A bipartisan group of senators introduced an amendment to the National Defense Authorization Act (NDAA) that would compel President Obama to raise Cyber Command to a Combatant Command.
Amazon customers are the target of a wide-ranging phishing email scam intended to fool recipients into opening up a malicious attachment that results in the downloading of Locky ransomware.
The FBI reportedly is close to gaining authority to demand email data from ISPs without a warrant.
Two senators lobbied for a cyberattack response policy before the Senate on Wednesday.
The Port Authority of Allegheny County in Pennsylvania said that malware detected on the agency's internal computer in March didn't compromise employee or customer data.
The FBI's refusal to reveal the code it used to hack into a defendant's computer as part of a child pornography case has resulted in a federal judge disallowing the evidence.
An Opelousas, La., man was sentenced to one day and one year in prison and three years of supervised release after hacking into computer to steal information on more than 5,000 credit card accounts and $80,000 in bitcoin.
Sen. Ron Wyden (D-Ore.) said CIA Director John Brennan knew his agency was spying on the Senate despite denying the claims in 2013.
Deejay and house music producer deadmau5 had to face the music when the mischievous hacking group Our Mine accessed his personal SoundCloud account and uploaded outside content.
Vulnerabilities allow attackers to use an exploit known as the "forbidden attack," affecting dozens of Visa Inc.'s HTTPS-protected websites.
A group of cybergangs is helping emphasize the importance of keeping a computer properly updated by using a patched vulnerability to attack systems that have not uploaded the fix.
At a hearing, Rep. Elijah Cummings (D-Md.) advocated for a bill that would allocate $3.1 billion to create an Information Technology Modernization Fund.
The US-CERT issued an alert this week, warning of a "domain name collision" bug, causing certain DNS queries to be resolved on public instead of private or enterprise servers, exposing organizations to Man-in-the-Middle attacks.
The "Celebgate" hacker pled guilty for a phishing scam that led him to hack into celebrity accounts to steal nude photos.
In a video on Facebook, a figure in a Guy Fawkes mask accused Florida Gov. Rick Scott of a "collusion of corruption" following the dumping of polluted water from Lake Okeechobee into the Atlantic Ocean.
A long-time hacker group is using DNS requests as a command-and-control mechanism in a new series of malware attacks.
SWIFT CEO Gottfried Leibbrandt issued details of the messaging service company's information-sharing strategy.
The infamous hacker Guccifer, who claims to have infiltrated Hillary Clinton's email servers while she was Secretary of State, will reportedly plead guilty today to at least one of the federal charges for which he was extradited to the U.S.
Rep. Jackie Speier (D-Calif.) is planning to introduce a federal revenge porn bill in late June that would outlaw non-consensual pornography on a national level, a source told SCMagazine.com.
Researchers at Switzerland's CERT found malware on the network of defense contractor Ruag bearing similarities to malware used by Turla APT, a Russian cyberespionage group.
Cyber criminals made off with the equivalent of $2 million in Bitcoin and Ethere from Gatecoin.
A security update for Adobe Connect for Windows released Monday resolves an untrusted search path vulnerability in the add-in installer for Connect versions 9.5.2 and earlier.
Operation Ke3chang, the APT that in 2013 was discovered targeting Europe-based Ministries of Foreign Affairs, not only apparently remains active but also seems to be leveraging a new family of malware called TidePool.
Microsoft banned terrorist content from its services and said it would invest in public-private partnerships to help fight terrorism.
Google released v4 of its safe browsing API, a tool for software developers that helps client applications check URLs against Google's list of suspected malicious pages.
Microsoft researchers recently detected a file containing a VBA project that scripts a malicious macro.
Researchers spotted Petya and Mischa ransomware bundled together in a single malicious payload.
Rep. Ted Lieu (D-Calif.) accused House leadership of putting politics ahead of security by refusing to bring a "backdoor" NDAA amendment to the floor for a vote.
Basketball fans have heard of the "Hack-a-Shaq" strategy. But yesterday, the NBA's Milwaukee Bucks franchise publicly acknowledged that the entire team was hacked — by a cybercriminal.
Anonymous said it took down North Carolina state government sites in protest of "bathroom law."
The hacker behind the notorious breaches of Hacking Team embarked on a humanitarian project to assist a crowdfunding campaign supporting the Rojava region in northern Syria.
VMware issued two product updates on Tuesday to patch and present workarounds for two vulnerabilities, one considered critical and the other important.
The New York Office of Information Technology could gain additional responsibilities in the wake of a data breach if a bill now in the state senate is passed.
Despite opposition from the White House, a bill cleared the House on Wednesday that establishes U.S. Cyber Command as a unified command unit.
The National Security Agency (NSA) announced plans for 2016 to triple the number of GenCyber Camps offered.
Flurish Inc. reported to the California Attorney General's office that the personal information for some of its customers had been compromised when it was made available to some of the company's third-party vendors.
Magento released a patch for a critical vulnerability that allowed unauthenticated users to execute PHP code remotely on the server using APIs.
U.S. Senator Barbara Boxer (D-Calif.) yesterday sent a letter to the Department of Justice, asking the agency to disclose its efforts to track and study sextortion cybercrimes.
A variant of the malware family Acecard was detected in the Google Play store by researchers at Lookout.
A 23-year-old British man appeared in a U.K. court to face charges for allegedly launching Denial of Service attacks against British Airways, two police websites and a game retailer.
Remote attackers have been shut out of the IPsec code of Cisco Adaptive Security Appliance (ASA) Software following Tuesday's patch.
U.S. House of Representatives approved legislation \to strengthen ties between universities and the Department of Homeland Security.
Another gray hat hacker has tampered with the distribution of Locky ransomware, replacing the payload with a public-service message to potential victims, warning them not to open strange files.
Kaspersky Lab researchers discovered a new and improved version of the ATM malware dubbed "Skimmer" that turns ATMs into payment card skimmers.
The new promotional website for season two of the USA Network's computer hacking drama Mr. Robot required an emergency patch after a white-hat hacker discovered a cross-site scripting vulnerability, according to a Forbes.com report.
Symantec released an update to its anti-virus engine (AVE) to repair a kernel-level flaw making the software susceptible to a memory access violation when parsing a specifically-crafted portable-executable (PE) header file.
A Japanese teenager was charged May 11 for allegedly launching a DoS attack which shut down 444 school websites.
The Super-Bright LED Flashlight app, which has been downloaded millions of times, is by itself safe, but some of the ads served with the app deliver malvertising and scams, according to Trend Micro.
City College of San Francisco reported that student information was compromised when an employee responded to a phishing email.
A hacker calling himself Revolver yesterday advertised on Twitter that he was selling access to Pornhub servers for $1,000 after discovering an exploit, but the pornography video sharing website is disputing the veracity of this hack.
Vietnam's Tien Phong Bank came forward claiming to be the second bank that was attacked with a fake message sent through The Society for Worldwide Interbank Financial Telecommunication (SWIFT) messaging system.
UnityPoint Health-Allen Hospital is notifying patients that their personal information has been compromised over a period of seven years.
Sen. Rand Paul (R-Ky.) plans to join bipartisan effort to introduce legislation to block proposed amendments to Rule 41.
South Korea claimed North Korea was behind a cyberattack on a navy defense contractor.
A semi-private database consisting of the identities of 70K users of the dating website was published on the internet.
Tumblr announced Thursday that a third party accessed a set of Tumblr user email addresses with salted and hashed passwords.
In a move intended to patch software bugs quicker and satisfy its developer base, Apple has made a deliberate effort to reduce the time it takes to review submissions to its App Store, Bloomberg reported yesterday.
Google paid out $20,000 in bug bounty fees to four researchers credited with finding the five flaws, three of which were rated high, that the company patched earlier this week.
The research firm AppRiver is reporting a new PayPal phishing scam is making the rounds with this version using a phony security message to obtain personal identifiable information.
7-Zip, a popular open-source file archiving application used to compress and decompress files, has issued patches for input validation vulnerabilities that can lead to remote code execution.
Concern for hacking prompted the U.S. House of Representatives to block lawmakers from accessing software apps residing on a Google cloud service.
Adobe followed its hefty Patch Tuesday release from earlier this week with an update for Flash Player.
Pornhub is offering white hats between $50 and $25,000 for reporting qualifying vulnerabilities.
An investigation into a point-of-sale malware attack discovered earlier this year found 300 of the chain's 5,500 locations were impacted.
The man who hacked into celebrity emails to steal personal information pleaded guilty in a federal court Monday.
A Florida man who logged into a computer system with appropriated credentials now faces felony charges.
Five major breaches have put at risk taxpayers' PII, the FDIC told Congress on Monday.
The Air Force Reserve is scrambling to hustle reservists through cyber training, but doesn't currently have the capacity to meet current demand.
The FCC and FTC have ordered the major mobile phone vendors and carriers to divulge the processes behind how each develops and deploys security updates.
In a move to obfuscate network traffic more effectively, Locky ransomware developers recently upgraded the malware to communicate with its command and control server via both symmetric and asymmetric encryption.
An alleged hacker for the Syrian Electronic Army (SEA has been extradited to the United States from Germany.
Trend Micro found evidence that cybercriminals open offshore accounts.
A potentially unwanted program called Yontoo has shifted its focus from Firefox and is seeking to infect Chrome users.
Torrent site's users received malware warnings.
Bangladesh Central Bank officials are pinning the blame for an cyberattack that netted $81 million from the financial institution on SWIFT's for incorrectly installing new software.
Arthur Budovsky, operator of an online payment processor popular with cybercriminals, was sentenced to 20 years in prison for money laundering.
A lobbying effort is underway to block the re-election of Sen. Richard Burr for internet policies that at least one digital rights activists has called "idiotic."
A recent study found that only 17 percent of IT professionals were confident in their ability to defeat cyberattacks.
An unidentified former employee of the Colorado Department of Transportation (CDOT) is the likely perp behind a breach that could lead to a "risk of identity theft."
Researchers are warning WordPress website administrators of a malware attack, whereby adversaries inject code into the header.php file of a site's current WordPress theme, in order to redirect visitors to malicious domains.
Android devices are vulnerable to attack owing to a newly discovered bug.
Tribune Media's ProSportsDaily notified the California Attorney General's Office Wednesday of a data breach that compromised login credentials and likely other user information.
Sen. Ron Wyden is planning to introduce legislation to reverse proposed amendments to Rule 41 within days, an aide to Sen. Wyden told SCMagazine.com.
Charles Schwab informed some of its customers on May 4 that their accounts were likely accessed by an unauthorized person possibly exposing their names, account information and other financial data.
Microsoft announced it will soon cease support for TLS certificates signed by the SHA1 hashing algorithm.
A California accounting firm reported its computer system had been compromised for more than two months resulting in a wide range of tax and financial data being compromised.
Anonymous launched an attack against the Bank of Greece as part of a 30-day campaign targeting central banks across the world.
A security update was issued on Tuesday by Apple to address two vulnerabilities in Xcode.
In a move to strengthen the security of its Blogger platform, Google launched HTTPS versions of all blogs hosted on the company's blogspot.com domain.
OpenSSL has issued as a series of patches in conjunction with the disclosure yesterday of six vulnerabilities, including two of high severity.
The Swiss defense department was hit with a cyber attack.
Tampa International Airport has expedited and expanded an audit of its network security, following the resignation of an IT consultant who was allegedly found to have shared system passwords with unauthorized parties.
The U.S. First Circuit Court of Appeals has overturned a district court's dismissal of a class-action lawsuit accusing publishing company Gannett of violating the Video Privacy Protection Act (VPPA) by sharing mobile app data with a third-party firm.
Citing privacy issues Sen. Charles Schumer (D-N.Y.) has asked the Federal Trade Commission to investigate companies installing that can track individuals as they pass by the outdoor advertisements.
A judge in Brazil ordered mobile phone operators to shutter the WhatsApp chat service for three days.
A 10-year-old Finn was awarded $10,000 by Facebook's bug bounty program after discovering a vulnerability in the Instagram app.
For the third year in a row, The University of Central Florida has come out on top in the National Collegiate Cyber Defense Competition.
House Oversight Committee asked SSA Acting Commissioner Carolyn Colvin to hand over the unredacted version of a penetration testing recently done at the agency.
Fitbit has acknowledged on its website that an April 2016 update to its Aria Wi-Fi Smart Scale, an Internet-connected bathroom scale, patched a critical security vulnerability that was discovered through Google's Project Zero initiative.
As part of a joint venture to develop groundbreaking healthcare apps, the UK's National Health Service (NHS) has agreed to share new and historical healthcare data on 1.6 million patients with Google's AI company DeepMind.
SC Magazine Articles
- GCHQ infosec group disclosed kernel privilege exploit to Apple
- Adobe Flash remains threat as users fail to update, researchers
- Russian bank app changes password when users attempt removal
- Update: 117 million LinkedIn email credentials found for sale on the dark web
- 2.5K Twitter accounts hacked to spread links to adult content
- Some U.S. Bancorp workers' W-2 info exposed in ADP data breach
- Spearphishing attack nets $495K from investment firm
- Updated: Gmail, Yahoo email credentials among millions found on the dark web
- APWG report: Phishing surges by 250 percent in Q1 2016
- Adobe Flash remains threat as users fail to update, researchers
- Chrome 51 serves up 42 security fixes, $65K in bug bounties
- Reddit resets passwords after LinkedIn data dump
- The Southeast Eye Institute patient information compromised
- Microsoft warns of new, self-propagating ransomware in the wild
- Email error leaks hundreds of Northern Ireland prison officer details