Malwarebytes apologizes for jumping the the gun on WinRAR vulnerability

Researchers at Malwarebytes said the WinRAR product is not malicious after publishing a blog last week that it was vulnerable.

Canadian military wants to hack cars

The Canadian Department of National Defence put a $825,000 contract up for bid to find a firm that will study how to hack an automobile and come up with a mitigating response.

DHS cybersecurity mandates get push in House

The Department of Homeland Security (DHS) will be required to put in place a formal cybersecurity strategy, following passage earlier this week of a House bill.

Akhter twins sentenced to prison for hacking State Dept.

Twin brothers Muneeb and Sohaib Akhter were sentenced to prison by the Eastern District of Virginia for an array of offenses, including conspiracy to commit wire fraud, conspiracy to access a protected computer without authorization, conspiracy to access a government computer without authorization, and obstruction of justice.

High-Tech Bridge identifies XSS vulnerability in WordPress plugin

IT security company High-Tech Bridge issued a security advisory on Wednesday for two reflected cross-site scripting (XSS) vulnerabilities in the Calls to Action WordPress plugin.

Patched Flash bug still vulnerable

A bypass in the multimedia and software platform Flash, which Adobe said it patched in its last security update, has reappeared.

U.S. Marshals to auction about 44K Bitcoin seized from Silk Road founder

U.S. Marshals will auction about 44,341 Bitcoins that were seized from Silk Road operator Ross Ulbricht.

Senators' bill demands strategy to fight North Korean cyberattacks

A trio of Republican senators, including presidential candidate Marco Rubio, R-Fla., have introduced the North Korean Sanctions and Policy Enhancement Act of 2015 that would sanction the Hermit Kingdom for cyberattacks on the U.S..

Cisco develops new and improved security disclosure process

Cisco has embraced an "enhanced and simplified" view of vulnerabilities in its products.

NIST seeks to secure, raise trustworthiness of email

The National Institute of Standards and Technology (NIST) unveiled two projects designed to secure email.

Google releases patches for new Stagefright discovery

Google issued an over-the-air security update for its Nexus devices on Tuesday, which included fixes for the recently discovered vulnerabilities in Android's Stagefright code.

Berkshire Hathaway Specialty Insurance enters cyberinsurance arena

Warren Buffet is not exactly launching the Geico gecko into the cyberinsurance space, but his Berkshire Hathaway Specialty Insurance division today unveiled two new polices targeted at this area.

Payment processing company tests facial recognition camera as fraud preventative

Worldpay, a payment processing technology company, said it's researching using facial recognition in stores around the UK as a card fraud preventative measure.

HTC America president says company won't guarantee monthly security updates

HTC American President Jason Mackenzie tweeted that guaranteeing monthly Android security updates is "unrealistic."

North Korea blamed for Seoul subway hack

South Korea's National Intelligence Service (NIS) is blaming North Korea for hacking into the Seoul Metro subway breaking into and infecting 210 employee computers between March and August in 2014.

Hackers crack Virginia State Police cars...but for good

Researchers hacked into the operating systems of two Virginia State Police cars to expose cyber vulnerabilities in the department's fleet.

Scottrade breach affects roughly 4.6 million clients

Scottrade is notifying approximately 4.6 million clients that illegal activity occurred on its network and personal information may have been compromised.

Feds raid digital currency firm accused of swindling $32 million

Federal authorities raided the offices of a digital currency firm accused of swindling investors out of more than $32 million.

Ari Schwartz leaves cybersecurity post at White House

Ari Schwartz, senior director for cybersecurity, National Security Council, at the White House, stepped down this week, two years after becoming a trusted cyber adviser to the Obama administration.

Wifatch malware may be force for good, Symantec

A new malware may be defending machines against attackers and may even be providing fixes for infections.

Spam delivers Android banking malware disguised as PayPal app

Clicking the link in the spam emails results in an Android user downloading a sneaky mobile online banking trojan.

Home Depot breach costs expected to reach billions

Owing to a slew of lawsuits filed by banks and credit unions, the expected cost to Home Depot for a cyber intrusion may reach into the billions.

Early warning helped five Russian banks ward off DDoS attacks

Five Russian banks that experienced distributed denial of service (DDoS) attacks Sept. 26 had been warned in advance by the General Directorate of Security and Information Protection of the country's Central Bank.

D.C. police sign non-disclosure with FBI to keep StingRay use private

Under a non-disclosure agreement with the FBI, the Metropolitan Police Department in Washington, D.C., will keep its StingRay surveillance use private.

NEWS ALERT: Breach at Experian exposes 15 million T-Mobile customer's PII

T-Mobile confirmed in a letter that the personally identifiable information of about 15 million customers has been obtained through a hack at Experian, a T-Mobile vendors hired to perform credit checks.

Trump Hotel Collection confirms customer data compromised

The Trump Hotel Collection confirmed that malware had gained unauthorized access to customer payment card data at seven properties.

Update: WordPress malware, VisitorTracker, getting stronger

The popular blogging platform WordPress has been under attack the past three weeks with VisitorTracker malware code.

UK team uses Minecraft to find future cyber security talent

Private and public firms in the UK have teamed up to create a 3D video game featuring the Minecraft world to monitor and recruit cyber security talent.

Positions on CISA being staked out preceding floor fight

As debate over the Cybersecurity Information Sharing Act (CISA) is set to reach the Senate floor perhaps as early as next week, some technology and privacy groups have amped up their positions.

Dealerships, repair shops vulnerable to car hackers

Car dealerships may become the next soft spot targeted by hackers intent on infecting autos with malware.

Malwarebytes warns of support scam using Google AdWords

Malwarbytes is pointing out a malvertising campaign that leverages popular website names to direct victims to call a number where they are scammed into buying unneeded services and giving up personal information.

Shifu trojan now targeting U.K. banks

The banking trojan Shifu is targeting 18 banks and wealth management firms in the U.K.

Man accused of installing spyware on wife's phone in divorce case

A man has been accused of planting spyware on his wife's cell phone two weeks prior to filing for divorce.

Thousands of medical systems found vulnerable to attack

Researchers presented findings at Derbycon this past weekend that indicated vulnerabilities in thousands of medical systems.

At HP, Fiorina supplied NSA with surveillance material

Truckloads of HP servers were delivered to federal officials for a warrantless surveillance program codenamed "Stellar Wind."

Microsoft exec clarifies Windows 10 data collection policy

Microsoft released a statement on Tuesday that addressed the feedback and privacy concerns of Windows 10 data collection.

Pirate Bay co-founder released from prison

After three years in prison, Gottfrid Svartholm, alias anakata, has been released from Sweden's Skanninge prison.

F-Secure releases ad blocking app for iOS9

F-Secure has released a new ad blocker app for Apple's iOS 9 that it said will give consumers more control over the ads pushed to their devices saving them time by limiting bandwidth dedicated to unwanted ads.

PornHub, YouPorn hit in malvertising campaign

Researchers at Malwarebytes detected another malvertising campaign targeting popular adult sites over the weekend, this time against PornHub and YouPorn.

Bill introduced to reduce ID theft by replacing SSNs

A proposed bill could reduce identity theft by allowing companies to replace Social Security numbers with another identifier on tax forms.

Gaza cybergang sending malware files to IT and IR personnel

A Middle Eastern cybergroup seeking higher levels of access to specific networks has turned its focus to IT security personnel.

Hilton Worldwide investigates possible POS data breach

Cybersecurity blogger Brian Krebs indicated a pattern of recently compromised credit cards being used at Hilton Worldwide entities, and the company confirmed an investigation into the matter.

Calif. Big Blue Bus customers possibly affected by breach

The Big Blue Bus, part of the Santa Monica, Calif. bus transit system, has issued a warning of a possible data breach involving customers who use a transit software program called NextBus.

OpenSSL adds 'Critical' severity level to security policy

The OpenSSL Project said it has updated its security policy to include a "Critical" severity level.

Campaign injecting spyware and unwanted apps into WordPress sites

An injection attack on WordPress sites inserted code into 2,000 WordPress web pages.

xHamster targeted in another malvertising campaign

xHamster has been hit by another malvertising attack, and it may be part of campaign that struck other big sites earlier this year.

Court rules forcing defendants to turn over device passcodes unconstitutional

Case defendants cannot be required to turn over their phone passwords to the authorities, a court ruled earlier this week.

Price-gouging pharma CEO's address, phone number leaked

An anonymous source released the alleged phone number and home address of the Turing CEO who jacked up the price of life-saving AIDS and cancer drug.

New iOS 9 workaround exposes contacts and photos, even without proper passcode

A recently discovered flaw in iOS 9 could allow a person to view any Apple device's contacts and photos without entering the proper passcode.

Proper protection of Pope Francis hopefully thwarts cyber-threats

With Pope Francis scheduled to visit New York City today, authorities are taking every precaution to increase security, cyber-space included.

Former WH cybersecurity advisor turned security exec stresses info sharing

Paul Kurtz, now founder and CEO of TruSTAR Technology, dropped by the SC Magazine offices to discuss these monumental data breaches and the government's cybersecurity efforts.

Russian firm tasked with cracking Tor throws in towel

A Russian firm tasked to gain information on Tor users is paying more than the value of the contract to back out of the agreement.

3.4 million B.C., Yukon student records lost with misplaced hard drive

Authorities in British Columbia say as many as 3.4 million education records going back to 1986 may be breached due to a misplaced back up hard drive.

Kaspersky Lab's study finds consumer web awareness lacking

A study by Kaspersky Lab has found that most consumers don't have a clue when it comes to safely navigating the internet.

Chinese mobile app promotion company launches global Android adware campaign

A China-based mobile app promotion company reportedly created an adware attack that takes total control over victims' Android devices, FireEye found.

OPM increases number of stolen fingerprints in data breach to 5.6 million

The number of fingerprints impacted in the second Office of Personnel Management (OPM) data breach has increased by 4.5 million.

Florida deputy eager to purchase Hacking Team software

Documents obtained under a FOIA request revealed a Florida deputy was eager to purchase Hacking Team surveillance equipment.

Former Morgan Stanley adviser pleads guilty to stealing data

A former Morgan Stanley financial adviser who was fired for stealing the data of approximately 730,000 clients pleaded guilty in federal court on Monday.

School board looks to protect itself with cyber liability insurance

The Dothan City, Ala., school board on Monday allocated $25,000 to purchase cyber liability insurance to cover the board in case a cyberattacker gains access to district information.

HackerOne launches vulnerability model for dealing with discovered flaws

Bug bounty program provider HackerOne released its "Vulnerability Coordination Maturity Model" on Tuesday to help companies assess and handle vulnerabilities in their systems.

DHS CISO wants repercussions for workers who fall for security scams

Falling for a phishing scam is embarrassing enough without having to learn the email came from your boss as part of a test of your cybersecurity knowledge, but that is what the chief information officer of the Department of Homeland is doing to his staff.

Adobe security updates address critical Flash Player bugs

Adobe on Monday released security updates across multiple platforms that address vulnerabilities in Flash Player and AIR.

Cybersecurity firm offers $1M for iOS 9 jailbreak and vulnerabilities

Zerodium is offering up to $3 million for vulnerabilities and a jail break of iOS 9.

Google plans to disable support for SSLv3, RC4

Google announced that it will disable support for SSLv3 and RC4 citing a long history of problems in both products.

DoD to develop vulnerability scorecard for weapons systems and more

DoD is developing a automated score card to help identify vulnerabilities, prioritize patches and detect and respond to cyberattacks.

Computer glitch grounds American Airline flights at three major hubs

Computer issues temporarily delayed American Airline flights traveling in and out of Chicago, DFW and Miami on Thursday.

Twitter's shifts to HTTPS in October, new links only

Twitter announced that all new links wrapped with its wrapper will begin using the HTTPS URL scheme as of Oct. 1.

Class action gender discrimination suit filed against Microsoft

A class action suited filed against Microsoft Corporation alleges that the technology giant engaged in discrimination against females employees in technical and engineering roles..

Comcast penalized for data breach

Comcast settles charges of unauthorized disclosure of details on 75,000 who paid for unlisted VoIP telephone service.

Flaws fixed on Starbucks site that put accounts at risk

Three flaws on Starbucks' website put customers' banking details at risk.

Commack High School student management system hacked

The Commack School District in New York reported Thursday that its high school student management system was accessed by an unauthorized individual, but the district has not yet said described the extent of the damage.

Presidential candidate's websites receive an "F" on privacy issues

The Online Trust Allance's (OTA) has found 17 of the 24 presidential candidate websites are not making the grade when it comes to respecting Americans' privacy with some willing to sell their supporters PII to third parties.

VMware addresses vulnerability in vCenter Server

VMware vCenter Server 6.0 and VMware vCenter Server 5.5 running on any system are affected.

Banks team up to improve distributed/shared ledger technology

Nine financial institutions have formed an international coalition, in conjunction with the financial technology firm R3, to create and deliver advanced distributed/shared ledger technologies to global financial markets.

Politically oriented cyber attacks expected to increase: Tripwire

A Tripwire executive expects politically oriented cyber attacks to increase going forward and that politicians will have to pay more attention to cybersecurity issues.

Calif. state senator recognized for promoting digital privacy after death

California State Sen. Joel Anderson was recognized by an eCommerce firm for his efforts to protect citizens' digital privacy rights after death.

Mitigation available for flaw in building automation system

Schneider Electric released updated firmware to patch a remotely exploitable vulnerability for its StruxureWare Building Expert building automation system.

Kardashian websites exposed user data

The Kardashian and Jenner sisters launched websites and apps earlier this week, and one developer discovered an open API that exposed users' personal information.

Amazon UK customers targeted with phishing scam

Researchers at Malwarebytes spotted an email phishing scam on Wednesday that targets Amazon users in the UK.

Let's Encrypt issues its first open source certificate

Open-source certificate authority (CA) Let's Encrypt announced the release of its first certificate on Monday.

Alleged CoinVault ransomware creators arrested in The Netherlands

Dutch police, with the help of Kaspersky Lab, arrested two men in connection with a ransomware scheme that locked up thousands of devices.

Twitter faces privacy lawsuit over Direct Messages algorithm

Twitter is facing a $5 million class action lawsuit claiming its Direct Message link shortener algorithms violate federal and state privacy laws.

Russian men plead guilty to roles in massive credit card breach operation

Vladimir Drinkman and Dmitriy Smilianets pleaded guilty to their roles in a global credit card hacking operation.

U.S. Air Force developing airborne hacking platform

The U.S. Air Force (USAF) is looking to expand its traditional electronic countermeasures capability to include the ability to carve into an enemy's computer network from the air.

Court orders FBI to lift National Security Letter gag order for first time

For the first time, a recipient of a National Security Letter (NSL) will be able to discuss the letter's contents after a federal district court ordered the FBI to lift its gag order.

Major flaw in Apple OS enables attackers to write files to any location

A major bug has been detected in Apple's iOS through which attackers can overwrite files and insert a signed app on a targeted device.

Kim Dotcom faces extradition hearing after delay request fails

Founder of the now defunct Megaupload website, Kim Dotcom, will face an extradition hearing after having lost his latest request to get it postponed.

Nigerian man sentenced to 12 years for operating spam scheme

A Nigerian man was sentenced to more than 12 years in a prison and ordered to pay $13 million in restitution for his role in an internet fraud scheme

Obama, U.S. delegation nix Waldorf-Astoria stay, citing Chinese cyberespionage concerns

The U.S. delegation to the United Nations General Assembly officially announced on Friday they will not be staying at the Waldorf-Astoria Hotel amid cybersecurity concerns.

WordPress 4.3.1 released, fixes three security issues

WordPress 4.3.1 was made available on Tuesday, and users are strongly encouraged to upgrade since it comes with fixes for a few security issues.

Hacking Team looks to hire hacker

Following the compromising of nearly all its databases and emails, and then the subsequent release of those company details, Hacking Team posted a job listing for a "hacker/developer."

Chaffetz again criticizes OPM for ignoring IG recommendations

House Oversight Committee Chairman Jason Chaffetz (R-Utah) blasted the Office of Personnel Management (OPM) on Monday for not following suggestions from the Inspector General (IG) to beef up OPM's internet security capability.

Google facing monopoly charges in Russia

Google is facing charges of violating Russia's anti-monopoly laws over its insistence that OEMs bundle prominent Google apps onto Android smartphones.

FAU student banned after posting shooting alert on Yik Yak

A former FAU student was banned from campus last week after posting an alert on Yik Yak about a shooting threat.

Corebot, TVSPY and shady marketplace possibly correlated

Damballa reports that one Corebot-involved email address appears to indicate that some stolen data is being sold on a nefarious digital marketplace.

File-sharing site ShareBeast shuttered by DoJ

The Department of Justice closed down the music and entertainment file-sharing site and a sister site,

TSA luggage locks replicated with a 3D printer

A single image of a Transportation Security Administration (TSA) master key posted online last November by the Washington Post in a story on airport luggage has led to the key being duped by a 3D printer.

Five years later, GM patches OnStar flaw that allowed remote control of vehicle

After nearly half a decade, GM finally got around to patching an exploit that left millions vulnerable to an attack that could seize control of a vehicle.

Hacker jailbreaks iOS 9 before it's released publicly

A hacker, going by iH8snow, demonstrated how to jailbreak iOS 9 in a YouTube video published Thursday night.

Transactions at Pentagon lead to credit card fraud, workforce notified

The Pentagon workforce has been notified of fraudulent use of credit cards belonging to Pentagon personnel.

Sign up to our newsletters