NDAA amendment would elevate Cyber Command to Combatant Command

A bipartisan group of senators introduced an amendment to the National Defense Authorization Act (NDAA) that would compel President Obama to raise Cyber Command to a Combatant Command.

New Locky ransomware campaign sets sights on Amazon customers

Amazon customers are the target of a wide-ranging phishing email scam intended to fool recipients into opening up a malicious attachment that results in the downloading of Locky ransomware.

Sen. Wyden sole voice opposing expansion of FBI's warrantless surveillance

The FBI reportedly is close to gaining authority to demand email data from ISPs without a warrant.

Senators press for cyberattack strategy

Two senators lobbied for a cyberattack response policy before the Senate on Wednesday.

Malware didn't compromise info, Allegheny port authority says

The Port Authority of Allegheny County in Pennsylvania said that malware detected on the agency's internal computer in March didn't compromise employee or customer data.

Judge tosses evidence discovered through FBI hack

The FBI's refusal to reveal the code it used to hack into a defendant's computer as part of a child pornography case has resulted in a federal judge disallowing the evidence.

Opelousas man sentenced for hacking, stealing data and bitcoin

An Opelousas, La., man was sentenced to one day and one year in prison and three years of supervised release after hacking into computer to steal information on more than 5,000 credit card accounts and $80,000 in bitcoin.

Sen. Wyden says, despite denial, CIA director knew agency spied on Senate

Sen. Ron Wyden (D-Ore.) said CIA Director John Brennan knew his agency was spying on the Senate despite denying the claims in 2013.

Mouse trap: Hacking group tampers with musician deadmau5's SoundCloud account

Deejay and house music producer deadmau5 had to face the music when the mischievous hacking group Our Mine accessed his personal SoundCloud account and uploaded outside content.

Flaws on Visa's HTTPS-protected sites allow hackers to insert JavaScript code

Vulnerabilities allow attackers to use an exploit known as the "forbidden attack," affecting dozens of Visa Inc.'s HTTPS-protected websites.

Cybergangs exploiting patched Microsoft Office vulnerability

A group of cybergangs is helping emphasize the importance of keeping a computer properly updated by using a patched vulnerability to attack systems that have not uploaded the fix.

Top Dem points finger across the aisle in cybersecurity debate

At a hearing, Rep. Elijah Cummings (D-Md.) advocated for a bill that would allocate $3.1 billion to create an Information Technology Modernization Fund.

US-CERT: Domain name collision bug could result in MitM attacks

The US-CERT issued an alert this week, warning of a "domain name collision" bug, causing certain DNS queries to be resolved on public instead of private or enterprise servers, exposing organizations to Man-in-the-Middle attacks.

'Celebgate' hacker pleads guilty to Hacking Apple and Gmail accounts

The "Celebgate" hacker pled guilty for a phishing scam that led him to hack into celebrity accounts to steal nude photos.

Anonymous group takes aim at Fla. Gov. Rick Scott

In a video on Facebook, a figure in a Guy Fawkes mask accused Florida Gov. Rick Scott of a "collusion of corruption" following the dumping of polluted water from Lake Okeechobee into the Atlantic Ocean.

Wekby hacker gang using DNS requests in new malware campaign

A long-time hacker group is using DNS requests as a command-and-control mechanism in a new series of malware attacks.

SWIFT exec unveils info sharing plan, calls Bangladesh 'a watershed event'

SWIFT CEO Gottfried Leibbrandt issued details of the messaging service company's information-sharing strategy.

Guccifer reportedly to plead guilty to certain charges; may aid ongoing federal probes

The infamous hacker Guccifer, who claims to have infiltrated Hillary Clinton's email servers while she was Secretary of State, will reportedly plead guilty today to at least one of the federal charges for which he was extradited to the U.S.

Rep. Speier to introduce revenge porn bill by the end of June

Rep. Jackie Speier (D-Calif.) is planning to introduce a federal revenge porn bill in late June that would outlaw non-consensual pornography on a national level, a source told SCMagazine.com.

Malware detected on network of Swiss defense contractor

Researchers at Switzerland's CERT found malware on the network of defense contractor Ruag bearing similarities to malware used by Turla APT, a Russian cyberespionage group.

Hackers steal $2M in Bitcoin and other digital currency

Cyber criminals made off with the equivalent of $2 million in Bitcoin and Ethere from Gatecoin.

Adobe patches Connect untrusted search path vulnerability

A security update for Adobe Connect for Windows released Monday resolves an untrusted search path vulnerability in the add-in installer for Connect versions 9.5.2 and earlier.

Changing of the TidePool: Operation Ke3chang malware evolves as APT threat reappears

Operation Ke3chang, the APT that in 2013 was discovered targeting Europe-based Ministries of Foreign Affairs, not only apparently remains active but also seems to be leveraging a new family of malware called TidePool.

Microsoft to block 'terrorist content' on its services

Microsoft banned terrorist content from its services and said it would invest in public-private partnerships to help fight terrorism.

Google launches safe browsing API v4

Google released v4 of its safe browsing API, a tool for software developers that helps client applications check URLs against Google's list of suspected malicious pages.

Microsoft detects new lure within Word macro

Microsoft researchers recently detected a file containing a VBA project that scripts a malicious macro.

Petya and Mischa ransomware bundled in one malicious payload

Researchers spotted Petya and Mischa ransomware bundled together in a single malicious payload.

Lieu chastises GOP for rejecting 'backdoor' cyber NDAA amendment

Rep. Ted Lieu (D-Calif.) accused House leadership of putting politics ahead of security by refusing to bring a "backdoor" NDAA amendment to the floor for a vote.

Spoofing scam goes for the steal, scores Milwaukee Bucks' W-2 forms

Basketball fans have heard of the "Hack-a-Shaq" strategy. But yesterday, the NBA's Milwaukee Bucks franchise publicly acknowledged that the entire team was hacked — by a cybercriminal.

Anonymous stalls N.C. government sites to protest 'bathroom law'

Anonymous said it took down North Carolina state government sites in protest of "bathroom law."

Hacking Team hacker donates €10K in stolen Bitcoin to anti-ISIS group

The hacker behind the notorious breaches of Hacking Team embarked on a humanitarian project to assist a crowdfunding campaign supporting the Rojava region in northern Syria.

VMware patches vulnerabilities that enable malicious code execution, privilege escalation

VMware issued two product updates on Tuesday to patch and present workarounds for two vulnerabilities, one considered critical and the other important.

N.Y. bill would boost state IT department's cyberattack responsibility

The New York Office of Information Technology could gain additional responsibilities in the wake of a data breach if a bill now in the state senate is passed.

U.S. Cyber Command elevated to unified command unit, White House objects

Despite opposition from the White House, a bill cleared the House on Wednesday that establishes U.S. Cyber Command as a unified command unit.

NSA's GenCyber Camps to triple number of summer camps offered

The National Security Agency (NSA) announced plans for 2016 to triple the number of GenCyber Camps offered.

Flurish customer info compromised after release to third-party vendors

Flurish Inc. reported to the California Attorney General's office that the personal information for some of its customers had been compromised when it was made available to some of the company's third-party vendors.

Magento flaw allowed hackers to execute code using APIs

Magento released a patch for a critical vulnerability that allowed unauthenticated users to execute PHP code remotely on the server using APIs.

Senator Boxer prods DoJ to step up efforts to track sextortion crimes

U.S. Senator Barbara Boxer (D-Calif.) yesterday sent a letter to the Department of Justice, asking the agency to disclose its efforts to track and study sextortion cybercrimes.

Trojan in app on Google Play shuttered

A variant of the malware family Acecard was detected in the Google Play store by researchers at Lookout.

Hacker stands trial for DoS attack which cost British Airways 100K Euro

A 23-year-old British man appeared in a U.K. court to face charges for allegedly launching Denial of Service attacks against British Airways, two police websites and a game retailer.

Cisco patch blocks DoS vulnerability

Remote attackers have been shut out of the IPsec code of Cisco Adaptive Security Appliance (ASA) Software following Tuesday's patch.

House approves bill allowing DHS to work with universities on cybersecurity

U.S. House of Representatives approved legislation \to strengthen ties between universities and the Department of Homeland Security.

Gray hats hack Locky again, replaces payload with ransomware PSA

Another gray hat hacker has tampered with the distribution of Locky ransomware, replacing the payload with a public-service message to potential victims, warning them not to open strange files.

Updated banking malware turns entire ATM into a skimmer

Kaspersky Lab researchers discovered a new and improved version of the ATM malware dubbed "Skimmer" that turns ATMs into payment card skimmers.

UPDATED - Domo Arigato: White hat reports vulnerability on Mr. Robot website

The new promotional website for season two of the USA Network's computer hacking drama Mr. Robot required an emergency patch after a white-hat hacker discovered a cross-site scripting vulnerability, according to a Forbes.com report.

Symantec's anti-virus engine updated, flaw could cause Blue Screen of Death

Symantec released an update to its anti-virus engine (AVE) to repair a kernel-level flaw making the software susceptible to a memory access violation when parsing a specifically-crafted portable-executable (PE) header file.

Japanese teen's DoS attack takes out 444 school websites

A Japanese teenager was charged May 11 for allegedly launching a DoS attack which shut down 444 school websites.

Super-Bright LED Flashlight app sheds light on malvertisements

The Super-Bright LED Flashlight app, which has been downloaded millions of times, is by itself safe, but some of the ads served with the app deliver malvertising and scams, according to Trend Micro.

Phishing attack compromises City College of San Francisco student data

City College of San Francisco reported that student information was compromised when an employee responded to a phishing email.

Pornhub dismisses hacker's offer to sell access to servers as hoax

A hacker calling himself Revolver yesterday advertised on Twitter that he was selling access to Pornhub servers for $1,000 after discovering an exploit, but the pornography video sharing website is disputing the veracity of this hack.

Vietnamese bank thwarts hack made through SWIFT messaging system

Vietnam's Tien Phong Bank came forward claiming to be the second bank that was attacked with a fake message sent through The Society for Worldwide Interbank Financial Telecommunication (SWIFT) messaging system.

UnityPoint Health-Allen Hospital patient data compromised

UnityPoint Health-Allen Hospital is notifying patients that their personal information has been compromised over a period of seven years.

Sen. Rand Paul joins bipartisan opposition to Rule 41 amendments

Sen. Rand Paul (R-Ky.) plans to join bipartisan effort to introduce legislation to block proposed amendments to Rule 41.

South Korea blames northern neighbor for cyberattack on defense contractor

South Korea claimed North Korea was behind a cyberattack on a navy defense contractor.

Not OK, data on 70K OKCupid users exposed

A semi-private database consisting of the identities of 70K users of the dating website was published on the internet.

Yahoo-owned Tumblr announces email credential compromise

Tumblr announced Thursday that a third party accessed a set of Tumblr user email addresses with salted and hashed passwords.

Report: Apple quickens app approval, patch processes

In a move intended to patch software bugs quicker and satisfy its developer base, Apple has made a deliberate effort to reduce the time it takes to review submissions to its App Store, Bloomberg reported yesterday.

Bug Hunters claim $20K from Google

Google paid out $20,000 in bug bounty fees to four researchers credited with finding the five flaws, three of which were rated high, that the company patched earlier this week.

New PayPal phishing scam hooking victims

The research firm AppRiver is reporting a new PayPal phishing scam is making the rounds with this version using a phony security message to obtain personal identifiable information.

Flawed input validation vulnerabilities in 7-Zip result in round of patches

7-Zip, a popular open-source file archiving application used to compress and decompress files, has issued patches for input validation vulnerabilities that can lead to remote code execution.

Fearing ransomware, House bans Google-hosted apps, Yahoo Mail

Concern for hacking prompted the U.S. House of Representatives to block lawmakers from accessing software apps residing on a Google cloud service.

Adobe issues Flash Player update

Adobe followed its hefty Patch Tuesday release from earlier this week with an update for Flash Player.

Pornhub launches bug bounty program on HackerOne

Pornhub is offering white hats between $50 and $25,000 for reporting qualifying vulnerabilities.

300 Wendy's restaurants affected by POS malware attack earlier this year

An investigation into a point-of-sale malware attack discovered earlier this year found 300 of the chain's 5,500 locations were impacted.

Bahamian man accused of hacking celebrity emails pleaded guilty

The man who hacked into celebrity emails to steal personal information pleaded guilty in a federal court Monday.

Florida security expert demoing flaw charged for unauthorized access

A Florida man who logged into a computer system with appropriated credentials now faces felony charges.

Tax payer info exposed in five breaches, FDIC

Five major breaches have put at risk taxpayers' PII, the FDIC told Congress on Monday.

Air Force Reserve cyber training taxed

The Air Force Reserve is scrambling to hustle reservists through cyber training, but doesn't currently have the capacity to meet current demand.

FCC, FTC order mobile phone vendors and carriers to reveal security update procedures

The FCC and FTC have ordered the major mobile phone vendors and carriers to divulge the processes behind how each develops and deploys security updates.

Locky ransomware bolsters encryption of communications with C&C servers

In a move to obfuscate network traffic more effectively, Locky ransomware developers recently upgraded the malware to communicate with its command and control server via both symmetric and asymmetric encryption.

Alleged Syrian Electronic Army hacker extradited to U.S. to face charges

An alleged hacker for the Syrian Electronic Army (SEA has been extradited to the United States from Germany.

Cybercriminals have offshore accounts, too

Trend Micro found evidence that cybercriminals open offshore accounts.

Yontoo adware shifts focus to Chrome browser

A potentially unwanted program called Yontoo has shifted its focus from Firefox and is seeking to infect Chrome users.

Malware popups delivered with Pirate Bay downloads, report

Torrent site's users received malware warnings.

Bangladeshi banking officials blame $81M bank heist on incorrectly-installed software

Bangladesh Central Bank officials are pinning the blame for an cyberattack that netted $81 million from the financial institution on SWIFT's for incorrectly installing new software.

Liberty Reserve founder sentenced to 20 years

Arthur Budovsky, operator of an online payment processor popular with cybercriminals, was sentenced to 20 years in prison for money laundering.

Tech advocates lobby to oppose re-election of Senate intel chief

A lobbying effort is underway to block the re-election of Sen. Richard Burr for internet policies that at least one digital rights activists has called "idiotic."

Study: 17 percent of IT pros confident they can defeat cyberattacks

A recent study found that only 17 percent of IT professionals were confident in their ability to defeat cyberattacks.

Insider likely culprit in breach at CDOT

An unidentified former employee of the Colorado Department of Transportation (CDOT) is the likely perp behind a breach that could lead to a "risk of identity theft."

Attackers inject code into WordPress header file to redirect random users

Researchers are warning WordPress website administrators of a malware attack, whereby adversaries inject code into the header.php file of a site's current WordPress theme, in order to redirect visitors to malicious domains.

Lingering Android flaw exposes SMS

Android devices are vulnerable to attack owing to a newly discovered bug.

Tribune Media's ProSportsDaily Forum site breached

Tribune Media's ProSportsDaily notified the California Attorney General's Office Wednesday of a data breach that compromised login credentials and likely other user information.

Wyden plans bill opposing law enforcement hacking expansion

Sen. Ron Wyden is planning to introduce legislation to reverse proposed amendments to Rule 41 within days, an aide to Sen. Wyden told SCMagazine.com.

Charles Schwab data breach exposed client investment data

Charles Schwab informed some of its customers on May 4 that their accounts were likely accessed by an unauthorized person possibly exposing their names, account information and other financial data.

Microsoft will cease support for TLS certs signed by SHA1

Microsoft announced it will soon cease support for TLS certificates signed by the SHA1 hashing algorithm.

Californian accounting breached tax and PII info exposed

A California accounting firm reported its computer system had been compromised for more than two months resulting in a wide range of tax and financial data being compromised.

Anonymous 'Operation Icarus' launches DDoS attack against Bank of Greece

Anonymous launched an attack against the Bank of Greece as part of a 30-day campaign targeting central banks across the world.

Apple issues Xcode security update

A security update was issued on Tuesday by Apple to address two vulnerabilities in Xcode.

Google moves Blogger pages to HTTPS versions

In a move to strengthen the security of its Blogger platform, Google launched HTTPS versions of all blogs hosted on the company's blogspot.com domain.

OpenSSL patches memory corruption and unauthorized decryption vulnerabilities

OpenSSL has issued as a series of patches in conjunction with the disclosure yesterday of six vulnerabilities, including two of high severity.

Swiss defense department was victim of cyber attack

The Swiss defense department was hit with a cyber attack.

Tampa airport to conduct major IT security audit following apparent breach

Tampa International Airport has expedited and expanded an audit of its network security, following the resignation of an IT consultant who was allegedly found to have shared system passwords with unauthorized parties.

Appeals court reinstates lawsuit against Gannett for sharing mobile app user data

The U.S. First Circuit Court of Appeals has overturned a district court's dismissal of a class-action lawsuit accusing publishing company Gannett of violating the Video Privacy Protection Act (VPPA) by sharing mobile app data with a third-party firm.

Schumer calls the FTC to investigate spying billboards

Citing privacy issues Sen. Charles Schumer (D-N.Y.) has asked the Federal Trade Commission to investigate companies installing that can track individuals as they pass by the outdoor advertisements.

WhatsApp shut down in Brazil affecting 100M

A judge in Brazil ordered mobile phone operators to shutter the WhatsApp chat service for three days.

10-year-old Finn nabs $10K Facebook bug bounty for Instagram flaw

A 10-year-old Finn was awarded $10,000 by Facebook's bug bounty program after discovering a vulnerability in the Instagram app.

Three-peat for UCF in college cyber challenge

For the third year in a row, The University of Central Florida has come out on top in the National Collegiate Cyber Defense Competition.

Chaffetz, Cummings ask SSA for complete OIG report, pen test results

House Oversight Committee asked SSA Acting Commissioner Carolyn Colvin to hand over the unredacted version of a penetration testing recently done at the agency.

Researcher weighs in with heavy-duty IoT vulnerability in Fitbit scales

Fitbit has acknowledged on its website that an April 2016 update to its Aria Wi-Fi Smart Scale, an Internet-connected bathroom scale, patched a critical security vulnerability that was discovered through Google's Project Zero initiative.

NHS sharing unfiltered medical data on 1.6M patients with Google AI company

As part of a joint venture to develop groundbreaking healthcare apps, the UK's National Health Service (NHS) has agreed to share new and historical healthcare data on 1.6 million patients with Google's AI company DeepMind.


Sign up to our newsletters