PhishMe, Inc. secures $13 million in Series B funding

PhishMe, Inc., a Leesburg, Va.-based phishing threat management solution provider, closed a $13 million investment in Series B funding led by Paladin Capital Group and new investor Aldrich Capital Partners.

Vulnerability found in popular hotel routers

A flaw in InnGate routers could allow an a attacker to distribute malware to guests, monitor and record data sent over the network and possibly gain access to the hotel's reservation and keycard systems.

Federal Reserve Bank of New York creates cybersecurity team

Sarah Dahlgren, the New York Fed's head of supervision, announced that the bank had created a team dedicated to cybersecurity.

Silk Road drug dealer sentenced to five years in prison

Steven Sadler sold close to a million dollars' worth of cocaine, heroin and methamphetamine over the underground marketplace the Silk Road.

GE, MACTek update products using vulnerable HART DTM library

Four GE products and one MACTek product are impacted by the vulnerability, according to ICS-CERT.

Data breach notification bill advances in U.S. House

Legislation requiring companies to meet security standards and notify customers of data breaches has moved forward in the U.S. House of Representatives.

Ransomware holds New Jersey school district's network hostage

The Swedesboro-Woolwich School District's network was taken hostage by ransomware.

California Senate Public Safety Committee advances stingray bill

The California Electronic Communications Privacy Act passed the California Senate Public Safety Committee on Tuesday.

Protecting Cyber Networks Act introduced by House committee

A new 'threat sharing' cybersecurity bill was introduced by leaders of the U.S. House of Representatives Intelligence Committee.

Fraudsters use Neverquest trojan to target Canadian banks

In this campaign, the banking trojan, also known as Vawtrak, was spread via drive-by download.

Romanian man extradited to U.S. to face hacking charges

Romanian citizen Mircea-Ilie Ispasoiu made his first appearance in a New Jersey federal court after being extradited to the U.S. for allegedly orchestrating an international hacking scheme.

Israel allegedly spied on U.S. communications for Iranian deal details

Israel allegedly has conducted an espionage campaign on the U.S. to learn the details of President Obama's possible deal to curb Iran's nuclear program.

FTC announces new initiative aimed at tech research

The FTC's Office of Technology Research and Investigation will focus on research and the investigation of issues on emerging technology.

Twitch resets passwords following possible breach

Unauthorized access may have been gained to some Twitch user account information, but there was no impact to and Amazon Web Services.

NYPD union website hacked

The New York Police Department's (NYPD) Captains Endowment Association website was hit by a cyber attack over the weekend.

Islamic State posts U.S. service members' information online

The Islamic State's "Hacking Division" posted the names, addresses and photos of 100 U.S. service members online this past week to encourage sympathizers to kill the members.

NJRat making a comeback, researchers observe

Clicking the link in a phishing email brings recipients to a page where they can download a file that is actually NJRat.

France unveils new terrorist surveillance law

French Prime Minister Manual Valls introduced a new bill late last week that would allow intelligence agents to spy on suspected terrorists.

Vulnerability found in Hilton HHonors Awards system

The flaw could have allowed an attacker to hijack any account and execute actions, including redeeming awards points for travel or hotel reservations.

Experts discover phishing campaign leveraging .gov TLD loophole

Researchers have picked up on a new spam campaign that sends victims phishing messages from a .gov account that thwarts email validation systems.

U.S. representatives form payment technology caucus

Members of the U.S. House of Representatives have announced that they have joined together to form a bipartisan caucus to investigate payment technologies.

Recently patched Adobe Flash bug added to Nuclear Exploit Kit

Adobe confirmed to Malwarebytes that a variant of CVE-2015-0336 is being exploited in the wild.

Kaspersky rebuffs Bloomberg's claims

Kasperky Lab CEO and founder Eugene Kaspersky blasted a Bloomberg Businessweek report that claimed he holds intimate ties with the former KGB.

Researchers earn $442,500 at Pwn2Own 2015

The two-day hacking competition ended on Thursday.

Russian hacker to be extradited to U.S. from Spain

A Russian man who was arrested in Spain on suspicion of cyber fraud reportedly will be extradited to the U.S. within the next few days.

White House names former Facebook exec as first IT director

The White House announced that former Facebook executive David Recordon will serve as the first ever director of White House information technology.

OpenSSL Project issues 12 patches in Thursday update

OpenSSL Project issued multiple patches on Thursday to address security vulnerabilities, including two of "high" severity.

Obama Administration sets record for withholding FOIA requests

The Obama administration has set another record for withholding government files under the U.S. Freedom of Information Act.

Target close to settling class-action for $10M

According to court documents, victims who prove harm would get up to $10,000 each in a proposed settlement.

Black market Evolution disappears along with $12M in Bitcoin

The dark web marketplace is known for facilitating drug deals and the sale of other illegal goods and services.

NYPD officer arrested for hacking FBI databases

A (NYPD) officer was arrested Wednesday morning for allegedly hacking into a restricted NYPD computer and other sensitive law enforcement databases.

FireEye scans popular Android and iOS apps, nearly 2K vulnerable to FREAK

The SSL/TLS vulnerability FREAK can be exploited to force an HTTPS connection to use weaker and, therefore, easier to crack encryption.

Apple releases Safari updates

Apple released Safari 8.0.4, Safari 7.1.1, and Safari 6.2.4 for Mountain Lion, Mavericks, and Yosemite on Tuesday.

Lynx-sponsored fellowship aimed at women, minorities

Lynx will throw its support behind ICMCP's efforts to bring more minorities into cyber security by sponsoring fellowship.

Judge dismisses suits against Paytime

A federal judge has dismissed two lawsuits against the payroll company, saying there's no evidence yet of identity theft after a 2014 breach.

Silk Road forum moderator pleads guilty in Manhattan

An Australian man, Peter Nash, faces a maximum sentence of life in prison.

RSA hires Zulfikar Ramzan as CTO

RSA announced earlier today that it has named Zulfikar Ramzan as the company's chief technology officer.

Kaspersky Lab provides updates on 'Crouching Yeti' threat group

Kaspersky Lab has been following Crouching Yeti since initially reporting on the threat group in July 2014.

State Dept. system still down to exorcise attackers

The State Department's unclassified system is still down as the agency tries to expel what could be Russian hackers from its network.

U.S. senator introduces bill aimed at federal breach notification standard

U.S. Sen. Mark Kirk is ready to introduce a bill aimed at putting in place a federal standard that organizations across the country would abide by.

Report: Authorities close to filing charges against JPMorgan hackers

Unnamed sources speaking with The New York Times have indicated that the feds are close to filing a case against the cybercriminals behind the attacks.

Western Union launches bug bounty program with Bugcrowd

Bugcrowd partnered with Western Union to launch the company's public bug bounty program this past week.

Driver sues Uber after breach

An Uber driver has accused the internet car service of failing to safeguard the personal information of its employees after a breach exposed data on 50,000 drivers.

Hacker threatens S. Korean nuclear power plants if ransom not paid

The attacker has already released some files via Twitter, but the state-run Korea Hydro & Nuclear Power Co. has yet to determine if the information is sensitive.

Jamie Oliver website once again serving malware to visitors

The malware being delivered via the Fiesta Exploit Kit was digitally signed, but the certificate is no longer valid.

CISA passes Senate committee, raises privacy concerns

The act contains a dozen amendments made in a closed door session before the Senate Intelligence Committee voted.

Cryptography Services launches security audit for OpenSSL

The NCC Group's Cryptography Services confirmed its plans to launch an audit of OpenSSL earlier this week with the first results planned to come out this summer.

More than 600 cloud services still vulnerable to FREAK, data shows

Scanning its registry of more than 10,000 services, Skyhigh Networks determined that 685 cloud services are still vulnerable to FREAK.

Windows 7 users report issues installing Microsoft update

According to users, the update fails to install properly, and instead forces them to continually reboot, to no avail.

Clinton emails uncrypted for 3 months, AP sues State for access

Hillary Clinton's emails went unencrypted for the first three months she was secretary of state but have been encrypted since.

Adobe issues patches addressing 11 vulnerabilities in Flash Player

Windows, Macintosh and Linux users of the software are urged to update to the latest versions available.

Justice Department drops charges against government employee

The Justice Department has dropped an eight-count indictment against Xiafen Chen who was accused of illegally downloading data from a restricted government database.

Chicago man convicted in ATM skimming spree that netted $5 million

Dinu Horvat faces up to 30 years in prison and a $1 million fine for playing a lead role in the operation that affected thousands of bank customers.

Former Mandiant chief architect to lead research team at Endgame

Endgame has named Jamie Butler as chief scientist.

Microsoft tries, again, to plug Stuxnet attack path

Years after shipping its first patch for the vulnerability, the tech giant has attempted to plug the hole again.

Apple issues update for OS X and Apple TV

Apple issued an update for OS X and Apple TV earlier this week to address various vulnerabilities, including the FREAK flaw.

Russian man pleads guilty to wire fraud in online fraud scheme

Alexey Svetlichnyy, a Russian national that resides in Tewsbury, Mass., plead guilty to his part in an online criminal ruse that netted he and his co-conspirators more than $400,000.

White House reveals $100M in grants to train tech workers

Under the TechHire program, 21 cities and regions will vie for grants and work to accelerate tech training.

Top-secret documents indicate researchers attempted to break Apple security measures

Researchers associated with the CIA have, for years, conducted tests to break the security of Apple's mobile products, including iPhones and iPads, and have presented their findings at a secret annual meeting.

Bug in WordPress plugin can be exploited to take full control of website

Researchers with Sucuri have identified a vulnerability in the MainWP Child plugin for WordPress, and they consider it a critical security risk.

Apple releases iOS 8.2, addresses 'FREAK' flaw

Apple released its iOS 8.2 update on Monday to address the "FREAK" vulnerability, as well as to incorporate support for its new Apple Watch.

$1.1M fine issued to firm for violating Canada's anti-spam law

The Canadian Radio-television and Telecommunications Commission issued a Notice of Violation to Compu-Finder for violating the country's anti-spam law.

New York private investigator pleads guilty to computer hacking charge

A New York City-based private investigator has pled guilty to one charge of conspiracy to commit computer hacking, which carries a maximum sentence of five years.

Researchers observe 'Animal Farm' group using variety of malware

Kaspersky Lab observed Animal Farm using tools known as Bunny, Dino, Babar, NBot, Tafacalou and Casper to compromise targets in Syria, Iran and Malaysia.

Disgruntled former employee pleads guitly to power supplies co. hack

The FBI said Michael Meneses deleted code so his former employer would miscalculate work orders and otherwise wreaked havoc on operations.

DDoS attack takes down

A distributed denial-of-service (DDoS) attack took feminist website Femsplain offline this weekend and corresponded with International Women's Day.

NEXTEP, a POS systems provider, is investigating a possible breach

Law enforcement recently notified NEXTEP SYSTEMS that the security of the systems at some customer locations may have been compromised.

FTC inks privacy collaboration deal with Dutch DPA

The new memorandum of understanding signed by both data protection agencies will bolster collaboration and privacy-related information sharing.

Maine man seeks $5 million in latest Anthem lawsuit

The Maine resident filed a $5 million class-action lawsuit against Anthem, alleging the company did not take measures to protect data.

U.K. National Crime Agency arrests 56 alleged cybercriminals in week-long operation

British law enforcement arrested 56 people, including a man accused of hacking the U.S. Department of Defense, this past week in operations targeting alleged cybercrime perpetrators.

Adobe's new bug bounty program rewards researchers with HackerOne rep scores

Adobe's new web application vulnerability disclosure program will reward researchers with a boosted reputation score on HackerOne.

Fraudsters use Apple Pay to purchase goods with stolen cards

Credit card data from the Target and Home Depot breaches has been used by attackers to make purchases at Apple stores via the popular Apple Pay system.

Pre-loaded malware found on Xiaomi Mi 4 device, among other issues

The smartphone was verified to be a legitimate device by major smartphone distributor Xiaomi.

Government amends policy on NSLs without thorough process in-place

Although the government wrote that its changed its National Security Letter policy, an unsealed court document alludes to a process not yet being in place.

Chrome 41 update includes 51 security fixes

Chrome 41 was promoted to the stable channel for Windows, Mac and Linux on Tuesday.

Experts find flaws in Mobile World Congress official app

The official Android app of the event contains some flaws that could allow spammers to easily scrape data belonging to conference attendees.

Online Trust Alliance pens letter to Congress over federal data breach notification law

The Online Trust Alliance (OTA) wrote a letter to Congress earlier this week in response to the recently proposed Personal Data Notification & Protection Act.

D-Link issues firmware updates to address router vulnerabilities

A researcher notified D-Link of vulnerabilities in one router, and D-Link then expanded the investigation to a number of other devices.

ACLU and EFF, among others, voice dissatisfaction with CISA bill

Various civil society organizations and security experts penned a letter to the Senate Select Committee on Intelligence over their dissatisfaction with the recently drafted Cybersecurity Information Sharing Act of 2015 (CISA).

Connecticut AG asks Lenovo for details on Superfish incident

Attorney General George Jepsen sent a letter to Lenovo's EVP on Friday.

Snowden considering return to U.S. for trial, lawyer says

Edward Snowden's Russian lawyer claimed to be working with U.S. and German lawyers to negotiate the return of the fugitive whistleblower.

Alleged Anonymous hacker deported back to the U.S.

Alleged Anonymous member Matt DeHart was deported back to the U.S. and now faces child pornography charges.

Hillary Clinton used personal email for State business

Former Secretary of State Hillary Clinton is catching flak for exclusively using her personal email account to do business for the four years she was at the State Department.

NEWS ALERT: New SSL/TLS vulnerability identified, dubbed 'FREAK'

Researchers announced FREAK, a vulnerability that they say enables attackers to intercept HTTPS connections between vulnerable clients and servers.

Obama criticizes Chinese cybersecurity regs

President Obama told Reuters that cybersecurity requirements proposed by China need to change if the country wants to do business with the U.S.

Google pulls default encryption from Android partner phones

Although Google said its Android Lollipop devices would have encryption enabled by default, some devices have shown up on the market without encryption.

Revenge porn site operators ordered to pay plaintiff $900,000

Last year, the operators of ugotposted[.]com were ordered to pay $385,000 in a default judgment.

Attempts made to access Toys"R"Us reward program profiles

Unnamed attackers attempted to gain access to some Toys"R"Us reward program profile in January, prompting the company to send email notifications and request users change their passwords.

Silent Circle to buy out Geeksphone, fully own Blackphone

On the heels of naming a new president and CEO, Silent Circle now assumes 100 percent ownership of Blackphone.

IE exploit added to Angler EK, beats MemProtect mitigation

Last year, Microsoft introduced MemoryProtection (MemProtect), which helps deflect attacks leveraging use-after-free vulnerabilities.

NEWS ALERT: Uber says info on 50K drivers exposed, files suit

The car service says a database was breached in May 2014 by an unauthorized third party.

NEWS ALERT: Hacktivists claim to have accessed files from private U.S.-based defense group

A group identifying itself as CyberBerkut claimed, in an email to SC Magazine, to have gained access to files on the mobile device of a Green Group official.

Madonna hacker indicted in Israeli court

An Israeli man was charged on four counts in a magistrate's court for hacking Madonna, stealing her unreleased music and selling it.

Reddit to donate money to EFF and Tor Project, among others

Reddit will donate 10 percent of its 2014 gross ad revenue to 10 charities chosen by Reddit users.

PlugX APT group uses backdoor in India campaign

A five-month-long campaign against organizations in India shows the group is active and evolving, SophosLab reports.

In historic vote, FCC approves strong net neutrality rules

The rules, approved Thursday, ban ISPs from charging for internet "fast lanes," or blocking legal internet services.

Facebook paid $1.3 million in 2014 for bug bounty submissions

Bug bounty hunters reported 17,011 vulnerabilities to Facebook in 2014, marking a 16 percent increase in submissions.

Fears of cybersecurity attacks increase among U.S. workers, survey finds

In a poll that surveyed 1,008 U.S. adults, GFI found that the fear of a cybersecurity attack has increased significantly over the past year.

Firm finds 'high risk' bugs in SAP BusinessObjects software

The enterprise software flaws could allow attackers to access customer data, financial info and other critical data at companies.

Target breach costs company $191M, financials show

The retailer's Q4 and whole year earnings reports show that insurance picked up the tab for $46 million of the $191 million in expenditures.

Sign up to our newsletters