Researchers at KnowBe4 sent simulated phishing messages to more than 3,500 small and midsized enterprises and found that recipients at nearly 500 companies clicked on a link contained in the message.
Security awareness training programs should be an essential part of information security endeavors, a security professional said Thursday at SC World Congress in New York.
Due to strained budgets, some IT departments are cutting funding for technologies that would help mitigate threats they are most concerned about, according to a survey from RSA Conference, released Wednesday.
Researchers are set to discuss a wide range of topics at the annual Black Hat conference.
One respected security researcher wants to legalize the hacking of federal government and military websites -- and he wants everyone to hear him out.
In an inadvertent security breach, a document that detailed information on nuclear sites was posted on the Government Printing Office's website.
Federal agencies continue to be lax in their implementation of information security programs, according to a new report from the Government Accountability Office.
Companies should consider merging physical and information security into a converged program -- it might be challenging but it will be worth it.
Customer education and a holistic security strategy are the best approaches to fight fraud within the financial services community, a panel of experts said Wednesday at the RSA Conference in San Francisco.
A new program is encouraging information security experts to educate school children about how to protect themselves online.
Management increasingly is recognizing security as a top business priority, which is resulting in higher budgets for some organizations despite the economic slowdown, according to a new survey.
Despite being aware of the importance of security, small-to-medium-size businesses (SMBs) generally are not protecting their networks, according to a survey released Thursday by Symantec.
Web application security spending is expected to either stay flat or increase, according to the first quarterly Security Spending Benchmarks Report published Thursday by the Open Web Application Security Project.
Vulnerabilities in web applications made up 80 percent of all web-related flaws in the second half of 2008 and rose in prevalence by about eight percent from the first half of the year.
The world is more interconnected than ever before, so security pros have opportunities to make a difference in their enterprises, a former White House cybersecurity adviser told a group of CSOs.
A new report released this week by the U.S. Senate's Homeland Security and Governmental Affairs Committee calls for a concerted national effort to overcome cybersecurity threats to the United States.
Companies around the globe are recognizing the second annual Data Privacy Day on Wednesday with seminars and other events aimed at educating users and generating discussion around the topic.
NIST this month released draft recommendations that federal agencies -- and their contractors -- should follow to protect the confidentially of personally identifiable information.
A simulation this week demonstrated the need for better collaboration among public and private security groups.
The former Connecticut substitute teacher who was accused of exposing middle-school students to internet pornography has avoided prison time and a new trial.
Security professionals weigh in on what may have caused the most recent high-profile personal account breach -- this one involving French President Nicolas Sarkozy.
Hotel guests across the country could be connecting their laptops to an insecure connection, a new study concludes.
The movement to create secure software received a boost with the launch of a new certification from (ISC)2, called the Certified Secure Software Lifecycle Professional, designed to validate secure software development practices.
The deadly twisters that ripped through Kansas this week and the historic floods sweeping across the Upper Midwest will soon give rise to donation scams and malicious attacks, the SANS Storm Center warned on Friday.
Three months after an unencrypted backup tape goes missing, 4.5 million Bank of New York Mellon customers are notified their identities may be at risk.
An easy-to-fix -- but often overlooked -- problem most likely took the National Security Agency's website and its mail services down for six or seven hours on Thursday.
The National Security Agency (NSA) on Thursday announced that 10 new colleges have been designated National Centers of Academic Excellence in information assurance.
IT security vendors' sole purpose is to generate revenue -- not offer complete security -- and they will only create solutions to stop dangerous threats when they are incentivized to do so, the principal security strategist for IBM Internet Security Systems said Wednesday at Interop in Las Vegas.
An underground economy has emerged in which cybercrooks are leveraging freely available tools, sophisticated methods and a chain of specialization that resembles a real corporation to pull off massive digital heists, according to an RSA Conference panel on Wednesday that examined the modern online criminal ecosystem.
E-discovery investigations can look into the alleged wrong-doings of a terminated employee and/or provide electronic records for use in corporate litigation, a lead forensics investigator told RSA Conference attendees on Wednesday.
An overwhelming majority of Americans claim to feel safe online, according to a recent poll.
A security and privacy breach that made personal Facebook photos available to unwelcome visitors could have had real consequences for businesses, experts said.
Reports this week that the UCLA Medical Center has moved to fire 13 employees and suspended six others for unauthorized access to confidential medical records of pop star Britney Spears is a sign that training and regulations may not be working in some hospitals, experts told SCMagazineUS.com.
The Department of Homeland Security's second massive cybersecurity exercise has revealed improved preparedness across IT infrastructures and government agencies, compared to the first "Cyber Storm" in 2006, according to the acting director of DHS's National Cybersecurity Division.
A student loan company has settled with the Federal Trade Commission over charges it did not offer reliable security for its customers' personal information.
There is a wide gap between IT security skills that organizations need and the skills IT professionals bring to the job, according to a new survey by the Computing Technology Industry Association (CompTIA).
Researchers at a French security organization have uncovered a number of security vulnerabilities in the MySQL database application, the open source software used to support many Web 2.0 applications.
An overwhelming majority of end-users surveyed believe Apple's Mac platform will be more widely targeted by cybercriminals in the future.
Attempted cyberattacks on health care organizations have increased 85 percent in the past year, according to SecureWorks, a software-as-a-service vendor.
Microsoft on Tuesday released 11 patches fixing 17 vulnerabilities - six of them "critical" - but failed to patch an exploited flaw in Microsoft Excel revealed last month.
The personal information of an unknown number of customers of Major League Soccer's (MLS) online clothing store may have been accessed by cyberattackers last year.
Media, technology and telecommunications industries are overconfident in their security postures and ill-prepared to handle breaches, according to a survey conducted by consulting firm Deloitte Touche Tohmatsu.
Malware authors exploited the assassination of former Pakistani Prime Minister Benazir Bhutto to spread malware. Attackers set up fake blogs and webpages, which claimed to have rare video of Bhutto's death.
Brian Cohen has been named president and chief executive officer of Steelbox Networks
A rogue trader at Societe Generale used his knowledge of the French bank's computer security system to conceal fraudulent transactions that resulted in losses of more than $7 billion, the bank has confirmed.
Microsoft defended the security posture of its Vista operating system (OS) this week, claiming the platform has had a safer first year in terms of vulnerability management than any of its competitors.
The Federal Energy Regulatory Commission (FERC) today approved eight mandatory cybersecurity standards that extend to all entities connected to the nation's power grid.
The amount of malware captured last year increased by 800 percent over 2006, researchers said this week.
A Congressional committee has slammed the Transportation Security Administration (TSA) for giving a no-bid contract to a website developer that failed to implement cybersecurity procedures to protect the personal information of travelers.
A former Cox Communications employee has been sentenced to five months in federal prison for remotely shutting down portions of the company's system -- including 911 emergency services -- after being asked to resign his position.
Government auditors this week slammed the Internal Revenue Service's (IRS) cybersecurity infrastructure, saying the agency's lax response to previous recommendations has left taxpayer data at "increased risk of unauthorized disclosure, modification or destruction."
A New Jersey man this week was sentenced to more than two years in prison for planting a "logic bomb" on the network of his former employer in a failed attempt to destroy sensitive health care data.
The latest IT security news events.
In the final draft of its upcoming security guidelines for protecting federal information systems, the National Institute of Standards and Technology (NIST) is recommending that federal agencies conduct regular penetration tests to determine whether their networks can be breached.
In its inaugural report on the overall state of internet security, Cisco is predicting bigger attacks in 2008 from the Storm botnet as its creators let criminals buy the use of Storm's millions of zombie computers to launch massive spam or DoS attacks.
SC Magazine has announced the finalists for the 2008 SC Awards. The awards presentation dinner will be held April 8, 2008, in San Francisco, Calif.
A targeted assault of phishing emails opened the door for hackers to glean the sensitive information of up to 12,000 visitors to the Oak Ridge National Laboratory, officials said Thursday.
Several other industry-specific microsites are scheduled to follow the financial vertical page.
Steelbox Networks names former SPI Dynamics leader new CEO; LogLogic taps former SurfControl chief to lead
Vendors LogLogic and Steelbox Networks today announced the appointment of new chief executives -- both former leaders of recently acquired security providers.
Microsoft today warned PC users of a flaw in Windows that occurs when the operating system or Internet Explorer (IE) tries to find a Web Proxy Automatic Discovery (WAPD) server.
The latest from the boardrooms of the IT security industry.
The Colorado Rockies baseball club blamed a cyberattack for downing its online ticket sales operation before the World Series in October. The Rockies lost to the Boston Red Sox in four games, but their website was back up and running before the event. Both home games in Denver sold out. Experts said the incident resembled a distributed denial-of-service attack.
A rise in international cyberspying will pose the most significant threat to the national security of the United States in 2008, according to a report from anti-virus vendor McAfee.
Embattled retailer TJX Companies - the parent of TJ Maxx, Marshalls and other well-known outlets - has agreed to a nearly $41 million settlement with Visa.
A Federal Trade Commission (FTC) report, which indicates that identity theft among Americans is down, is flawed, according to a Gartner analyst who reported significantly different findings earlier this year.
Webroot Software, best known for its Spy Sweeper anti-spyware product, is moving into the software as a service (SaaS) market via the acquisition of U.K.-based Email Systems.
Cyberattackers have hijacked thousands of search terms on Google, leading end-users to unexpected malware installations.
This year's Cyber Monday -- called the largest online shopping day on record by experts -- passed without a major incident.
This week's news that Apple's QuickTime media player contains a new and "extremely dangerous" flaw served as a perfect lead-in to the release of the latest SANS Top 20, which lists client-side vulnerabilities among the most dangerous threats facing end-users.
Mozilla on Tuesday patched three security holes in its Firefox web browser and SeaMonkey cross-platform suite.
Monday marks the unofficial start to the online holiday shopping season, and while experts are predicting record-breaking internet sales this year, security researchers are warning that criminals will be prowling cyberspace more than ever before.
October was a scary month for IT administrators in charge of filtering spam, according to a pair of reports from messaging security firms.
Apple this week released three patches for OS X version 10.5 -- widely known as Leopard -- fixing issues in Application Firewall.
Microsoft has made the second generation of its desktop anti-virus suite available for download today; CD-issued copies of the program will be available next week.
Apple on Wednesday released security updates for Mac OS X and Safari Beta 3, patching nearly 50 vulnerabilities.
An uncertain economy is likely to negatively impact IT spending next year, especially within large enterprises, according to a new report from Computer Economics.
Day-to-day worries about spyware and bots are the No. 1 security concern of IT professionals working for the agencies of the federal government, according to a study released today by Cisco Systems.
Gary Min, the former DuPont scientist who admitted stealing more than $400 million in trade secrets, has been sentenced to 18 months in prison.
McAfee told organizations not to lose any sleep over reports that al Qaeda would target Western websites in a mass-cyberattack this Sunday.
Apple users, your days of worry-free web surfing could be numbered. A Mac internet security and privacy software maker has discovered what is believed to be the first professionally crafted in-the-wild malware targeting the Mac operating system.
The "ethical hacker toolkits" recently posted for sale on eBay appear to point to a dangerous trend: selling these types of tools — used primarily for penetration testing of applications and servers — on mainstream auction sites increases everyone's security risks.
The latest happenings in the boardrooms of the IT security world.
Clothing retailer Gap Inc. revealed that a laptop containing the Social Security numbers of 800,000 job applicants was stolen from a third-party vendor. The laptop contained info of job applicants who applied to the company's Old Navy, Banana Republic, Gap and Outlet stores. The vendor, not identified by Gap, contacted law enforcement authorities about the breach. The data was not encrypted.
Microsoft warned Thursday of limited attacks using third-party applications to exploit a Windows flaw.
Anti-virus provider Trend Micro today announced the acquisition of Provilla, a data-loss prevention vendor.
A legion of data exposures have occurred over the past year, with many affected companies not only being forced to address customer and investor concerns, but also pay fines and adhere to prolonged sets of requirements administered by the Federal Trade Commission. So just how is news of such breaches, exposures and possible thefts affecting the way organizations -- large and small -- focus on information security plans?
Nine out of 10 websites have vulnerabilities open to attack, according to a new report by WhiteHat Security.
A nonprofit IT security group today announced the availability of its updated Standard of Good Practice, a free benchmark that organizations can use to assess and reduce risks related to information systems.
Spending on security technology, training, assessments and certification, which accounted for a fifth of IT budgets last year, will eat up an increasingly large part of IT spending, according to a report from the Computing Technology Industry Association (CompTIA).
Researchers at SecureWorks have reported a 90 percent increase in attackers caught targeting utilities during the past five months.
An error in the distribution process of one of the U.S. Department of Homeland Security’s (DHS) newsletters led to a flood of unwanted email messages this week.
A California man was arrested this week on charges that he attacked organizations, including the anti-phishing community CastleCops, with botnets.
Former U.S. Secretary of Homeland Security Tom Ridge has formed his own private security consulting firm.
A joint McAfee and National Cyber Security Alliance study, released today to kick off National Cyber Security Awareness Month, reports that while 98 percent of 378 respondents believe keeping security software up to date is important, less than half - 48 percent - of their computers had not been updated in the past month.
The latest happenings in IT security's boardrooms.
A Georgia man, asked to resign from his job at Cox Communications, pleaded guilty on Wednesday to hacking into his former employers network and shutting down telecommunications services, including 911 numbers in major U.S. cities.
Despite growing concern about data breaches, 51 percent of IT professionals surveyed by network security vendor nCircle said their organizations do not have clear consequences for policy violations.
A former employee of Citis ABN Amro Mortgage group leaked the personal information, including Social Security numbers, of more than 5,000 customers via a peer-to-peer (p2p) file-sharing network.
Ethical hacking kits, which provide a variety of tools for penetration testing, password theft and guides to virus development, are being sold on eBay.
SC Magazine Articles
- Was Spotify breached? Account info shows up on Pastebin
- Report: Ransomware feeds off poor endpoint security
- Over 7M Minecraft mobile credentials exposed after Lifeboat data breach
- PCI DSS version 3.2 release extends multifactor authentication requirement
- New site on dark web offering one-stop ransom services
- DōTERRA breach exposes customer info; including SS, DOB, and addresses
- Federal court bucks trend, rules general liability insurance covers data breach
- The anatomy of a spearphishing scam, or how to steal $100M with a fake email
- Pros examine Mossack Fonseca breach: WordPress plugin, Drupal likely suspects
- PCI DSS version 3.2 release extends multifactor authentication requirement
- First Choice Credit Union files class-action suit against Wendy's over breach
- Top NFL prospect Tunsil free falls in draft after apparent hacker posts damaging video, texts
- Researchers spot Android Infostealer disguised as Chrome update
- Researchers spot mobile malware competition on the black market
- Judge ruled go ahead for claims of phone hacking against UK tabloid