New backdoor 'Baccamun' spreads through ActiveX exploit

Symantec researchers revealed that the backdoor is dropped after attackers exploit a Windows ActiveX vulnerability.

Outdated browsers put U.K. users at risk of malware

A blog post on Check and Secure website said 70 percent of U.K. users haven't fully updated their internet browsers

Former student sentenced to six months for Nebraska university hack

Daniel Stratman was a senior at University of Nebraska-Lincoln when he was arrested for hacking into the university's computer system and accessing personal information.

U.K. hacker charged in third state for Adobe ColdFusion exploitation

Lauri Love allegedly stole the information of more than 100,000 government employees and is already facing charges in New Jersey and New York.

ECB database hacked, attackers ask for financial compensation

European Central Bank discovered the breach when it received an anonymous email requesting money in exchange for the data.

CyberMaryland conference returns, hosts job fair for military vets

The conference will be anchored by the Maryland Cyber Challenge and Competition, a security job fair, and more.

Cyber Command tests gov't collaboration in wake of attacks

The two-week exercise, "Cyber Guard 14-1," was completed this month.

Rhode Island hospital to pay $150K for past data breach

More than 12,000 patients' personal and health information was compromised in a breach at The Women & Infants Hospital of Rhode Island.

IT manager fired following massive Maricopa college district breach

Miguel Corzo, the IT manager who was fired on Tuesday, claims Maricopa County Community College District is making him into a scapegoat.

Facebook scam leads victims to Nuclear exploit kit

Researchers at Symantec say attackers are becoming more aggressive and using Facebook scams to exploit users' computers.

Five schools earn NSA's excellence in cyber ops distinction

The schools earned NSA's Centers for Academic Excellence designation for their cyber offerings.

Juniper Networks divests mobile products for $250 million

The company sold its Junos Pulse products for $250 million to Siris Capital, a private equity firm.

Firefox 31 plugs critical memory safety bugs

In total, Firefox 31 brings 11 patches for several flaws affecting the web browser.

Android/Simplocker adds tricks, including ransom message in English

Android/Simplocker ransomware now encrypts archive files, asks to be installed as a Device Administrator, and delivers an English-language ransom message.

Wall Street Journal website vulnerable to SQL injection, gets hacked

The Wall Street Journal confirmed on Tuesday that an outside party exploited a vulnerability and hacked into its new graphics systems.

Metro.us site compromised, serves malicious code

Researchers at Websense say visitors to Metro.us are sent to websites hosting the Rig Exploit Kit, used in the past to distribute CryptoWall.

Superman soars above fellow superheroes as most toxic search term

A McAfee study found that searches pertaining to Superman exposed users to the most infected websites.

Black Hat talk on Tor weaknesses canceled

Black Hat organizers say legal counsel for the Software Engineering Institute and Carnegie Mellon University nixed the session.

$4 billion breach suit against Sutter Health dismissed

The ruling comes nearly three years after a computer theft occurred at the organization.

More charged for roles in three separate Android app piracy groups

Indictments unsealed in the Northern District of Georgia on Monday charge members of three separate Android app piracy groups.

Angler Exploit Kit delivers Tor-using Critroni ransomware

The command-and-control for a new ransomware identified by Microsoft as Critroni is hidden on the Tor network.

Goodwill investigates compromise of credit, debit card info

Credit card and debit card data may have been compromised at several Goodwill locations around the country.

Siemens industrial products impacted by four OpenSSL vulnerabilities

The vulnerabilities can be exploited remotely, and fairly easily, by an attacker to hijack sessions and crash the web server of the product.

Pair jailed for Apple-themed phishing scams, racket supported criminal transport

A man and a woman were sentenced to 14 years for conspiring to steal money in a phishing scheme that was then used to transport criminals into the U.K.

On Facebook, fake video of disrobing woman leads to malware

Shortened URLs on Facebook, leading to a risqué webcam video, are actually being used to spread malware.

Apple to use TLS encryption for iCloud email, other providers

Apple just recently began encrypting its user iCloud messages that are sent to third-party providers.

Qihoo team cracks Tesla's Model S car, reportedly earns $10K

The SyScan +360 conference offered a $10,000 prize to anyone who uncovered vulnerabilities in Tesla's Model S car, which the automaker vowed to fix.

Report: Zero-day attack used in 2010 NASDAQ breach

Bloomberg revealed that hackers used two zero-day flaws to breach NASDAQ's servers in 2010.

Microsoft researchers recommend sometimes ditching complicated passwords

Through their new study, two Microsoft researchers concluded that users should reuse less complicated passwords for accounts that don't require as much protection.

Hamas targets TV station via satellite hack

An Israeli broadcasting regulator confirmed that the incident occurred.

U.K. data security office quietly discloses breach

The U.K.'s data security watchdog has disclosed a data breach it suffered in the last year.

Australian daily deals site discloses data breach after three years

An Australian daily deals website company, Catch of the Day, alerted its users on Friday of a data breach that impacted one of its websites in 2011.

Benjamin F. Edwards tells New Hampshire AG CryptoWall led to breach

The CryptoLocker copycat ransomware was behind the May breach, the firm said in a notification letter to New Hampshire's attorney general.

'Neverquest' banking trojan evolves as U.S. attacks continue

On Wednesday, Symantec released details on the malware's developed features.

Study: 72 percent of Chicago fraud victims also data breach victims

The National Consumer League's findings prompted the state's attorney general to speak about data breaches' implications.

Privacy groups, security experts and others implore Obama to veto CISA

Much to the chagrin of privacy advocates and other security experts, the Cybersecurity Information Sharing Act of 2014 passed the Senate Intelligence Committee last week.

ScarePakage ransomware warns Android users of FBI probe

Lookout has identified a ScarePakage mobile ransomware that renders Android phones inoperable and attempts to extort ransom via MoneyPak vouchers.

eBay Q2 results up, password reset took toll on user activity

While eBay reported healthy financials for the second quarter, CEO Jack Donahoe said the company is still recovering from a post-breach password reset.

CSA releases updated cloud security guidance

Today, updated versions of the Cloud Controls Matrix and Consensus Assessments Initiatives Questionnaire hit the web.

Certificates associated with malware added to SSL Blacklist

As of Wednesday afternoon, 127 SSL certificates associated with malware and botnet activities have been blacklisted.

Oracle: Java on Windows XP will still get security updates

Oracle, the maker of the popular Java plug-in, recently confirmed the details.

Russia protests arrest of hacker Seleznev, demands release

The Russian Foreign Ministry lodged a protest with the U.S. Embassy in Moscow, demanding the return of Roman Seleznev.

Teen posed as Anonymous, arrested for major DDoS attacks in Norway

A 17-year-old in Norway was arrested and charged with launching distributed denial-of-service attacks against banks and other companies in the country.

Judge dismisses second class-action suit against Advocate Health

For the second time in as many months, an Illinois judge has dismissed a class-action suit against Advocate spawned by a data breach last summer.

Google creates 'Project Zero' team to protect the internet

Google has hired a team of researchers who will be dedicated to digging up vulnerabilities, malware and other threats to internet users.

New York suffered 900 data breaches in 2013, AG reports

More than 7.3 million New York residents fell victim to 900 breaches in 2013, according to a report released by the state attorney general.

NIST drafts report on cloud computing challenges, requests comments

NIST presents 65 challenges of cloud computing divided into nine categories in an effort to build consensus and formulate solutions.

Russian hackers compromise CNET servers

Multiple CNET servers containing more than one million usernames, emails and encrypted passwords were compromised this past weekend.

Cryptolocker neutralized, says Justice Department

Cryptolocker is effectively non-functional and unable to encrypt newly infected computers, according to a status report filed by the Justice Department on Friday.

Apple blocks outdated Flash plug-ins to ward off Rosetta Flash attacks

Apple published a security notice saying that older versions of Adobe Flash contain vulnerabilities that can be exploited by Rosetta Flash.

Google external experts to tour Europe, explain right to be forgotten

After receiving tens of thousands of link removal requests, Google has convened a panel of experts who will speak at public meetings in Europe.

Hotel business center computers see uptick in keylogger malware

Attackers are targeting hotel business center computers with keylogger malware, according to a U.S. Secret Service advisory to companies in the hospitality industry.

Apple denies storing information on Chinese customers

Apple responded to a Chinese television broadcasters allegations that the company is storing users information through its location tracking services.

Zberp evolves, spreads through phishing campaign

Zberp malware was developed from the source code of Zeus and financial malware Carberp.

A possible attempt to revive the Gameover Zeus botnet

The Gameover variant of the nefarious Zeus trojan was disrupted in early June, but researchers with Malcovery are observing a return.

After takedown efforts, Cryptolocker fate still "undetermined," firm says

BitDefender, the firm that discovered the ransomware, detailed Cryptolocker's chances of making a comeback.

China targets shipping firms in Zombie Zero attack

TrapX was alerted to the zero-day attack when the malware targeted servers with "finance" in their host names.

Amazon hit with FTC suit over in-app purchases

After Amazon refused to a settlement, the FTC filed suit to force the online company to make restitution and change practices in its app store.

Tinba malware source code leaked in forum

CSIS researchers say the full source code for what's been dubbed the "smallest Trojan banker ever discovered" have been leaked in an underground forum.

Romanian man sentenced to 45 months for role in phishing scheme

For his role in massive phishing scheme involving stolen payment card data, a Romanian man was sentenced on Tuesday to 45 months in prison.

Kaspersky quickly addresses XSS flaw impacting company website

A cross-site scripting flaw impacting a Kaspersky website was quickly addressed by the security software company.

Resurgence of VBA macro malware poses new threat

A researcher from Sophos Labs penned a Viral Bulletin warning that VBA macros had reappeared as "simple downloader trojan codes."

Microsoft to implement 'right to be forgotten' form

Microsoft will start complying with Europe's "right to be forgotten" ruling by offering its Bing users a form to request links be deleted.

Chinese hackers seek security clearance data on federal workers

Chinese hackers broke into databases at the Office of Personnel Management which house data on workers applying for top-secret security clearance.

Google fights off attacks via fraudulent certs

Google recently blocked the fraudulent certificates, which were also revoked by India CCA.

Researcher identifies XSS bug impacting Kaspersky website

A cross-site scripting vulnerability identified on the Kaspersky website could enable an attacker to steal a variety of data.

In year's first half, Verizon hit with 150,000 gov't data requests

On Tuesday, the telecom giant published its second transparency report on government requests for customer data.

Former NSA chief pitches consulting work for $1 million per month

Keith Alexander is warning financial institutions of the threats their industry faces and offering to help them fight off attackers through his consulting firm.

PCI council's Bob Russo to retire, new general manager named

The PCI Security Standards Council General Manager Bob Russo will retire at year's end; Stephen W. Orfei will take the helm in September.

MiniDuke variant, 'CosmicDuke,' aimed at new targets

A variant of espionage malware that plagued government entities and other organizations across the globe has returned with a new toolset and a different set of victims.

Adobe addresses three vulnerabilities, Flash Player deemed critical

Adobe's patches address three vulnerabilities, including a critical bug in Flash Player that could be exploited to steal sensitive information.

Phishers target Silk Road Bitcoin bidders, more than $62K stolen from Australian firm

Australia-based Bitcoins Reserve lost more than $62,000 after phishers began targeting bidders interested in the auction of 30,000 Bitcoins confiscated in the Silk Road takedown.

Phishing scheme targets biting World Cup player's sympathizers

A phishing scam asks World Cup fans to sign a fake petition in support of a soccer play disqualified from playing after biting another player.

HotelHippo shuts down permanently after security flaws discovered

HotelStayUK shut down its HotelHippo booking site for good amidst assurances that other sites in the group are unaffected by security woes.

NSA spying on possible Tor and Tails users

A new report claims that the NSA is automatically capturing peoples' information through its XKeyscore program after they search for the privacy programs

Massachusetts man charged in Twitter hack

Cameron Lacroix, who recently plead guilty to computer hacking and payment card theft, faces new charges related to the hacking of Zendesk, which provides helpdesk services to Twitter.

DailyMotion users redirected to exploits in pay-per-click ruse

Popular video sharing service DailyMotion was compromised on June 28, redirecting users to the Sweet Orange Exploit kit.

European group details use of mini-skimmers on compromised ATMs

Small skimmers fit inside card readers rather than resting on top of them and coupled with mini cameras yield card and PIN data.

Target asks court to stay discovery

Target has asked a Minnesota court to stay discovery until motions to dismiss the claims have been addressed.

After DNS customer backlash, Microsoft returns seized domains to No-IP

Microsoft has handed domain control back to No-IP after millions of customers were reportedly impacted by its legal action.

Another firm sheds light on espionage group hitting energy sector

Symantec's report on the "Dragonfly" group brings additional insight on attackers spreading Havex malware.

Oversight board supports NSA internet spying

The Privacy and Civil Liberties Oversight Board's report indicates internet communications needs less protection than phone calls.

Google blocks access to email to prevent 'needless and massive' Goldman Sachs breach

Google has complied with a Goldman Sachs request to block access to an email containing sensitive data sent in error to a stranger's Gmail.

Microsoft steps up encryption in Outlook

Microsoft is now using Transport Layer Security (TLS) encryption for both outbound and inbound email on Outlook.com.

HotelHippo offline after security pro finds flaws

A HotelHippo customer who happens to be a security consultant found multiple security flaws when he tried to book accommodations.

Hackers commandeer businessman's phone lines, rack up $23K in charges

International hackers search for phone lines with unsecured voicemail ports, and then harness those lines to handle their customers' calls.

Alabama Department of Public Health warns of possible data breach

Alabama's Department of Public Health has sent letters to individuals whose personal information may have been compromised and used in a tax fraud operation.

File sharing programs cause data leaks, security headaches

A Harris Poll survey of 308 senior IT professionals found greater trust for Dropbox and similar apps among younger workers and top executives.

Netflix goes open-source with AWS security tool

Dubbed Security Monkey, the latest tool is now available on the company's GitHub site for developers that utilize Amazon Web Services.

POS vendor notifies restaurants of possible payment card breach

A point-of-sale and security systems vendor is notifying its customers, some of which are big restaurant chains, that its remote access service was breached.

Denmark caved to NSA's threats, security demands

The NSA is said to have threatened Denmark's government, warning that it would be excluded as a U.S.'s close ally if it didn't alter its encryption laws.

Benjamin F. Edwards alerts customers to May breach

In late May, the company discovered that an unauthorized third party had accessed its computer systems and nicked customer information.

Apple updates address flaws in Mavericks, Safari, iOS, and Apple TV

Apple addressed various vulnerabilities in Mavericks, Safari, iOS and Apple TV, several of which can enable arbitrary code execution.

P.F. Chang's hit with class-action lawsuit following breach

The complaint, filed in the U.S. District Court for the Northern District of Illinois, alleges that the restaurant chain failed to protect their personal financial data.

Appeals court can review ruling on FTC authority in Wyndham suit

A district court judge has ruled that the Court of Appeals for the Third Circuit can review an earlier decision to deny Wyndham's request for dismissal.

Supreme Court gives merit to Street View privacy concerns

For years, Google has battled accusations that it violated WireTap Act for its use of Street View.

Google patches buffer overflow flaw in Android KeyStore service

The serious buffer overflow vulnerability affects Android 4.3, or devices running Jelly Bean.

NCA charges 17-year-old London man for role in massive Spamhaus DDoS attack

A 17-year-old London teen has been charged with computer misuse, fraud and money laundering offenses, partly for his role in the 2013 Spamhaus DDoS attacks.

Blackphone begins shipping globally

The first privacy-driven mobile device is shipping to pre-order customers now and will begin accepting additional orders later this year.

UK transparency report: U.S. spy program targeted 89,000 foreigners

The Office of the Director of Intelligence released a report based on information declassified by the Director of National Intelligence.

Sign up to our newsletters

POLL