Microsoft expands bug bounty program to include Project Spartan

Microsoft announced plans on Wednesday to on expand its bug bounty program to include Project Spartan, the company's new browser, and Azure, the company's cloud platform.

RSA 2015: Some point-of-sale security tips

Using point-to-point encryption and monitoring privileged credentials are among the point-of-sale security tips offered during a session at RSA Conference 2015

Cybersecurity organizations meet to discuss lack of qualified security pros

More than a dozen cybersecurity organizations met earlier this week to discuss plans to establish a framework for resolving the "shortfall of qualified people in the cybersecurity profession."

Manny Rivelo set to take over as president and CEO of F5 Networks

Manny Rivelo was named president and CEO of F5 Networks, an application solutions provider, this week.

FBI warns FAA to watch for suspicious hacking activity on flights

The FBI issued an alert to the Federal Aviation Association (FAA) earlier this week to warn about hackers who might try to access airplane network ports, according to Wired.

Cisco issues first transparency report

Cisco issued its first transparency report earlier this week and elaborated on its procedures if it were to receive government requests for user data.

RSA 2015: Anonymous dying, other hacktivists filling gap

As Anonymous activity drops, iSIGHT Partner's Joe Gallop boldly predicts the demise of the hacktivist collective but says other groups are stepping up to fill the void.

Google Wallet now backed by FDIC

Search engine giant Google received Federal Deposit Insurance Company (FDIC) backing for its mobile payments app Google Wallet.

'Rootpipe' vulnerability still exploitable on patched machines

Apple "rootpipe" vulnerability was supposedly patched in the company's most recent release, but a security researcher says differently.

Multiple WordPress plugins vulnerable to cross-site scripting

The issue was identified last week and researchers worked together with plugin developers to ensure patches were ready before the problem was disclosed.

Virginia to establish state-level information sharing organization

Virginia Governor Terry McAuliffe announced on Monday that the Commonwealth is establishing the first state-level Information Sharing and Analysis Organization.

Google sets plans to move all ads over to HTTPS

After already making HTTPS encryption the default on search, Gmail, YouTube and Drive, Google will now be implementing HTTPS on its ad products.

Check Point discloses vulnerability in eBay's Magneto platform

Check Point discovered a critical remote code execution vulnerability could have allowed attackers to compromise nearly eBay shops running on the company's Magneto platform.

Raytheon to acquire Websense in $1.9 billion deal

Raytheon Company will acquire Websense later this year in a $1.9 billion deal with Vista Equity Partners.

IBM launches free collaborative threat-sharing platform

IBM launched a cyber threat intelligence sharing platform on Thursday that the company is billing as a social media network for security analysts.

Former IT manager faces seven charges in federal indictment

An Illinois IT manager was federally indicted for launching a cyber attack against his former employer.

China suspends tech requirements that drew global concern

Chinese regulators have suspended rules that heavily policed foreign technology, after backlash from its own banks.

AirDroid vulnerability would let attackers take over Android phones

A serious vulnerability has been found in Android's AirDroid application that could allow unauthorized remote access to the user's phone

Github publishes first transparency report

Github released its first transparency report earlier this week and disclosed the 10 requests it received for user data.

Dropbox launches bug bounty program

Dropbox launched its bug bounty program on Wednesday through HackerOne.

Resolution1 lays off global marketing team, focuses on customers, R&D

After splitting from AccessData in 2014, the security start-up has decided to restructure to focus on customers and product development.

PCI SSC releases version 3.1, eschews SSL, early TLS

Organizations have 14 months to comply with PCI SSC Version 3.1, which addresses vulnerabilities in SSL and early TLS.

Report: DEA contract supplied agency with Hacking Team spyware

Motherboard and Privacy International revealed the contract between DEA and a government supplier.

Audit finds unsecured docs at most desks in five DHS orgs

Sensitive information was left out in the open after hours on nearly a third of the desks at five Department of Homeland Security (DHS) organizations, a KPMG audit found.

Minnesota university breach update, 160K students affected

Metropolitan State University announced that approximately 160,000 current and former students, as well as 900 faculty members, were impacted in a "likely" breach.

GAO warns FAA of internet-connected systems

The Government Accountability Office (GAO) warned the FAA that its on-flight Wi-Fi, among other things, could put aircrafts and passengers at-risk.

Target expected to pay $20 million to MasterCard for breach

The retail giant is expected to reach a $20 million settlement with MasterCard as compensation for cost incurred in the the 2013 breach.

Efforts to strengthen Pentagon security workforce delayed until 2018

The initiative to triple U.S. Cyber Command security staff, to more than 6,000 military and civilian personnel, will not be completed until 2018.

Second member of 'cash out' crew sentenced to 7-1/2 years in prison

The second member of a cyber crime syndicate cash out crew that attempted to steal $15 million from bank customers was sentenced to prison Tuesday.

Adobe security updates address wide range of bugs, some critical

Adobe released security updates for Flash Player on Tuesday, as well as updates for Adobe Flex and ColdFusion.

PCI SSC updates security standards for making of payment cards

The PCI Security Standards Council (PCI SSC) has updated its security requirements to improve the security of data and other components in the making of payment cards.

Hinkley to replace founder Grossman as WhiteHat CEO

After more than a year with company founder Jeremiah Grossman serving as interim CEO, WhiteHat has selected Craig Hinkley to fill the top spot.

Two debt brokers settle with FTC after posting debt portfolios online

The FTC imposed greater security and privacy requirements on two debt brokers after they posted personal information of 55,000 consumers online.

HBO investigating how 'Game of Thrones' leak occurred

A day before the show's highly anticipated Season 5 premiere, four episodes of the TV series leaked online.

Belgian media company experiences DDoS attack

On the heels of similar incidents, Rossel, a Belgium media group, experienced an hours-long DDoS attack Sunday afternoon.

Tribeca Film Festival to host DefCon program in NYC

The highly regarded Tribeca Film Festival will offer a three-day DefCon program that includes panel discussions about portraying hacking in film.

Malware identified in French TV network attack

Researchers at Trend Micro have detected malware that they say was used by pro-ISIS sympathizers to hack into a French TV station.

Alleged creator of 'Svpeng' Android malware arrested in Russia

The alleged creator of Svpeng malware for Android devices was arrested in Russia, Forbes reported on Monday.

Symantec maintains its plans to split from Veritas

Symantec confirmed its plans to separate itself from its Veritas data-storage and recovery business by the end of 2015 on Monday.

Sprint fined $15.5 million for overcharging feds for wiretaps

Sprint Communications has agreed to pay $15.5 million to the federal government for charging law enforcement agencies for surveillance upgrades.

For 10 years, cyberespionage group 'APT 30' targeted SE Asia, India

The Chinese government-sponsored threat group targeted organizations and individuals with political information on the regions, FireEye revealed.

Citizen Lab says 'Great Cannon' tool allowed DDoS against GitHub, GreatFire.org

Researchers described "Great Cannon" as China's latest internet censorship tool.

Carder.su member sentenced to 12 years

Jermaine Smith of the cybercrime syndicate Carder.su, was sentenced to more than 12 years in prison and ordered to pay $50.8 million in restitution.

Bitcoin exchange compromised through SendGrid account

In an attack very similar to one last year, a SendGrid customer was compromised through its mail service account.

Darwin Nuke vulnerability allows DoS in OS X 10.10 and iOS devices

The vulnerability in the operating systems' Darwin kernel allows attackers to execute DoS attacks and damage devices.

Facebook responds to European user privacy report

Following the release of a European report on Facebook's privacy practices, the company released a blog post retort on Wednesday.

White Lodging announces 10 hotels affected in POS breach

Ten of White Lodging's properties have been affected by a POS data breach that lasted from July 2014 to February of this year.

Canadian telecom Rogers releases transparency report

Last year, the communications giant received 113,655 law enforcement requests for customer data.

Clinton hires Google exec as CTO

Hillary Clinton has hired Google executive Stephanie Hannon to serve as (CTO) for Clinton's expected 2016 presidential campaign.

Report discloses massive U.S. phone surveillance program, lawsuit filed

The Justice Department and Drug Enforcement Agency began logging nearly every phone call made from the U.S. to as many as 116 countries.

Secunia names former F-Secure exec Kangas as CTO

Santeri Kangas has joined Secunia as CTO after a 23-year run at F-Secure.

FTC settles with companies over false safe-harbor claims

The Federal Trade Commission (FTC) settled with two companies on Tuesday after they falsely claimed to comply with the U.S.-EU Safe Harbor.

At least 750 ambulance patients at risk after Philadelphia FD breach

The Philadelphia Fire Department said Friday, that billing information from at least 750 ambulance patients was stolen,

Researchers observe malvertising campaign possibly linked to Google ad reseller

Users were being redirected to the Nuclear Exploit Kit, which is exploiting vulnerabilities in Adobe Flash, Oracle Java and Microsoft Silverlight.

NY sheriff records reveal persistent stingray use without court orders

Between May 2010 and early October 2014, police used stingrays 46 times without a court order.

Singtel acquires Trustwave in $810 million deal

Security company Trustwave announced, on Tuesday, that it is set to be acquired by Singapore Telecommunications Limited (Singtel) for $810 million.

Firefox 37.0.1 disables features after vulnerabilities found

The March 31 release of Firefox 37 introduced the opportunistic encryption feature to the browser, by April 3 it had been disabled.

Permira, CPPIB to acquire Informatica

Data software company Informatica announced, on Tuesday, that it is set to be acquired by private equity firm Permira and Canada Pension Plan Investment Board (CPPIB).

Cyber attackers target FAA

The Federal Aviation Administration (FAA) said a virus infected its administrative computer system but didn't cause any damage to agency systems.

Critical Infrastructure Survey: Gov't, energy sectors targeted most by destructive attacks

Trend Micro and the Organization of American States (OAS) polled 575 critical infrastructure security leaders in the Americas.

Change.org bug exposes user email addresses

Email addresses of a "small subset" of users were in public view when search engines indexed unsubscribe links.

Massachusetts police department pays $500 following ransomware infection

The town of Tewksbury paid a $500 Bitcoin ransom after the police department's network was infected with a newer variant of CryptoLocker ransomware.

Israeli political party's website defaced, possibly as part of #OpIsrael

Days after hacktivist collective Anonymous warned Israeli companies and websites that it would begin its annual cyber attack campaign against the country on Tuesday, one Israeli political party's website was defaced.

HITRUST to sponsor study on healthcare breaches

The Health Information Trust Alliance (HITRUST) will sponsor a study to analyze the effects of cyber attacks on healthcare organizations.

Virginia passes digital identity law

The law ushers in technical and data standards for verifying individuals' identities during digital or online transactions.

36 percent in survey don't think its necessary to back up data

An Avast global survey measuring data preservation habits found that despite not backing up regularly users are concerned with the data in their devices.

Check Point to acquire mobile security company Lacoon

Check Point Software Technologies announced its intentions to acquire mobile security company Lacoon.

Locker combinations accessed in Maryland middle school breach

An investigation is ongoing into how Westland Middle School students were able to access a list containing information on 1,400 lockers in the school.

VMWare issue updates for Java vulnerability

Virtual machine maker VMware issued updates on Thursday to address a critical information disclosure issue in Oracle's Java runtime environment (JRE).

Fake Pirate Bay site pushes Nuclear Exploit Kit, distributes trojans

A copy-cat Pirate Bay site is targeting attacks against WordPress users and injecting them with malware.

Uber hires Facebook's Sullivan as first CSO

Uber has lured Joe Sullivan away from Facebook to become its first-ever CSO.

Fraudulent activity on payment cards used at New York car wash

Officials are investigating a pattern of fraudulent activity on credit and debit cards used to make purchases at Colonial Car Wash in Rotterdam.

Vulnerability discovered that could allow for deletion of every YouTube video

Kamil Hismatullin identified a vulnerability in Google's Application Programming Interface (API) that could have allowed him to delete any and every video on YouTube.

Federal judge rules in favor of Hulu in privacy violation lawsuit

Hulu won against a legal challenge that claimed the company violated users' privacy by sharing what they watched on the site with Facebook.

F5 Networks opens new security operations center

5 Networks opened the doors to its new security operations center (SOC) facility at its Seattle headquarters today.

HyTrust raises $33 million in funding

The $33 million raised in HyTrust's most recent round of funding will target product development, international expansion and marketing and sales efforts.

Malware affects 4,700 current and former Bradley employees

Officials at Bradley University said an internal investigation revealed the school's computer security system had been breached and infected with data-stealing malware.

Fake voice chat tool spread on Steam is actually malware, researchers warn

Similar to previous attacks, saboteurs spread the malware by leveraging Steam's chat feature.

China delays tech requirements seen as impeding competition

After meeting with U.S. Treasury Secretary Jacob Lew, Chinese officials put a hold on restrictions that would require tech companies to provide code and comply with audits.

Premera breach spawns class action suits

In five class action suits, Premera customers accuse the insurance provider of negligence.

Facebook tracks internet users without consent, breaking EU law

New research from the EU suggests that Facebook is tracking internet users' web browsing habits, even if they've opted out of the feature or haven't registered with the social media site.

Reddit subpoenaed for user info after Evolution shutdown

Black market Evolution disappeared this month, along with $12 million in Bitcoin, as part of what is believed to be an exit scam.

Australia immigration dept. leaked 2014 G20 leaders' personal info

Australia's Department of Immigration and Border Protection inadvertently leaked personal information of world leaders who attended the 2014 G20 Summit in Brisbane.

Uber log-in credentials surface on black market

Selling for as little as $1, Uber login credentials have been found on the black market though the company still denies it was hacked.

Bitcoin blockchain exploitation could allow for malware spreading

A Kaspersky researcher found that the cryptocurrency's ledger can be used to store malware control mechanisms or provide access to illicit content.

Russia's FSB, Ministry of Internal Affairs tackle Tyupkin ATM threat

Russian authorities have ramped up efforts to locate criminals spreading ATM malware Tyupkin.

PCI Council updates penetration testing guidance for merchants

A recent Verizon study found that regular testing of security systems was a compliance weak point for merchants.

Slack announces breach, unauthorized access to database

Slack announced that unauthorized access was gained to a database for roughly four days in February, and suspicious activity has been detected on a small number of accounts.

British court dismisses Google appeal

A British court has dismissed Google's appeal to prevent consumers from being able to sue the company over its alleged tracking of Safari users.

Citigroup report reveals poor disclosure track record at law firms

The New York Times obtained a copy of the internal Citigroup report, published by the bank's cyberintelligence unit.

Gov't offers $3 million reward for info on alleged Carder.su cybercriminals

The U.S. Department of State is offering up to $3 million for information leading to the arrest of two men who are allegedly tied to the Carder.su cybercrime syndicate.

Router attack results in ads and porn being injected into websites

As part of an ad-fraud scheme, attackers are using router malware to make it so advertisements and pornography are injected into every website that uses Google Analytics.

PhishMe, Inc. secures $13 million in Series B funding

PhishMe, Inc., a Leesburg, Va.-based phishing threat management solution provider, closed a $13 million investment in Series B funding led by Paladin Capital Group and new investor Aldrich Capital Partners.

Vulnerability found in popular hotel routers

A flaw in InnGate routers could allow an a attacker to distribute malware to guests, monitor and record data sent over the network and possibly gain access to the hotel's reservation and keycard systems.

Federal Reserve Bank of New York creates cybersecurity team

Sarah Dahlgren, the New York Fed's head of supervision, announced that the bank had created a team dedicated to cybersecurity.

Silk Road drug dealer sentenced to five years in prison

Steven Sadler sold close to a million dollars' worth of cocaine, heroin and methamphetamine over the underground marketplace the Silk Road.

GE, MACTek update products using vulnerable HART DTM library

Four GE products and one MACTek product are impacted by the vulnerability, according to ICS-CERT.

Data breach notification bill advances in U.S. House

Legislation requiring companies to meet security standards and notify customers of data breaches has moved forward in the U.S. House of Representatives.

Ransomware holds New Jersey school district's network hostage

The Swedesboro-Woolwich School District's network was taken hostage by ransomware.

California Senate Public Safety Committee advances stingray bill

The California Electronic Communications Privacy Act passed the California Senate Public Safety Committee on Tuesday.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US