EPIC: driver data shared via V2V technology needs protection

The groups shared comments on V2V communications with the National Highway Traffic Safety Administration.

Researchers observe recently patched Adobe bug added to exploit kits

Researchers have indicated that a recently patched integer overflow in Adobe Flash Player has been added to exploit kits.

Federal Trade Commission appoints new chief technologist

The government agency has announced Ashkan Soltani as its new chief technologist, according to a release.

Cybercriminals continue to piggyback on Ebola news

Email samples discovered by researchers at Trustwave reveal how attackers are infecting users with the DarkComet Remote Access Trojan.

ISA president urges state AGs to expand understanding of cybercrime

Speaking at a National Association of State Attorneys General conference, ISA's Larry Clinton asked the AGs to step up efforts to get more resources.

Woman charged with using spyware on former cop

Kristin Nyunt of Monterey, Calif., is charged with two counts of illegal wiretapping and possession of illegal interception devices and faces a sentence of up to five years in prison.

Google implements Security Key two-factor authentication

Security Key plugs into a user's USB port and can now be used as a primary method for account login verification.

Cisco supply chain CSO talks cradle to grave security

Edna Conway, Cisco's global supply chain CSO, spoke at SC Congress NY with a panel of experts.

Apple Pay and wearable technology could pose next threats, experts say

Experts at SC Congress New York discussed the future of threats during the "Tomorrow's Threats" panel.

Study: Canada C-Suite execs say companies prepared for threats

A survey of Canadian business execs found that just over a quarter had experienced a cyber attack.

PHP vulnerabilities patched

Developers patched multiple vulnerabilities in PHP that would have allowed remote code execution.

Cisco announces winners of Security Grand Challenge

Cisco unveiled the winners of three Security Grand Challenges and announced a fourth challenge, aimed at women.

Vulnerabilities addressed in Apple TV 7.0.1, iOS 8.1 updates

The iOS 8.1 update comes with a fix to a vulnerability known as POODLE, which can enable an attacker to decrypt data protected by SSL.

Progress on national breach notification law may stall

A bill, which would require a national reporting standard, has failed to make it before the Senate or House this year.

Apple OS X Yosemite contains bug fixes, Security Update also released

Apple OS X Yosemite includes fixes for more than 40 vulnerabilities, including POODLE and Shellshock.

JPMorgan Chase hackers missed fed gov't employee accounts

Information on half a million federal workers in the government's SmartBuy program went undetected by Chase hackers.

Google updates piracy-fighting report

The search engine company updates it piracy report to let users know how its adjusting search results to stop illegal piracy efforts.

Former RSA CISO named president and COO of White Ops

Eddie Schwartz has been appointed the new president of the New York City-based online fraud company.

TheSnappening.org owner targeted in site hack

Mudit Grover's personal information was published online after a hacker, Team Danny, took control of the site.

FBI director warns of Apple and Google device encryption implications

After both companies said their new operating systems would come equipped with default encryption, FBI director James B. Coney used a speech to warn attendees of the repercussions those decisions could have.

FireEye pegs top Java exploits and EKs using them

A report details the three most commonly exploited Java bugs affecting users.

Two Detroit men arrested may be linked to Home Depot breach

A routine traffic stop in Texas resulted in two men being arrested for possession of criminal devices.

TD Bank reaches $850K breach settlement with states

The settlement brings some resolve to the 2012 breach, where the bank lost unencrypted backup tapes.

N.M. man, who intercepted governor's emails, sentenced to nine months

Jaime Estrada was sentenced to nine months in prison and was ordered to pay a $10,000 fine.

Hackers targeted Chase Corporate Challenge site to find infiltration route

The Corporate Challenge site was one of many avenues tested by persistent attackers, reports reveal.

South Korea mulls replacing nat'l ID cards after breach

Replacing the card would likely cost the South Korean government about $650 million and businesses would pay out billions to upgrade systems.

Google ordered to remove Japanese search results on man

A man claims his privacy was violated and that his life was threatened after search results indicated he might have been involved in a past crime.

Drupal core contains 'highly critical' SQL injection vulnerability

Upgrading to Drupal core 7.32 will address the vulnerability, which could lead to privilege escalation and arbitrary PHP execution if exploited.

Shellshock used to amass botnet and execute phishing campaign

Researchers found that the botnet contained 360 bots and was used to target Spanish-speaking Citibank customers.

ABA wants to automatically call and text mobiles regarding breach and fraud alerts

With data breach and fraud alerts in mind, the ABA filed a petition on Tuesday asking the FCC to remove "outdated regulatory restrictions" that prevent sending automated calls and texts to mobile devices.

Malicious ads on YouTube direct users to Sweet Orange exploit kit

The campaign targeted users running vulnerable versions of Internet Explorer.

Dropbox denies stolen credentials claim

The file hosting company refuted the recent news that more than seven million user login credentials were stolen and posted online.

Second class action suit filed against CHS

A class action suit filed in a New Mexico court accused the health system of failing to follow appropriate security measures.

Adobe fixes Flash Player, ColdFusion flaws

Adobe addressed nine Flash Player flaws in three CVEs, giving four bugs the company's highest priority rating.

Snapsaved.com breach prompts Snapchat warning

After Snapsaved.com was breached, Snapchat warned users that third party applications could expose their data.

HP to remove digital signature that code-signed malware

Journalist Brian Krebs said the company is sending out advisories to clients saying it would remove the certificate after a 2010 security incident.

Suspected POS hacker Seleznev faces slew of new charges

Roman Seleznev is now charged in a 40-count indictment brought by a federal grand jury in Seattle.

JPMorgan hackers targeted 13 firms, including Fidelity, report reveals

Fidelity claims, however, that no customer data appears to have been stolen.

Symantec splits into two companies

As rumors swirled, Symantec announced that it would become two companies, one focused on security and the other on information management.

White House head of cybersecurity suggests selfies as password alternative

Rather than staying true to the password as the primary security method, Michael Daniel, White House cybersecurity coordinator, suggested biometrics or even selfies as an alternative.

Emma Watson Facebook scam infects users with malware

A new Facebook scam leverages the popularity of the British actress to infect users with a trojan that steals data and signs up victims to a premium SMS scam.

Google shells out $75K in bug bounties for Chrome 38 release

Google has paid more than $75,000 in bug bounties to security researchers who helped discover flaws patched in its recent release of Chrome 38.

Study finds reflection-based DDoS attacks still popular amongst attackers

The use of distributed denial-of-service (DDoS) reflection-based attacks continues to be on the rise, according to one recent study.

Bond insurer MBIA investigates potential breach of client data

MBIA says clients of its subsidiary, Cutwater Asset Management, were impacted.

Australian Broadcasting Company taken off air by ransomware attack

The company said it fell victim to a phishing email campaign that spread ransomware.

Apple iOS 8 bug reportedly deleting iWork docs

MacRumors forum users are reporting that the bug is deleting their iCloud documents, and in some cases, the docs could be permanently lost.

New system aims to automate threat intelligence in health care industry

A new system aimed at not only promoting threat intelligence in the health care industry, but automating it, was announced Wednesday.

New York City scraps transmitter beacons in Titan phone kiosks

Fearing they could be used to track phone users, New York officials told Titan to remove transmitter beacons from 500 phone kiosks.

Facebook fights back against spammers

The social media company in a blog post detailed its efforts to stop spammers and 'fake likes' businesses.

ISACA announces entry-level cybersecurity certificate

A new cybersecurity certificate has been launched by global IT association ISACA that's intended for those looking to break into the field.

Mozilla patches Bugzilla bug that revealed details on flaws

Mozilla has updated its Bugzilla tracking program to patch security holes, including a flaw that exposed bugs that security researchers are patching.

Marriott to pay $600K fine for blocking guests' Wi-Fi networks

The FCC launched an investigation last year after a consumer complained of the practice.

Unauthorized employee may have accessed AT&T customer info

The company informed victims in a letter that the employee no longer works there, and complementary credit monitoring services are being offered.

Apple updates XProtect, blacklists iWorm variants

After more than 18,000 Macs were infected with iWorm malware, Apple has updated its XProtect system to identify and block certain variants.

Google updates SafeSearch, adds HTTPs support

Google has updated SafeSearch to support HTTPs and will remove the older iteration in early December.

iCloud hacker releases new series of celebrity nude images

Another wave of celebrity nude images hit the internet on Sunday just days after Google took action to remove some of the previously leaked photos.

Google deletes hacked images of nude celebs

After being threatened with legal action by the victims of the headline-grabbing nude celebrity photo hacks, Google has made a move to delete them.

Phishing scam goes after AOL account credentials

The phishing email tells recipients that their mailbox has exceeded the storage limit and that they must click a link and enter their credentials to "re-validate" it.

Researchers discover Mac botnet

Doctor Web researchers have discovered a new malware that is being used to amass Macs into a giant botnet.

JPMorgan Chase security issues ongoing

The bank may have joined the ranks of companies that have been hit by two data breaches, or more, in fairly short order, according to a recent report.

Researchers release BadUSB code at Derbycon

Two months after SR Labs demonstrated that flaws allow malware to infect USB devices, two researchers have taken the code public.

Chinese iOS trojan targets jailbroken devices

The trojan is known as Xsser mRAT is targeting protesters in China, but devices have to be jailbroken in order to be infected.

Google threatened with $100M lawsuit over hacked celeb images

A lawyer representing more than a dozen of the women affected by the recent iCloud celebrity hacking scandal has threatened Google with a $100,000,000 lawsuit.

Malvertising still plaguing The Pirate Bay

The popular torrent site is still serving up malicious ads, two years after initial reports.

Pakistani man indicted over spyware app creation

Hammad Akbar created StealthGenie, which allowed the purchaser to secretly monitor a cell phone's communications.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.

Google bumps maximum Chrome bug bounty reward to $15K

A high-quality report with a functional exploit for a sandbox escape will earn a bug hunter $15,000, according to the new reward amounts.

Malware in Mexico, Ukraine ATM attacks may be culprit in Malaysia

Police are not naming the malware used, but speculation casts an eye on Backdoor.Ploutus or Backdor.PadPin.

FBI to open Malware Investigator portal to security researchers

The portal is a virus analysis tool that examines suspicious files and shares information about them.

Android bug allowing SOP bypass farther reaching than initially thought

Researchers found that 42 out of the top 100 apps in the Google Play store with 'browser' in their names were vulnerable.

Apple addresses Bash bug with new update

The tech company issued an update for OS X Mavericks, Mountain Lion and Lion earlier this week.

EPIC files complaint with FTC against Maricopa

The nonprofit organization alleges that the Maricopa County Community College District violated the FTC's "Safeguards Rule."

RSA fraud report examines August phishing trends

Phishing is down 22 percent from July to August, but U.S. banks experienced an increase in phishing volume.

Kevin Mitnick to sell zero-day exploits

Kevin Mitnick's new venture will develop and procure zero-day exploits, then sell them for $100,000 or more.

FBI warns of potential cyber attacks launched by ISIS hacktivists

Following U.S. military airstrikes in the Middle East, the FBI has issued a warning regarding possible cyber threats aimed at U.S. networks and critical infrastructure by hacktivists in support of ISIS.

Jimmy Johns' POS vendor confirms breaches at other restaurants

Signature Systems, Inc. confirmed that 108 other businesses were impacted by the malware installed on its systems.

Top websites deliver CryptoWall ransomware via malvertising

The CryptoWall ransomware being delivered comes with a valid digital signature and initial VirusTotal results showed zero detections.

Facebook privacy lawsuit moves forward

The social media company is arguing that it should be able to opt out of searching users' accounts when it feels it is being done illegally.

iThemes users asked to change passwords following attack

User passwords were being stored in cleartext, and are among the data that may have been compromised in the attack.

U.S. Bank ordered to refund $48M to customers

A Consumer Financial Protection Bureau campaign to curb deceptive banking activities has resulted in U.S. Bank being ordered to refund $48 million.

FBI director criticizes Apple, Google encryption moves

James Comey reportedly said the developments could put consumers "beyond the law."

NIST taps MITRE to support National Cybersecurity Center of Excellence

The contract includes initial tasks totaling $29 million, the U.S. Commerce Department's NIST said.

Mozilla addresses bug allowing signature forgery in NSS

On Wednesday, Mozilla patched the bug which could allow an attacker to forge RSA certificates.

Cyber attack on Japan Airlines impacts up to 750,000

A phishing attack may have resulted in the theft of personal information belonging to customers of Japan Airlines's frequent flier club.

Jimmy Johns confirms breach; 216 stores impacted

The sandwich store chain confirmed that customer card information was compromised at more than 200 of its stores.

Microsoft launches new bug bounty program

The new program will start with a focus on Office 365 with rewards starting at $500.

Fed court shutters Butterfly Labs at FTC's request

The Federal Trade Commission had asked a federal court to shut down the company, which marketed specialized computers to mine bitcoins.

Apple pulls iOS 8.0.1 after TouchID, cell service complaints

The update was issued only a week ago, and has now been yanked by the tech giant.

IT manager pleads guilty in Liberty Reserve case

Maxim Chukharev pleaded guilty in federal court to charges stemming from his role in Liberty Reserve's ascent to bank of choice for underworld criminals.

Insider threat cases on the rise, IC3 warns

Disgruntled and former employees have been increasingly engaging in computer network exploitation and disruption.

LogMeIn notifies users of fake emails claiming to be security update

Fake emails that appear to come from an authentic LogMeIn address state that the company has released a new security certificate.

Policy violation letters trick SMB workers into downloading malware

Bitdefender researchers detected an uptick in computers infected by Zbot via dozens of ARJ-compressed files.

Researcher hacks iPhone 6 Touch ID sensor

Little progress was made security wise, between the iPhone 5S and iPhone 6 sensor, a researcher found.

Blackphone and Silent Circle announce bug bounty programs

Both programs offer a standard reward of $128 per qualifying vulnerability, although it could change depending on the severity of the bug.

Dragonfly malware was designed to target pharmaceutical companies

Although initial reports said Dragonfly was targeting industrial control systems, a new white paper indicates that this might not be the case.

Texas man ordered to pay $40.4M for Bitcoin Ponzi scheme

Trendon T. Shavers pocketed more than $101 million after convincing Bitcoin owners to invest in his phony firm.

IBM opens cloud resiliency center in N.C.

The center will help enterprises avoid costly disruptions caused by cyber incidents and natural disaster.

Google to encrypt data by default on Android L devices

The mobile operating system, Android L, is expected to be released later this year.

EFF Tor Challenge yields more than 1600 relays

The privacy group said the response to the Challenge exceeded its projections threefold.

Home Depot ignored security employees' vulnerability warnings

The New York Times reported that the retailer's security team warned of possible system vulnerabilities but managers never followed through.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US