Malware in Mexico, Ukraine ATM attacks may be culprit in Malaysia

Police are not naming the malware used, but speculation casts an eye on Backdoor.Ploutus or Backdor.PadPin.

FBI to open Malware Investigator portal to security researchers

The portal is a virus analysis tool that examines suspicious files and shares information about them.

Android bug allowing SOP bypass farther reaching than initially thought

Researchers found that 42 out of the top 100 apps in the Google Play store with 'browser' in their names were vulnerable.

Apple addresses Bash bug with new update

The tech company issued an update for OS X Mavericks, Mountain Lion and Lion earlier this week.

EPIC files complaint with FTC against Maricopa

The nonprofit organization alleges that the Maricopa County Community College District violated the FTC's "Safeguards Rule."

RSA fraud report examines August phishing trends

Phishing is down 22 percent from July to August, but U.S. banks experienced an increase in phishing volume.

Kevin Mitnick to sell zero-day exploits

Kevin Mitnick's new venture will develop and procure zero-day exploits, then sell them for $100,000 or more.

FBI warns of potential cyber attacks launched by ISIS hacktivists

Following U.S. military airstrikes in the Middle East, the FBI has issued a warning regarding possible cyber threats aimed at U.S. networks and critical infrastructure by hacktivists in support of ISIS.

Jimmy Johns' POS vendor confirms breaches at other restaurants

Signature Systems, Inc. confirmed that 108 other businesses were impacted by the malware installed on its systems.

Top websites deliver CryptoWall ransomware via malvertising

The CryptoWall ransomware being delivered comes with a valid digital signature and initial VirusTotal results showed zero detections.

Facebook privacy lawsuit moves forward

The social media company is arguing that it should be able to opt out of searching users' accounts when it feels it is being done illegally.

iThemes users asked to change passwords following attack

User passwords were being stored in cleartext, and are among the data that may have been compromised in the attack.

U.S. Bank ordered to refund $48M to customers

A Consumer Financial Protection Bureau campaign to curb deceptive banking activities has resulted in U.S. Bank being ordered to refund $48 million.

FBI director criticizes Apple, Google encryption moves

James Comey reportedly said the developments could put consumers "beyond the law."

NIST taps MITRE to support National Cybersecurity Center of Excellence

The contract includes initial tasks totaling $29 million, the U.S. Commerce Department's NIST said.

Mozilla addresses bug allowing signature forgery in NSS

On Wednesday, Mozilla patched the bug which could allow an attacker to forge RSA certificates.

Cyber attack on Japan Airlines impacts up to 750,000

A phishing attack may have resulted in the theft of personal information belonging to customers of Japan Airlines's frequent flier club.

Jimmy Johns confirms breach; 216 stores impacted

The sandwich store chain confirmed that customer card information was compromised at more than 200 of its stores.

Microsoft launches new bug bounty program

The new program will start with a focus on Office 365 with rewards starting at $500.

Fed court shutters Butterfly Labs at FTC's request

The Federal Trade Commission had asked a federal court to shut down the company, which marketed specialized computers to mine bitcoins.

Apple pulls iOS 8.0.1 after TouchID, cell service complaints

The update was issued only a week ago, and has now been yanked by the tech giant.

IT manager pleads guilty in Liberty Reserve case

Maxim Chukharev pleaded guilty in federal court to charges stemming from his role in Liberty Reserve's ascent to bank of choice for underworld criminals.

Insider threat cases on the rise, IC3 warns

Disgruntled and former employees have been increasingly engaging in computer network exploitation and disruption.

LogMeIn notifies users of fake emails claiming to be security update

Fake emails that appear to come from an authentic LogMeIn address state that the company has released a new security certificate.

Policy violation letters trick SMB workers into downloading malware

Bitdefender researchers detected an uptick in computers infected by Zbot via dozens of ARJ-compressed files.

Researcher hacks iPhone 6 Touch ID sensor

Little progress was made security wise, between the iPhone 5S and iPhone 6 sensor, a researcher found.

Blackphone and Silent Circle announce bug bounty programs

Both programs offer a standard reward of $128 per qualifying vulnerability, although it could change depending on the severity of the bug.

Dragonfly malware was designed to target pharmaceutical companies

Although initial reports said Dragonfly was targeting industrial control systems, a new white paper indicates that this might not be the case.

Texas man ordered to pay $40.4M for Bitcoin Ponzi scheme

Trendon T. Shavers pocketed more than $101 million after convincing Bitcoin owners to invest in his phony firm.

IBM opens cloud resiliency center in N.C.

The center will help enterprises avoid costly disruptions caused by cyber incidents and natural disaster.

Google to encrypt data by default on Android L devices

The mobile operating system, Android L, is expected to be released later this year.

EFF Tor Challenge yields more than 1600 relays

The privacy group said the response to the Challenge exceeded its projections threefold.

Home Depot ignored security employees' vulnerability warnings

The New York Times reported that the retailer's security team warned of possible system vulnerabilities but managers never followed through.

Reddit, 4chan shut down another round of celeb nude photos

Another wave of celebrity nude photos were released Saturday and sites like 4chan moved quickly to remove them.

Beazley: employee errors root of most data breaches, but malware incidents cost more

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.

Info on 282K Wisconsin Home Depot cards for sale on black market

A Milwaukee Journal Sentinel investigation found customer payment card information from all 26 Wisconsin stores on sale.

Malvertising campaign targets Israeli news outlets

The recently discovered campaign is using The Times of Israel and The Jerusalem Post to expose users to the Zemot Trojan.

Two Russian cybercriminals nabbed in Android malware scheme

Two men were arrested for stealing money from victims' bank accounts after sending malicious emails offering a romantic gift.

TorrentLocker developers patch error

Victims had been able to restore encrypted files without paying a ransom.

Home Depot: breach risks 56M payment cards, 'unique' malware used

Home Depot confirmed that approximately 56 million payment cards may have been compromised as result of a malware attack.

eBay addresses XSS issue affecting auction page visitors

Due to the flaw, iPhone bidders were vulnerable to being redirected to a phishing page.

Apple cannot comply with search warrants on iOS 8 devices

The new operating system protects the device's personal information with a passcode that Apple will not be able to bypass.

Singaporean karaoke bar members' info compromised

K Box was targeted in an attack that was supposed to express unhappiness over a toll fare hike.

Analysts spot 'Critolock,' ransomware claims to be CryptoLocker

Trend Micro noted several differences between Critolock and CryptoLocker, however.

Apple implements two-factor authentication

The company followed through on its promise to up iCloud security by implementing two-factor authentication earlier this week.

C&K apologizes for unauthorized access that led to Goodwill breach

A web hosting service apologized for intermittent unauthorized access of its hosted environment over 18 months that led to the Goodwill breach.

Adobe makes delayed updates for Reader, Acrobat available

The Reader and Acrobat fixes were delayed a week due to issues found during testing.

Nigerian police search for ringleader in major bank heist

The suspect, Godswill Oyegwa Uyoyou, conspired with others to hack bank systems and divert 6.28 billion Naira to mule accounts.

Congressman asks Issa for hearing on CHS breach

The top Democrat on the House Oversight and Government Reform Committee asked for a hearing to investigate the CHS breach.

Google reveals 150 percent jump in gov't requests for user data

Google indicated in its most recent transparency report that it also saw a 15 percent jump in government requests for user data since the end of last year.

Researcher discovers flaw in Amazon Kindle Library

A security expert discovered a vulnerability in Amazon's Kindle Library that could lead to cross-site scripting attacks and account compromises.

JPMorgan Chase might struggle to patch vulnerabilities quickly enough

This summer's attack on the bank's network might have helped hackers detect subtle vulnerabilities they could exploit in the future.

WikiLeaks makes FinFisher surveillance software available to public

Copies of controversial surveillance software, called "FinFisher," were made available for public scrutiny by WikiLeaks.

Researcher challenges reports that BlackPOS variant struck Home Depot

Nuix believes the malware found on Home Depot's systems belongs to a different threat family.

Documents reveal NSA plans to map every internet connected device in the world

Documents provided by Edward Snowden reveal that the NSA is looking to build a near real-time map of every single internet-connected device in the world.

Dropbox releases biannual transparency report

Dropbox issued its transparency report that shares the company had received 268 government requests for users' information, and in some cases, account files.

FBI facial recognition system ready for use

The Federal Bureau of Investigation has announced that it is prepared to roll out its new fully operational facial recognition system.

U.S. under cyber attack, losing ground to adversaries

In testimony to a Senate committee, cyber experts said the U.S. has fielded 600,000 attacks this year.

Researchers in China work on facial recognition payment app

The app is expected to be launched next year.

Temple University patients impacted by possible breach

The unencrypted desktop computer was stolen from a university physician's office in July.

Survey: a third of respondents improved security following celeb photo hack

In a survey of more than 1,000 Americans, 35 percent of respondents said that they improved security following the celebrity photo hacking incident.

Yahoo, other tech giants faced pressure from feds to join PRISM, court docs reveal

Federal officials compelled American tech companies to participate in the NSA's PRISM program or face huge fines.

Canadian computer dealer claims Ernst & Young breach

A computer dealer in Canada said that a server he bought contained the firm's client data and he is asking for payment to delete it.

Veracode receives $40M in late-state funding

The Burlington, Vt.-based web and mobile application security firm announced that it closed on $40 million in a late-stage funding round.

Retail trade association appoints new VP of cybersecurity

The Retail Industry Leaders Association announced the appointment of Nicholas Ahrens as the new head of cybersecurity for the trade group.

U.K. man, who obtained bank details of 28K, pleads guilty to blackmail

The 22-year-old man, Lewys Martin, pleaded guilty in London last week.

Home Depot is sued following payment card breach

An Illinois resident sued the home improvement retailer and claimed the company failed to comply with security standards.

Payment card breach possibly tied to Florida Beef 'O' Brady's locations

Unauthorized payment card purchases made in Massachusetts, New York and Texas may be tied to four Beef 'O' Brady's sports bar locations in Florida.

Researchers analyze phishing campaign spreading 'vawtrak' malware

Experts have discovered a phishing campaign that targets users with a phony PDF attachment that leads to the vawtrak malware.

Merchant Financial Cybersecurity Partnership hosts security summit

The "Cybersecurity: Protecting the Payments Systems" summit will encourage coordination between all cybersecurity and industry entities.

Adobe addresses 12 security vulnerabilities in latest bulletin

Adobe has issued security fixes addressing 12 vulnerabilities affecting its Flash Player and AIR for Windows, Macintosh and Linux platforms.

Markey, Blumenthal pen letter to FTC over Home Depot breach

In a letter to the FTC chairwoman, Sen. Markey and Sen. Blumenthal urged the agency to use its authority if Home Depot had failed to protect consumer data.

Phishing campaign exploits fear of stolen iCloud data

A new phishing campaign popped up last week and lures victims into handing over their Apple ID login credentials.

Researchers reveal security issues in Android apps

On Monday, the University of New Haven revealed its first video in a series of security findings.

Home Depot confirms payment data systems breach

After nearly a weeklong investigation, Home Depot confirmed on Monday that its payment data systems have been breached.

CMS administrator to testify before committee on hack

Administrator Marilyn Tavenner will have to testify in front of the House Committee on Oversight and Government Reform on Sept. 18.

Privacy groups urge Senate leaders to pass USA Freedom Act

More than 40 civil liberties groups are urging Senate leaders to pass legislation that would put a halt to the NSA's data collection practices.

New Zealand ISP says DDoS attack caused weekend internet issues

Customers of New Zealand communications service provider Spark experienced internet connectivity issues over the weekend due to a distributed denial-of-service attack.

McAfee and Symantec join Cyber Threat Alliance

Fortinet and Palo Alto Networks founded the alliance in May, and McAfee and Symantec are the first companies to join.

Social engineering campaign leads to malicious Chrome extension

Security experts have discovered a social engineering ruse that installs a malicious Google Chrome extension to lure victims in a click fraud campaign.

iCloud beefs up security in wake of celebrity nude photo scandal

Apple's CEO said the company will begin using email and push notifications to alert users to passwords changes in any iCloud account.

FTC orders Google to refund $19M for in-app purchases

The FTC said Google must refund parents whose children made in-app purchases without their permission. reveals attack on login systems

Late last month a group of attackers targeted the web hosting company's login portal to try and access users' accounts.

CMS says no consumer data exposed in test server hack

A server used to test new code was hacked in July to drop malware intended for DDoS attacks.

Researchers discover two SQL injection flaws in WordPress security plugin

High-Tech Bridge discovered two SQL injection vulnerabilities in All In One WordPress Security and Firewall plugin and notified the vendor.

Healthcare orgs prepare for cyber threat readiness test

More than 750 healthcare organizations will test their cyber attack responses in October as part of a HITRUST initiative.

Twitter announces launch of bug bounty program

The social media giant recently announced its new bug bounty program, rewarding researchers that find security vulnerabilities in its web services.

Researchers will compete to win up to $425,000 at Mobile Pwn2Own 2014

The third annual Mobile Pwn2Own competition will feature new devices to crack and a $425,000 prize pool, which has gone up $125,000 from last year's.

ACLU's suit against NSA for phone data collection before appeals court

ACLU is currently arguing its case against NSA's spying program before the U.S. Circuit Court of Appeals.

Firm explores attack methods allowing possible Home Depot breach

Research from Bidefender found that Home Depot's payment interface could have a vulnerability that would allow attackers into the company's systems.

Agora edges past Silk Road 2.0 as Darknet leader, report says

DDoS attacks on Silk Road 2.0 and a hack at the Pandora Openmarket have paved the way for Agora to become largest Darknet marketplace.

Researchers observe more than a hundred connections to 'Backoff' sinkhole

Researchers with Kaspersky Lab were able to sinkhole two command-and-control servers used by certain Backoff point-of-sale malware samples.

Judge lifts stay but Microsoft won't hand over emails during appeal

A judge has lifted a suspension of a previous order compelling Microsoft to hand over customer emails stored on a server in Ireland.

Security foundation also warns of Netis router backdoor

Trend Micro first alerted the public to the backdoor affecting Netis and Netcore brand routers.

New international cybercrime unit, J-CAT, launches pilot program

The group will bring countries together to address major cyber security threats, including malware and botnets.

IEEE Computer Society shares top security design flaws

The group's Center for Secure Design released a report detailing how to avoid common design flaws.

FTC seeks public comment on adult verification company AgeCheq

Under the agency's COPPA ruling, website that collect personal information on its young users must receive parental consent before doing so.

Experts discover variant of BIFROSE backdoor in targeted attack

A variant of the BIFROSE backdoor which is more evasive than its predecessor has been discovered by experts.

Apple health app protocol bars developers from selling user info

Under its new protocol, app developers are prohibited from selling users' personal health information.

Sign up to our newsletters