One of the techniques malware can use to evade researchers' virtualized or sandbox environments is accessing recent documents to determine if the infected machine has a history of legitimate usage.
While it might not include the Death Star cyber warfare among the stars is almost inevitable.
Kosovo native Ardit Ferizi was sentenced in federal court in Alexandria, Va. after pleading guilty to providing aid to the Islamic State.
The Air Force is reporting progress in its mission to secure its weapons against cyberattacks.
A new bill before Congress would require that all voting machines leave a traceable paper trail and require a secure connection to the web for vote-tabulating machines to prevent electoral tampering.
Cybersecurity blog site KrebsOnSecurity was barraged Tuesday evening by an extraordinary DDoS attack boasting a bandwidth between 620 and 665 Gbps - one of the largest such attacks in history.
The Drupal Security Team issued updates for a pair of critical flaws, one allowing remote code execution and another giving access to parts of the system without full administrative permissions.
Director of National Intelligence James Clapper said there have been previous instances of Russian attempts to influence U.S. elections going back to the 1960s.
A new commercial keylogger nicknamed iSpy that is capable of snatching every keystroke and fully examining the data on an infected computer has been spotted by Zscaler being sold on underground forums for as little as $25.
Security engineer Matt Bryant posted details of North Korea's registered domains after a misconfigured nameserver revealed details.
Google Play continues to be a playground for cybercriminals with Google recently having to remove four apps from the store because they were distributing a new form of malware dubbed Overseer.
HDDCryptor is a ransomware variant with a couple of new twists added that makes it an effective tool for cybercriminals, a Trend Micro study found.
The Association of State Democratic Chairs sent an email to its members advising them to avoid Wikileaks as a precaution against malware infection, especially after several state officials had their accounts hacked, Politico reported.
The U.S. House of Representatives plans a vote on legislation that would task the SBA with assisting small businesses in improving preparedness against cyber threats.
Job prospects in the cybersecurity field could not be better with a recent report indicating that the unemployment rate for this employment category has dropped to zero.
Mac users are claiming a Dropbox function that loads the desktop client of its cloud storage service on the accessibility menu of their system works like malware.
A new analysis of Locky ransomware configurations by IT security firm Avira has revealed improved offline capabilities that enhance its ability to automatically encrypt victims' files, without interaction with a command-and-control server.
A federal district judge for the District of Columbia ruled on Friday that the court would begin publishing information about federal prosecutors' use of pen registers and trap and trace devices.
Details of the attack are still blurry, attackers appear to be using malicious links designed to appeal to users monitoring the evolution of the Bitcoin prices.
The "high-profile incidents you've read about" in media reports were conducted using simple methods, including spear phishing schemes or USB drive delivery, an NSA official said.
VSA coalition forms with the goal of streamlining the vetting process that businesses use for evaluating vendors' cybersecurity risks.
British citizen Lauri Love faces extradition to the U.S. to face charges of computer hacking.
A Cambridge University researcher recently published a paper demonstrating how the FBI could have easily unlocked the San Bernardino shooter's iPhone.
"Multiple security issues" were patched for a number of VMware products.
Instagram has become the latest social media giant to take on hate speech with the release of a new tool that will allow its users to limit what appears on their pages.
The U.S. Justice Department released a review of the FBI's impersonation of an Associated Press (AP) editor to infect a suspect with malware.
Forcepoint has come across a new trojan downloader called Quant Loader that has been spotted distributing Locky Zepto crypto-ransomware and Pony malware.
Google's Project Zero unveiled an Android hacking contest that aims to discover flaws on the Nexus 6P and 5X devices.
The bipartisan bill blends the Hurd (R-Texas) Move IT legislation and Rep. Steny Hoyer's (D-Md.) IT Modernization Act.
Google Chrome released a stable channel update for its desktop applications for Windows, Mac and Linux.
A campaign of spam emails that use Microsoft Publisher attachments to infect companies with a Windows backdoor was disclosed by researchers.
General Colin Powell offered up several rather negative, yet bipartisan, opinions of the Democratic and Republican presidential candidates in a series of leaked emails that were just made public,
A new Neutrino exploit kit invades a hack of a third-party ad server to deliver ransomware to adult website visitors.
The dramatic exchange is the latest escalation after the committee requested last week that the FBI, Office of the DNI, Justice Department, and State Department hold a classified briefing to disclose details of the FBI report.
Information security researcher Dawid Golunski spotted several critical vulnerabilities in MySQL.
The Federal Trade Commission (FTC) on Monday issued a request for public comment on its rule regarding Disposal of Consumer Report Information and Records.
The Justice Department is unable to determine the amount spent by federal agencies litigating FOIA lawsuits in which the complainant substantially prevailed, a GAO report determined.
September's Patch Tuesday kicked off with a notification from Adobe that it has made available security updates for Adobe Digital Editions, AIR SDK & Compiler and Flash Player, which alone had 29 critical vulnerabilities.
The U.K. voice over IP provider VoIPtalk has emailed a notification to customers warning of the potential compromise of user login credentials.
Sens. Dianne Feinstein and Richard Burr have reportedly been circulating proposed changes to Feinstein-Burr encryption bill.
CIA Director John Brennan warned against Russian hacking skills calling them "exceptionally capable and sophisticated."
France's former head of external intelligence service discussed a French cyber campaign that targeted Iran, Canada, Spain, Greece, Norway, and other nations.
The Department of Defense does not have the necessary visibility into the cyber capabilities of the National Guard, according to a report by the GAO.
Adult content site Pornhub announced Tuesday that it will switch from using Flash-based content and instead opt for HTML5.
A help wanted ad spotted on the French dark web may be an indicator that cybercriminals are tiring of having their phishing scams spoiled due to poor spelling and grammar.
The White House announced on Thursday the appointment of Brigadier General (retired) Gregory J. Touhill as the first federal chief information security officer (CISO).
Two North Carolina men were arrested Thursday for their alleged roles in hacking senior U.S. government officials and computer systems.
Oregon credit union filed a class action lawsuit Tuesday against Noodles & Company on behalf of other financial institutions affected by a POS breach at the restaurant chain.
The U.S. Army recently tested a drone capable of collecting enemy cyber information on the battlefield.
Bloggers using the WordPress platform are "strongly encouraged" to update their sites immediately to address persistent XSS issues.
HPE reported today that it has agreed to spin off and merge several of its "non-core" assets, including Enterprise Security, with Micro Focus to create a new company that will continue under the name Micro Focus.
Did the FBI infect users of a free email service with malware? That's the question the ACLU would like answered.
The hacking group, also known as 'Lion Soldiers Team,' announced this weekend that the group attacked the airport in response to the "racism" of airport officials.
In a union that creates the world's largest privately controlled technology company, Dell Technologies has officially acquired EMC Corporation, including its computer and network security division RSA, Dell announced today.
The Hutton Hotel payment processing system was vulnerable between September 2012 and 2015 exposing guests payment card information.
A Trojan that infects Linux platforms to launch distributed denial of service (DDoS) attacks was discovered by MalwareMustDie.
The developers of the mobile banking trojan Gugi have introduced new modifications to sidestep two key security features of Android, reports Kaspersky Lab researcher Roman Unuchek via the Securelist blog.
An IBM researcher received a followup email from a person allegedly behind the creation of an Android malware app seeking redress to clarify some details.
A hacker, dubbing himself Mr. High, announced he had stolen the personal details of 6.5 million people across Idaho, Washington, Oregon and Kentucky.
Four out of five surveyed hackers agreed that Apple was right to refuse the FBI's request for a backdoor into the San Bernardino shooter's iPhone. Yet 52 percent said they would help the FBI crack an iPhone's password for a fee.
Eight brands of IoT home routers were compromised and used to create botnets that launched an application-level DDoS attack against a website's multiple servers.
Last week, Apple issued security updates to patch a serious flaw affecting iPhone and iPad users. Yesterday it addressed a similar flaw on its desktops.
M. Holdings Securities is notifying some of its clients of a potential data breach due to a laptop being stolen from an employee's car.
Guccifer's two-year hacking spree, which exposed Hillary Clinton's controversial use of a private email server, has ended with a more than four-year prison sentence.
The website for the upscale Mr. Chow restaurants has been compromised to deliver CrypMIC ransomware to visitors via the Neutrino Exploit Kit.
A bill is pending in California that would designate the use of ransomware as a form of extortion.
Researcher Lukasz Olejnik claims Ambient Light Sensors in personal devices could be used to track users and even measure the size of their homes.
A family of malware targeting Internet of Things (IoT) devices to create distributed denial of service (DDoS) botnets has been detected.
A letter has gone out to customers of Jerry's Artarama advising that its online portal "may have been attacked" by a hacker and customer information "may have been compromised."
The Federal Trade Commission warned consumers to be careful when using the infotainment systems of rental cars.
FBI Director James Comey reached out to businesses asking for his agency to be included in their cybersecurity plans and broached the lightning rod topic of encryption during a speech at the 2016 Symantec Government Symposium.
Adobe today has released security hotfixes for a critical information disclosure vulnerability that exists in ColdFusion versions 10 and 11, across all platforms.
As with KeRanger, a malicious block of code added to the Transmission app's main function is used to spread Keydnap.
Troy Hunt, an Australian researcher, tweeted out a warning of a dump of some 71,000 user accounts leaked from MinecraftWorldMap.com.
Seven D-Link network attached storage (NAS) devices are vulnerable to an XSS defect that can be exploited without the user downloading malware or clicking on a malicious link, a researcher found.
The same cybergang that launched attacks against the Pentagon, State Department and DNC is also believed to have targeted Russia-focused think tanks in the U.S.
Accellion Kiteworks appliance versions prior to kw2016.03.00 contain multiple vulnerabilities which can allow an attacker to conduct cross-site scripting attacks or to view limited sets of files.
Several web pages associated with the former file-sharing site Megaupload - seized by the FBI over four years ago in an online piracy investigation - are now serving up pornographic content and junk ads.
In what seems like a real email message from GoDaddy, users are prompted to upgrade storage within 24 hours, otherwise their emails account will be suspended
Ryan Vallee, a 22-year-old New Hampshire man, pleaded guilty to hacking into social media and email accounts and engaging in sextortion of almost a dozen female victims.
A Chinese certificate authority mistakenly handed out legitimate user certificates for Github and the University of Central Florida (UCF) to a couple of unauthorized users.
Opera is alerting customers of its web browser that its sync system was breached.
Rep. Ted Lieu (D-Calif.) is calling on the Federal Communications Commission (FCC) to accelerate its investigation of the SS7 flaw.
A Malwarebytes analysis of the espionage toolkit that recently infected Vietnam Airlines revealed a modular variant of the Korplug remote access trojan (RAT) that in this case disguises itself as a McAfee antivirus program.
Cisco updated a security advisory for a remote code execution vulnerability affecting the SNMP application-layer protocol.
The fish and wildlife agencies of Washington, Oregon and Idaho have temporarily suspended the sale of hunting and fishing licenses and tags after the vendor operating their online licensing system was apparently breached.
U.S. CIO Tony Scott promoted a $3 billion proposal to modernize government technologywhile speaking at an annual summit.
Dropbox is recommending to some users update the log in credentials for their account because a group of member emails and passwords may have been compromised.
Several public interest groups reached out to the FCC calling for action concerning the implementation of DSRC technology.
Baltimore police have been running an aerial surveillance program capable of tracking people and cars since early 2016, which is being paid for not by the city, but an unnamed private citizen and all of this has been done without public input.
VMware released security updates this week to address a local privilege escalation vulnerability in its VMware Identity Manager and vRealize Automation software, as well as a remote code execution vulnerability in the latter product.
Attackers used a flaw in the internet forum software vBulletin to breach 11 websites, exposing personal information of 27 million accounts.
Customers and researchers alike are chastising United Airlines' attempt at using two-factor authentication to secure its MileagePlus account holders.
The personal website of Saturday Night Live comedian and Ghostbusters star Leslie Jones was taken offline after hackers vandalized the site.
Three people have been charged in Switzerland for a global computer fraud scam.
Five suspected cyberthieves have reportedly fled Thailand after allegedly stealing approximately $350,000 in cash from 21 malware-infected ATMs operated by the state-run Government Savings Bank (GSB).
NYU scientists designed a new form of application-specific integrated circuit (ASIC) designed to spot hidden vulnerabilities in microchips.
A joint investigation by the Canadian and Australian governments looking at the hack of the adult dating site Ashley Madison found it lacked the safeguards needed to protect the personal information of its customers.
In a revision of its policies, the U.S. Department of Health and Human Services' Office for Civil Rights has instructed its regional offices to place more of an emphasis on investigating smaller health-care data breaches that affect fewer than 500 individuals.
SC Magazine Articles
- Yahoo breach; State-sponsored actors suspected, at least 500 million accounts affected
- Education sector bullied by ransomware and can barely defend itself, report
- Cisco warns of exploitation of new flaws linked to Shadow Brokers exploits
- DetoxCrypto ransomware imitates Malwarebytes software
- House Committee urges Obama not to pardon Snowden
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Hard Rock Hotel & Casino Las Vegas hit with POS breach
- X-ray and MRI machines among devices used as springboards for data breach attacks
- Brexit shakeup: How will the U.K.'s exit from the EU affect the technology sector?
- Hacker purportedly selling over 650,000 stolen medical records on dark web marketplace