Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Keep me logged in Forgot your password?

Please wait...

Please wait...

Government nixes spy agency watchdog

May 10, 2012

In a budget move last month, the Canadian government axed a watchdog responsible for keeping tabs on its secret spy agency.
 

Canadian government helping erase DNSChanger infection

May 10, 2012

A website now is available to help the public check for DNSChanger infection.
 

ID thieves find gold in medical data

May 01, 2012

Is health care a last frontier for today's cyber criminals?
 

Securities fraud hacker charged after $1 million heist

April 18, 2012

A Russian national is in custody in Newark, N.J., facing charges of hacking into the web accounts of several brokerages to initiate sham stock trades that allegedly netted $1 million.
 

The new e-discovery playing field

Andy Teichholz, senior e-discovery consultant for Daegis April 16, 2012

Risks exist in the e-discovery process, as sensitive information frequently moves and is stored outside a company's firewall.
 

Number of victims in state of Utah breach significantly rises

April 09, 2012

A misconfigured server is to blame for the attack, which impacted roughly 780,000 Medicaid and Children's Health Insurance Plan recipients.
 

Robocall scandal escalates

April 02, 2012

The investigation into fraudulent robocalls in Canada escalated this month, as Elections Canada said that 7,000 calls had gone out across the country.
 

Canadian opposition party targeted in botnet attack

April 02, 2012

A malicious attacker deliberately attempted to interfere with a crucial party leadership vote in Canada last month, according to a company commissioned to run the online voting system used.
 

Tightening the fed's belt: Government Roundtable

April 02, 2012

At a recent SC Magazine Roundtable, gov't security pros bemoaned the difficulty in obtaining resources. But instead of crying over spilled milk, they traded ideas for mitigating risk in a down economy.
 

The global landscape: International cooperation

April 02, 2012

The FBI-led takedown of Hong Kong-based P2P site MegaUpload -- and the arrests in New Zealand of its leaders -- was a big win for law enforcement. But pursuing suspects across borders can be tricky.
 

Devices lost containing data on 800K users of child support services

March 30, 2012

A number of storage devices belonging to the California Department of Child Support Services went missing while in transit.
 

RockYou to pay FTC $250K after breach of 32M passwords

March 27, 2012

The FTC seemed most upset with RockYou's failure to protect the personal information of 179,000 children who registered to use the site.
 

GAO calls on feds to better address supply chain risk

March 27, 2012

The GAO, which performs audits, evaluations and investigations on behalf of Congress, examined four agencies whose duties involve national security: the Energy, Homeland Security, Justice and Defense departments.
 

Secure access, authorization among areas still lacking at IRS

March 19, 2012

A favorite whipping boy of the Government Accountability Office, the Internal Revenue Service has yet to clean up its security act, though improvements continue, according to a new audit.
 

White House appoints new federal CTO

March 12, 2012

President Obama named Todd Park as the federal government's new chief technology officer, replacing Aneesh Chopra, who resigned last month.
 

Chinese hacking may slow, but...

Adam Segal, Ira A. Lipman senior fellow at the Council on Foreign Relations March 01, 2012

...nevertheless, companies need to do a better job of protecting IP, says Adam Segal.
 

Prosecutors request more time for trojan removal

February 23, 2012

The U.S. government has requested a three-month extension for the operation of temporary DNS servers to give computer users more time to identify and purge the DNSChanger trojan from their systems.
 

Anonymous says power grid concerns are U.S. gov't spin

February 21, 2012

The head of the National Security Agency is warning that Anonymous may be developing capabilities to target the U.S. power grid, but members of the hacktivist collective called such claims nothing more than fear mongering.
 

Anonymous hacks FTC over Google privacy, ACTA

February 17, 2012

The Anonymous collective has again targeted the Federal Trade Commission, bringing down some of its websites and claiming to have rooted hundreds of its servers.
 

New cyber security bill is bipartisan, but has its critics

February 16, 2012

A new version of a federal law designed to protect the nation's critical assets is toned-down from previous cyber security proposals, but business and privacy leaders have concerns.
 

Cavoukian slams Supreme Court

February 08, 2012

Ann Cavoukian, Ontario's information and privacy commissioner, slammed the Canadian legal system in her opening speech at a symposium on surveillance and privacy late last month.
 

SDA, McAfee mark Canada's card

February 08, 2012

Canada received a mediocre ranking in cyber security, according to a new report ranking countries on their security stance.
 

U.K. MPs bite the cyber bullet...

David Harley, ESET senior research fellow • February 02, 2012

The Science and Technology Committee seems to be taking malware and cyber crime seriously.
 

Palin hacker appeal rejected

February 02, 2012

David Kernell, who hacked into Sarah Palin's email account, has lost an appeal against his obstruction of justice charge.
 

Facebook sues Adscend Media for malware and spam

January 30, 2012

Facebook and the state of Washington have filed separate lawsuits against Adscend Media, alleging the company was responsible for spreading malware and for stealing personal information from Facebook users.
 

Anonymous shutters government, music industry sites

January 20, 2012

In a reprisal for the government's takedown of MegaUpload.com, the hacker group Anonymous has apparently shuttered recording and movie industry websites, as well as the U.S. Department of Justice.
 

Senators change sides on SOPA/PIPA issue

January 18, 2012

Several senators today abandoned their support of two highly controversial anti-web piracy bills making their way through Congress.
 

DoD ID cards under attack

January 18, 2012

The ID cards that every DoD employee uses to access networks across the entire bureau have fallen victim to malware.
 

Canadian government officials downloading illegal content

January 10, 2012

Representatives from the Pirate Party of Canada highlighted the irony of Canadian government officials using file-sharing sites to infringe on copyright.
 

Canadian privacy challenge exposes double standard

January 10, 2012

Canadian lawyers may have opened a legal can of worms by requesting the public release of heavily censored photographs.
 

FTC settles with rewards company over security infractions

January 09, 2012

Upromise, which helps students save for college, failed to live up to its oath to protect users' security and privacy, and offer encryption.
 

Symantec: Hackers did steal code, but it's old

January 06, 2012

Symantec confirmed late Thursday that hackers did in fact compromise a portion of its source code, but the stolen code is related to two enterprise security products that have been discontinued.
 

Bumper crop: Cyber security legislation

January 03, 2012

Data security measures have a long, storied history of meeting their demise on Capitol Hill. But two proposals have the bipartisan support that give them at least a shot at passage in 2012.
 

Ascending the ladder, rung by rung: Data breach prevention

January 03, 2012

Nearly two-thirds of respondents to our fifth annual "Guarding Against a Data Breach" survey say their budgets related to IT security and data protection will remain the same this year.
 

FBI wraps up 2011 with 30 more cyber crime indictments

Stephen Cobb, security evangelist at ESET • December 30, 2011

Recent prosecuted cases tackle long-running internet-based scams
 

FTC to pay millions to consumers duped by scareware

December 16, 2011

The Federal Trade Commission (FTC) will partially recoup some 300,000 people who fell victim to a scam in which they purchased rogue anti-virus products to fix problems that didn't exist.
 

Yahoo wins $610M spam judgment

December 12, 2011

Digital media company Yahoo has ended a three-year legal battle against a team of spammers, winning a default judgment of $610 million.
 

Cyber crime aftermath: Beyond the indictment

Stephen Cobb, security evangelist at ESET December 09, 2011

The aftermath of a cyber crime takedown poses new challenges to law enforcement, like what to do about the victims' systems and data
 

MIT researchers suggest power grid security oversight

December 06, 2011

While a number of entities have a stake in maintaining the cyber security of the U.S. electric grid, no single organization is currently responsible for overseeing protection across all aspects of grid operations.
 

Cyberattacks up 50 percent in 2011

December 06, 2011

Publicly traded Canadian companies experienced 50 percent more cyberattacks in 2011 than in the previous year, study
 

Reintroduced law would give wide surveillance power over ISPs

December 06, 2011

The Harper government has announced plans to reintroduce the "lawful internet access" law, which could shutter Canada's small internet service providers.
 

Copyright issues at stake in court

December 06, 2011

The Supreme Court of Canada has heard arguments seeking to overturn a lower court ruling on so-called fair dealing of copyrighted material.
 

Bill to foster threat data sharing draws mixed reactions

December 01, 2011

The Cyber Intelligence Sharing and Protection Act of 2011 would give the federal government authority to share classified cyber threat information with the private sector.
 

A wild week in cybercrime

Stephen Cobb, security evangelist at ESET • November 22, 2011

New attempts to crack down on cybercrime take different paths, from racketing laws to stiffer penalties, while a curve ball called SOPA seeks to mess with DNS.
 

Anonymous calls for protests of piracy bill

November 21, 2011

The Anonymous hacking collective on Sunday called for a "worldwide internet and physical protest" against a controversial bill making its way through Capitol Hill called the Stop Online Piracy Act.
 

Romanian hacker accused of breaking into NASA server

November 17, 2011

Robert Butyka was detained Tuesday in Cluj Napoca, Romania's fourth most populated city.
 

Canadian internet users wary of security and privacy, report

November 15, 2011

A survey by the Canadian Internet Registration Authority (CIRA) found reservations about internet use
 

Alarm raised months before fed breach discovered

November 15, 2011

The Canadian Security Intelligence Service (CSIS) sounded an alert at least two months before a massive internet intrusion was spotted at the Treasury Board of Canada.
 

GAO again slams IRS over security weaknesses

November 14, 2011

Despite repeated warnings from the GAO, the IRS has not done much to improve its security posture, and the tax collector was chastised in yet another federal audit.
 

Man charged with hacking Hoboken, N.J. mayor's email

November 10, 2011

Patrick Ricciardi, 45, allegedly abused his access as an information systems specialist to spy on official emails meant for Hoboken, N.J. Mayor Dawn Zimmer.
 

FBI arrests six in click-fraud cyber scam that netted $14M

November 09, 2011

A gang of Estonians is accused of infecting millions of computers, many in the United States, with DNS-changing trojans capable of manipulating the online advertising industry through clickjacking.
 

Part Two: Duqu: father, son, or unholy ghost of Stuxnet?

Jeremy Sparks, Robert M. Lee, and Paul Brandau, cyberspace officers November 09, 2011

Three U.S. Air Force information security experts, independent of their role in the military, studied the Duqu trojan, and you might be surprised by what they found. This is the second article in a two-part series that examines the sophisticated threat that everyone is talking about.
 

Adversaries, allies stealing U.S. trade secrets

November 07, 2011

China and Russia were called out in a report as the world's most prolific perpetrators of economic espionage against the U.S.
 

U.S. and EU partner for security response exercise

November 04, 2011

"Cyber Atlantic 2011" aimed to clarify how the two nations can best communicate about cyber incidents that occur on government systems or critical infrastructure.
 

Duqu: father, son, or unholy ghost of Stuxnet?

Jeremy Sparks, Robert M. Lee, and Paul Brandau, cyberspace officers November 02, 2011

Three U.S. Air Force information security experts, independent of their role in the military, studied the Duqu trojan, and you might be surprised by what they found. This is the first article in a two-part series that examines the sophisticated threat that everyone is talking about.
 

Feedback due on gov't proposal around botnet notification

November 01, 2011

Friday is the deadline for public comments regarding a government proposal to create a model by which internet service providers voluntarily alert consumers if their computers are part of a botnet.
 

China disputes claim hackers breached U.S. satellites

October 31, 2011

China is denying a U.S. congressional committee's claim that hackers interfered with two government satellites.
 

Australian gov't wins U.S. security award from SANS

Darren Pauli, editor, SC Magazine, Australia/New Zealand October 27, 2011

An Australian government agency that instituted patching, whitelisting and account control as the foundation of its targeted attack defense took home a U.S. award from the SANS Institute.
 

Disgraced bike champ accused of cybercrime

October 26, 2011

Cyclist Floyd Landis, who was stripped of his Tour de France medal in 2006 following positive doping results, now faces arrest in France for his alleged involvement in planting a trojan on the computer network of the French national anti-doping laboratory (LNDD), which conducted the test. According to reports, French prosecutors said Landis and Arnie Baker, his coach at the time, employed a hacker at Kargus Consultants to plant the trojan in an attempt to steal documents from the lab for an appeals process they were pursuing. Kargus has also been suspected of breaking into Greenpeace and French utility company EDF. Prosecutors said Landis should serve an 18-month suspended prison sentence for his part in the alleged scheme.
 

Personal data of nine million Israelis posted online

October 26, 2011

Details emerged this week of an Israeli government contract worker believed to be behind a massive information theft case, in which the personal data of millions of Israeli citizens' was stolen and subsequently posted online in a searchable database.
 

U.S. Naval Academy: First to teach cybersecurity as requirement

Cameron Camp, researcher for ESET • October 26, 2011

New courses in cybersecurity are being rolled out to foster the next generation of cyber warriors to defend the U.S.
 

Recent attacks cost Energy Department at least $2M

October 25, 2011

The attacks, which occurred at four department locations, were not described in detail, but were deemed "successful" for adversaries, according to the annual audit.
 

NERC CSO departs for newly created DHS role

October 20, 2011

Mark Weatherford, former CSO of the North American Electric Reliability Corp. (NERC), has been appointed to a newly created position at the U.S. Department of Homeland Security. Serving as deputy under secretary for cybersecurity within the National Protection and Programs Directorate (NPPD), the DHS component charged with reducing risk, Weatherford will focus on ensuring strong cybersecurity operations and communications for the department. He is expected to start in mid-November. Prior to his role at NERC, Weatherford was CISO of the state of California. A former naval cryptologic officer, Weatherford also previously led the Navy's computer network defense operations.
 

U.S. may have had inside knowledge of Libya radar bugs

October 18, 2011

News that the U.S. was considering a cyberattack to disable Libya's radar system may indicate knowledge of the same flaws Israel is believed to have used against Syria in 2007.
 

Defense Department facing $4.9B lawsuit over breach

October 17, 2011

A suit contends that the defendants failed to properly encrypt data, then "intentionally, willfully and recklessly" allowed an untrained individual to access the information.
 

SEC updates disclosure rules to include breaches

October 14, 2011

Public companies now must disclose known or potential cyber incidents if they would make investment in the company "speculative or risky," according to a document.
 

Air Force downplays drone malware infection

October 13, 2011

A U.S. military spokeswoman said a "credential stealer," not a keylogger, was responsible, and that no missions were impacted.
 

Canada toes the line on copyright reform

October 10, 2011

Canada has reintroduced controversial copyright measures in a new bill that will legally enable companies to stop Canadians copying digital products.
 

Canada launches cybersecurity awareness campaign

October 10, 2011

The Canadian government has launched a consumer IT security awareness campaign in a bid to help Canadians protect themselves.
 

White House order tackles insider threat post-WikiLeaks

October 07, 2011

The order follows a seven-month, government-wide review, prompted by the leak of classified U.S. documents by whistleblower site WikiLeaks.
 

Cybersecurity Awareness Month launched

October 07, 2011

The event was launched on Friday with a gathering in Ypsilanti, Mich., featuring Secretary of Homeland Security Janet Napolitano and White House Cybersecurity Coordinator Howard Schmidt.
 

Federal security incidents shoot up 650 percent

October 05, 2011

Agencies reported a total of 41,776 cybersecurity incidents, compared to just 5,503 in 2006, according to a new GAO report.
 

The art of cyberwar

David Harley, ESET senior research fellow • October 05, 2011

Sun Tzu to Clausewitz to Georgia and Iraq: first principles are still first principles.
 

Cutting the red tape: SC Roundtable

October 03, 2011

As agencies are forced to do more with less, government security pros at a recent SC Magazine Roundtable discussion said they are being challenged to fight emerging threats and secure new technologies.
 

Doing more with less inside government

September 29, 2011

Coming in October's issue of SC Magazine, Editor-in-Chief Illena Armstrong chronicles her discussion with a number of high-level government security executives who joined her late last year at a roundtable. The participants discussed a number of challenges they face, and these are some images of the conversation.
 

FTC settles with SMS marketer over spam allegations

September 29, 2011

A California man is barred from delivering unsolicited text messages after he sent "a mind-boggling" amount for many months, under a settlement with the Federal Trade Commission.
 

Lost backup tapes affect 4.9 million current, former military

September 29, 2011

One of the largest breaches of the year has struck a military health benefits firm and a major defense contractor, and the data wasn't encrypted because a compliant solution wasn't available.
 

DHS, Commerce pushing for voluntary botnet notification

September 23, 2011

The U.S. Commerce and Homeland Security departments are seeking public feedback on a recommended program by which internet service providers would "voluntarily and timely detect and notify end-users that their machines have been infected," a move designed help eradicate botnets. According to a notice posted this week in the Federal Register, the agencies are weighing how such an approach would be implemented, for example, incentives may be offered to service providers that participate, and who would be responsible for running the program - industry, the public sector or a partnership between both. Public comments, which must be received by Nov. 4, are expected to examine a number of areas, including the privacy implications of such an approach.
 

National breach notification bill passes hurdle

September 23, 2011

Three separate national breach notification bills making their way through the Senate came a step closer to being enacted into law on Thursday. The bills are intended to bolster privacy protections, and would supersede 46 state laws while nationalizing breach notification provisions. However, passage is a ways off, as Senate Republicans have raised objections, claiming the bills would burden businesses with further regulations. The Personal Data Privacy and Security Act, the Data Breach Notification Act, and the Personal Data Protection and Breach Accountability Act all passed the Senate Judiciary Committee with a 10-8 vote, split along party lines.
 

Sponsored video: Chris Wilkinson of immixGroup on public sector defense

September 22, 2011

Illena Armstrong, editor-in-chief of SC Magazine, asks Chris Wilkinson, senior manager of cyber security technologies at immixGroup, to describe how government agencies must adapt their defense strategies in light of today's threat landscape.
 

New cybersecurity alliance launches in Massachusetts

September 22, 2011

The Advanced Cyber Security Center will partner businesses and research universities to share threat information and develop more effective defense strategies.
 

FTC to examine implications of facial biometrics

September 21, 2011

The Federal Trade Commission in December plans to hold a workshop to investigate the privacy and security implications of facial recognition technology. The agency announced this week that the workshop, which is free and open to the public, seeks to bring together consumer protection groups, privacy experts, and industry and academic leaders. The meeting is expected to address such topics as whether consumers should consent to the collection and use of their images. Facial recognition products can provide an added security layer at places like airports or automate photo tagging on sites such as Facebook, but critics worry they also could be used for intrusive surveillance. As a result, offerings have emerged that can help people hide their faces from the technology.
 

FISMA compliance to require monthly reports

September 19, 2011

Beginning in October, federal agencies will be required to report on their information security posture on a monthly basis, instead of annually.
 

Scammer of military site sentenced

September 16, 2011

Stealing data from military rosters posted on peer-to-peer (P2P) servers has led to a six-year sentence in federal prison for a California man, according to reports. Gathering personally identifiable information on 16,000 military members from an account belonging to the U.S. Army and Air Force Exchange Services (AAFES), Rene Quimby, 42, parlayed the data and used social engineering tactics to obtain further information from the site's support staff. He then used the credentials to order merchandise from an online store, which he then sold for profit. A judge also ordered him to pay $210,000 to the AAFES.
 

Hacker "soldier" steals $3.2 million from U.S. companies

September 15, 2011

Researchers at Trend Micro say they have been hot on the tracks of a corporate hacker, and now they are turning over their findings to U.S. law enforcement.
 

Online ID thief sentenced to 14 years

September 12, 2011

A man who pleaded guilty to wire fraud and identity theft charges received a 14-year prison sentence.
 

Shared border vision agreement nearing completion, say sources

September 12, 2011

Talks on the unified border agreement between Canada and the United States first unveiled in February are complete.
 

9/11 to 9/11/11

David Harley, ESET senior research fellow • September 12, 2011

Man, myth and the media in the internet age.
 

Government Roundtable: Cutting red tape

September 11, 2011

Leaders gathered at the SC Magazine Government Security Roundtable agreed that not just technology is needed to thwart attackers, but skilled personnel backed by the C-suite as well, reports Illena Armstrong.
 

Former DHS official tapped to lead security at Sony

September 06, 2011

Much-maligned Sony announced Tuesday that it has hired a former U.S. cybersecurity official to serve as its first-ever chief information security officer. Philip Reitinger, 49, the former director of the National Cybersecurity Center at the U.S. Department of Homeland Security since June 2009, who tendered his resignation in May, will be tasked with assuring the protection of the multibillion dollar company's assets and services. It's been a tough year for Sony, which has experienced multiple breaches, most notably the compromise of its PlayStation Network and Qriocity services, which resulted in the exposure of the personal details of tens of millions of users. Reitinger has been in the private sector before, where he held the role of security strategist at Microsoft.
 

California blazes trail again with enhanced breach alert law

September 01, 2011

After being vetoed twice by the prior administration, a bill that updates California's pioneering data breach notification law was signed into law Wednesday by Gov. Jerry Brown.
 

Breaking the next case

September 01, 2011

Today's flurry of cybercrimes rely on an array of motivations, techniques and technologies, making the job of an investigator to track down the offender that much more difficult.
 

Broader online voting proposed in Canada

August 26, 2011

Canada's federal election on May 2 tipped the balance in favor of Prime Minister Stephen Harper's Conservatives - giving them their first majority after four tries - but did it also swing things in support of online voting?
 

Canadians raise alarms over government powers

August 26, 2011

As the 10th anniversary of the 9/11 terrorist attacks approaches, a number of Canadians are voicing their concerns about Prime Minister Stephen Harper's plan to give law enforcement agencies sweeping new powers.
 

Recruiting and developing the 21st century cyber warrior

Catherine Nicholas, manager, PwC's Public Sector practice August 23, 2011

Recruiting skilled cybersecurity personnel is a major U.S. military priority, but plucking the best and brightest to join the ranks will require a unique approach.
 

AntiSec hackers target another military contractor

August 19, 2011

In another swipe at the FBI, AntiSec hacktivists posted private data from defense contractor Vanguard Defense Industries.
 

Keys to the city: Richmond, Va. and PacketSentry

August 18, 2011

The city of Richmond, Va. found a solution to help prevent trojans from entering the gates, reports Greg Masters.
 

Attacks on BART continue as police records dumped

August 17, 2011

Revenge-seeking hackers have again struck at Bay Area Rapid Transit (BART), this time infiltrating the agency's police association website to steal the personal information belonging to 102 officers.
 

Fact, fiction and authoring malware

David Harley, ESET senior research fellow • August 15, 2011

If it isn't maliciously intended, can it be malware?
 

Social media and political certainties

David Harley, ESET senior research fellow • August 15, 2011

Blanket censorship of social media in the UK might be unlikely, but targeted blocking based on legal interception isn't out of the question.
 
Popular Topics
4G-war Advanced Persistent Threat Adware AMTSO Anonymous Botnets Cyber Attacks Cyber Crime Data Breach Data Breaches Encryption Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Phishing Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws