The non-profit Internet Archive library today unveiled a virtual Malware Museum, which offers a look back at some of the hacking community's earliest attempts to infect computers.
Symantec has discovered a spam campaign targeting Portuguese-language computers specifically focusing on companies based in Brazil with the goal of stealing email accounts in order to access sensitive corporate information.
A vulnerability affecting Netgear's NMS300 ProSafe network management system allows attackers to access the directory of servers the system runs on and upload malware.
OPM acting director Beth Cobert questioned about strained relationship with the House Oversight and Government Reform Committee, after receiving subpoena.
A group of hackers tried to access active accounts belonging to more than 20 million users of Taobao, Alibaba Group Holding Ltd.'s e-commerce unit.
Malwarebytes has discovered that amateur meteorologists get more than a weather forecast when they download the deceptive WeatherWizard app.
Apple has brought on board two security researchers who previously worked to develop the infamous Thunderstrike 2 worm.
A United Nations panel declared that the past three-and-a-half years that Julian Assange spent in Ecuador's embassy in the U.K. were effectively an "arbitrary detention", as the WikiLeaks founder fights extradition to Sweden.
The CERT Division at Carnegie Mellon University yesterday issued an alert detailing a password vulnerability in the Open Embedded Linux Entertainment Center operating system.
The ACLU joined forces with the EFF to file an amicus brief in a case involving the Milwaukee Police Department's alleged warrantless use of a stingray.
Landry's Inc., the dining and hospitality chain operator that discovered a long-running data breach in December, said it has completed its internal investigation into the incident, and has fortified its point-of-sale operations with encryption technology to prevent future cyberattacks.
Bank of America, Wells Fargo and JPMorgan Chase have announced plans to roll out ATMs that take smartphones as well as ATM cards.
Aimed at manufacturing, telecommunications, and financial services sectors, Dridex has reemerged after a post-holiday slowdown.
A researcher at the University of California, San Diego, claimed to have discovered a way to hack into a computerized car's operational controls by playing a music CD encoded with malware on the vehicle's entertainment system.
Researchers at SecureList have uncovered a new family of backdoors for Linux and Windows.
Following a guilty plea in 2013 for distributing malware and conspiring to commit computer hacking, Michael Hogue was sentenced to five years probation.
The OpenSSL project has issued an update to patch a vulnerability that would allow a malicious remote user to obtain a decryption key enabling them to learn sensitive information.
The newly discovered ransomware known as " 7ev3n" encrypts victims' files and demands 13 bitcoins for the key.
Researchers at Malwarebytes have spotted thieves using a phishing scheme to unlock stolen iPhones.
Researchers have spotted attackers using malicious Microsoft Word documents distributed via spearphishing emails to spread the Black Energy Trojan in Ukraine.
Sixty-seven percent of Android devices are prone to a newly discovered ransomware variant - the first to employ "clickjacking" as a way to fool users into giving away their administrator rights, Symantec warned today in its Security Response blog.
NCH Healthcare last week notified medical staff and employees of a data breach that took place when two company servers were compromised.
In what prosecutors are calling a "first of its kind" case, a hacker linked to the Islamic State of Iraq and the Levant (ISIL) has been extradited to the U.S. to face charges.
Cisco yesterday warned users of a critical vulnerability in the web-based interface of its EV220W Wireless Network Security Firewall devices, which if exploited could allow remote attackers to access administrative privileges by circumventing the authentication process.
Mozilla released 11 patches for Firefox 44 and Firefox ESR 38.6 with three being rated as critical.
The White House will establish a new office, managed by the DoD, that will secure OPM background checks.
The Israeli Electric Authority was hit by a massive cyberattack during a period of record-breaking power consumption.
A Swiss digital surveillance law that has rankled online privacy advocates will now subjected to a public vote, after opponents collected enough signatures to challenge the legislation.
Plaintiffs in Atlanta had a class-action lawsuit dismissed on Monday following the state's acknowledgement it had put at risk the data of more than six million registered voters.
Despite Apple taking a pro-encryption stance, with its CEO Tim Cook insisting that iMessages are safely encrypted, it turns out that if users backup data using iCloud Backup, they need to be aware that although Apple stores the backup in encrypted form, it uses its own key.
Hackers in India are being handsomely rewarded for taking on work for ISIS.
A former jockey agent has been charged by the District Attorney of Queens County, New York, with illegally accessing the New York Racing Association's (NYRA) computer system to access insider information.
A coalition including the ACLU, FreedomWorks, and other digital privacy advocacy groups sent a letter to members of the House urging them to repeal the Cybersecurity Act of 2015.
Comparing global cyberspace ambitions to the "Space Race" of the 1960s, Republican U.S. presidential candidate Ben Carson has proposed a National Cyber Security Administration (NCSA) that would consolidate efforts to strengthen and defend America's online assets.
Symantec researchers have observed one-click fraud scammers changing to more aggressive tactics in a zero-click fraud scheme that subscribes visitors to porn websites.
The Senate's Committee on Oversight and Government Reform has requested information from 24 federal agencies and government departments following the illicit code announced by Juniper Networks.
Lenovo issued patches to fix four issues found on some ThinkPad and IdeaPad devices that use the SHAREit app, including allowing remote system access and unauthorized access of transferred files.
As cyber attacks continue to increase, IT departments continue to be challenged by older techniques, such as targeted phishing attacks, because the attacks bypass perimeter defenses and are difficult to prevent.
Cybersecurity startups hold a premium position within Israel's investment ecosystem and are second only to the U.S., according to researchers at YL Ventures.
Security researchers have devised a decryptor program for the LeChiffre ransomware, allowing users to unlock their stolen files for free.
Malwarebytes detected "a particularly interesting method" that coders used to circumvent default restrictions mandated for Powershell scripts.
More information is being revealed regarding the late December attack on the Ukrainian power grid with reports indicating the attack on the utility was supported by a simultaneous telephonic denial of service (DoS)incident.
Hurley Medical Center in Flint, Mich. was hit by a cyber attack Thursday after Anonymous threatened to take action over for the city's water crisis.
The U.S. Air Force now boasts the first-ever cyberspace weapon system to reach Full Operational Capability status, the military branch announced earlier this week.
After patching a critical flaw in the Android OS's code and releasing it to open source, Google hinted that Perception Point's estimate that more than two-thirds of the devices would be impacted by the Linux vulnerability was "exaggerated,"
The FBI is facing allegations from the press that it hacked into the TorMail accounts of innocent people during a 2013 investigation.
A flaw in TeslaCrypt's encryption key storage algorithm - since fixed in version 3.0 - lets the trojan's victims retrieve their files, according to a report in Bleepingcomputer.com.
Google promoted its Chrome browser to a stable channel and patched 37 bugs, two of them high risk.
By connecting several dots together the Canadian government has tied what it believes are two Chinese soldiers to a hacking ring that included a third Chinese citizen currently living in Vancouver.
Classified information on a server belonging to Hillary Clinton may have been hacked by foreign adversaries, ex-Pentagon chief Robert Gates said.
File it under "irony" or "misguided," but executives at some of the world's largest IT security companies willingly gave up Twitter passwords while registering for a security event.
The U.S. government acknowledges in its "Vulnerabilities Equities Process" (VEP) to sometimes condoning withholding information on zero-day vulnerabilities so they can be exploited for intelligence and law enforcement purposes.
A Ukranian hacker Sergey Vovnenko pleaded guilty in a U.S. district court in New Jersey to aggravated identity theft and conspiracy to commit wire fraud.
Malwarebytes received a $50 million Series B funding round from Fidelity Management and Research Co.
FireEye today announced it has acquired the privately held iSight Partners in a $200 million cash deal that was closed on January 14.
Vladimir Putin's key adviser on internet-related affairs was accused of being the owner of a locally operated torrent site.
SplashData's list of the 25 worst passwords of 2015 includes multiple references to Star Wars: The Force Awakens, including "starwars," "solo" and "princess."
Researchers at IBM's X-Force have observed the Dridex banking trojan using DNS cache poisoning attacks to redirect victims to fake banking sites.
Australian Prime Minister Malcolm Turnbull and President Obama promised to increase their team effort to combat the ISIS online threat.
Unregulated Chinese tech companies are selling IMSI catchers on the black market to oppressive regimes.
Intel today issued a patch to fix a vulnerability associated with the Intel driver update utility MiTM that could have been remotely exploited by a bad actor.
Researchers discovered a serious vulnerability in the Linux operating system kernel that could allow attackers to take full control of Linux devices, including PCs, Android phones and servers.
A report from the U.S. Department of Homeland Security's Industrial Control Systems Cybersecurity Emergency Response Team (ICS-CERT) noted a rise in reported cyberattacks against critical manufacturing organizations during 2015.
Mac users who have long felt secure from cyberattacks, may now be susceptible owing to a reported flaw.
HSBC bank is informing some of its customers that their personal information, including Social Security and various bank account numbers, may have been exposed to a third party.
Symantec is investigating a pump and dump stock spam campaign that used the long-lived W.32 Waledac botnet to target a marijuana farming company possibly generating thousands in illegal profits.
A bipartisan coalition of U.S. House members led by Rep. Justin Amash (R-Mich.) introduced a bill that would repeal recently passed cybersecurity legislation.
Cisco patched multiple vulnerabilities, including two that are critical, affecting its wireless LAN Controller software, Identity Services Engine software, and Aironet access points.
Yijia Zhang was sentenced to 31 months in prison for violating the Computer Fraud and Abuse Act (CFAA) when he stole electronic documents from his financial services company employer.
A senior U.S. official said the direct connection of the industrial control systems (ICS) handling the country's critical infrastructure networks to the internet has led to an uptick in penetrations during the past year.
Cybercriminals wasted no time in exploiting the media attention focused on the passing of rock icon David Bowie.
Yahoo Inc. has agreed to pay up to $4 million in fees to settle a class-action lawsuit filed, but the lawyers, not the plaintiffs will get the pay-out.
An audit of the Security Operations Center (SOC) responsible for securing the U.S. Nuclear Regulatory Commission's (NRC) network infrastructure reveals the SOC's procedures are currently not optimized to meet many cyberthreats.
Teen involved in hacking the CIA director's email last year is now claiming to have hacked into the National Intelligence director's account.
A number of remote code execution bugs in several models of FRITZ!Box broadband routers could allow intruders to place phone calls through the device.
Trend Micro patched several critical flaws in Password Manager found by a Google Project Zero research that allowed hackers to execute malicious code.
American Express Travel Related Services Company reported three breaches to the California Attorney General.
The armed militia currently occupying the Malheur Wildlife National Refuge in Oregon reportedly breached a computer system at the facility and accessed personal information on employees who work at the station.
A cross-site scripting (XSS) vulnerability on eBay's website that could have been exploited by spearphishers "to steal funds from people, use trusted eBay accounts to scam other users, and more," according to an independent researcher.
A Cook County Circuit Court Judge yesterday denied a Chicago Police Department (CPD) motion to dismiss an activist's request for public documentation pertaining to the CDP's use of stingray devices.
Adobe's first Patch Tuesday of 2016 featured 17 fixes for various versions of Reader and Acrobat, all rated critical.
Despite an encrypted email service on BlackBerry smartphones, forensic investigators in the Netherlands said they can read encrypted messages sent on the devices.
A cyberattack on a power plant in the Ukraine "demonstrated planning, coordination and the ability to use malware," says SANS.
Microsoft is ending support for older versions Internet Explorer (IE) starting January 12.
The NHTSA closed an investigation into Fiat Chrysler after determining that non Fiat Chrysler entertainment units weren't vulnerable.
A former director of baseball development for the St. Louis Cardinals pleaded guilty to charges of accessing computers belonging to the Houston Astros without authorization.
A Turkish criminal court sentenced a 26-year-old Onur Kopcak to 135 years in prison on Sunday for stealing 11 consumers' credit card information and selling it on the black market.
A court ruling on Monday upped the challenge to Facebook on how the social media site uses a cookie to track data of European citizens.
General Motors launched a vulnerability submission program earlier this week, promising not to sue researchers who submit their findings through the program website who follow its guidelines.
Researchers at Malwarebytes uncovered a malvertising campaign on the PopAds network that launches the Magnitude exploit kit (EK), infecting victims using old versions of Flash Player with CryptoWall 4.0 ransomware, according to a blog post.
Unveiling a porfolio of new devices at CES as part of its Wireless Monitoring System, VTech claimed it's tightened security to better protect customers' personal data.
Following a cyberattack on a utility provider in the Ukraine, the Electricity Information Sharing and Analysis Center warned its members to improve their network defenses.
Researchers at Symantec spotted cyberscammers making money using fake Instagram profiles to lure users to adult sites.
In the wake of North Korea testing a nuclear device earlier this week, the South Korean military has raised its cybersecurity level as a precautionary measure.
Researchers identified a rogue app store that is accessible from anywhere in the world and allows users to download iOS apps to non-jailbroken devices.
A federal court judge said plaintiffs didn't show harm after a 2014 data breach at Michaels Stores Inc.
Time Warner Cable (TWC) is blaming a phishing attack conducted on one of its vendors for a data breach that may have resulted in 320,000 TWC customer emails and other personal information being stolen.
WordPress issued its latest security release, version 4.4.1, to patch more than 50 problems, including a cross-site scripting vulnerability affecting versions 4.4 and earlier.
The Latvian man who admitted to co-authoring the notorious banking malware will be spared further jail time.
The security exploit acquisition firm Zerodium announced a $100,000 bounty to anyone capable of bypassing Adobe Flash Player heap isolation mitigation protocol.
Sign up to our newsletters
SC Magazine Articles
- CISO salaries and demand for cyber-skills skyrockets, surprising no-one
- Malwarebytes says sorry for multiple AV bugs, still unpatched
- Ransomware and POS attackers to zero in on small businesses, retailers
- TaxAct breached: Customer banking and Social Security information compromised
- Student SSNs exposed in University of Central Florida breach