Stuxnet-like espionage tool discovered by researchers

Experts at Symantec have come across a sophisticated cyber espionage tool that exhibits a rare complexity of features similar to past cyberespionage malware.

NSA director states China can shut down U.S. electric grids, report indicates

The director of the NSA stated that China, as well as "one or two" other countries, is capable of launching cyberattacks to shut down electric grids and other critical infrastructure in parts of the U.S.

Brigham Young University-Idaho student hacks transcript, earns $7k in scholarships

Jacob Mahonri Espinal hacked into his school's computer system to bring his grades up from academic probation status to straight As.

FTC shuts down operations of computer repair scammers

Two telemarketing operations conned thousands of customers by tricking them into buying into tech support services for computer problems that didn't exist.

ACLU requests info on gov't spy program using 'dirtboxes'

Earlier this month, it was revealed that DOJ uses "dirtboxes" attached to aircrafts to spy on Americans' mobile devices.

Privacy, rights groups support gov't spyware detection tool

The EFF, Amnesty International and other organizations are lending support to Detekt, an open source spyware detection tool.

Malicious banking apps in Google Play target Brazilian Android users

Researchers at Kaspersky Lab said the first trojan banker, published by "Governo Federal," was predictable.

Drupal addresses denial-of-service, session hijacking vulnerabilities

An advisory was issued on Wednesday regarding a denial-of-service vulnerability in Drupal 7 and a session hijacking flaw in Drupal 6 and 7.

SC Congress Chicago 2014: Make FBI an ally after breach

Panelists at the closing keynote at SC Congress 2014 in Chicago urged attendees to work with the FBI to unravel breaches.

RTF exploit is delivered through spear phishing scheme

Researchers at McAfee have identified a new attack that exploit a Microsoft Word ActiveX control vulnerability.

WhatsApp begins rolling out end-to-end encryption

The popular messaging app announced on Tuesday that it has already begun encrypting users' messages.

Chrome 39 contains 42 security fixes, fallback to SSL 3.0 removed

Google Chrome 39 was promoted to the stable channel for Windows, Mac and Linux on Tuesday and contains 42 security fixes.

NATO launches largest cyber exercise to test its network security

With more than 400 technical, government and cyber experts involved, Cyber Coalition 2014 tested the speed of sharing threat intelligence.

State Department offers reward for arrest of Romanian fugitives

Nicolae Popescu and Dumitru Daniel Bosogioiu are wanted for organizing an international crime scheme that led to millions of lost dollars.

Financial institutions plan to spend billions more on security in coming years

PricewaterhouseCoopers surveyed more than 700 financial service companies and found that they plan to bulk up their cybersecurity efforts in the coming years.

Staples incident possibly connected to Michaels breach, report indicates

Brian Krebs reported on Monday that malware found in Staples stores was observed to be communicating with command-and-control networks used by attackers in the Michaels payment card breach.

Microsoft issues delayed elevation of privilege patch

The tech company delayed the release of bulletin MS14-068 until Tuesday.

Apple releases OS X Yosemite and iOS updates

The tech company addressed vulnerabilities in its newly released iOS 10 and improved reliablity on OS X Yosemite.

House committee asks for details on State Dept breach

Democrats on a House oversight committee have asked Secretary of State John Kerry when the breach was first discovered.

VA falters in cybersecurity audit for 16th year

Veterans Affairs has failed an annual cybersecuirty audit for the 16th year in a row, a new report reveals.

'Stingray' requirement approved in Washington

Judges in Pierce County, Wash. approved a new requirement that would make law enforcement officials explicitly cite when they plan to use 'stingray' technology during an investigation.

Survey: more than half of UK orgs would hire hackers, ex-convicts, as cyber experts

More than half of UK organizations would consider hiring a hacker or person with a criminal record in order to keep ahead of cyber crooks, a KPMG survey found.

Tibetan NGOs targeted in APT attack

Gh0st RAT was identified in a spear phishing campaign to target Tibetan NGOs recently.

Authorities nab WireLurker masterminds

Police in Beijing arrested three suspects behind the malware that targeted users in China.

Israeli, Thai police arrest eight in credit card extortion scam

Israeli police arrested eight former Leumi employees in a scheme to extort millions of shekels.

Facebook offers privacy tips, updates

Facebook unveiled its "Privacy Basics," guidelines that help users control and protect their information.

Backdoors delivered to Japanese orgs by way of Ichitaro exploit

Security firm Symantec calls the cyberespionage campaign "Operation CloudyOmega."

Man charged with installing malware in his former company's network

Arturas Samoilovas allegedly illegally accessed the computer network of Eaton Corporation and installed malware after he was denied a position at the company.

IBM leverages Big Data in $325M DOE deal

The funding will support the development of two new supercomputers.

Apple must face suit over iMessages, judge says

A federal judge has said Apple must face a lawsuit that claims it didn't reveal that text messages would be blocked when iPhone users switched to Androids.

Apple addresses 'Masque Attack,' says customers are safe

Apple maintains that customers aren't at-risk targets for the Masque Attack if they operate within the App Store. Meanwhile, US-CERT issued a warning regarding the attack.

Perimeter defense insufficient, security shifting, report says

A report by Ari Kaplan Advisors and sponsored by Nuix found most infosec pros collaborate with data managers.

Google Play app spread SMS trojan for more than a year

An app masquerading as a provider of downloadable content was, in actuality, a SMS trojan that could have subscriber victims to a daily feed that cost 37 cents per day.

Data on reported 2.7M HSBC Turkey customers compromised in attack

The personal information included card and linked account numbers, card expiry dates and cardholder names.

Dofoil variant more dangerous and aggressive

Researchers at Fortinet have uncovered an aggressive variant of Dofoil, a botnet once believed to be dead.

Intel, Discovery Education kick off digital safety program for kids

The Intel Security Digital Safety Program supports cybersecurity education among elementary school children.

First Stuxnet victims identified

Kaspersky Lab researchers are confident they have identified the first five victims, or patient zeroes, of the Stuxnet worm.

Vulnerability leaves Belkin router open to attack

Researchers at Integrity Labs say the vulnerability, if left unpatched, could allow attackers to gain control over affected devices.

Flash and AIR updates available after Adobe addresses 18 vulnerabilities

Software updates are now available for the Flash player and Adobe AIR after vulnerabilities were found that could give attackers the ability to execute code or escalate privileges on a machine.

Four NOAA websites compromised by an internet-sourced attack

The attacks were detected and incident response began immediately, with unscheduled maintenance being performed to mitigate the threat.

Postal workers union files charges following USPS breach

The American Postal Workers Union filed charges to the National Labor Relations Board against the Postal Service for failing to notify them earlier about the recent breach.

Arrest uncovers stolen Amex cardholder data

In a notification letter to customers, Amex said law enforcement has arrested an individual possessing stolen personal and account information.

Predator Pain, Limitless keyloggers are simple, effective

Trend Micro researchers observing two keyloggers have released their findings in a paper.

Home Depot breach spawns new phishing scam

Attackers are using stolen email addresses to try to steal victims' bank account numbers.

Shaygan Kheradpir, Juniper Networks CEO, resigns

Following a review by the board and Kheradpir's involvement in "a particular negotiation with a customer" there has been a shift in leadership at the network services firm.

Windows vulnerability identified as root cause in Home Depot breach

Home Depot's breach could have resulted from a vulnerability in Windows that was patched too late into the attack.

DarkHotel espionage campaign targets business execs staying in luxury hotels

The Kaspersky Labs Global Research and Analysis Team came across the campaign, which hides on the networks of hotels located in various countries.

Seoul police arrest student for hacking 104 websites

A college student showing off his technical prowess hacked into websites of malls, hospitals and universities.

Mozilla teams with Tor Project, CDT, on internet privacy

Mozilla is heeding user desire for internet privacy by collaborating with the Tor Project and the Center for Democracy & Technology.

Norse wins $1.9M DOE contract to secure energy sector operators

The Department of Energy contract will allow Norse to support the agency's Cybersecurity Risk Information Sharing Program (CRISP).

US-CERT issues alert on end of support for Windows Server 2003

US-CERT issued an alert on Monday, warning all users that Microsoft is ending support for the Windows Server 2003 operating system on July 14, 2015.

Letter to Congress encourages 'single federal law' applying to breaches

A letter sent to Congressional leaders states that legislation to address data breaches should cover all entities that handle sensitive information.

PCI SSC announces 2015 SIG projects

The PCI Security Standards Council announced its new Special Interest Group (SIG) projects for 2015 earlier this week.

USIS attack went undetected for months

The Associated Press reported that a hack, similar to past intrusions by Chinese hackers, went unnoticed by USIS for months.

Backoff infections spike 33 percent at Q4 start, more variants surface

Damballa observed the spike in infections, which followed a Backoff peak in Q3.

Gov't AIDS websites left user data unencrypted

The government has begun encrypting user data on two websites providing AIDS-related information.

Former South Carolina DHHS employee sentenced for 2012 data breach

Christopher Lykes, a former employee with the South Carolina Department of Health and Human Services, was sentenced to three years of probation and must serve 300 hours of community service.

EFF names new executive director

The Electronic Frontier Foundation will have a change in leadership come January as Shari Steele steps down.

Accuvant and FishNet Security to join forces

Accuvant and FishNet Security are joining forces to offer a broader suite of services, smarter solutions, more expertise and expanded reach.

CISO survey: 75 percent expect cloud security budget increase

In a preview of its 2014 CISO study, IBM revealed leaders' top cloud security concerns.

EU restricts spyware exports

New European restrictions will require spyware manufacturers to get the EU's permission before exporting their product.

Major banks team up to fund Soltra Edge threat sharing tool

FS-ISAC teamed up with the Depository Trust & Clearing Corp on the Soltra Edge platform which will deliver information on breaches and threats to the financial sector.

Last Pirate Bay co-founder nabbed at Thai border

Fredrik Neij was arrested at the Thai-Laos border earlier this week on copyright violation charges.

Requests for Facebook user data increased in first half of 2014

The social media company reported that governments made 34,946 requests for user data, which represented a 24 percent increase since the last half of 2013.

Experts detect spike in Rovnix trojan infection in U.K.

More than 130,000 computers have been infected by the malware in the country, which encrypts communication with its C&C servers to avoid detection.

Report: Dutch gov't OKs Drinkman extradition to U.S.

Vladimir Drinkman, who was charged for his involvement in the Heartland breach, is currently in the Netherlands.

Google open sources network traffic security testing tool

The tool, called "notogotofail," tests whether devices and applications are secured against known TLS/SSL flaws and misconfigurations.

DDoS attacks against Hong Kong protest sites, APT activity, linked

FireEye researchers have observed ties between DDoS attacks against Hong Kong pro-democracy protesters and APT activity based in China.

OS X 'Rootpipe' details emerge

A Swedish hacker says he won't divulge details of the vulnerability until January, after Apple patches it.

Android app piracy group member pleads guilty

Scott Walton served as a lead member of the SnappzMarket Group, which conspired to illegally reproduce and distribute more than one million copyrighted Android apps.

IEEE Cybersecurity Initiative names Shannon as chair

Shannon is a senior member of IEEE and is well-versed in working with industry, government and academia on cyber issues.

Facebook creates onion address for Tor users

The social media site launched its Tor-friendly version to accommodate users who might want to keep their identities anonymous.

AccessData to split in two, creates Resolution1

The newly created company Resolution1 will be responsible for cybersecurity incident response business.

Researchers notice uptick in 'Poweliks' trojan infections

The increase could be attributed to a recently discovered spam campaign that involves phony emails claiming to be from the Canadian Post or USPS.

Compromised .edu domain used to spread Zeus-laden emails

Researchers at PhishMe warned of the campaign that uses purported payment confirmations to fool victims.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

EU conducts massive cyberattack simulation on critical networks

Conducted by the European Union Agency for Network and Information Security, the simulation launched 2,000 attacks on the networks of various critical infrastructure organizations.

FilmOn accuses DoubleVerify of distributing malware

In readying a libel suit against DoubleVerify, FilmOn says it discovered that the firm deliberately distributed malware.

Schumer: Feds should do 'top to bottom' probe of online drug marketplaces

Sen. Charles Schumer of New York has called on federal law enforcement officials to stop "copy cat websites."

ShellShock vulnerability exploited in SMTP servers

Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.

HackingTeam spying manuals posted online

The Italian spyware company had its manuals posted online that detail how thoroughly an infected user's actions can be monitored.

Report: Stolen card data is crime that concerns Americans most

A recent Gallup Crime poll indicates that Americans' top two worries revolve around having credit card data stolen or their computer or smartphones compromised.

Pirate Bay co-founder found guilty for hacking IT service provider

Gottfrid Svartholm Warg was found guilty of hacking an IT service provider in Denmark. This is his second court case for illegally accessing data.

Assume Drupal 7 sites are compromised, unless patched or updated to 7.32 within hours

Assume every Drupal 7 website is compromised, unless patched or updated to Drupal 7.32 within seven hours of the disclosure of a highly critical SQL injection vulnerability.

Phishing campaign passes off Pony Stealer trojan as 'overdue invoice'

The malware has previously been used to steal $220,000 worth of bitcoins from victims.

Popular Science served up Rig Exploit Kit on its website

The monthly science magazine served up malicious code to readers earlier this week and has remedied the issue.

Attack on White House systems breached unclassified networks

The White House experienced a sustained cyberattack on its systems that impacted its network for nearly two weeks.

Hacker Lacroix apologizes, gets four years in federal prison

Christian Lacroix, who famously hacked Paris Hilton's phone and Burger King's Twitter account was sentenced for breaking into Bristol Community College computers.

Securonix taps former BofA exec for chief scientist role

Igor Baikalov was appointed chief scientist at security intelligence firm Securonix.

MPAA urges USTR to put pirate sites on 'Notorious Markets' list

In a letter, the Motion Picture Association of America asked the United States Trade Representative to include cyberlocker sites on its Notorious Markets List.

California data breach report reveals spike in incidents

A report by the state's attorney general sheds lights on the increase in data breaches, which have seen a 30 percent uptick in California so far this year.

'Cash out' crew member sentenced to 21 months in prison

Robert Dubuc hacked into various financial accounts and used them to divest money to other accounts and buy pre-paid debit cards.

Amit Yoran promoted to RSA president

Following his time as RSA's senior vice president of products, Amit Yoran will be promoted to the company's president.

FBI uncovers second person leaking government documents

The unnamed leaker's house was searched and a criminal case was opened after documents about the U.S. government's terrorist watch list were published.

US-CERT warns of phishing campaign spreading Dyre

The credential-stealing malware Dyre has been tied to a string of phishing attacks.

EFF files brief in response to Jewel v. NSA opposition

The Electronic Frontier Foundation (EFF) filed a new brief after the government released its own opposition.

FCC fines telecom companies $10 million

The Federal Communications Commission fined Terracom, Inc. and YourTel America, Inc. $10 million for their failure to protect users' personal information.

Tor exit node found to add malware to downloaded binaries

A researcher with Leviathan Security found that a Tor exit node in Russia is adding malware into downloaded binaries.

Google employee arrested over sextortion ruse

Nicholas Rotundo was taken into custody by federal agents for blackmailing a female college student by threatening to post her nude images on a revenge porn website.

Latest Ebola-themed phish leverages unpatched Windows bug

The bug, CVE-2014-6352, has a temporary solution, but still no permanent fix from Microsoft.

Sign up to our newsletters