Experts at Symantec have come across a sophisticated cyber espionage tool that exhibits a rare complexity of features similar to past cyberespionage malware.
The director of the NSA stated that China, as well as "one or two" other countries, is capable of launching cyberattacks to shut down electric grids and other critical infrastructure in parts of the U.S.
Jacob Mahonri Espinal hacked into his school's computer system to bring his grades up from academic probation status to straight As.
Two telemarketing operations conned thousands of customers by tricking them into buying into tech support services for computer problems that didn't exist.
Earlier this month, it was revealed that DOJ uses "dirtboxes" attached to aircrafts to spy on Americans' mobile devices.
The EFF, Amnesty International and other organizations are lending support to Detekt, an open source spyware detection tool.
Researchers at Kaspersky Lab said the first trojan banker, published by "Governo Federal," was predictable.
An advisory was issued on Wednesday regarding a denial-of-service vulnerability in Drupal 7 and a session hijacking flaw in Drupal 6 and 7.
Panelists at the closing keynote at SC Congress 2014 in Chicago urged attendees to work with the FBI to unravel breaches.
Researchers at McAfee have identified a new attack that exploit a Microsoft Word ActiveX control vulnerability.
The popular messaging app announced on Tuesday that it has already begun encrypting users' messages.
Google Chrome 39 was promoted to the stable channel for Windows, Mac and Linux on Tuesday and contains 42 security fixes.
With more than 400 technical, government and cyber experts involved, Cyber Coalition 2014 tested the speed of sharing threat intelligence.
Nicolae Popescu and Dumitru Daniel Bosogioiu are wanted for organizing an international crime scheme that led to millions of lost dollars.
PricewaterhouseCoopers surveyed more than 700 financial service companies and found that they plan to bulk up their cybersecurity efforts in the coming years.
Brian Krebs reported on Monday that malware found in Staples stores was observed to be communicating with command-and-control networks used by attackers in the Michaels payment card breach.
The tech company delayed the release of bulletin MS14-068 until Tuesday.
The tech company addressed vulnerabilities in its newly released iOS 10 and improved reliablity on OS X Yosemite.
Democrats on a House oversight committee have asked Secretary of State John Kerry when the breach was first discovered.
Veterans Affairs has failed an annual cybersecuirty audit for the 16th year in a row, a new report reveals.
Judges in Pierce County, Wash. approved a new requirement that would make law enforcement officials explicitly cite when they plan to use 'stingray' technology during an investigation.
More than half of UK organizations would consider hiring a hacker or person with a criminal record in order to keep ahead of cyber crooks, a KPMG survey found.
Gh0st RAT was identified in a spear phishing campaign to target Tibetan NGOs recently.
Police in Beijing arrested three suspects behind the malware that targeted users in China.
Israeli police arrested eight former Leumi employees in a scheme to extort millions of shekels.
Facebook unveiled its "Privacy Basics," guidelines that help users control and protect their information.
Security firm Symantec calls the cyberespionage campaign "Operation CloudyOmega."
Arturas Samoilovas allegedly illegally accessed the computer network of Eaton Corporation and installed malware after he was denied a position at the company.
The funding will support the development of two new supercomputers.
A federal judge has said Apple must face a lawsuit that claims it didn't reveal that text messages would be blocked when iPhone users switched to Androids.
Apple maintains that customers aren't at-risk targets for the Masque Attack if they operate within the App Store. Meanwhile, US-CERT issued a warning regarding the attack.
A report by Ari Kaplan Advisors and sponsored by Nuix found most infosec pros collaborate with data managers.
An app masquerading as a provider of downloadable content was, in actuality, a SMS trojan that could have subscriber victims to a daily feed that cost 37 cents per day.
The personal information included card and linked account numbers, card expiry dates and cardholder names.
Researchers at Fortinet have uncovered an aggressive variant of Dofoil, a botnet once believed to be dead.
The Intel Security Digital Safety Program supports cybersecurity education among elementary school children.
Kaspersky Lab researchers are confident they have identified the first five victims, or patient zeroes, of the Stuxnet worm.
Researchers at Integrity Labs say the vulnerability, if left unpatched, could allow attackers to gain control over affected devices.
Software updates are now available for the Flash player and Adobe AIR after vulnerabilities were found that could give attackers the ability to execute code or escalate privileges on a machine.
The attacks were detected and incident response began immediately, with unscheduled maintenance being performed to mitigate the threat.
The American Postal Workers Union filed charges to the National Labor Relations Board against the Postal Service for failing to notify them earlier about the recent breach.
In a notification letter to customers, Amex said law enforcement has arrested an individual possessing stolen personal and account information.
Trend Micro researchers observing two keyloggers have released their findings in a paper.
Attackers are using stolen email addresses to try to steal victims' bank account numbers.
Following a review by the board and Kheradpir's involvement in "a particular negotiation with a customer" there has been a shift in leadership at the network services firm.
Home Depot's breach could have resulted from a vulnerability in Windows that was patched too late into the attack.
The Kaspersky Labs Global Research and Analysis Team came across the campaign, which hides on the networks of hotels located in various countries.
A college student showing off his technical prowess hacked into websites of malls, hospitals and universities.
Mozilla is heeding user desire for internet privacy by collaborating with the Tor Project and the Center for Democracy & Technology.
The Department of Energy contract will allow Norse to support the agency's Cybersecurity Risk Information Sharing Program (CRISP).
US-CERT issued an alert on Monday, warning all users that Microsoft is ending support for the Windows Server 2003 operating system on July 14, 2015.
A letter sent to Congressional leaders states that legislation to address data breaches should cover all entities that handle sensitive information.
The PCI Security Standards Council announced its new Special Interest Group (SIG) projects for 2015 earlier this week.
The Associated Press reported that a hack, similar to past intrusions by Chinese hackers, went unnoticed by USIS for months.
Damballa observed the spike in infections, which followed a Backoff peak in Q3.
The government has begun encrypting user data on two websites providing AIDS-related information.
Christopher Lykes, a former employee with the South Carolina Department of Health and Human Services, was sentenced to three years of probation and must serve 300 hours of community service.
The Electronic Frontier Foundation will have a change in leadership come January as Shari Steele steps down.
Accuvant and FishNet Security are joining forces to offer a broader suite of services, smarter solutions, more expertise and expanded reach.
In a preview of its 2014 CISO study, IBM revealed leaders' top cloud security concerns.
New European restrictions will require spyware manufacturers to get the EU's permission before exporting their product.
FS-ISAC teamed up with the Depository Trust & Clearing Corp on the Soltra Edge platform which will deliver information on breaches and threats to the financial sector.
Fredrik Neij was arrested at the Thai-Laos border earlier this week on copyright violation charges.
The social media company reported that governments made 34,946 requests for user data, which represented a 24 percent increase since the last half of 2013.
More than 130,000 computers have been infected by the malware in the country, which encrypts communication with its C&C servers to avoid detection.
Vladimir Drinkman, who was charged for his involvement in the Heartland breach, is currently in the Netherlands.
The tool, called "notogotofail," tests whether devices and applications are secured against known TLS/SSL flaws and misconfigurations.
FireEye researchers have observed ties between DDoS attacks against Hong Kong pro-democracy protesters and APT activity based in China.
A Swedish hacker says he won't divulge details of the vulnerability until January, after Apple patches it.
Scott Walton served as a lead member of the SnappzMarket Group, which conspired to illegally reproduce and distribute more than one million copyrighted Android apps.
Shannon is a senior member of IEEE and is well-versed in working with industry, government and academia on cyber issues.
The social media site launched its Tor-friendly version to accommodate users who might want to keep their identities anonymous.
The newly created company Resolution1 will be responsible for cybersecurity incident response business.
The increase could be attributed to a recently discovered spam campaign that involves phony emails claiming to be from the Canadian Post or USPS.
Researchers at PhishMe warned of the campaign that uses purported payment confirmations to fool victims.
In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.
Conducted by the European Union Agency for Network and Information Security, the simulation launched 2,000 attacks on the networks of various critical infrastructure organizations.
In readying a libel suit against DoubleVerify, FilmOn says it discovered that the firm deliberately distributed malware.
Sen. Charles Schumer of New York has called on federal law enforcement officials to stop "copy cat websites."
Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.
The Italian spyware company had its manuals posted online that detail how thoroughly an infected user's actions can be monitored.
A recent Gallup Crime poll indicates that Americans' top two worries revolve around having credit card data stolen or their computer or smartphones compromised.
Gottfrid Svartholm Warg was found guilty of hacking an IT service provider in Denmark. This is his second court case for illegally accessing data.
Assume every Drupal 7 website is compromised, unless patched or updated to Drupal 7.32 within seven hours of the disclosure of a highly critical SQL injection vulnerability.
The malware has previously been used to steal $220,000 worth of bitcoins from victims.
The monthly science magazine served up malicious code to readers earlier this week and has remedied the issue.
The White House experienced a sustained cyberattack on its systems that impacted its network for nearly two weeks.
Christian Lacroix, who famously hacked Paris Hilton's phone and Burger King's Twitter account was sentenced for breaking into Bristol Community College computers.
Igor Baikalov was appointed chief scientist at security intelligence firm Securonix.
In a letter, the Motion Picture Association of America asked the United States Trade Representative to include cyberlocker sites on its Notorious Markets List.
A report by the state's attorney general sheds lights on the increase in data breaches, which have seen a 30 percent uptick in California so far this year.
Robert Dubuc hacked into various financial accounts and used them to divest money to other accounts and buy pre-paid debit cards.
Following his time as RSA's senior vice president of products, Amit Yoran will be promoted to the company's president.
The unnamed leaker's house was searched and a criminal case was opened after documents about the U.S. government's terrorist watch list were published.
The credential-stealing malware Dyre has been tied to a string of phishing attacks.
The Electronic Frontier Foundation (EFF) filed a new brief after the government released its own opposition.
The Federal Communications Commission fined Terracom, Inc. and YourTel America, Inc. $10 million for their failure to protect users' personal information.
A researcher with Leviathan Security found that a Tor exit node in Russia is adding malware into downloaded binaries.
Nicholas Rotundo was taken into custody by federal agents for blackmailing a female college student by threatening to post her nude images on a revenge porn website.
The bug, CVE-2014-6352, has a temporary solution, but still no permanent fix from Microsoft.
Sign up to our newsletters
SC Magazine Articles
- Microsoft report explores dangers of running expired security software
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Survey: real-time SIEM solutions help orgs detect attacks within minutes
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- Vulnerabilities identified in three Advantech products
- Operators disable firewall features to increase network performance, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Upping the ante: PCI Security Standard