Oklahoma news hit with malvertising attack

Oklahoma's News 9 website is reportedly safe to visit after a malvertising attack which lasted at least a week.

Cyber UL nonprofit uses binaries to assess software quality

Security researcher Peiter Zatko, better known in the industry by his hacker moniker "Mudge," will unveil details of a cybersecurity "underwriters' laboratory" project that he announced last year on Twitter.

S. Korea blames N. Korea for breach that compromised 10M users

S. Korean authorities are blaming N. Korea for hacking an e-commerce firm and compromising the data of more than 10 million users.

Chris Schueler appointed to SVP of managed security services at Trustwave

Trustwave has appointed Chris Schueler as senior vice president of managed security services.

Smishing scheme targeting Apple users

A new phishing scam targeting Apple users has been detected that is using SMS messages to lure unsuspecting recipients.

Xen hypervisor vulnerability found

A bug impacting all versions of open source Xen hybervisor that could allow an attacker to gain host privileges has been reported.

Former Citibank employee sentenced for shutting down 90% of firm's network

A former Citibank employee was sentenced to 21 months in prison after wiping routers and shutting down 90 percent of the firm's network access across North America.

Report: Majority of BEC scams reported to FBI had funds wired to China and Hong Kong

Eighty-three percent of fraudulent money transfers reported to the FBI as the result of business email compromise scams are wired to banks in China and Hong Kong, CNN reported, following an FBI presentation at the International Conference on Cyber Security.

FBI creates new senior-level data scientist position, calls for applicants

The FBI is looking for candidates to fill its brand-new position of senior-level data scientist, a role requires specialization in big-data analytics and whose responsibilities include serving as a top advisor and consultant to Cyber Division executives.

Telegram for Mac OS records everything pasted into app

A Russian security researcher discovered the app for Mac OS logs every pasted message to syslog.

Athens Orthopedic Clinic reports patient data breach

The Athens Orthopedic Clinic (AOC) in Georgia is notifying patients of a data breach that compromised the personal information of current and former patients.

Arab-American org joins privacy groups in DNC anti-surveillance push

An Arab-American policy organization has joined with civil liberties and privacy groups to address domestic surveillance policies that target Arab American and American Muslim communities.

U.K. testing social media logins for authentication

To enhance the use of its web portal, gov.uk, the U.K. government is testing the use of its subscribers' social media logins as an authentication method.

DHL used as bait in courier scam

Singapore residents have been targeted in a new scam where they receive a phone call purportedly from the delivery service DHL that request personally identifiable information.

Report: No monthly updates for latest Motorola phone models

Motorola reportedly will not be conducting regular monthly security updates for its new Moto Z, Z Force and G4 mobile phones, and will instead issue security patches in conjunction with scheduled maintenance releases and OS upgrades.

Law enforcement community meets to discuss balancing privacy and cybercrime

Members will discuss and examine the challenges of balancing privacy and fighting cybercrime.

Researcher scores $10K+ bounty for digging up Vine's source code

A researcher earned $10,080 from Twitter's bug bounty program after discovering he could access a supposedly private online registry that led him to the complete source code for Twitter's Vine video-sharing service.

Possible breach at GunMag Warehouse

A third-party provider is being blamed for a possible breach into customer transactions at GunMag Warehouse.

Estonia in talks to back up data in U.K.

Fearing a Russian cyberattack, Estonia is reportedly negotiating with the U.K and Luxembourg governments to store citizen data in the U.K.

Illinois ACLU applauds new stingray regulation

The ACLU of Illinois applauded Governor Bruce Rauner's Friday signing of legislation regulating stingray use as a "measure that increases transparency."

Three charged in Florida federal court for global mobile telecom scam

Three defendants were charged in federal court on Friday for their role in a global telecommunications fraud conspiracy that compromised mobile phone users' accounts and cloned their cell phones to make unauthorized illegal international calls.

Illinois Republican resigns citing cybersecurity issues

A top elected Illinois Republican representative abruptly resigned his position citing "cybersecurity issues" as the reason for his departure.

Authorities blocked from accessing accused's iPhone

A man sitting in jail on charges of sex trafficking was ordered by a federal judge to unlock his iPhone, but so far his attorney has succeeded in blocking the order on constitutional grounds.

PowerWare ransomware variant poses as Locky, but can be decrypted

The ransomware PowerWare that commandeers Microsoft's PowerShell utility to download and run malicious code, now has a variant that mirrors Locky ransomware.

Germany proposes legislation for 'black boxes' on cars using autopilot

Self-driving cars in Germany may soon be required to carry a black box to help determine fault.

EFF lawsuit challenges DMCA Section 1201

The EFF filed an injunction against the DoJ, Library of Congress, Copyright Office and U.S. officials, challenging Section 1201 of the Digital Millennium Copyright Act.

Android anti-malware feature boot verification will be strictly enforced in Nougat OS

A system integrity feature that prohibits Android mobile devices from booting when the presence of malware is suspected will now be strictly enforced in version 7.0.

Alleged owner of world's most visited BitTorrent site arrested

A Ukrainian man was arrested Wednesday in Poland for allegedly owning and operating one of the world's largest BitTorrent distribution sites.

Library of Congress systems back to normal after four-day DDoS attack

After a four-day long DDoS assault, the Library of Congress announced its computer systems have returned to normal.

Hackers compromising checkout process on retail sites, redirecting shoppers to phishing page

Researchers at Sucuri has uncovered a sampling of novel e-commerce attacks that combine the classic duplicity of phishing schemes with the insidiousness of malicious webpage redirects.

Researchers spot bypass vulnerabilities in code hooking software

Researchers spotted six common security issues in code hooking software that could allow an attacker to bypass the operating system and inject malicious code.

Turkey blocks access to WikiLeaks after 300K emails released

Turkey blocked access to WikiLeaks after almost 300,000 emails from the Justice and Development Party (AKP Party) were released Tuesday.

Burned rubber: Dunlop online slideshow reportedly compromised, visitors redirected to Neutrino kit

A website for the rubber goods brand Dunlop was compromised to distribute ransomware to customers viewing a slideshow of DIY projects featuring its product line, according to endpoint security software firm Invincea.

Brazil's Supreme Court nixes lower court's WhatsApp ban

The Supreme Court in Brazil nixed a ban on WhatsApp imposed by a lower court judge earlier today.

Twitter rolls out online application process for account verification

Twitter said Tuesday it had created an online application process so that Twitter accounts could receive verified status.

Guccifer 2.0 files reveal more info about donors: Hollywood celebs, corporate execs

Guccifer 2.0 documents reveal information about prominent donors to the Democratic party, including Hollywood celebrities Steven Spielberg, Tom Hanks and David Geffen.

ISA presents 12-step cybersecurity program at RNC cyber forum

ISA President Larry Clinton urged lawmakers to treat cybersecurity "with a greater sense of urgency," saying in a release that the economics of cybersecurity need to be better integrated into policies.

Neutrino EK adopts new exploit after open source POC release

The Neutrino exploit kit (EK) added a former Internet Explorer zero-day vulnerability affecting to its arsenal.

Russian security firm linked to Carbanak cybergang

The Carbanak cybergang which facilitated the heist of $1 billion from banks around the world last year, was linked to the Russian security firm Infocube.

Jailbird: Cardinals exec who hacked Astros sentenced to 46 months in the grand slammer

The former St. Louis Cardinals baseball executive who illegally hacked into the Houston Astros' computer systems in order to gather intelligence and obtain an unfair advantage was sentenced in Houston yesterday to 46 months in federal prison.

Report: Number of unique malware families climbs 61% over first half of 2016

The number of unique malware families found actively attacking business networks grew 61 percent from January 2016 to June, with 2,420 distinct threats detected last month, according to Check Point Software Technologies' June Threat Index.

Delilah trojan seeks company weaknesses through insiders

Delilah trojan designed to target potential insiders via social engineering, extortion, and ransomware tactics.

Three arrested in $2.5M Taiwanese ATM malware heist

Three suspects were arrested after a network of Eastern European and Russian cybercriminals used malware to steal $2.5 million in cash from dozens of machines around the country.

Wearable devices still contain security flaws - report

Manufacturers of wearable devices continue to pay inadequate attention to user security, according to a new security audit of the best-selling fitness tracking and wearable devices.

VBulletin flaw exploited in breach of Ubuntu Forums

A known SQL injection vulnerability affecting vBulletin software was exploited by an attacker to breach the Ubuntu Forums database.

Researchers detect malware in TLS connections without decrypting traffic

Researchers discovered a way to detect and block malware in Transport Layer Security (TLS) connections without decrypting the traffic.

U.S. Cyber Command readies for first troop deployment

The demand for a cybersecurity component that can be deployed to protect U.S. military infrastructure and combat forces is so strong that Cyber Command will begin deploying its cyber troops even before the complete force is trained and staffed.

In a first, CryptXXX ransomware spread via spam

For the first time ever, CryptXXX ransomware is being distributed through malicious document attachments in email campaigns.

Cisco patches and discloses XSS vulnerability in WebEx Meetings Server

Cisco yesterday disclosed a vulnerability in version 2.6 of its WebEx Meetings Server that leaves users susceptible to cross-site scripting (XSS) attacks.

Nexus device security leads Android ecosystem

Duo Labs researchers said Nexus devices ship with a "purer flavor of Android" and are consistently in the first wave of Androids to receive operating system updates.

President Trump 'would be a disaster for innovation,' say Silicon Valley leaders

Silicon Valley tech sector leaders released a statement expressing dismay at the possibility of Donald Trump becoming president.

Crypto student accuses WhatsApp of blocking calls to Saudi numbers

A cryptography Ph.D. student has accused WhatsApp of blocking calls to Saudi Arabia phone numbers and deceiving users

Chinese businessman sentenced for cyberespionage targeting U.S. defense contractors

A Chinese businessman Wednesday was sentenced to 46 months in prison in the U.S. for his role in a cyberespionage conspiracy.

New banking malware stops customers from cancelling payment cards

Symantec has spotted a new banking malware that stops a victim from cancelling a compromised payment card by blocking calls from the infected device to the bank's customer service department.

Ultrasound theft results in data breach at health care company Kaiser Permanente

Health care consortium Kaiser Permanente's Northern California division has publicly disclosed a data breach after two of its employees allegedly stole an unspecified number of ultrasound machines containing protected health information.

Feds looking to hire cyberpros

Acknowledging a shortfall in the pool of cybersecurity talent needed to combat today's increasingly sophisticated cyberattacks, the federal government announced it is actively expanding recruitment.

Rep. Speier introduces federal revenge porn bill today

Rep. Jackie Speier(D-Calif.) today introduced the Intimate Privacy Protection Act, or revenge porn bill, that will make it a crime to knowingly distribute sexually explicit images of someone without their consent.

Report: xDedic dark web marketplace back in business after momentary shutdown

xDedic, a dark web marketplace offering access to compromised Remote Desktop Protocol (RDP) servers, has reportedly resurfaced following a brief shutdown.

Google warns users of state-sponsored attacks 4K times monthly

A high-ranking Google exec revealed that that the company sends 4,000 warnings monthly about state-sponsored cyberattacks.

U.S. Air Force project threatened by cybersecurity cost overruns

The U.S. Air Force is learning a tough lesson when it comes to hardening its systems against cyberintrusions, primarily that the cybersecurity threat landscape changes faster than the military's budgeting process.

Drupal zero-day opened door of Panama Papers law firm, report

A zero-day flaw in Drupal is now being said to be how hackers penetrated the network of law firm Mossack Fonseca and siphoned out 11.5 million files.

IBM researchers spot remote code execution bugs in Xiaomi's MIUI OS

IBM researchers recently revealed the discovery of a now patched remote code execution (RCE) vulnerability in MIUI operating systems.

New Yorker pleads guilty to doxing, swatting and making bomb threats

A New York man was sentenced to two years in prison on three federal charges that include swatting, doxing and making bomb threats against an Arizona university.

Kim Dotcom promises revival of pirate site

The wildly popular, albeit copyright-infringing website Megaupload is set to relaunch, five years after being shuttered by the Department of Justice.

California bill would outlaw ransomware

A bill has been introduced in California that would officially outlaw the felonious use of ransomware.

Senators ask FTC how it plans to stop click fraud

In a letter sent yesterday to the Federal Trade Commission, U.S. Senators Charles Schumer (D-NY) and Mark Warner (D-Va.) requested that the agency turn its attention to digital ad fraud and its detrimental economic impact.

Phishing scheme exploiting illegal downloads of Game of Thrones

Viewers illegally downloading Game of Thrones are being visited by dragons of a 21st century variety: phony notices of violation.

SWIFT hires two cybersecurity firms in wake of digital heists

The financial messaging cooperative SWIFT announced today that it hired two cybersecurity firms and also created a Customer Security Intelligence team in order to bolster cyber defenses, strengthen forensic investigations and promote information sharing.

Datadog breached, tells users to reset login credentials

Cloud service data aggregator Datadog was hit with a data breach late last week and has sent a letter to its customers warning them to change their login credentials.

NATO sites downed as measures approved opposing Russian aggression

After NATO's Allied Transformation Command websites were knocked offline, the alliance has not released official comments on the cause of the outage that felled two military command websites.

Baton Rouge police server accessed, 50K files reportedly released

A hacker reportedly accessed and publicly posted 50,000 records from the Baton Rouge Police Department to protest the police killing of local resident Alton Sterling.

Cybercrime now tops traditional crime in U.K.

A report from the U.K.'s National Crime Agency found that cybercrime has passed traditional crime in terms of impact.

Bimmer worried? Two unpatched bugs in BMW portal

Vulnerability Lab researchers reportedly spotted two upatched bugs in BMW domains and its ConnectedDrive portal.

New Kovter variant with legit certificate in the wild

A new variant has been added to the Kovter malware family posing as a Firefox update and that uses a legitimate certificate has been spotted by Barkly.

Paper: Wearables can reveal your passwords by measuring slight arm movements

Researchers have proven that sensors in wearable electronics can be exploited to measure minute movements in users' arms in an effort to decipher keystrokes and PIN codes that they enter into computers and ATMs.

House approves bill to ban porn on federal computers

House legislators approved a bill Thursday prohibiting access to pornography on federal government computers.

Lynch accepts FBI recommendation, won't prosecute Clinton over email

Attorney General Loretta Lynch said the Justice Department would not bring criminal charges against former presidential hopeful Hillary Clinton over her use of a private email server while she was Secretary of State.

Researcher spots firms behind OSX.Pirrit adware

Cybereason Labs researcher Amit Serper claims to have spotted the threat actors behind the OSX.Pirrit as well as a newer version of the adware.

Bill seeks to alter nation's critical infrastructure

Disconnecting computers used in power plants and electrical grids from the internet is being proposed in a bill before the Senate.

Silk Road fed accused of stealing bitcoin, again

A former Special Agent involved in the Silk Road investigation is suspected of pilfering $700K in bitcoin - after he pled guilty to the theft of $820K in bitcoin and received a five-year prison sentence.

HPE announces patches for seven Open SSL bugs

HPE Tuesday announced patches for seven OpenSSL bugs which have been present for more than a year.

Conflict between OurMine and Anonymous hackers reportedly leads to DDoS attack on Wikileaks

Taking a break from its takeovers of CEOs' Twitter and Quora accounts, the hacking group OurMine today turned its attention to Wikileaks, reportedly knocking its website offline with a distributed denial of service (DDoS) attack.

Spike in cyberattacks expected to exploit upcoming Olympics, report

An Israel-based security firm has issued a warning to fans of the upcoming Olympics to be wary of phony offers.

KontrolFreek customers payment card data accessed, obtained by third party

An unauthorized third party gained access to KontrolFreek servers and obtained payment card information on an undisclosed number of customers.

Adwind RAT found in spam emails targeting Danish companies

Researchers discovered the Adwind RAT in spam emails containing the spyware as part of a campaign targeting companies in Denmark.

Android 7.0 Nougat will block screen lock ransomware

Google will include a new defensive measure in its upcoming Android 7.0, or Nougat, operating system that will block ransomware designed to lock the device's display.

Ashley Madison facing FTC probe for using 'fembots'

The FTC is probing Avid, which faces a number of class action lawsuits on behalf of customers, for manipulating the Ashley Madison site by posting phony female profiles, or fembots, capable of conversing with male customers.

U.K. experiences 52 percent spike in ID fraud acts against young people

An analysis of identity theft trends in the UK shows a 52 percent increase in ID fraud crimes perpetrated against young people aged 30 and under between 2014 and 2015.

Phishing scam targets Brexit anxiety

A cyberscam has been unfolding in the wake of the Brexit vote.

ODNI to monitor its spies through wearable tech

The Office of the Director of National Intelligence's (ODNI) advanced research funding unit is developing a project to assist U.S. intelligence firms in monitoring its spies through wearable devices.

Kernel vulnerability in Qualcomm processors weakens Android phone encryption

A security researcher looks to have discovered an Achilles heel in the way millions of Android phones execute encryption, leaving these mobile devices potentially vulnerable to advanced hacking techniques.

State asks court for 27-month extension to review Clinton emails

The U.S. State Department cited insufficient staffing as the primary reason behind its request for a 27-month extension to review and release emails related to Hillary Clinton during her tenure as secretary of state that were requested by Citizens United under the FOIA.

Dating website Muslim Match hacked, user info exposed

Muslim Match, a dating website for Muslims, was hacked and user credentials and profiles of 150,000 subscribers posted online.

Hacker appoints himself new Oculus CEO on hijacked Twitter account

A hacker yesterday accessed the Twitter account of Oculus CEO Brendan Iribe and posted several fake tweets, including one that announced a leadership change.

Senator calls for self-driving vehicle regulations

During a Senate subcommittee hearing, a legislator pushed for security protections on internet-connected vehicles. "The Internet of Things leads also to the Internet of Threats," said Sen. Ed Markey (D-Mass.).

419 scam entices with lottery win

A new phishing campaign, purportedly from a family foundation, offers "randomly selected" individuals 1 million pounds ($1.3 million) - if they provide personal details.

OurMine hackers take Uber CEO's Twitter page for a joyride

Uber CEO Travis Kalanick last night became the latest public target of the OurMine hacking group, which posted an unauthorized message on his Twitter page, likely after hijacking his linked Quora account.

Reps. Lieu and Hurd urge HHS to develop ransomware guidelines

In a letter to the Department of Health and Human Services, Reps. Ted Lieu (D-Calif.) and Will Hurd (R-Texas) encouraged the agency to develop guidance for healthcare providers to use when responding to ransomware attacks.

U.S. Customs and DHS: Passports please, and social media accounts?

DHS and U.S. Customs propose screening of social media accounts for foreign travelers.

Russia's Duma approves bill requiring decryption backdoors

Russia's lower house of parliament approved sweeping anti-terrorism legislation that requires companies to decrypt any message sent by users.


Sign up to our newsletters