of notable malicious wares of the past decade

Ten years of evolving threats: A look back at the impact of notable malicious wares of the past decade

As security firm Fortinet celebrates 10 years in business, Fortiguard Labs took a look at the 10 most intriguing threats during the past decade and showed how their feature sets have evolved, Darwin-like, over time.

Storm Worm making comeback with new spam run

By

Researchers at CA say they have detected a new variant of the Storm Worm, the infamous botnet best known for its spam-producing abilities, but which was effectively killed off more than a year ago.

Web fraud losses more than double in 2009, says report

By

Losses related to cybercrime more than doubled from 2008 to last year, according to a report from the Internet Crime Complaint Center (IC3)

Microsoft discloses zero-day IE flaw used in China attacks

By

The organized and well-resourced cybercriminals who compromised systems at Google, Adobe and more than 30 other large companies used a previously unknown, zero-day Internet Explorer exploit as part of their arsenal to install data-stealing malware on target machines, researchers at McAfee revealed Thursday.

Encryption protecting most mobile phones cracked

By

With a few thousand dollars and widely available open-source tools, the encryption algorithm used to protect most cell phone communications can be cracked, allowing an attacker to listen in on phone calls, researchers revealed Sunday at a security conference.

Serious vulnerability in SSL discovered

By

A newly discovered SSL flaw could allow an attacker to launch a man-in-the-middle attack and intercept an SSL-protected session, according to researchers.

BlackBerry snooping application released

By

A snooping application, called PhoneSnoop, allows an attacker to remotely activate a BlackBerry microphone and listen in on surrounding conversations.

Report: Cyberdeterrence may be unwise military strategy

By

A new report suggests that, instead of threatening retaliatory attacks to deter cyberwar, the U.S. military should employ more diplomatic strategies.

Black Hat: Clampi banking trojan spreading rapidly

By

A newly revealed banking trojan is considered one of the biggest threats on the internet because of the way it can quickly spread.

New BIND 9 DNS flaw is worse than Kaminsky's

By

A flaw in all versions of BIND 9 reportedly being widely exploited has the potential to cause widespread damage if it goes unpatched, security experts said.

Industry group releases software integrity framework

By

Not enough emphasis is placed on the integrity of software, according to a software assurance group, which hopes to change that mentality with a new framework.

"Harry Potter" malware hits

By

Hackers are leveraging the popularity of a summer blockbuster to dish out malware, according to anti-virus provider ThreatFire. Links related to the new "Harry Potter" movie are popping up across the web, especially on sites such as Digg.com and Blogspot.com, the company said Thursday in a blog post. If users follow the link, they are brought to a site claiming to offer a video of the movie but actually tries to get them to install a host of malware, including the Koobface worm and rogue anti-virus programs. — DK

Black Hat topics include hacking parking meters, social networks

By

Researchers are set to discuss a wide range of topics at the annual Black Hat conference.

"Nine-Ball" mass injection attack compromised 40,000 sites

By

A new threat dubbed "Nine-Ball" has compromised up to 40,000 legitimate websites that are now infecting users with an information-stealing trojan, according to security vendor Websense.

Cybercriminals targeting Twitter "trending topics"

By

Cybercriminals are using Twitter to propagate malicious links in an attack that's easier to mount than black-hat search-engine optimization (SEO), according to PandaLabs.

Google rates Gumblar distribution URL as top malware site

By

The URL hosting the Gumblar attack, which has compromised thousands of legitimate websites with code that silently redirects users to a single Chinese domain, heads its list of Top 10 malware sites, according to Google.

The many morphs of a phishing/malware scam

By

A new attack targeting Outlook users has morphed from trying to retrieve login credentials to attempting to infect users with fake anti-virus products.

Twitter hit with rogue anti-virus scams

By

Users of popular blogging platform Twitter fell victim this past week to a scareware scam.

Hackers hit U.S. Army websites

By

A group of computer hackers based in Turkey breached the sites of two U.S. Army facilities, leveraging SQL injection attacks.

"Beladen" website compromises cropping up

By

A mass injection attack similar but unrelated to Gumblar has infected more than 40,000 websites, according to new research from Websense.

New Windows zero-day

By

Microsoft on Thursday issued a security advisory for a new vulnerability in DirectX, used on Windows to enable graphics and sound, that could enable a remote hacker to execute arbitrary code if users open specially crafted QuickTime files. Microsoft said that it was aware of active attacks using exploit code for the vulnerability. Windows 2000 (SP4), Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista and Windows Server 2008 are not. — CAM

Setting cybersecurity as a national priority is just the beginning

Setting cybersecurity as a national priority is just the beginning

By

A review of federal cybersecurity policies, scheduled for release Friday, will serve as a call to action for the public and private sectors.

Fed cyber-review out Friday

By

White House spokesman Robert Gibbs announced Tuesday that President Obama will release the highly anticipated 60-day review of federal government cybersecurity initiatives on Friday. The report was developed by Melissa Hathaway, who started investigating federal cybersecurity infrastructure and policies during February, and delivered the finished document in April. Gibbs called the report is an important first step toward securing the nation's cyberinfrastructure. — CAM

New cyberattack technologies developed for U.S. military

By

The U.S. military is developing and testing several new offensive and defense cyberdevices, including a system that would enable non-expert military personnel to launch a cyberattack, a defense and aerospace industry publication reported last week.

Experts offer tips to deal with Gumblar malware

By

A number of security organizations are offering tips to deal with the Gumblar drive-by exploit, which is growing ever more pervasive.

Website risks highlighted in two new studies

By

Two reports released this week confirmed the tidal shift in the type of websites into which cybercriminals are injecting malware.

Study: Majority of adolescents online have tried hacking

By

A new study from Panda Security found that 67 percent of teenagers surveyed admitted to having tried to hack into friends' instant messaging or social network accounts.

Sign up to our newsletters

POLL