HackingTeam spying manuals posted online

The Italian spyware company had its manuals posted online that detail how thoroughly an infected user's actions can be monitored.

Report: Stolen card data is crime that concerns Americans most

A recent Gallup Crime poll indicates that Americans' top two worries revolve around having credit card data stolen or their computer or smartphones compromised.

Pirate Bay co-founder found guilty for hacking IT service provider

Gottfrid Svartholm Warg was found guilty of hacking an IT service provider in Denmark. This is his second court case for illegally accessing data.

Assume Drupal 7 sites are compromised, unless patched or updated to 7.32 within hours

Assume every Drupal 7 website is compromised, unless patched or updated to Drupal 7.32 within seven hours of the disclosure of a highly critical SQL injection vulnerability.

Phishing campaign passes off Pony Stealer trojan as 'overdue invoice'

The malware has previously been used to steal $220,000 worth of bitcoins from victims.

Popular Science served up Rig Exploit Kit on its website

The monthly science magazine served up malicious code to readers earlier this week and has remedied the issue.

Attack on White House systems breached unclassified networks

The White House experienced a sustained cyberattack on its systems that impacted its network for nearly two weeks.

Hacker Lacroix apologizes, gets four years in federal prison

Christian Lacroix, who famously hacked Paris Hilton's phone and Burger King's Twitter account was sentenced for breaking into Bristol Community College computers.

Securonix taps former BofA exec for chief scientist role

Igor Baikalov was appointed chief scientist at security intelligence firm Securonix.

MPAA urges USTR to put pirate sites on 'Notorious Markets' list

In a letter, the Motion Picture Association of America asked the United States Trade Representative to include cyberlocker sites on its Notorious Markets List.

California data breach report reveals spike in incidents

A report by the state's attorney general sheds lights on the increase in data breaches, which have seen a 30 percent uptick in California so far this year.

'Cash out' crew member sentenced to 21 months in prison

Robert Dubuc hacked into various financial accounts and used them to divest money to other accounts and buy pre-paid debit cards.

Amit Yoran promoted to RSA president

Following his time as RSA's senior vice president of products, Amit Yoran will be promoted to the company's president.

FBI uncovers second person leaking government documents

The unnamed leaker's house was searched and a criminal case was opened after documents about the U.S. government's terrorist watch list were published.

US-CERT warns of phishing campaign spreading Dyre

The credential-stealing malware Dyre has been tied to a string of phishing attacks.

EFF files brief in response to Jewel v. NSA opposition

The Electronic Frontier Foundation (EFF) filed a new brief after the government released its own opposition.

FCC fines telecom companies $10 million

The Federal Communications Commission fined Terracom, Inc. and YourTel America, Inc. $10 million for their failure to protect users' personal information.

Tor exit node found to add malware to downloaded binaries

A researcher with Leviathan Security found that a Tor exit node in Russia is adding malware into downloaded binaries.

Google employee arrested over sextortion ruse

Nicholas Rotundo was taken into custody by federal agents for blackmailing a female college student by threatening to post her nude images on a revenge porn website.

Latest Ebola-themed phish leverages unpatched Windows bug

The bug, CVE-2014-6352, has a temporary solution, but still no permanent fix from Microsoft.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.

NICE Conference & Expo to be held in Columbia, Md.

The conference will cover the future of cybersecurity education in the U.S.

Franchises to get assistance on cybersecurity strategy

The National Cyber Security Alliance has teamed up with the International Franchise Association to promote cybersecurity awareness among franchise businesses in the U.S.

Bulgarian national sentenced 30 months for role in ID theft ring

Aleksi Kolarov was a vendor on Shadowcrew.com, an online cybercrime marketplace that sold stolen credit and bank cards and caused millions of dollars in damages.

New standard protects Facebook accounts from email ownership changes

Facebook accounts are now being protected by a new email standard known as Require-Recipient-Valid-Since.

Proofpoint acquires Nexgate for $35 million

The recent acquisition will allow Proofpoint customers to further secure their social media accounts.

EPIC: driver data shared via V2V technology needs protection

The groups shared comments on V2V communications with the National Highway Traffic Safety Administration.

Researchers observe recently patched Adobe bug added to exploit kits

Researchers have indicated that a recently patched integer overflow in Adobe Flash Player has been added to exploit kits.

Federal Trade Commission appoints new chief technologist

The government agency has announced Ashkan Soltani as its new chief technologist, according to a release.

Cybercriminals continue to piggyback on Ebola news

Email samples discovered by researchers at Trustwave reveal how attackers are infecting users with the DarkComet Remote Access Trojan.

ISA president urges state AGs to expand understanding of cybercrime

Speaking at a National Association of State Attorneys General conference, ISA's Larry Clinton asked the AGs to step up efforts to get more resources.

Woman charged with using spyware on former cop

Kristin Nyunt of Monterey, Calif., is charged with two counts of illegal wiretapping and possession of illegal interception devices and faces a sentence of up to five years in prison.

Google implements Security Key two-factor authentication

Security Key plugs into a user's USB port and can now be used as a primary method for account login verification.

Cisco supply chain CSO talks cradle to grave security

Edna Conway, Cisco's global supply chain CSO, spoke at SC Congress NY with a panel of experts.

Apple Pay and wearable technology could pose next threats, experts say

Experts at SC Congress New York discussed the future of threats during the "Tomorrow's Threats" panel.

Study: Canada C-Suite execs say companies prepared for threats

A survey of Canadian business execs found that just over a quarter had experienced a cyber attack.

PHP vulnerabilities patched

Developers patched multiple vulnerabilities in PHP that would have allowed remote code execution.

Cisco announces winners of Security Grand Challenge

Cisco unveiled the winners of three Security Grand Challenges and announced a fourth challenge, aimed at women.

Vulnerabilities addressed in Apple TV 7.0.1, iOS 8.1 updates

The iOS 8.1 update comes with a fix to a vulnerability known as POODLE, which can enable an attacker to decrypt data protected by SSL.

Progress on national breach notification law may stall

A bill, which would require a national reporting standard, has failed to make it before the Senate or House this year.

Apple OS X Yosemite contains bug fixes, Security Update also released

Apple OS X Yosemite includes fixes for more than 40 vulnerabilities, including POODLE and Shellshock.

JPMorgan Chase hackers missed fed gov't employee accounts

Information on half a million federal workers in the government's SmartBuy program went undetected by Chase hackers.

Google updates piracy-fighting report

The search engine company updates it piracy report to let users know how its adjusting search results to stop illegal piracy efforts.

Former RSA CISO named president and COO of White Ops

Eddie Schwartz has been appointed the new president of the New York City-based online fraud company.

TheSnappening.org owner targeted in site hack

Mudit Grover's personal information was published online after a hacker, Team Danny, took control of the site.

FBI director warns of Apple and Google device encryption implications

After both companies said their new operating systems would come equipped with default encryption, FBI director James B. Coney used a speech to warn attendees of the repercussions those decisions could have.

FireEye pegs top Java exploits and EKs using them

A report details the three most commonly exploited Java bugs affecting users.

Two Detroit men arrested may be linked to Home Depot breach

A routine traffic stop in Texas resulted in two men being arrested for possession of criminal devices.

TD Bank reaches $850K breach settlement with states

The settlement brings some resolve to the 2012 breach, where the bank lost unencrypted backup tapes.

N.M. man, who intercepted governor's emails, sentenced to nine months

Jaime Estrada was sentenced to nine months in prison and was ordered to pay a $10,000 fine.

Hackers targeted Chase Corporate Challenge site to find infiltration route

The Corporate Challenge site was one of many avenues tested by persistent attackers, reports reveal.

South Korea mulls replacing nat'l ID cards after breach

Replacing the card would likely cost the South Korean government about $650 million and businesses would pay out billions to upgrade systems.

Google ordered to remove Japanese search results on man

A man claims his privacy was violated and that his life was threatened after search results indicated he might have been involved in a past crime.

Drupal core contains 'highly critical' SQL injection vulnerability

Upgrading to Drupal core 7.32 will address the vulnerability, which could lead to privilege escalation and arbitrary PHP execution if exploited.

Shellshock used to amass botnet and execute phishing campaign

Researchers found that the botnet contained 360 bots and was used to target Spanish-speaking Citibank customers.

ABA wants to automatically call and text mobiles regarding breach and fraud alerts

With data breach and fraud alerts in mind, the ABA filed a petition on Tuesday asking the FCC to remove "outdated regulatory restrictions" that prevent sending automated calls and texts to mobile devices.

Malicious ads on YouTube direct users to Sweet Orange exploit kit

The campaign targeted users running vulnerable versions of Internet Explorer.

Dropbox denies stolen credentials claim

The file hosting company refuted the recent news that more than seven million user login credentials were stolen and posted online.

Second class action suit filed against CHS

A class action suit filed in a New Mexico court accused the health system of failing to follow appropriate security measures.

Adobe fixes Flash Player, ColdFusion flaws

Adobe addressed nine Flash Player flaws in three CVEs, giving four bugs the company's highest priority rating.

Snapsaved.com breach prompts Snapchat warning

After Snapsaved.com was breached, Snapchat warned users that third party applications could expose their data.

HP to remove digital signature that code-signed malware

Journalist Brian Krebs said the company is sending out advisories to clients saying it would remove the certificate after a 2010 security incident.

Suspected POS hacker Seleznev faces slew of new charges

Roman Seleznev is now charged in a 40-count indictment brought by a federal grand jury in Seattle.

JPMorgan hackers targeted 13 firms, including Fidelity, report reveals

Fidelity claims, however, that no customer data appears to have been stolen.

Symantec splits into two companies

As rumors swirled, Symantec announced that it would become two companies, one focused on security and the other on information management.

White House head of cybersecurity suggests selfies as password alternative

Rather than staying true to the password as the primary security method, Michael Daniel, White House cybersecurity coordinator, suggested biometrics or even selfies as an alternative.

Emma Watson Facebook scam infects users with malware

A new Facebook scam leverages the popularity of the British actress to infect users with a trojan that steals data and signs up victims to a premium SMS scam.

Google shells out $75K in bug bounties for Chrome 38 release

Google has paid more than $75,000 in bug bounties to security researchers who helped discover flaws patched in its recent release of Chrome 38.

Study finds reflection-based DDoS attacks still popular amongst attackers

The use of distributed denial-of-service (DDoS) reflection-based attacks continues to be on the rise, according to one recent study.

Bond insurer MBIA investigates potential breach of client data

MBIA says clients of its subsidiary, Cutwater Asset Management, were impacted.

Australian Broadcasting Company taken off air by ransomware attack

The company said it fell victim to a phishing email campaign that spread ransomware.

Apple iOS 8 bug reportedly deleting iWork docs

MacRumors forum users are reporting that the bug is deleting their iCloud documents, and in some cases, the docs could be permanently lost.

New system aims to automate threat intelligence in health care industry

A new system aimed at not only promoting threat intelligence in the health care industry, but automating it, was announced Wednesday.

New York City scraps transmitter beacons in Titan phone kiosks

Fearing they could be used to track phone users, New York officials told Titan to remove transmitter beacons from 500 phone kiosks.

Facebook fights back against spammers

The social media company in a blog post detailed its efforts to stop spammers and 'fake likes' businesses.

ISACA announces entry-level cybersecurity certificate

A new cybersecurity certificate has been launched by global IT association ISACA that's intended for those looking to break into the field.

Mozilla patches Bugzilla bug that revealed details on flaws

Mozilla has updated its Bugzilla tracking program to patch security holes, including a flaw that exposed bugs that security researchers are patching.

Marriott to pay $600K fine for blocking guests' Wi-Fi networks

The FCC launched an investigation last year after a consumer complained of the practice.

Unauthorized employee may have accessed AT&T customer info

The company informed victims in a letter that the employee no longer works there, and complementary credit monitoring services are being offered.

Apple updates XProtect, blacklists iWorm variants

After more than 18,000 Macs were infected with iWorm malware, Apple has updated its XProtect system to identify and block certain variants.

Google updates SafeSearch, adds HTTPs support

Google has updated SafeSearch to support HTTPs and will remove the older iteration in early December.

iCloud hacker releases new series of celebrity nude images

Another wave of celebrity nude images hit the internet on Sunday just days after Google took action to remove some of the previously leaked photos.

Google deletes hacked images of nude celebs

After being threatened with legal action by the victims of the headline-grabbing nude celebrity photo hacks, Google has made a move to delete them.

Phishing scam goes after AOL account credentials

The phishing email tells recipients that their mailbox has exceeded the storage limit and that they must click a link and enter their credentials to "re-validate" it.

Researchers discover Mac botnet

Doctor Web researchers have discovered a new malware that is being used to amass Macs into a giant botnet.

JPMorgan Chase security issues ongoing

The bank may have joined the ranks of companies that have been hit by two data breaches, or more, in fairly short order, according to a recent report.

Researchers release BadUSB code at Derbycon

Two months after SR Labs demonstrated that flaws allow malware to infect USB devices, two researchers have taken the code public.

Chinese iOS trojan targets jailbroken devices

The trojan is known as Xsser mRAT is targeting protesters in China, but devices have to be jailbroken in order to be infected.

Google threatened with $100M lawsuit over hacked celeb images

A lawyer representing more than a dozen of the women affected by the recent iCloud celebrity hacking scandal has threatened Google with a $100,000,000 lawsuit.

Malvertising still plaguing The Pirate Bay

The popular torrent site is still serving up malicious ads, two years after initial reports.

Pakistani man indicted over spyware app creation

Hammad Akbar created StealthGenie, which allowed the purchaser to secretly monitor a cell phone's communications.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.

Google bumps maximum Chrome bug bounty reward to $15K

A high-quality report with a functional exploit for a sandbox escape will earn a bug hunter $15,000, according to the new reward amounts.

Malware in Mexico, Ukraine ATM attacks may be culprit in Malaysia

Police are not naming the malware used, but speculation casts an eye on Backdoor.Ploutus or Backdor.PadPin.

FBI to open Malware Investigator portal to security researchers

The portal is a virus analysis tool that examines suspicious files and shares information about them.

Android bug allowing SOP bypass farther reaching than initially thought

Researchers found that 42 out of the top 100 apps in the Google Play store with 'browser' in their names were vulnerable.

Apple addresses Bash bug with new update

The tech company issued an update for OS X Mavericks, Mountain Lion and Lion earlier this week.

EPIC files complaint with FTC against Maricopa

The nonprofit organization alleges that the Maricopa County Community College District violated the FTC's "Safeguards Rule."

RSA fraud report examines August phishing trends

Phishing is down 22 percent from July to August, but U.S. banks experienced an increase in phishing volume.

Kevin Mitnick to sell zero-day exploits

Kevin Mitnick's new venture will develop and procure zero-day exploits, then sell them for $100,000 or more.

Sign up to our newsletters