Joomla has patched a pair of vulnerabilities in its CMS platforms that if left unfixed would allow attackers to create admin accounts and elevate privileges, respectively.
Israeli mobile forensics firm Celebrate could have some of their methods exposed after a reseller partner reportedly made the company's firmware and software publicly available to download.
A recent study found that law enforcement may be able to deter teen cybercrime by treating hackers like addicts.
Thai telecommunication companies are bristling at a proposed law that would criminally punish ISPs for computer crimes perpetrated by their users, and place the burden of proof on these providers to defend themselves.
Silver Creek Fitness & Physical Therapy suffered a data breach through a third-part contractor that exposed their clients personally identifiable information to include Social Security and Medicare numbers.
Microsoft on Friday warned of a malware threat called Hicurdismos that simulates the infamous Windows Blue Screen of Death as part of a tech support scam.
A self-described patriotic American vigilante hacker named Jester reportedly took over the Russian Ministry of Foreign Affairs website on Friday in retaliation for alleged Russian cyberattacks on the United States.
U.S. federal prosecutors reportedly will charge former National Security Agency (NSA) staffer Harold Martin III not only removed 50 terabytes of data from NSA servers, but also removed "six full banker's boxes" of documents along with a host of computer hardware, according to published reports.
The Internet Systems Consortium issued an advisory on Wednesday, warning that some third parties are distributing versions of ISC's BIND software that contain a high-severity vulnerability, which if exploited can trigger an assertion failure.
Mozilla pushed out two security patches for Firefox on Oct. 20 rated as potentially having a high impact on users of the popular browser.
Yahoo sent a letter to U.S. Director of National Intelligence James Clapper with a request to clear up the matter of whether Yahoo cooperated in a government request to scan its users' emails.
The Russian man that Czech authorities arrested on Oct. 5 in collaboration with the FBI is allegedly connected to the 2012 breach of LinkedIn.
Cisco released security updates for several products, one of which fixes a flaw that could allow remote execution if exploited.
Officials are confident that defensive measures have blocked the cyber paths that Russian hackers have been using to steal emails.
An independent researcher found gaping holes GOP presidential nominee Donald Trump's own email servers.
Security pros at the school noticed an uptick in phishing attacks two weeks ago.
About 15 percent of all home routers are unsecure, according to a study recently released by ESET.
The use of Stingray phone tracking technology is sweeping up a disproportionate number of low income and non-white citizens.
The Police of the Czech Republic on Tuesday announced the arrest of an unnamed Russian citizen suspected of hacking U.S.-based targets.
An independent research has found a second vulnerability in Samsung Pay that could allow attackers to intercept payment data.
Hackers exploited security vulnerabilities and weak passwords to burrow their way into a number of e-commerce sites, including that of the National Republican Senatorial Committee.
Federal law enforcement officials last May served a California residence with a warrant requiring any occupants on premises to use their fingerprints or thumbprints to open up their phone for investigators, reported Forbes on Sunday.
The Shadow Brokers is finding that its claim to have stolen the National Security Agency's (NSA) hacking tools is a tough sell with the hacking group being forced to change its sale methodology.
An Italian researcher who discovered a bug in IBM WebSphere and then worked with the company for two months on fixing the flaw, had his research censored by Big Blue.
Some cybercriminals are updating their payment card skimmer devices to Bluetooth, enabling them to steal data in real time using nothing more than a smartphone.
An adult video scam that was discovered infecting Russian Facebook users back in April is now targeting Europeans, Kaspersky Lab reported via its Securelist blog.
Marking the fifth anniversary of its bug bounty program, Facebook this week announced that it has paid out more than $5 million since the initiative's inception in 2011.
Researchers have spotted a clever trojan designed to take advantage of both a person's vanity and new security verification methods now being introduced.
Blockchain.info, a popular Bitcoin wallet provider, was knocked offline for seven hours on Thursday after a domain name system (DNS) attack.
Despite a glut of research into new ransomware families, low-tech threats like phishing attacks and viruses pose a more prevalent threat to small businesses than ransomware.
International Atomic Energy Agency's (IAEA) director Yukiya Amano said there was a successful cyberattack of a nuclear power plant two to three years ago.
Police monitoring activists profiled by color will no longer be able to mine data on Facebook, Twitter or Instagram using a tool from Geofeedia.
Potter County officials in Texas are assuring users that their voter information website is safe after learning that hackers gained access to it.
A malware infection is to blame for a payment card data breach affecting at least 230 University of Central Florida students, according to Orlando, Florida NBC affiliate WESH, citing school officials.
Cyber scammers are out looking to make a buck using Hurricane Matthew as a lure, according to US-CERT.
Trend Micro researchers found that cybercriminals are using video game currency to launder real world money.
Trend Micro researchers have spotted several exploit kits delivering Cerber 4.0 ransomware just a month after the release of version 3.
Heap overflow, out-of-bounds read and unallocated memory free operation vulnerabilities were addressed with a patch.
The browser hijacker Youndoo is now adding an extra Chrome profile to victims' machines, copying settings from users' current profiles so they don't notice the difference when their settings are switched, according to Malwarebytes.
Researchers have found a way to place backdoors in the cryptographic keys that protect websites, virtual private networks and internet servers.
The Clinton Foundation is again being discussed in cybersecurity circles, but this time it is phishing emails aimed at donors and not hacks that is .
New study found UK consumers use fewer mobile apps out of cybersecurity concerns.
Without users noticing, a new attack enables malware to switch on Apple webcams.
Google this week made available patches addressing 78 vulnerabilities, including seven critical flaws, the most severe of which could enable kernel-level remote code execution, resulting in a total device takeover.
Users had complained Windows 10 Anniversary wouldn't install on their computers.
Most web users are overwhelmed with warning of online threats and suffer from "security fatigue," according to the National Institute of Standards and Technology (NIST).
Following its exposé accusing OurMine of web defacements, the website BuzzFeed was itself hit.
Researchers at Sucuri are monitoring a rise in website compromises in which visitors are redirected to domains that offer to sell Windows product keys.
A backdoor malware campaign dubbed OilRig that in May was discovered targeting organizations in Saudi Arabia is now trying to drill into government entities in Turkey, Israel and the U.S., as well as Qatari companies and organizations.
MasterCard on Wednesday rolled out Identity Check Mobile, a new app that allows cardholders to pay for online purchases using biometrics to authenticate their identity.
SANS Institute researchers are calling on system admins to do their part in securing connected devices.
Several Spotify users are reporting that the streaming music service is serving malware to its users through its advertiser network.
Facebook Messenger quietly added the opt-in option to use encrypted messages in its latest update.
Reuters is reporting that Yahoo complied with a government request for information by scanning Yahoo Mail accounts via custom-built software.
Al Jazeera has launched a new mobile game #Hacked - Syria's Electronic Armies, in which the player assumes the role of an investigative journalist tasked with discovering the identities of pro-Syrian government hackers.
The Shadow Brokers Saturday posted a rant to voice their discontent over the lack of bids for the stolen goods.
The U.S. Army must begin training its soldiers to endure and then continue to fight after suffering a cyberattack on the battlefield.
Apple is pushing out its new macOS Sierra as an automatic download.
Google last week announced the impending rollout of Chrome version 53.0.2785.143, which addresses three security issues affecting the Windows, Mac and Linux operating systems.
DressCode malware spotted in thousands of apps and could pose a serious threat to enterprise networks.
A new study found significant concerns around data breaches among 1,200 American survey participants.
A coalition of privacy organizations are suing the United States and its allies for involvement in a bulk data collection program, which they say violates the European Convention on Human Rights.
The security firm Zerodium announced an increase in bounty prices for zero-day exploits with the top prize now being $1.5 million for and Apple iOS 10 remote jailbreak, a $1 million increase.
Proving there are few roads too low for a hacker to travel, a new Facebook scam has arisen spinning off the false reports that actor and former Angelina Jolie husband Brad Pitt committed suicide.
A cybercriminal could be risking a serious beating by compromising the popular Russian boxing site allboxing[.]ru with a redirect to a third-party site containing a Russian banking trojan.
Google and Dropbox are the latest U.S. tech giants to register with the Privacy Shield.
A hacker who was associated with the Syrian Electronic Army (SEA) pleaded guilty to conspiring to receive extortion proceeds and conspiring to unlawfully access computers.
SC Magazine Senior Reporter Jeremy Seth Davis discusses commodity malware with Cybereason CISO Israel Barak.
A UK-based investigative journalism site has come under cyberattack, purportedly from Russia, for its articles critical of Russia's involvement in the shooting down of Malaysian Airlines Flight 17 and corruption.
FBI Director James Comey told the House Judiciary Committee on Wednesday that his agency has spotted outside entities attempting to hack voter registration sites in several states.
Edward Majerczyk on September 27 pleaded guilty in a Chicago court to one count of unauthorized access to a protected computer to obtain information bringing to a close a case dubbed Celebgate.
Tesla has releases a major firmware update in response to a video posted by a group of Chinese researchers that displayed a series of vulnerabilities the electric car company's vehicles.
Rep. Ted Lieu (D-Calif.) quizzed newly appointed federal CIO Gen. Greg Touhill on why the General Accounting Office's cybersecurity recommendations have not implemented.
The Electronic Frontier Foundation (EFF) is criticizing HP for using a security update to also install a function that when recognizing a non-HP printer cartridge triggers a printer to shut down.
Avast researchers examined some of the marketing tactics used by Janus Cybercrime Solution, the cybergang behind the Petya and Mischa
OpenSSL Project released a critical patch for a new flaw created as a result of a recent update to the cryptography library.
A new version of the Andoid.Xiny trojan that can now root a device to gain admin privileges and that is harder to uninstall has been spotted by security researchers.
Death Eaters, or perhaps just bad guys, with a taste for the Harry Potters franchise have unleashed a new strain of ransomware they've dubbed Voldemort, named for the villain of the book and movie series.
A large-scale email campaign was spotted distributing a new ransomware variant called MarsJoke.
"Not because it was revealing a truth that I want to put away, but because I was in a constant state of wonder about the misappropriation of the truth."
The Swiss intelligence service received permission to begin tapping phones and monitoring emails following a vote in the nation's parliament and approval by a public referendum.
A technical committee that provides guidance to the Federal Aviation Administration has reportedly developed drafting recommendations for strengthening the aviation industry's cybersecurity posture.
For the second time this year, Discover Financial Services reported a set of data breaches on the same day to the California Attorney General's Office.
A Romanian national was sentenced to three years behind bars for stealing more than $900,000 from a variety of U.S, banks and financial institutions.
In a settlement, the hotel chain operated by Republican presidential candidate Donald Trump will fork over $500K in fines and improve the security of its computer network.
A Russian mobile forensics company says the iPhone's most recent operating system has weaker password protection for manual iTunes backups than earlier operating systems.
One of the techniques malware can use to evade researchers' virtualized or sandbox environments is accessing recent documents to determine if the infected machine has a history of legitimate usage.
While it might not include the Death Star cyber warfare among the stars is almost inevitable.
Kosovo native Ardit Ferizi was sentenced in federal court in Alexandria, Va. after pleading guilty to providing aid to the Islamic State.
The Air Force is reporting progress in its mission to secure its weapons against cyberattacks.
A new bill before Congress would require that all voting machines leave a traceable paper trail and require a secure connection to the web for vote-tabulating machines to prevent electoral tampering.
Cybersecurity blog site KrebsOnSecurity was barraged Tuesday evening by an extraordinary DDoS attack boasting a bandwidth between 620 and 665 Gbps - one of the largest such attacks in history.
The Drupal Security Team issued updates for a pair of critical flaws, one allowing remote code execution and another giving access to parts of the system without full administrative permissions.
Director of National Intelligence James Clapper said there have been previous instances of Russian attempts to influence U.S. elections going back to the 1960s.
A new commercial keylogger nicknamed iSpy that is capable of snatching every keystroke and fully examining the data on an infected computer has been spotted by Zscaler being sold on underground forums for as little as $25.
Security engineer Matt Bryant posted details of North Korea's registered domains after a misconfigured nameserver revealed details.
Google Play continues to be a playground for cybercriminals with Google recently having to remove four apps from the store because they were distributing a new form of malware dubbed Overseer.
HDDCryptor is a ransomware variant with a couple of new twists added that makes it an effective tool for cybercriminals, a Trend Micro study found.
The Association of State Democratic Chairs sent an email to its members advising them to avoid Wikileaks as a precaution against malware infection, especially after several state officials had their accounts hacked, Politico reported.
The U.S. House of Representatives plans a vote on legislation that would task the SBA with assisting small businesses in improving preparedness against cyber threats.