Following the theft of a computer at Sutter Health in October that put the personal information of more than 4.2 million patients at risk, 11 class-action lawsuits were filed against the Sacramento, Calif.-based nonprofit.
Researchers from Symantec and North Carolina State University may have stumbled upon one of the largest and most lucrative mobile botnets yet.
Researchers have revealed a new type of spam campaign that appears to be a test run to find out how mobile users will respond to social engineering attempts on their smartphones and tablets.
Android phones from leading manufacturers -- including HTC, Motorola and Samsung -- contain pre-loaded applications that do not properly enforce the platform's permission-based security model.
Twitter has acquired a start-up that makes security and management solutions for Android devices.
Users of HTC-made Android devices are receiving software security updates to correct a vulnerability that could be exploited by a third-party to steal personal information.
Apple on Wednesday issued much-anticipated updates for its Mac OS X and iOS mobile operating system, adding support for its new iCloud service, and fixing a bevy of security flaws.
HTC plans to release a patch after a "short" testing period, the company said Tuesday.
A new mobile phone bug stems from an insecure program, called HTCLoggers.apk, which was recently added to some HTC Android devices.
A California man is barred from delivering unsolicited text messages after he sent "a mind-boggling" amount for many months, under a settlement with the Federal Trade Commission.
Apple on Friday issued an update for its iOS mobile operating system, addressing a security flaw being used to jailbreak iPad, iPhone and iPod Touch devices.
A survey of more than 1,500 individuals from 14 countries found that half of device users keep passwords, PIN codes or credit card details on their mobile devices.
Google on Wednesday began distributing a patch to address a security flaw in all but the latest versions of its Android mobile operating system.
Apple this week issued an update to address rampant concerns that its iPhone and iPad devices are collecting and storing information about users' locations.
Apple has denied logging users' locations and promised to release a software update to change the way it stores data on iPhones.
Google is now using a remote security tool to remove malicious applications from affected Android devices after a malware outbreak hit its official app store.
Most users are not aware of the risks in smartphones and the security industry is struggling to develop tools to defend these devices, a panel of experts said on Wednesday at RSA Conference in San Francisco.
Federal prosecutors in New Jersey have filed charges against two individuals believed to have stolen the personal information of 120,000 iPad users from AT&T's network this past June.
A new trojan targeting Google Android users, mostly in China, could be a sign that mobile malware is getting sophisticated in a hurry.
A Florida-based health insurance provider has been hit with a class-action lawsuit after it revealed earlier this year that thieves had stolen two company laptops containing the personal information of members.
2011 promises to deliver a major influx of mobile application attacks, plus other sophisticated digital assaults, said Dave DeWalt, CEO of McAfee, during a keynote address Wednesday at SC Congress Canada in Toronto.
The mobile application threat space still is in its infancy, but organizations should be planning for the possibility of things heating up in the near future, said the security director of a major bank in Canada.
A lot of threats already seen on PCs and laptops will move to mobile systems, a panelist said at SC World Congress in New York.
The insidious Zeus trojan is now being leveraged in mobile device attacks, particularly in Europe, to steal codes used to authenticate banking transactions.
Observers believe a Pentagon official's recount of a major breach can help others from making the same mistake, while some think the incident calls into question the U.S. military's IT security preparedness.
Apple on Wednesday issued updates for its iOS mobile operating system to fix a vulnerability that was used by many to jailbreak the latest iPhone.
The security of seemingly trusted mobile phone applications is being called into question after Citigroup urged customers to upgrade to a new version.
A Massachusetts hospital disclosed this week that records containing sensitive information, ranging from names and Social Security numbers to medical diagnoses and bank account data, was lost by a third-party contractor.
Microsoft is investigating new reports that malware is propagating through USB devices, which may be linked to an unpatched vulnerability in Windows.
A vulnerability on the AT&T website resulted in the exposure of email addresses belonging to some 114,000 Apple iPad users, including a number of A-list celebrities and politicians.
Symantec on Thursday announced the acquisition of encryption firms PGP and GuardianEdge Technologies for $370 million total.
The iPhone and the latest versions of Internet Explorer, Safari and Firefox were "pwned" this week at an annual hacker conference in Vancouver, British Columbia.
Two Rutgers University computer science professors are calling for more research into the detection of smartphone rootkits, which cannot be found in the same as they are on desktops.
After more than a yearlong ban, USB drives and other removable media devices may now used on military networks under "very specific circumstances and guidelines."
Apple on Tuesday pushed out an iPhone and iPod Touch security update.
The Connecticut attorney general, using new authority granted under the HITECH Act, is suing a managed health care provider over a data breach that potentially exposed the personal data of 446,000 state residents.
The malicious apps were disguised as a legitimate mobile banking apps and were designed to steal user's online banking credentials.
Several flash drive manufacturers recently issued warnings about a flaw which could allow an attacker to access encrypted data on a secure USB drive.
With a few thousand dollars and widely available open-source tools, the encryption algorithm used to protect most cell phone communications can be cracked, allowing an attacker to listen in on phone calls, researchers revealed Sunday at a security conference.
For the first time, the U.S. House of Representatives will require its staff and members to take part in an annual IT security training program -- one of the mandates under new policy set to take effect next year.
The vulnerabilities could allow an attacker to execute arbitrary code or cause a denial-of-service condition.
iBotnet.A attempts to steal online banking credentials and is capable of spreading across a network and hijacking the iPhone and iPod Touch for use in a botnet. However, experts do not perceive the threat to be widespread.
On the heels of what is believed to be the first-ever iPhone worm, hackers now have devised a way to steal data off jailbroken versions of the popular Apple device.
Georgia Tech researchers are hoping to develop a remote repair method that would enable cellular service providers to clean malicious code off an infected mobile device without requiring the device be brought into a service center.
The first known iPhone worm leverages a vulnerability in jailbroken devices to propagate.
A snooping application, called PhoneSnoop, allows an attacker to remotely activate a BlackBerry microphone and listen in on surrounding conversations.
A server failure hit Microsoft's Danger last Thursday and affected all Sidekick owners, causing them to likely lose any data stored on their phones.
An unencrypted personal laptop, carrying the personal information of hundreds of thousands of doctors nationwide, was stolen over the weekend.
Apple on Wednesday issued updates for the iPhone, iPod touch and QuickTime video player to address numerous security vulnerabilities, some of which could allow an attacker to execute arbitrary code.
A much hyped SMS vulnerability in the Apple iPhone has been fixed -- one day after details of the bug were presented at the Black Hat conference in Las Vegas.
One single malicious text message can knock an iPhone offline, a pair of researchers disclosed Thursday.
A security researcher on Thursday unveiled a new iPhone SMS vulnerability, according to reports out of the SyScan Conference in Singapore.
Researchers have spotted a new variant of the RSPlug Mac trojan in the wild.
Next week, Microsoft will make available to consumers a new, free anti-malware service to replace its subscription model.
A financial services technology group is developing standards for making secure mobile payment transactions.
Researchers at a web security firm have discovered what they term the latest milestone in the evolving cybercriminal underground: a one-stop-shop for hackers.
The Cligs URL shortening site was hacked during the weekend to cause 2.2 million links to redirect to the same site.
Sanford Wallace, the so-called spam king who has been sued on multiple occasions, may finally face prison time.
Three Filipino residents have been charged with hacking into the telephone systems of U.S. companies, enabling callers to run up some $55 million in charges.
Google Chrome was updated Wednesday to fix security issues in the WebKit web browser engine. Meanwhile, Google withdrew updates for a development Chrome version soon after release.
A federal court body ruled this week on where lawsuits against RBS WorldPay and Heartland Payment Systems will be heard.
Apple appears to now be addressing security threats that could impact its Mac OS X.
SC Magazine's eConference: Mobile Security offers advice on dealing with the rising tide of mobile threats from experts like Patrick Traynor of the Georgia Institute of Technology.
T-Mobile has confirmed that hackers were able to swipe data from its systems, but the wireless carrier is downplaying the threat to customers.
One of three conspirators in a computer-fraud scheme that used trojans to steal funds from brokerage accounts has pleaded guilty to federal charges in New York..
Jeff Moss, a former hacker who founded the Black Hat and DEFCON conferences, was one of 16 people appointed to the U.S. Department of Homeland Security Advisory Council.
Google has released versions of its Chrome browser for the Mac OS X and Linux but is warning users not to download either of them.
An internet service provider accused of violating federal law by hosting malicious sites and working with cybercriminals has been shut down, but the California-based company plans to appeal.
Cybercriminals are using Twitter to propagate malicious links in an attack that's easier to mount than black-hat search-engine optimization (SEO), according to PandaLabs.
The U.S. Department of Homeland Security has appointed Philip Reitinger as the new director of the National Cybersecurity Center, a post left in March by Rod Beckstrom, DHS Secretary Janet Napolitano announced on Monday.
A website found by a security research organization serves malicious files to people who are looking for cracks to software applications.
A group of computer hackers based in Turkey breached the sites of two U.S. Army facilities, leveraging SQL injection attacks.
Organizations issuing iPhones to their employers can now apply security configuration best practices, which were introduced this week by the Center for Internet Security.
The cybersecurity industry was abuzz Friday after President Obama, speaking before public and private sector leaders, announced a federal "cyber coordinator" will be appointed and unveiled a five-part digital infrastructure protection plan for the country.
Using financial information purchased from crooked bank insiders, a ring of thieves stole millions of dollars.
After last week's phishing attacks on social networking sites, yet another round has struck Twitter.
Spam levels rose again in May -- and there is no sign of a slowdown, according to a new report.
The U.S. military is developing and testing several new offensive and defense cyberdevices, including a system that would enable non-expert military personnel to launch a cyberattack, a defense and aerospace industry publication reported last week.
Google has introduced its latest version of Chrome, and claims to have enhanced speed and privacy features.
A number of security organizations are offering tips to deal with the Gumblar drive-by exploit, which is growing ever more pervasive.
The National Archives and Records Administration (NARA) has lost an external hard drive that contained copies of sensitive data belonging to the Clinton administration, the agency confirmed Wednesday.
In a rare occurrence, a brand-new factory-sealed netbook has been found to contain malware, according to researchers at Kaspersky Lab.
A group of cybersecurity advocacy organizations have teamed up to fight malware on the web.
A roster of new organizations will make up the second Payment Card Industry Security Standards Council (PCI SSC) board of advisers, including Bank of America, Wal-Mart and PayPal, the industry standards body announced Monday.
Two reports released this week confirmed the tidal shift in the type of websites into which cybercriminals are injecting malware.
Google has apologized after it suffered a huge traffic jam that left millions of users unable to access the site Thursday.
A new study from Panda Security found that 67 percent of teenagers surveyed admitted to having tried to hack into friends' instant messaging or social network accounts.
An insider at the California Water Service Co. in San Jose broke into the company's computer system and transferred $9 million into offshore bank accounts and fled the country.
Cybercriminals are tapping into the popularity of social networking to more effectively craft their scams.
The downturn in security investments and vulnerabilities in social networking are regarded as major threats to corporate information security, according to research from Deloitte Touche Tohmatsu.
It's no news that the current economic situation has put a strain on companies' finances, but a recent survey aimed to quantify the toll the recession has taken on IT budgets.
The U.S. Department of Homeland Security has asked Congress for $918 million to support its infrastructure protection programs.
The final release candidate for Microsoft's newest version of Windows was made available Tuesday, and already infected pirated versions of the software are making the rounds.
In the past three months, twelve million new computers have joined botnets worldwide.
A group of researchers at the University of California, Santa Barbara, have infiltrated the Torpig botnet, which was found to be in control of hundreds of thousands of computers that were volunteering gigabytes of sensitive information.
A federal grand jury in Kansas City has indicted four people, including two Missouri brothers, in a nationwide email spamming case.
In a second acknowledgement of security vulnerabilities this week, Adobe has released an update to address a potential vulnerability in versions of its Flash Media Server.
A new survey of federal CISOs indicates that external threats resulting in data loss are seen as the biggest risk to the federal government, followed by insider threats and software vulnerabilities.
In one of its first major moves in acquiring virtual security technology firms, Trend Micro bought Third Brigade, a virtualization security and compliance software company based in Ottawa, Canada.
McAfee has launched a free Cybercriminal Response Unit (CRU), meant to be an "online 911" where cybercrime is diagnosed and treated.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Logjam attack exposes data passed over TLS connections
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes