Filipino authorities arrest second man in hack that revealed data on 55M voters

The 23-year-old mastermind behind the hack of the Commission on Elections (COMELEC) website, which led to the exposure of 55 million voter records, was arrested by the Cybercrime Division of the National Bureau of Investigation in the Philippines Friday.

Mich. bill would make car hacking a felony punishable by life in prison

Hacking a connected car in Michigan could warrant a life sentence behind bars if recently proposed legislation is passed into law.

Updated: ISIS hackers join together in 'United Cyber Caliphate', issue hit list

Several ISIS hacking groups announced that they have joined forces to form a large hacking group.

Unclassified: Hackers steal Gumtree Australia customer data in breach of classifieds website

The online classified website Gumtree Australia alerted customers on Friday of a data breach after hackers stole their personally identifiable information last weekend.

'Wizz' kids: Talos researchers pinpoint French firm as source of spyware-adware threat

A supposedly legitimate French software firm, Tuto4PC, has actually infected an estimated 12 million PC users with a generic Trojan disguised as downloadable utilities programs, according to an analysis from Cisco's Talos research division.

Ohio firearms dealer website breach compromises customer names, state ID data

An Ohio firearms dealer notified the California Attorney General that the company experienced a data breach that compromised its customers' name and state identification information.

Cyberattack knocks Lansing utility offline

The Lansing, Mich., Board of Water & Light (BWL) hopes to be fully back online today after suffering a cyberattack earlier this week that knocked the utility's internal computer systems offline.

Trade secret anti-theft bill passes House, awaits Obama's signature

The U.S. House yesterday passed the Defend Trade Secrets Act of 2015, which creates a single U.S. standard for protecting companies from intellectual property theft through civil recourse against the offending parties in federal court.

U.S. Cyber Command closer to break from NSA

A defense authorization bill could split off the U.S. Cyber Command from under the direction of U.S. Strategic Command and the NSA.

EFF revises IM scorecard ratings after pen testers spot vulnerabilities

The EFF is revising its IM scorecard after a pair of researchers spotted vulnerabilities in platforms previously rated safe.

DDoS attacks still growing...and stronger, Kaspersky

Cybercriminals are strengthening their DDoS attacks with more amplification and new methods to refine their botnets.

Survey: Wearable devices most likely to pose IoT security threat

Wearables are the Internet of Things (IoT) devices most likely to emerge as a security threat or cause a breach, according to a new survey by Spiceworks and Cox Business.

Budget approval sought for training U.S. cybersecurity troops

Lawmakers are requesting an addendum to a defense authorization bill to mandate specialized training for U.S. cybersecurity troops engaged in war games.

Firefox patches issued, one critical

Mozilla released 10 security advisories affecting its Firefox open-source web browser.

Facebook social login bug, now fixed, exposed account holders to potential ID theft

Facebook has updated its social login process after a security firm found a bug that could have enabled adversaries to steal victims' online identities.

Possible 1.4GB data breach at Qatar National Bank

The Qatar National Bank is investigating a possible massive data breach with more than 15,000 files, or 1.4GB of data, being compromised.

Defense to judge: Make feds disclose hacking technique in child porn case or dismiss charges

More than two months after a federal judge ruled the U.S. must privately disclose the hacking technique the FBI used to identify patrons of the child porn site Playpen, lawyers have filed a motion urging the case be dismissed if the government does not comply or drop the charges.

Empty email threats reap payoff for Armada Collective

Emails sent to businesses demanding payment to avoid a DDoS attack were enough to spur some to pay off, even though no attacks resulted.

RuMMS malware using smishing to attack victims: FireEye

FireEye researchers have spotted in the wild a new version of the RuMMS malware family that is attacking people in Russia using a SMS text message phishing, or smishing, scheme to steal personal and banking data from the phone.

Campaign apps putting user data at risk, study

App users logging in over unsecured ​​Wi-Fi hotspots may be exposing their personal information to data miners.

Odd 'phantom trips' taken a year after Uber log-in credentials surface on dark web

Odd "phantom trips' taken nearly a year after Uber log-in credentials surfaced on the dark web.

Microsoft vulnerability lets hackers bypass app whitelisting protections

A researcher has discovered a way for attackers to sneak remotely hosted, unauthorized applications past Microsoft Windows' whitelisting security feature Applocker, by abusing the command-line utility Regsvr32.

Georgia couple pleads guilty in IRS 'Get Transcript' data breach

A Georgia couple pleaded guilty for their role in the IRS 'Get Transcript' data breach that compromised 700,000 accounts.

A million-plus accessed Facebook via Tor last month

Just-released figure doubles the number from less than a year ago of Facebook users accessing the site via Tor.

MIT launches bug bounty program

The Massachusetts Institute of Technology (MIT) introduced a bug bounty program last week that it termed "experimental."

Anonymous-linked Ghost Squad haunts KKK with DDoS attack

The Anonymous-affiliated hacking group Ghost Squad yesterday launched a distributed denial of service attack against the Loyal White Knights of the KKK, knocking the white supremacist group's website out of service.

Bangladesh banking hack due to SWIFT vulnerability

A report from the Society for Worldwide Interbank Financial Telecommunication (SWIFT) indicates the group was aware that malware was targeting its system when $81 million was stolen from a Bangladesh bank in March.

Cisco flags five product vulnerabilities that could trigger denial of service

Cisco issued five security alerts this week, issuing software updates to patch a series of vulnerabilities, any of which could potentially trigger a denial of service condition.

Sony confirms two-factor authentication coming to PlayStation network

Three years after Microsoft introduced a two-factor authentication into its Xbox Live online gaming network, Sony has confirmed it will incorporate the same security feature into its PlayStation Network services.

Sixth teen arrested in breach of U.K. ISP TalkTalk

A teenager turned himself in to police in Staffordshire, U.K., where he was arrested on charges stemming from a breach of internet services provider TalkTalk.

FBI iPhone hack may have cost more than $1.3M

Published reports are using an odd methodology in an attempt to decipher exactly how much the Federal Bureau of Investigation (FBI)paid to unlock the iPhone 5c belonging to one of the San Bernardino terrorists.

New version of TeslaCrypt ups ante for ransomware

Two updates in TeslaCrypt illustrate that ransomware is not only spreading wider, but is also evolving with new capabilities.

Adobe issues third update for April

Every day is Patch Tuesday for Adobe as the software company today issued an update for its Analytics AppMeasurement for Flash Library.

Man arrested in data breach that exposed 55M Filipino voters

Filipino authorities Thursday confirmed the arrest one of three people believed to be responsible for breaching the COMELEC website.

Australia's prime minister confirms Australian Bureau of Meteorology attack

Australian Prime Minister Malcolm Turnbull confirmed that the Australian Bureau of Meteorology was indeed a target of a cyberattack last year.

FCC set top box proposal could intrude on privacy, Americans say in DCA survey

Americans are concerned that the FCC's Set-Top Box proposal, which will open the market to third-party vendors like Google, will compromise their privacy.

Hacktivist school set up on dark web

Aspiring hacktivists can now login to a chat service hosted by Anonymous to learn coding and encryption.

Cytegic finds ties between terror and cyberattacks

The terror attacks that struck Belgium and France also kicked off a period of increased cyber attack activity in both countries, according to a report by Cytegic.

Ashley Madison class-action: plaintiffs must use real name or drop out

A federal judge has ruled that Ashley Madison class action plaintiffs must use their real names to continue lawsuit.

Online scammers entice wannabe mystery shoppers to disclose personal data

Beware of fake mystery shopper scams, a new McAfee Labs consumer alert warned.

Data breaches fueled valuations of cyber firms

Stoked by headlines announcing major data breaches, the stock valuations of cybersecurity companies outperformed the Nasdaq and S&P 500 by double over the past three years.

Oculus exec says VR privacy questions will be answered 'in due time'

Oculus exec says U.S. Senator's privacy policy questions on VR data collection will be answered "in due time."

Nine-year sentence for law firm's malicious insider

A malicious insider was handed a nine-year prison sentence and a $1.7 million fine for hacking into the computer system of his former employer Locke Lord.

Educational network Janet hit with DDoS attacks

A wave of DDoS attacks were launched against the government-funded education network Janet yesterday morning.

Stolen laptop puts data of CVS customers in Alabama at risk

The personal information of an undisclosed number of CVS customers in Calera, Ala., is at risk after a laptop was stolen from one of its vendors.

Senate subcomittee to discuss cybersecurity issues

The Senate Subcommittee on Emerging Threats will meet today to hear testimony on cybersecurity issues and funding from Department of Homeland Security and U.S. Cyber Command representatives.

Cyberattack brings down Newark Police Dept. systems

Newark's police department was hit with cyberattack that that shut down key systems for three days.

Talos: 3.2 million machines vulnerable to malicious JexBoss exploit tool

A deeper probe into the JBoss server vulnerabilities linked to recent Samsam ransomware attacks has uncovered 3.2 million unpatched machines that are potentially susceptible to this attack vector.

MIT develops new cybersecurity AI platform

Researchers at MIT have developed a hybrid machine learning/human cybersecurity platform that reduces false positives and can predict a cyberattack with 85 percent assurance.

Research: Over 6,000 data breaches in key industry sectors since 2005

The Identity Theft Resource Center (ITRC) and IDT911 said that to date, the financial services, business, education, government and healthcare industrial sectors have experienced over 6,000 data breaches since 2005.

Canada police decrypted a million BlackBerry messages

The Royal Canadian Mounted Police intercepted and decrypted around one million PIN-to-PIN BlackBerry messages,

Magic Leap acquires NorthBit

Virtual reality firm Magic Leap has acquired Israeli cybersecurity company NorthBit.

Cybersecurity new atom bomb, says Apple co-founder Steve Wozniak

Cybersecurity is the greatest threat since the atom bomb, said Apple co-founder Steve Wozniak.

U.S. cyber soldiers hitting ISIS hard

The U.S. Cyber Command is taking the information security fight to ISIS hacking into the computers of individual fighters and interrupting the terror group's encrypted communications.

GM hires lobbyists to advocate for driverless cars

Lobbying firm The Fritts Group has contracted with General Motors to advocate for the introduction of self-driving vehicles on behalf of the Detroit-based automobile manufacturer.

VMware patches MitM and web session hijack vulnerability

VMware advised users to patch a critical issue that could allow man-in-the-middle (MitM) attacks or web session hijacking.

Report: Feds staying mum on possible Firefox vulnerability

Experts are speculating that the FBI may be closely guarding a secret vulnerability in the Firefox browser that it can exploit for future law enforcement purposes, according to a Motherboard report yesterday.

Public opinion split on whether hacktivists have legit place in society

Global citizens are collectively torn as to whether or not hacktivists constitute a public nuisance, or actually benefit society by holding criminal organizations, governments and corporations accountable, according to a new survey.

Flaw in Junos OS detected, fixed

The risk level is "high" for multiple privilege escalation vulnerabilities that can affect any product or platform running Junos OS.

Lizard Squad possibly behind Blizzard DDoS attack

The hacking group Lizard Squad is taking credit for unleashing a distributed denial of service (DDoS) attack Wednesday against Blizzard that prevented some customers from signing onto for several hours.

FBI efforts to break encryption go way back

Well before the FBI's recent demand that Apple give up the keys to the encryption used in an iPhone 5c, the bureau engaged in a similar effort.

Facebook scam promises friend's video, delivers malware instead

A new spam campaign tries to fool Facebook users into downloading malware by luring them to a fake YouTube page supposedly featuring a friend's video.

Anonymous, LulzSec leak millions of records to protest Italian labor laws

Anonymous and LulzSec leaked millions of records and launched cyberattacks on Italian businesses to protest Italy's labor laws.

Reboot flaw leaves millions of ARRIS SURFboard modems vulnerable

An unauthenticated reboot flaw has potentially left millions of ARRIS SURFboard modems vulnerable to a simple attack.

419 phishing scam promises BMW, $1.5 million and an Apple laptop

Cybercriminals have put a new spin on the infamous 419 phishing scam offering "winners" a 2016 BMW X6M, a $1.5 million check and an Apple laptop in exchange for personal info.

Countdown to deletion: Jigsaw ransomware erases files every hour

A new ransomware named Jigsaw, inspired by the eponymous character in the Saw horror film franchise, subjects its victims to a countdown clock, deleting files every hour at an escalating rate until a ransom of $150 is paid.

Cyberattack glitch exposes new strain of Qbot malware

The malware Qbot relies on stealth to secretly steal victims' credentials, but an unexpected glitch during a recent cyberattack alerted researchers to a new campaign featuring a more virulent strain of the software.

Patch Tuesday: Adobe issues patch for Creative Cloud Desktop Application

Adobe's April Patch Tuesday offering contained a single update fixing a flaw in its Creative Cloud Desktop Application.

Hacked Swedish military servers used in 2013 DDoS attacks

Swedish military servers were used by hackers to launch 2013 attacks against U.S. financial institutions, according to reports.

Former DOE staffer sentenced to 18 months for attempted spearphishing campaign

The three-year long legal saga of former Department of Energy worker Charles Harvey Eccleston ended with his being sentenced to 18 months in prison for attempting to spearphish his former co-workers.

Atmos, Citadel malware variant, hitting French banks

A variant of the notorious Citadel malware, dubbed Atmos, is targeting financial institutions in France, six months after Citadel's author was imprisoned.

OptumRx customer records on stolen laptop compromised

The online prescription drug company OptumRx reported that an unknown number of customer records were compromised when a vendor employee's laptop was stolen.

Home Routers targeted with DNS malware via mobile devices

Researchers at Trend Micro uncovered a new form of attack exploiting vulnerabilities in home routers.

KickassTorrent touts adoption of two-factor authentication

A torrent site has added an extra layer of security for users logging in.

FBI, DHS launch series of briefings to raise awareness of Ukraine power grid attack

The FBI and DHS has scheduled a series of unclassified webinars and threat briefings across the U.S. addressing the 2015 cyberattack against Ukraine's power grid.

Mumblehard Linux botnet eliminated as a threat: ESET

Security researchers at ESET reported that the spam-dispensing Mumblehard Linux botnet is no longer active due to the combined efforts of the company, the Cyber Police of Ukraine and CyS Centrum.

Georgetown University confirms cyberattack, says no data compromised

Georgetown University confirmed it was hit with a cyber attack last week but school officials said no data was compromised.

ESET: 11 percent of machines still using defunct Windows XP

Exactly two years ago, Microsoft's Windows XP operating system reached its end of life, yet as of March 2016 nearly 11 percent of machines continue to use the defunct OS, the cybersecurity research firm ESET reported today.

ETA hacking group member pleads guilty to DDoS against security researcher

Benjamin Earnest Nichols, a 37-year-old man from Oklahoma City faces a 10-year federal prison sentence for launching a DDoS attack against the website owned by a security researcher.

NCT breach compromises info on 15,085 new and expectant parents

A breach at the National Childbirth Trust (NCT) in the U.K. compromised the information of 15,085 users.

German police arrest two in cybergang investigation, including main suspect

German police Tuesday arrested the 22-year-old main suspect in a cybercriminal investigation spanning four countries.

Hackers port Windows-based Pirrit adware to run on Macs

Once relegated to Windows, the adware known as Pirrit has now been ported to work on the Mac OS X operating system, and this variant is more malicious than its predecessor ever was, according to the security firm Cybereason.

Judge approves settlement for Sony hacking case

A U.S. district judge approved the settlement in a class action suit against Sony Entertainment.

Domino's hack: A lifetime of free pizza just one poor security practice away

A poor security practice in the payment authentication process in the Domino's Pizza Android mobile application allowed a U.K. security consultant to order a pizza free of charge.

Australian fashion blogger's Instragram account reportedly hijacked

The Instagram account of Australian fashion blogger Rozalia Russian was hijacked by an American hacker, who extorted $5,000 from her before handing back her credentials, according to a report in the Sydney Morning Herald.

Cyber commander expresses concerns to Senate over ISIS capabilities

One of the many possible cyber scenarios keeping U.S. commanders awake at night is having the Islamic State develop the capability to alter sensitive information that could endanger American forces.

Hack-for-hire services booming, new report

Hackers are offering their services to break into corporate email for anyone paying $500, according to a new report from Dell SecureWorks.

MedStar hit with samsam ransomware: Source

MedStar Health was hit with samsam, or Samas, ransomware in an attack that forced the hospital group to take its systems offline in late March, according to story from the Associated Press.

Mattel duped out of $3M in phishing scam, recovers loot

U.S. toy manufacturer Mattel fell victim to a phishing campaign, but was able to recover its money.

Personal laptop, possibly containing data on 5M patients, stolen from HHS facility

A personal laptop and hard drives that may have contained data on close to 5 million medical patients was stolen from a Washington State federal building, prompting calls for the Department of Health and Human Services to reveal the extent of the damage.

FBI observes major uptick in business email compromise scams

Between October 2013 and February 2016, 17,642 global businesses collectively lost $2.3 billion to business email compromise scams, according to the FBI.

Researcher nets $13K for Microsoft auth vulnerability

U.K.-based security researcher Jack Whitton netted $13,000 in Microsoft's bug bounty discovering a serious authentication vulnerability.

U.S., Canada issue ransomware alert

The U.S. Department of Homeland Security, in collaboration with Canadian Cyber Incident Response Centre, issued an official ransomware alert.

Researchers find 100 adware apps on Google Play

Researchers discovered more than 100 Android apps infected with Android.Spy.277.origin, an adware Trojan that contains spyware functionality.

Researcher pinpoints significant vulnerabilities in Quanta routers

Routers from Taiwan-based electronic hardware manufacturer Quanta Computer are plagued with serious vulnerabilities, according to researcher Pierre Kim in his blog, A Slice of Kimchi.

Cisco's FirePower firewall line receives security update

Cisco's recently launched line of FirePower firewall products are receiving a free "high severity" security update to fix a critical vulnerability.

Google patches Android bug

A vulnerability affecting Nexus 5 Android devices was patched by Google

CDT forms Advisory Council

The Center for Democracy & Technology (CDT) has formed a 56-member strong inaugural Advisory Council that will advise on its policy advocacy work.

PayPal vulnerabilities could have allowed phishing emails

A researcher netted $500 from PayPal's bug bounty program for a vulnerability that could have allowed phishing and other attacks.

Black Hat Asia: Researchers find reusable vulnerabilities in popular Firefox extensions

Reusable vulnerabilities affecting popular Firefox extensions discovered by researchers at Boston University and Northeastern University were disclosed at Black Hat Asia in Singapore.


Sign up to our newsletters