Reps. Lieu and Hurd urge HHS to develop ransomware guidelines

In a letter to the Department of Health and Human Services, Reps. Ted Lieu (D-Calif.) and Will Hurd (R-Texas) encouraged the agency to develop guidance for healthcare providers to use when responding to ransomware attacks.

U.S. Customs and DHS: Passports please, and social media accounts?

DHS and U.S. Customs propose screening of social media accounts for foreign travelers.

Russia's Duma approves bill requiring decryption backdoors

Russia's lower house of parliament approved sweeping anti-terrorism legislation that requires companies to decrypt any message sent by users.

Neutrino rental price doubles as Nuclear and Angler disappear

The demise of the Nuclear and Angler exploit kits (EK) has proven to be a financial boon for the backers of Neutrino, who have doubled the monthly rental price of this EK.

Media files at risk from malware targeting Viber

Viber, a popular social media app, is being targeted by malware capable of stealing photos and videos.

Troublemaking Bart ransomware follows in Dridex and Locky's footsteps

A newly discovered ransomware named Bart doesn't need to connect with a command-and-control server in order to encrypt victims' files, meaning even the strongest corporate firewalls may be unable to stop Bart from rendering a PC ineffective.

112K French policemen doxxed on Google Drive

A disgruntled ex-employee of an insurance firm uploaded the personal details of 112,000 French police officers to a Google Drive account on June 2 possibly exposing the officer's personal information, including addresses.

British teen admits to cyberattack on SeaWorld

A British teenager has admitted to instigating cyberattacks on SeaWorld in Florida, but has denied launching bomb threats to airlines in the U.S. via Twitter.

Facebook comment tag malware scam targets Chrome users

Scammers are spreading JavaScript malware disguised as a Facebook comment tag notification.

Bots adding signatures to U.K. petition calling for a second Brexit referendum

According to the signatures found on a U.K. parliament online petition, people in Antarctica, North Korea and Vatican City would like a second EU referendum to be held.

SEC Twitter account hacked, inappropriate pics posted

A prankster Saturday hacked the official SEC (Southeastern Conference) Twitter account and posted pictures of scantily clad women.

Fansmitter malware steals data through a computer's cooling fans

Israeli researchers have developed malware capable of transmitting data stolen from an air-gapped computer by manipulating the speed of its CPU and chassis cooling fans.

Google CEO Sundar Pichai Quora account hijacked by Zuckerberg hackers

Three weeks after hijacking Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts, the mischievous OurMine hacking group appears to have briefly seized control of Google CEO Sundar Pichai's Quora account.

Cable One alerts customers of a phishing scam

Cable provider Cable One alerted its customers of a phishing email scam looking to steal payment and personal information.

SEC freezes UK hacker's assets

The SEC obtained an emergency court order from a New York court to freeze assets belonging to a UK citizen who allegedly engaged in a sophisticated hacking and market manipulation scheme.

MDM software compromises BYOD employee privacy: study

MDM software, widely used to manage and secure employee devices in BYOD programs, compromise user privacy, according to a recent study.

Technology director arrested in Abingdon-Avon School District on electronic eavesdropping charges

Law enforcement officials in Knox County, Ill. earlier this week arrested a longtime IT employee of Abingdon-Avon School District #276 on electronic eavesdropping charges in connection with a recent data breach, according to local reports.

HHS may copy the DoD's Hack the Pentagon program

Citing the success enjoyed by the DoD's Hack the Pentagon bug bounty program, the HHS is considering using ethical hackers to discover flaws in medical devices and systems.

German-speaking users targeted in new malware campaign

German and Austrian computer users are being targeted with a new malware campaign.

Code generator for Swagger spec vulnerable to remote code execution

Rapid7 yesterday publicly disclosed a class of vulnerabilities in Swagger-codegen, a code generator for the OpenAPI specification, aka Swagger)

Air India frequent flier miles hacked

Unidentified individuals hacked into the loyalty program of at least 20 accounts at Air India to steal nearly $24,000 worth of frequent flier miles.

FTC fines ad network for geo-tracking of millions of consumers without consent

The Federal Trade Commission (FTC) fined the InMobi ad network $950,000 for tracking the location of hundreds of millions of consumers without consent.

Copycat attacks threaten survival of ethereum cryptocurrency

Ethereum, a rival to bitcoin, is under seige after follow-up attacks continue to siphon funds based in the cryptocurrency.

Bug detected in popular chat client Pidgin

A flaw opens users to the possibility of information leakage, denial of service, directory traversal and buffer overflow.

Malware found on Maryland parking garage payment servers

Annapolis, Maryland officials spotted malware on parking garage servers which may have compromised customer payment information.

House approves two bills to foster DHS outreach to private sector

House lawmakers voted on two bills aimed at creating effective partnerships between the U.S. Department of Homeland Security (DHS) and the private sector.

WordPress 4.5.3 release mends eight security flaws, 17 bugs

WordPress has released version 4.5.3 of its content management system, fixing eight security vulnerabilities that surfaced in previous versions, as well as 17 other bugs.

Google adds streamlined two-factor authorization

Google has made it easier for consumers to implement and make use of its two-factor authorization (2FA) system by adding a clickable prompt button that replaces the currently used texted six-digit code that is used to unlock an account.

U.S., Israel team in cyber threat-sharing program

The U.S. and Israel are set will announce a bilateral threat sharing program that is expected to begin in the next few months.

Phishing emails claim virus in iTunes database

Scammers looked to steal payment information from Apple customers using phishing emails claiming that a virus was detected in the iTunes database.

Apple fixes memory corruption vulnerability in AirPort product line

Addressing a vulnerability that could have potentially resulted in remote code execution, Apple yesterday announced a firmware update for several of its AirPort Wi-Fi products.

Demand for IPv4 addresses creates a thriving black market

The continuing need for the now out of stock IPv4 addresses has helped create a black market for these, according to the American Registry for Internet Numbers (ARIN).

xDedic underground marketplace may have been larger than expected

Kaspersky Lab researchers obtained evidence suggesting the xDedic underground marketplace may have been larger than previously thought.

W3C's rejected HTML5 proposal imperils security researchers

W3C digital rights management working group chairman vetoed a proposal to discuss HTML5 standards before renewing the group's charter.

Pentagon bug bounty program finds 138 vulnerabilties

U.S. Defense Secretary Ash Carter praised hackers who participated in the first ever "hack the Pentagon" bug bounty program which ended up revealing 138 vulnerabilities found on several Department of Defense's public websites.

BadTunnel flaw affects every Windows OS

Every version of the Microsoft Windows operating system is at risk from a number of security weaknesses detected by a Chinese researcher.

Lizard Squad-linked hacker claims attack against Blizzard servers

A Lizard Squad linked hacker taunted Blizzard Entertainment after server issues affected popular gaming networks.

1.5M T-Mobile records likely exposed in Czech Republic

Customers are at risk of marketers using the data to approach them with unsolicited offers.

Brennan does not dispute that Twitter cut CIA off from its data service

CIA Director John Brennan was asked about reports that Twitter has not made the Dataminr analytics service available to U.S. intelligence agencies, but has made the service available to a Russian news outlet.

Stolen credentials used to breach GitHub accounts

GitHub reported on June 14 someone launched a campaign to access several accounts using stolen login credentials.

Risky code in Vpon SDKs leaves mobile apps prone to malicious takeovers

Researchers at FireEye have found that certain iOS versions of the Vpon mobile ad software development kit (SKD) contain code that could allow bad actors to remotely take command of certain mobile apps.

U.S. feds looking into $81M theft from Bangladesh Bank in New York

A probe into the cybertheft of $81 million from the account of Bangladesh Bank held at the Federal Reserve Bank of New York is now under way by the U.S. attorney's office.

Apple to enforce HTTPS connections for app developers

Apple is making it mandatory for its App Store developers to use HTTPS when connecting to the company's servers.

Ransomware migrates from Angler to Neutrino

Following the shuttering of the Necurs botnet, security researchers noticed a subsequent drop in Angler exploit kits and other malware campaigns.

SAP patches three-year-old vulnerability, plus 20 more flaws

SAP this week patched 21 product vulnerabilities, including an information disclosure flaw that was originally disclosed more than three years ago.

Majority of enterprises at risk from cyberattack, RSA survey

Enterprises procuring detection and response technologies are at an advantage in fending off cyber incidents over those investing in perimeter-based solutions, a new RSA report found.

Reports: Geneva authorities make arrest in Panama Papers breach case

Authorities in Geneva have reportedly arrested a former IT worker at the law firm Mossack Fonseca in connection to the Panama Papers scandal that exposed global public officials' alleged misuse of offshore tax havens.

FBI "facing" questions over its facial recognition database

The U.S. Government Accountability Office has a few questions it would like the FBI to answer about its facial recognition database that contains 411 million photos.

Cisco warns of four unpatched vulnerabilities in firewall, two routers

Four vulnerabilities, one critical, were revealed in the web-based management interfaces of three Cisco products, including a firewall and two wireless routers (models RV110W, RV130W and RV215W).

Lone hacker reportedly takes credit for DNC intrusions, releases opposition files on Trump

A hacker called "Guccifer 2.0" claimed credit for breaking into the Democratic National Committee computer system and released the DNC's opposition research on Republican presidential candidate Donald Trump.

Hacker pleads guilty after stealing PII on U.S. soldiers, fed employees for ISIS

In a first of its kind case, an ISIS-linked hacker pleaded guilty to providing material support to a designated foreign terrorist organization.

Hacker post gay porn on ISIS Twitter accounts in retaliation for Orlando tragedy

Following the Orlando tragedy, an Anonymous hacker hijacked the Twitter accounts of ISIS supporters and flooded their profiles with gay porn.

Engineer faces espionage charges after allegedly stealing source code

An engineer is facing economic espionage charges after attempting to sell proprietary source code stolen from his former employer.

Air Force loses 12 years of fraud, abuse investigation records

The U.S. Air Force lost 12 years of records containing fraud and abuse investigations from its inspector general and legislative liaison offices as a result of a database crash.

New phishing scam siphoning PayPal user credentials

Users of PayPal are being targeted in a new phishing scheme that steals their credentials.

Clear path to Verizon email accounts patched

A vulnerability that could have allowed attackers to hijack incoming emails from Verizon users' inboxes without their knowledge was detected and, a month later, patched.

After Orlando massacre, Clinton pledges 'intelligence surge,' solicits tech orgs' help

Presumptive Democratic presidential nominee Hillary Clinton told a crowd in Cleveland that she would push tech companies to cooperate with government requests for help in tracking and identifying terrorists and foiling their plots.

Vulnerability in Telegram messaging app can send data charges soaring

Encrypted messaging app Telegram reportedly contains an unpatched vulnerability that bad actors can exploit to send massive text messages that drive up data charges or cause mobile phones to crash.

NSA may dabble in IoT surveillance

NSA Deputy Director Richard Ledgett said his agency is researching opportunities to collect from internet of things devices.

Microsoft's June Patch Tuesday features 16 bulletins, five rated critical

Microsoft's June Patch Tuesday offering served up 16 update bulletins with five rated critical covering 44 CVEs, which equaled the number posted in May, but with three fewer critical issues.

House may propose measures to limit warrantless surveillance

House lawmakers are reportedly seeking to introduce legislative measures that would limit domestic surveillance conducted by the National Security Agency (NSA) and protect encrypted communications.

Former disgruntled employee at ClickMotive convicted under Computer Fraud and Abuse Act

A jury convicted former IT professional Michael Thomas of Lewisville, Texas, under the Computer Fraud and Abuse Act, finding him guilty of sabotaging the computer systems of auto industry web software provider ClickMotive.

Louisiana grapples with hurricanes, gators, now a hacker who posted data of 290K citizens on dark web

A hacker has put drivers' license and other personal information on 290,000 of the bayou state's citizens for sale on the dark web.

North Korea prepared for massive cyberattack on South Korea

South Korean law enforcement officials said North Korea spent two years hacking into more than 100,000 computers as a prelude to a nationwide cyberattack.

Pair accused of hacking financial firms extradited to U.S.

Gery Shalon and Ziv Orenstein, accused of orchestrating the largest-ever theft of customer data from a U.S. financial institution, were extradited from Israel to the U.S. late last week.

Teslacrypt RIP: Cisco Talos decryptor on the job

Updated: Cisco Talos stated today that it has a Teslacrypt decryptor tool up and running and ready for download that will work against any variant of this ransomware.

Gaza Cybergang strikes again with suspected ties to Hamas

ClearSky researchers spotted the cyberespionage group the "Gaza Cybergang" resuming operations after shutting down activities in January 2016.

Triada trojan now redirecting Android users to fake, malicious URLs

The Android trojan "Triada," known for granting superuser privileges to other downloaded Trojans, is now embedding itself into at least four browsers in order to intercept URL requests and send users instead to malicious mobile websites, according to Kaspersky Lab.

$1.8B approved for DHS cybersecurity efforts

The Department of Homeland Security received a $1.8B infusion aimed at protecting against cyberattacks and safeguarding critical infrastructure.

Journalist facing $250K restitution

A journalist convicted of hacking is facing a fine of $250K to pay back the employer he violated

Report: Office of Personnel Management names Cord Chase as first CISO

The U.S. Office of Personnel Management (OPM) in April discreetly hired a cybersecurity adviser from within the Office of Management and Budget (OMB) to be its new CISO, according to a report.

ESnet iPerf tool vulnerable to remote code execution attacks

Cisco Talos researchers spotted a vulnerability in ESnet iPerf3 that could allow remote code execution.

Consumers taking their business elsewhere after a hack, Centrify survey

A new study examines consumer attitudes toward corporate hacking and companies should take heed.

PDFium vulnerability in Google Chrome enabled arbitrary code execution

Cisco Talos researchers spotted an arbitrary code execution vulnerability in PDFium, Google Chrome's default PDF reader.

Hackers impersonate CEOs and CFOs most often during phishing attack

All it takes is one of three words and impersonating the correct executive to pull off a successful Business Email Compromise attack, according to a new Trend Micro report.

Morgan Stanley to pay $1M for failing to protect 730,000 customer accounts

Morgan Stanley agreed to pay a $1 million fine to settle a proceeding launched by the Securities and Exchange Commission's that the financial services giant failed to set up adequate precautions of customer data.

Botnet used to deliver Dridex and Locky vanishes

The botnet that was used to deliver Dridex and Locky appears to have vanished.

UPDATE: Possible POS breach at CiCi's Pizza

CiCi's Pizza may have suffered a point-of-sale (POS) breach through third party vendor.

Skype being used to distribute malware

Skype being used to distribute QRAT malware to unsuspecting travelers looking for help on filling out U.S, travel documents.

Uber forks over $10K bounty for login bypass flaw

Uber paid Finnish researcher Jouko Pynnönen a $10,000 bounty for discovering a login bypass vulnerability.

Researchers discover ransomware server credentials in source code

Researchers examining SNSLocker ransomware discovered credentials of the server within the malware's source code.

A 'good neighbor' compromised State Farm customer data

State Farm is alerting customers of a data security incident involving a third party vendor's misuse of customer information.

Burned by ID thief, FTC's chief technologist urges mobile customers, carriers to bolster security

After an unknown perpetrator impersonated her in mobile phone store, the FTC's chief technologist, Lorrie Cranor, warned mobile customers of phone and SIM card scams, and urged carriers to employ additional security measures.

Feds not prosecuting enough cyberthieves, survey

More government personnel are needed to pursue and prosecute cyberthieves, ESET said.

Following social media site breaches, Netflix requires password resets

Following several social media site breaches, Netflix said users whose passwords may have been compromised must change their login credentials.

Two-factor authentication added to IRS site

The IRS has pumped up its web security by adding multifactor authentication to thwart cyberthieves eager for the trove of taxpayer information held in its databases.

University of Calgary pays $15,000 ransom to recover data

Ten days after a malware attack crippled the University of Calgary's computer system school officials reported that it paid a $20,000 CDN, or $15,749 U.S.,ransom to regain access.

Phishing campaign steals bitcoins from Mt. Gox victims

Many Mt. Gox victims are falling prey once again, this time to phishing scammers, according to Cyren researchers who have observed spam messages emanating from the Kraken exchange.

NFL's Twitter account hacked, announces commissioner Goodell's death

The NFL's Twitter account was hacked today with a tweet being posted stating that league commissioner Roger Goodell was dead.

Talking ransomware gets more bite, Cerber now has 'hash factory' and DDoS capabilities

Researchers spotted an upgraded version of the talking ransomware, Cerber, with more bite.

ISIS warns members of fake Android apps aimed at spying on terrorist group

Tech-savvy ISIS sent out an alert that an unknown source has released fake Android apps that the terrorist group fears may be used to spy on them.

HR vendor Empathia hit by potential breach

Human resources vendor Empathia announced a potential data breach affecting its employee assistance program.

FBI agent: NIT in Playpen case not malware because it didn't act maliciously

An FBI special agent deposed in federal court has stated that the network investigative technique (NIT) used to identify members of child pornography site Playpen should not be defined as malware because its behavior was not malicious.

Sen. Whitehouse suggests centralized federal cyber IG

Sen. Sheldon Whitehouse (D-R.I.) proposed Monday the creation of a cybersecurity czar whose office would oversee the actions of the various federal agency inspector general (IG) offices ensuring each is performing at optimum levels.

Site of grassroots abortion group hacked

A website belonging to the National Network of Abortion Funds was hacked around April 7.

FireEye finds Angler evading Microsoft EMET on Windows 7

FireEye has found the Angler Exploit Kit can now evade Microsoft's EMET and attack machines running Windows 7.

Cyber insurance decision could signal litigation tsunami

A federal court ruled that under its cyber policy, Chubb Ltd. will not have to reimburse restaurant chain P.F. Chang's for expenses charged the chain by its credit card processor after a 2014 data breach.

On anniversary of Snowden leaks, group lobbies against mass surveillance

A number of groups have banded together to call for an end to warrantless mass surveillance.

Alleged LinkedIn, Tumblr and Myspace hacker compromised 171M Russian site accounts

A hacker that has targeted several American social media sites has now hit the Russian version of Facebook

U.K. Parliament debates Snooper's Charter

The legislation, also known as the Draft Data Communications Bill, would enlist U.K.-based companies to store a 12-month backlog of data about every individual.


Sign up to our newsletters