Chrome 41 update includes 51 security fixes

Chrome 41 was promoted to the stable channel for Windows, Mac and Linux on Tuesday.

Experts find flaws in Mobile World Congress official app

The official Android app of the event contains some flaws that could allow spammers to easily scrape data belonging to conference attendees.

Online Trust Alliance pens letter to Congress over federal data breach notification law

The Online Trust Alliance (OTA) wrote a letter to Congress earlier this week in response to the recently proposed Personal Data Notification & Protection Act.

D-Link issues firmware updates to address router vulnerabilities

A researcher notified D-Link of vulnerabilities in one router, and D-Link then expanded the investigation to a number of other devices.

ACLU and EFF, among others, voice dissatisfaction with CISA bill

Various civil society organizations and security experts penned a letter to the Senate Select Committee on Intelligence over their dissatisfaction with the recently drafted Cybersecurity Information Sharing Act of 2015 (CISA).

Connecticut AG asks Lenovo for details on Superfish incident

Attorney General George Jepsen sent a letter to Lenovo's EVP on Friday.

Snowden considering return to U.S. for trial, lawyer says

Edward Snowden's Russian lawyer claimed to be working with U.S. and German lawyers to negotiate the return of the fugitive whistleblower.

Alleged Anonymous hacker deported back to the U.S.

Alleged Anonymous member Matt DeHart was deported back to the U.S. and now faces child pornography charges.

Hillary Clinton used personal email for State business

Former Secretary of State Hillary Clinton is catching flak for exclusively using her personal email account to do business for the four years she was at the State Department.

NEWS ALERT: New SSL/TLS vulnerability identified, dubbed 'FREAK'

Researchers announced FREAK, a vulnerability that they say enables attackers to intercept HTTPS connections between vulnerable clients and servers.

Obama criticizes Chinese cybersecurity regs

President Obama told Reuters that cybersecurity requirements proposed by China need to change if the country wants to do business with the U.S.

Google pulls default encryption from Android partner phones

Although Google said its Android Lollipop devices would have encryption enabled by default, some devices have shown up on the market without encryption.

Revenge porn site operators ordered to pay plaintiff $900,000

Last year, the operators of ugotposted[.]com were ordered to pay $385,000 in a default judgment.

Attempts made to access Toys"R"Us reward program profiles

Unnamed attackers attempted to gain access to some Toys"R"Us reward program profile in January, prompting the company to send email notifications and request users change their passwords.

Silent Circle to buy out Geeksphone, fully own Blackphone

On the heels of naming a new president and CEO, Silent Circle now assumes 100 percent ownership of Blackphone.

IE exploit added to Angler EK, beats MemProtect mitigation

Last year, Microsoft introduced MemoryProtection (MemProtect), which helps deflect attacks leveraging use-after-free vulnerabilities.

NEWS ALERT: Uber says info on 50K drivers exposed, files suit

The car service says a database was breached in May 2014 by an unauthorized third party.

NEWS ALERT: Hacktivists claim to have accessed files from private U.S.-based defense group

A group identifying itself as CyberBerkut claimed, in an email to SC Magazine, to have gained access to files on the mobile device of a Green Group official.

Madonna hacker indicted in Israeli court

An Israeli man was charged on four counts in a magistrate's court for hacking Madonna, stealing her unreleased music and selling it.

Reddit to donate money to EFF and Tor Project, among others

Reddit will donate 10 percent of its 2014 gross ad revenue to 10 charities chosen by Reddit users.

PlugX APT group uses backdoor in India campaign

A five-month-long campaign against organizations in India shows the group is active and evolving, SophosLab reports.

In historic vote, FCC approves strong net neutrality rules

The rules, approved Thursday, ban ISPs from charging for internet "fast lanes," or blocking legal internet services.

Facebook paid $1.3 million in 2014 for bug bounty submissions

Bug bounty hunters reported 17,011 vulnerabilities to Facebook in 2014, marking a 16 percent increase in submissions.

Fears of cybersecurity attacks increase among U.S. workers, survey finds

In a poll that surveyed 1,008 U.S. adults, GFI found that the fear of a cybersecurity attack has increased significantly over the past year.

Firm finds 'high risk' bugs in SAP BusinessObjects software

The enterprise software flaws could allow attackers to access customer data, financial info and other critical data at companies.

Target breach costs company $191M, financials show

The retailer's Q4 and whole year earnings reports show that insurance picked up the tab for $46 million of the $191 million in expenditures.

Google cancels annual Pwnium competition to accept year-round bug discoveries

Pwnium, an annual Google bug bounty event, is being canceled and replaced by rewards given out throughout the year.

Reddit shifts stance, updates privacy policy

The link-sharing and discussion website's new privacy policy bans revenge porn in addition to any explicit content posted without the subject's consent.

Intel Security president named ForeScout CEO

Michael DeCesare has left Intel Security to take the helm at ForeScout.

Gemalto says past intrusions could be related to NSA, GCHQ op

Intrusions detected in 2010 and 2011 may be related to surveillance efforts revealed in Snowden leaks, the company said.

Up to 18.8 million non-Anthem members possibly affected in breach

Of the approximate 78.8 million people whose information was accessed by hackers earlier this month, anywhere from 8.8 to 18.8 million of those affected include non-members.

Several vulnerabilities, some critical, addressed in Firefox 36

Firefox 36 was released on Tuesday and a number of vulnerabilities have been addressed, including a few that are deemed critical.

U.S. offers its largest bounty for Zeus hacker Borgachev

The State Department's Transnational Organized Crime Rewards Program has ponied up $3 million for information leading to the arrest or conviction of Evgeniy Mikhailovich Bogachev.

Calif. woman sues Lenovo and Superfish

Jessica Bennett of San Diego filed the lawsuit last week.

Lizard Squad targets Google Vietnam homepage; redirects users

The hacker collective and distributed denial-of-service (DDoS) provider disrupted service on Google's Vietnamese homepage through a DNS poisoning attack.

Chrome users better protected against sites containing 'unwanted software'

Users will now be met with a warning when navigating to a website that "encourages downloads of unwanted software."

LinkedIn settles in class-action suit related to 2012 breach

The business-oriented social network has agreed to compensate paid users of its service impacted by its previous data breach.

Breach affects 10K motorists in U.K.

A backdoor has allowed the public to access information on parking tickets, penalties and driver information.

Fraudster mistakenly spreads Ramnit via Zeus toolkit

Initially, RSA thought the incident was a case of fraudsters sabotaging one another.

Faulty Norton security update leads to Internet Explorer crash

Users of a number of Norton and Symantec security products were unable to access Internet Explorer this weekend following a bug-riddled update.

Illinois police department pays ransom after Cryptoware infection

The Midlothian Police Department coughed up $500 ransom to an unknown hacker after one of its computers became infected by the ransomware.

Hackers still meddling in State Dept. network, three months in

The State Department continues to find signs that hackers are in its network after a breach that may have involved the Russian government.

FireEye shares details on 'Masque Attack II' affecting iOS devices

Masque Attack II entails bypassing an iOS prompt for trust and app URL scheme hijacking, FireEye said.

White House names first U.S. Chief Data Scientist

Dr. DJ Patil has been named the first Deputy Chief Technology Officer for Data Policy and Chief Data Scientist at the Office of Science and Technology.

Possible database compromise prompts Canadian Bitcoin exchange to shut down

CAVIRTEX said it has reason to believe that an older version of a database was compromised.

Report: mRATs continue to threaten Android, iOS devices

A study by Lacoon and Check Point found 18 different variants of mRATs with Androids more likely to be infected.

Netgear router issues could allow auth bypass, info disclosure

A researcher disclosed details on the vulnerability, which affects several Netgear router models.

Revenge porn site operator, Hunter Moore, pleads guilty

The owner and operator of IsAnyoneUp[dot]com plead guilty on Wednesday to charges that include identity theft and unauthorized access of a computer.

Chesapeake suit claims former CEO stole trade secrets

Chesapeake Energy has filed suit against former CEO Aubrey McClendon's new venture, claiming the executive stole data, including trade secrets, to lure investors.

Alleged Russian hacker Drinkman charged in U.S. court, pleads not guilty

Following his extradition to the U.S., Vladimir Drinkman has plead not guilty to all 11 counts charged in his indictment.

Superseding indictment charges 18 in fraudulent tax return scheme

The 18 individuals allegedly stole identities, submitted fraudulent federal tax returns, and stored the refunds in bank accounts that were opened using stolen identities.

Check Point acquires Israeli security startup, Hyperwise

The terms of the deal have not been disclosed, but Check Point has reportedly said it is worth "tens of millions of dollars."

RBS, NatWest to leverage iPhone Touch ID scanner for mobile app

Nearly a million RBS and NatWest customers who use the banks' mobile apps will now be able to log in using their fingerprints, a first for British banks.

Microsoft replaces buggy PowerPoint 2013 update

The tech giant yanked an earlier patch after users said they had issues opening PowerPoint.

Lizard Squad reportedly strikes again in DDoS attack on Xbox Live

The hacker collective has claimed that it launched a new series of attacks against the gaming network it previously targeted over the holidays.

Microsoft announces Windows 10 will feature biometric security

Considered "one of the most important priorities" in the upcoming release of the operating system, Microsoft is looking to transition away from the password.

Analysts find link between POS malware and Carbanak gang

Trend Micro says attacks, where signed POS malware was used, are tied to the APT group Carbanak.

Former Megaupload employee pleads guilty to copyright infringement

Andrus Nomm, 36, of Estonia, plead guilty in a U.S. court to his involvement with Megaupload.com and other piracy websites.

Researchers observe spike in tax return phishing schemes

Spoofed emails claiming to be from the IRS and TurboTax are on the rise with attackers aiming to swipe personal information to ultimately steal tax refunds.

U.K. to make 'revenge porn' a crime

Queen Elizabeth II approved the bill on Thursday.

Threat intelligence firm One World Labs appoints new CEO

Mark Turnage has been appointed CEO of the Denver-based security firm.

Alleged BlackShades creator backs out of plea deal

In letter filed on Feb. 6 by Alex Yucel's lawyer asks for a new trial day in May or June but did not mention the previously agreed upon plea deal.

Smartphone thefts decline following introduction of "kill switch"

Between January 2013 and December 2014, cell phone robberies dropped 16 percent in New York and 27 percent in San Francisco.

Seventy percent of malicious files go undetected by antivirus products

Four of the most common antivirus (AV) products were unable to recognize 70 percent of malicious files, according to a new report from Damballa.

OpenDNS tracks PayPal spoofs built off Wix.com

Multiple new phishing campaigns are leveraging Wix.com's website creation services to spoof PayPal's legitimate site design and compromise victims' credentials.

Attack spike against Utah gov't computers may be work of hacktivists

An NSA data center in Salt Lake City may have drawn the ire of hackers, an AP report suggests.

Facebook to intro ThreatExchange platform

The API-based platform will give companies flexibility in sharing threat information.

States complain about timing of Anthem's breach notification

A letter written by Connecticut Attorney General George Jepsen, on behalf of his state and nine others, indicates that the health care company lagged in informing its customers of the breach.

EFF throws support behind Calif. electronic privacy law

The Electronic Frontier Foundation has come out in support of an email privacy act that would overhaul California law.

Sophos announces appointment of new CTO

Sophos announced on Tuesday the appointment of Joe Levy as chief technical officer.

White House to hold cybersecurity summit, Apple's Cook to speak

The White House will hold a cybersecurity summit on Friday at Stanford University and the Apple CEO will be one of the speakers.

Report: Anthem may have up to $200M in cyber insurance

A unit of AIG Inc. is the primary cyber insurer for Anthem, according to a recent report in Business Insurance.

White House to create new cyber agency

A new agency will be dedicated to fighting cyber attacks by gathering intelligence from numerous sources during a crisis.

NM lawmaker resurrects data breach bill

New Mexico is one of three states without a data breach notification law but that might change if a bill from state Rep. Bill Rehm passes.

Pro-ISIS group compromises Newsweek Twitter account

The CyberCaliphate has claimed responsibility over the attack, in which they posted threatening messages aimed at President Obama's family.

HP bolsters encryption business with Voltage Security acquisition

HP is expected to integrate Voltage's technology into HP Atalla, the company's encryption business.

Bitglass joins Cloud Security Alliance

The cloud access security broker (CASB) is also sponsoring the upcoming CSA Summit 2015: Enterprise Cloud Adoption and Security Lessons Learned.

Journalists say gov't spying impact on work minimal, report finds

Of the 671 journalist respondents, a majority believe that data was collected on them, but only 14 percent indicated that it had an impact on their work.

Majority of broker-dealers report having experienced a cyber attack

The Office of Compliance Inspections and Examinations (OCIE) issued a study on broker-dealers and registered investment advisers' experiences with cybersecurity.

Researchers uncover new approach to Boleto fraud

RSA Cybercrime Research Lab have observed DNS poisoning attacks that let fraudsters penetrate the Brazilian payment system and capture card information.

Symantec to pay $17M in damages for patent violations

A federal jury in Delaware has found Symantec guilty of two counts of patent infringement and ordered the company to pony up $17 million in damages.

Chipotle Twitter account hacked, racist messages posted

During the short-lived hijack, the attackers were able to post the obscene messages and change the Mexican food chain's profile image and bio.

Tax fraud concerns prompts TurboTax developer to pause state e-filings

Intuit announced on Friday that it is working with state governments to address a growing tax fraud problem.

Adobe releases out-of-band update for Flash Player

Adobe issued an out-of-band update for its Flash Player for Windows, Macintosh, and Linux, on Thursday that addresses 18 vulnerabilities, including the company's most recent zero-day exploit.

Business groups lobby White House to help ease Chinese restrictions

A group of business lobbies led by the U.S. Chamber of Commerce has asked the U.S. government to intervene with Chinese officials.

Buyers seeking Anthem data on underground forums, marketplaces

IntelCrawler observed buyers taking to underground forums and marketplaces to request the data that was accessed in the attack on Anthem.

Google advisory committee releases 'Right to be Forgotten' report

Google's "Right to be Forgotten" advisory council issued its months-in-the-making report on Friday to clarify its thoughts on the ruling.

Researchers analyze Bedep malware linked to Flash Player attacks

In various campaigns, attackers have exploited Flash bugs to spread the malware, Trend Micro found.

Manhattan DA announces hundreds of charges against Apple gift card thieves

The defendants allegedly stole the personal information to apply for credit cards, which were then used to purchase Apple gift cards to buy products.

President Obama pushes for student data privacy legislation

The Student Data Privacy Act will soon be presented to the U.S. House of Representatives, looking to put a stop to current data collection practices online.

Anthem breach prompts White House adviser to nudge Congress

The Anthem breach is further proof that the U.S. needs a national data breach law, John Podesta, Counselor to President Obama, told reporters.

Silk Road operator Ross Ulbricht convicted on all charges

A New York jury found Ross Ulbricht guilty of all charges pertaining to his involvement and creation of the illicit Silk Road marketplace.

Judge grants 'preliminary' approval in LinkedIn class-action settlement

If the deal is finalized, the social media giant would have to pay a number of its premium memberships subscribers up to $50.

Email privacy bill gains more support in House

If passed, the new bill would require law enforcement officials to obtain a warrant to access emails and digital documents.

Adobe rolling out new Flash Player version, includes fix for latest zero-day bug

Adobe began rolling out Flash Player 16.0.0.305 on Wednesday for users who have auto-update enabled, and the update is expected to be made available for manual download on Thursday.

Spam campaign spreads Dyre trojan via fax messages

The ruse involves sending phony fax message links in spam messages to victims, which ultimately lead to downloading the malware which steals banking credentials.

Report: Banks, again, link credit card fraud to White Lodging hotels

A year ago, the hotel management firm confirmed a POS compromise affecting its properties.

RSA executive chairman announces plans to retire at end of February

RSA's Executive Chairman Art Coviello will retire because of unspecified health reasons on February 28.

Target names Tesco's McNamara as CIO

Mike McNamara will replace Bob DeRodes, who is retiring, as Target CIO.

EFF files brief regarding 'facial challenge' with U.S. Supreme Court

The Electronic Frontier Foundation filed a brief with the U.S. Supreme Court on Monday regarding a Los Angeles city ordinance that requires hotel owners to give guest registers to police, even without a warrant or other legal process.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US