Lieu asks FCC to expedite investigation of SS7 flaw after DCCC hack

Rep. Ted Lieu (D-Calif.) is calling on the Federal Communications Commission (FCC) to accelerate its investigation of the SS7 flaw.

Spyware that Vietnam Airlines posed as McAfee antivirus

A Malwarebytes analysis of the espionage toolkit that recently infected Vietnam Airlines revealed a modular variant of the Korplug remote access trojan (RAT) that in this case disguises itself as a McAfee antivirus program.

Cisco updates advisory: "We have started publishing fixes" for NSA-linked exploits

Cisco updated a security advisory for a remote code execution vulnerability affecting the SNMP application-layer protocol.

State wildlife agencies halt license sales after apparent vendor breach

The fish and wildlife agencies of Washington, Oregon and Idaho have temporarily suspended the sale of hunting and fishing licenses and tags after the vendor operating their online licensing system was apparently breached.

U.S. CIO promotes $3.1B government-wide IT update

U.S. CIO Troy Scott promoted a $3 billion proposal to modernize government technologywhile speaking at an annual summit.

Dropbox recommending some users update account credentials

Dropbox is recommending to some users update the log in credentials for their account because a group of member emails and passwords may have been compromised.

Advocacy groups urge FCC to address connected car technology threat

Several public interest groups reached out to the FCC calling for action concerning the implementation of DSRC technology.

Baltimore PD overstepping its bounds with aerial surveillance: ACLU

Baltimore police have been running an aerial surveillance program capable of tracking people and cars since early 2016, which is being paid for not by the city, but an unnamed private citizen and all of this has been done without public input.

VMware fixes flaws in Identity Manager, vRealize Automation

VMware released security updates this week to address a local privilege escalation vulnerability in its VMware Identity Manager and vRealize Automation software, as well as a remote code execution vulnerability in the latter product.

Hackers exploit vBulletin flaw to access 27M accounts on 11 websites

Attackers used a flaw in the internet forum software vBulletin to breach 11 websites, exposing personal information of 27 million accounts.

United Airlines' attempt at 2FA divides customers

Customers and researchers alike are chastising United Airlines' attempt at using two-factor authentication to secure its MileagePlus account holders.

'Ghostbusters' star Leslie Jones website hacked

The personal website of Saturday Night Live comedian and Ghostbusters star Leslie Jones was taken offline after hackers vandalized the site.

Three indicted in Switzerland for phishing scam

Three people have been charged in Switzerland for a global computer fraud scam.

Report: ATM hackers flee Thailand after stealing $350,000 from state-run bank

Five suspected cyberthieves have reportedly fled Thailand after allegedly stealing approximately $350,000 in cash from 21 malware-infected ATMs operated by the state-run Government Savings Bank (GSB).

NYU scientists develop tool to check for chip sabotage

NYU scientists designed a new form of application-specific integrated circuit (ASIC) designed to spot hidden vulnerabilities in microchips.

Ashley Madison taken to task over security issues in Aussie, Canadian report

A joint investigation by the Canadian and Australian governments looking at the hack of the adult dating site Ashley Madison found it lacked the safeguards needed to protect the personal information of its customers.

HHS' Office for Civil Rights instructs its investigators not to overlook smaller breaches

In a revision of its policies, the U.S. Department of Health and Human Services' Office for Civil Rights has instructed its regional offices to place more of an emphasis on investigating smaller health-care data breaches that affect fewer than 500 individuals.

GTAGaming breach compromised nearly 200K users

GTAGaming, a fan forum for the popular game "Grad Theft Auto," was hacked, compromising the data on nearly 200,000 users.

Olympic drug testing agency cyber attacks linked to DNC and DCCC hackers

Researchers believe Fancy Bear hacked the Olympic drug-testing agency in retaliation for WADA's recommendation to ban all Russian athletes from the Olympics.

FBI investigating possible Russian hack of NY Times

The FBI is investigating the possible hack by Russian intelligence agencies of the New York Times and other news organizations.

Coalition opposes effort to collect social media data of visa applicants

Privacy groups have opposed a proposal by DHS that would collect information about the social media presence and online activities of visa-waiver program visitors to the U.S.

GozNym malware is proficient in German, new malicious campaign proves

Thirteen German financial institutions and their subsidiaries have recently felt the wrath of GozNym as the downloader and banking malware hybrid intensifies its campaign against European banking customers.

City of Sarasota hit with ransomware

Although a ransomware attack hit the city of Sarasota, Fla. in February, owing to an ongoing criminal investigation, details of the attack are only now being revealed.

NIST RFI seeks to increase public-private cooperation

NIST issued a far-reaching request for information, seeking cybersecurity suggestions from the private sector on a range of topics.

2FA flaw in PayPal's login portal fixed

A two-factor authentication (2FA) vulnerability affecting PayPal's login portal process has been patched.

Aussie teen let off the hook after initiating multiple DDoS attacks

An Australian teen managed to avoid any jail time after pleading guilty to initiating distributed denial of service (DDoS) attacks against the nation's largest bank, his school and the Australian Cybercrime Online Reporting Network.

NSA helped Belgium during investigation, led to arrest of Paris attacker

Belgian security officials reportedly turned to the National Security Agency (NSA) during an investigation that led to an accused Paris terrorist.

Hackers for Harambe? Zoo official's twitter hacked for slain gorilla

In the name of a slain gorilla, hacktivists appear to have targeted the twitter account Cincinnati Zoo & Botanical Garden director Thane Maynard.

Cyber stalker arrested after doing too much to keep up with the Kardashians

A San Francisco Bay-area woman was arrested Thursday after doing a little too much to keep up with the Kardashians.

Twitter suspends 235,000 terrorist linked accounts in six months

The social media giant listed these stats in a Thursday statement detailing the firm's most recent efforts to combat terrorism on its platform.

SWIFT did not monitor weak security practices of its users - report

Former board members and senior employees at SWIFT, said the company did not monitor or make attempts to improve the poor security practices of its clients.

Suspect nabbed in London for breach at Sage

An employee of enterprise software firm Sage has been apprehended by police in London following a breach last week.

SMS scam targets friends and family of 'Sarah'

Malwarebytes researchers spotted a SMS scam in the UK targeting parents and adults who know someone by the name Sarah.

Checking it twice: Google developing whitelist/blacklist tool for Macs

For security-conscious Mac users, Christmas has come early this year, with reports of Google's Macintosh Operations Team developing a new whitelisting and blacklisting system for macOS.

NSA blames storm for website outage

The National Security Agency (NSA) blamed a partial shutdown of on a storm that hit its headquarters earlier this week.

Researchers spot Nemucod in Brazil spreading banking trojans

ESET researchers spotted the Nemucod downloader used to spread banking trojans and other malware operating in Brazil.

Researcher infects tech scammer with Locky for messing with his mother

A cyber vigilante took internet justice into his own hands when he infected the computer of an tech support scammer with Locky ransomware.

Chrome and Firefox address bar vulnerabilities allow spoofed URLs

A Pakistani security researcher discovered a vulnerability affecting Chrome and Firefox browsers configuration of URLs in address bars.

SQL Injection flaw found in Ninja Forms WordPress plugin

A dangerous SQL Injection vulnerability has been disclosed and patched that could affect the Ninja Forms plugin for WordPress, impacting the 600,000 sites using that website construction software.

Carnegie Mellon CERT warns of vulnerabilities in ReadyDesk help desk application

The CERT Division of Carnegie Mellon University's Software Engineering Institute has reported multiple vulnerabilities in web-based help desk application ReadyDesk, version 9.1 and possibly others.

Ford and Baidu invest $150 million in connected car tech

Ford Motor Company is teaming up with Baidu, to invest a combined total of $150 million into Velodyne's LiDAR technology for connected vehicles.

PilotFish source codes selling on dark web, report

In what is being flagged as a threat to the health care sector, the source code of all of PilotFish Technology's software has been posted to the dark web.

Blackberry patch fixes QuadRooter vulnerability

Blackberry is pushing out a patch today that will make users of its PRIV and DTEK50 smartphone safe from QuadRooter, a vulnerability potentially impacting the 900 million devices in use powered by a Qualcomm processor.

China launches first quantum satellite, aimed at creating "hack-proof" quantum communications

China launched an orbital carrier rocket early Tuesday morning carrying the 'Micius' satellite, believed to be the world's first quantum satellite.

Very perceptive: Talos researchers spot three vulnerabilities in Lexmark Perceptive Document Filters

Cisco's Talos division today publicly disclosed three new vulnerabilities in Lexmark's Perceptive Document Filters product that if exploited with specifically crafted code could result in remote code execution.

Google's Duo enters video calling market, offers end-to-end encryption

Google launched a video-calling app, Duo, to go up against Apple's FaceTime, Facebook's Messenger, Skype and other apps for video conversations.

Guccifer 2.0 publishes new DCCC docs about Florida districting plans

The persona known as Guccifer 2.0 published DCCC documents related to Florida primaries that provide detail into a re-districting effort that the hacker says shows congressional primaries are "becoming a farce."

Shakti info stealer designed for corporate espionage

Researchers spotted a new information stealing trojan, dubbed Shakti, that may be of Indian origin and is designed for corporate espionage.

London police turn to private law firms to tackle cybercrime

London police have kicked off a pilot program that has law enforcement hiring private law firms to challenge cybercriminals in civil rather than criminal court.

New Locky using WSF spotted in Brazilian underground

Trend Micro researchers spotted a new variant of Locky ransomware using Windows Scripting Files (WSF) as a downloader.

New Scylex financial crimeware strives to be the next Zeus

If Zeus was the king of banking trojans, then newcomer Scylex is looking to claim Zeus' old perch atop the Mt. Olympus of financial malware.

Cisco patches vulnerability in its IOS XR Software

Cisco has released an update to patch a vulnerability in its IOS XR Software for Cisco ASR 9001 Aggregation Services Routers that could lead to a denial of service condition.

Jury selection in Seattle for Russian hacker charged with credit card fraud

Roman Valerevich Seleznev, a Russian charged with hacking into servers and global carding forum sites resulting in $170 million in phony credit card purchases, will face a federal jury this week.

Samsung releases Galaxy S6 Edge update, includes patch for a critical security vulnerability

Samsung has not provided details of the critical vulnerability, which appears to be exclusive to the S6 edge, prompting speculation that the flaw may be related to the QuadRooter vulnerabilities.

Researcher spots 'Freebooting' vulnerability in Facebook tool

NETMYSOFT Chief Technical Officer Laxman Muthiyah spotted a vulnerability on Facebook's Rights Manager platform which allows Freebooting.

'Video jacking' attack allows attacker to see what you see

Aries Security researchers' "video-jacking" attack highlight yet another attack vector to consider when charging phone in unfamiliar locations.

Just keep swimming: Swimming Australia website rides out waves of DDoS traffic

Days after Australian gold medalist swimmer Mack Horton accused his Chinese rival Sun Yang of doping, the Swimming Australia website has been experiencing a large increase in traffic, seemingly due to a DDoS attack.

EPA IG won't release report on cybersecurity practices

The EPA has 30 systems that contain personally identifiable information (PII), according to the At a Glance summary of the inspector general's report.

Researcher spots a SSRF bug in vBulletin

A high-severity preauthorization SSRF vulnerability in vBulletin forum software allows an unauthenticated attacker to perform a port scan of internal services and execute arbitrary system commands.

McAfee Labs: Lavians Inc. repackaging utilities programs with browser hijacker

Software company Lavians Inc. is offering free utilities applications for download that actually contain the browser hijacker software, Intel's McAfee Labs warned in a blog post yesterday.

Code42 appoints Nic Scott to managing director for UK and Ireland

Nic Scott has been appointed to managing director for the UK and Ireland at Code42.

Apple blocks Pangu jailbreak bug with OS upgrade 9.3.4

Apple quietly issued "an important security" update on Thursday to its operating system pushing out iOS 9.3.4.

Volkswagen bug: 100M vehicles vulnerable to door unlocking hack

Nearly 100 million Volkswagen vehicles are affected by a vulnerability that would allow an attacker to remotely and discretely unlock a car without a key.

Email accounts of Hillary Clinton and 100+ Democratic officials hacked

As the FBI investigation into the hack of the Democratic National Committee broadens, it is being reported that the private email accounts of Hillary Clinton and more than 100 Democratic officials also have been breached.

Pokemon GO CEO linked to Google 'Wi-Spy' privacy scandal

Even after quelling the initial privacy issues that arose from the launch of Pokemon Go, Niantic Labs CEO John Hanke has a spotted history

White House finalizes Federal Source Code policy; will launch within 90 days

The White House on Monday unveiled its finalized Federal Source Code policy, designed to encourage federal agencies to share code with each other, as well as the open-source software development community.

Researcher accidentally sent solar development device, says he can shut down electricity generation facilities

Security researcher Fred Bret-Mounet found vulnerabilities affecting the management unit on his home's solar array, a device that monitors solar panels over the internet.

Report: Spyware used to dox Vietnam Airlines is lurking in other Vietnamese institutions

Spyware that was recently found to have infiltrated Vietnam Airlines has also embedded itself in the website operations of various Vietnamese institutions, warned cybersecurity firm Bkav, the Vietnam News Agency reported.

Four Australian banks seek Apple tech for mobile transactions, Apple says no

A group of four banks in Australia want customers to be able to use the banks' own mobile apps when conducting financial transactions with Apple Pay.

Overpopulated with traffic: Australian online census swamped by DDoS attack

The website hosting the online form for Australia's national census was brought down by a series of DDoS attacks on Tuesday, temporarily preventing some of the country's citizens from participating in the population survey.

Instagram accounts hacked to promote adult content

Symantec researchers spotted an influx over the last few months in hacked Instagram accounts used to promote adult dating spam.

Patch Tuesday: Adobe releases hotfixes to four patch bugs

Adobe Experience Manager received a "hotfix" to patch four vulnerabilities that could allow cross scripting attacks.

Report: Apparent phishing emails coming from legit company email address customers are being flooded with emails urging them to reset their passwords in what looks to be a phishing attack, BGR has reported, based on a series of complaints recently made on social media.

Nemucod downloader's latest campaign drops ransomware for click fraud

The malicious downloader Nemucod, normally associated with ransomware, has reportedly switched payloads in its most recent known campaign, opting instead to infect victims with Kovter, a backdoor trojan capable of click fraud.

Groups oppose EU funding of Romanian intelligence agency's facial recognition data program

European privacy groups have voiced opposition to a planned surveillance data project that would significantly expand the technology capabilities of Romania's domestic intelligence service.

Investment in cybersecurity strong as cyberthreats increase

Venture capitalist investments in cybersecurity firms have seen a 235 percent growth rate over the past five years as cyberthreats increase.

New ransomware arrives as phony alert from Microsoft

A new ransomware iteration has been detected by Symantec that spreads via social engineering tactics disguised as an alert from Microsoft.

Online retailer to pay $100K over breach

The online retailer has agreed to pay the penalty and to upgrade its data security practices.

Corrupt Silk Road agent's lawyer wants out of appeals case

Davina Pujari, Shaun Bridges third lawyer since he began his appeals process in December 2015, filed a motion to withdraw as counsel on appeal.

More bad vibes: Researchers find sex toy streams user data

Two New Zealand researchers discovered that one of the most popular connected adult toys on the market sends user data back to its manufacturer.

O2 confirms USBs distributed in marketing campaign contain virus

USB pens distributed by the U.K.-based mobile network O2 as part of a promotional campaign for an eBook were discovered to contain a "Windows specific virus", according to a company statement.

UPDATED: Oregon State Hospital notifies patients of breach

Oregon State Hospital's maximum security ward is notifying patients of a data breach.

Apparent DDoS attack sinks swimmer Michael Phelps' website

Michael Phelps is a world champion in the swimming pool, but on the Internet he just got blown out of the water by an apparent distributed denial of service (DDoS) attack that shut down his commercial website.

NATO cyber defense ambassador reflects on cyberwarfare's ethics

NATO's recent proclamation that cyberspace is an official domain of warfare, along with Russia's reported cyberaggressions against the U.S. and Ukraine, raises interesting questions about how one can responsibly manage cyberwarfare.

Voting machines, many in swing states, less secure than iPhones

A group of Princeton professors found that voting machines are less protected than the iPhones used to navigate to the voting booth and are becoming less secure each year.

Italian RAT targets Android devices in China by IMEI codes

Researchers discovered a RAT that targets Android phones in China and Japan and appears to select victims based on their devices' IMEI codes.

Video: Ruckus routers, connected devices found vulnerable

Tripwire researcher Craig Young said a series of flaws he recently found in Ruckus routers making them vulnerable to several security issues is representative of the security problems found in many consumer connected devices.

Nigeria-based BEC scams pulling in millions, SecureWorks report

A transfer of $400,000 was redirected to a group of Nigerian hackers.

Making it rain in the desert: 'Shimming' demo makes next-generation ATM spit out cash

There would be a lot more happy-go-lucky gamblers in Vegas if ATMs would spit out hundreds of dollars the way Rapid7 made one do in a demo at Black Hat that showed new EMV chip technology is not hack-proof.

VIDEO: Black Hat, a cybersecurity recruiter's paradise

Black Hat is not just an event for security industry insiders to gather and learn about the cyberthreats facing the world, it is also a premiere place to recruit new talent.

Researchers link Iran to malware targeting Syrian opposition

Citizen Lab researchers spotted a malware operation, dubbed Group5, targeting "well connected" Syrian opposition.

Navy interns launch CTF competition

The U.S. Navy has launched a Capture the Flag (CTF) competition to secure the networks used by the Department of Navy (DoN).

VIDEO: Companies shouldn't be in position to pay ransomware

Ransomware is a brilliant attack because it hits the sweet spot - the value of what they're taking away from you is more than what they're asking for, Zscaler CSO Michael Sutton told

Updated Firefox browser, now with bolstered security

Version 48 of the Mozilla's web browser Firefox has just been released offering new features intended to improve the stability and security of the browsing experience.

VIDEO: Designer ransomware threats are in fashion with cybercriminals

Cybersecurity firm Sophos recently issued a warning that cyberthreats are becoming more localized in nature. At Black Hat, caught up with Sophos's John Shier to discuss these "designer" attacks.

Klimpton Hotel chain investigating possible breach

Klimpton Hotels and Restaurants advised guests of a possible breach.

Panasonic Avionics kicking off bug bounty program

Panasonic Avionics Corporation developed a bug bounty program through HackerOne.

Battery status indicators used to track user behavior

A battery status API, intended to allow site owners to serve low-power versions of sites and web apps, is being used to track users.

Three more DNC staffers depart in wake of email furor

The fallout at the Democratic National Committee (DNC) over the leak of nearly 20,000 stolen emails continues with the announcement that three more top staffers will be exiting.

SSL vulnerability in Kaspersky iOS app could allow MitM

Security researcher David Coomber spotted a SSL certificate vulnerability in the Kaspersky Safe Browser iOS app.


Sign up to our newsletters