Malware museum features a virtual rogues gallery of nefarious coding

The non-profit Internet Archive library today unveiled a virtual Malware Museum, which offers a look back at some of the hacking community's earliest attempts to infect computers.

Brazilian companies being targeted by malicious spam campaign

Symantec has discovered a spam campaign targeting Portuguese-language computers specifically focusing on companies based in Brazil with the goal of stealing email accounts in order to access sensitive corporate information.

Researcher finds critical bugs affecting Netgear NMS300 ProSafe

A vulnerability affecting Netgear's NMS300 ProSafe network management system allows attackers to access the directory of servers the system runs on and upload malware.

OPM acting director questioned after subpoena from Oversight Committee

OPM acting director Beth Cobert questioned about strained relationship with the House Oversight and Government Reform Committee, after receiving subpoena.

Hackers attack 20M accounts of Alibaba e-commerce unit

A group of hackers tried to access active accounts belonging to more than 20 million users of Taobao, Alibaba Group Holding Ltd.'s e-commerce unit.

WeatherWizard app delivers tech support scam, not a forecast

Malwarebytes has discovered that amateur meteorologists get more than a weather forecast when they download the deceptive WeatherWizard app.

Thunderstrike 2 creators join their one-time target Apple

Apple has brought on board two security researchers who previously worked to develop the infamous Thunderstrike 2 worm.

UN panel: Assange in "arbitrary detention" in Ecuador's embassy

A United Nations panel declared that the past three-and-a-half years that Julian Assange spent in Ecuador's embassy in the U.K. were effectively an "arbitrary detention", as the WikiLeaks founder fights extradition to Sweden.

CERT: Poor password policy leaves OpenELEC operating system vulnerable to hackers

The CERT Division at Carnegie Mellon University yesterday issued an alert detailing a password vulnerability in the Open Embedded Linux Entertainment Center operating system.

EFF and ACLU accuse Milwaukee police of warrantless stingray use

The ACLU joined forces with the EFF to file an amicus brief in a case involving the Milwaukee Police Department's alleged warrantless use of a stingray.

Landry's concludes breach probe, lists affected locations and attack timeframes

Landry's Inc., the dining and hospitality chain operator that discovered a long-running data breach in December, said it has completed its internal investigation into the incident, and has fortified its point-of-sale operations with encryption technology to prevent future cyberattacks.

Major banks to roll out ATMs that use smartphones for authentication

Bank of America, Wells Fargo and JPMorgan Chase have announced plans to roll out ATMs that take smartphones as well as ATM cards.

It's back...Dridex campaigns on uptick

Aimed at manufacturing, telecommunications, and financial services sectors, Dridex has reemerged after a post-holiday slowdown.

Not the same old song: Researcher hacks into car with malware-laced CD

A researcher at the University of California, San Diego, claimed to have discovered a way to hack into a computerized car's operational controls by playing a music CD encoded with malware on the vehicle's entertainment system.

Linux and Windows impacted by new backdoor-installing malware

Researchers at SecureList have uncovered a new family of backdoors for Linux and Windows.

Blackshades malware co-author sentenced to five years probation

Following a guilty plea in 2013 for distributing malware and conspiring to commit computer hacking, Michael Hogue was sentenced to five years probation.

OpenSSL patches flaw that exposes an encryption key

The OpenSSL project has issued an update to patch a vulnerability that would allow a malicious remote user to obtain a decryption key enabling them to learn sensitive information.

Unlucky numbers: Ransomware 7ev3n extorts victims for 13 bitcoins

The newly discovered ransomware known as " 7ev3n" encrypts victims' files and demands 13 bitcoins for the key.

Phishing scheme mimics iCloud to activate stolen iPhones

Researchers at Malwarebytes have spotted thieves using a phishing scheme to unlock stolen iPhones.

BlackEnergy malware deployed using malicious Word docs

Researchers have spotted attackers using malicious Microsoft Word documents distributed via spearphishing emails to spread the Black Energy Trojan in Ukraine.

Android ransomware variant adds clickjacking to bag of tricks

Sixty-seven percent of Android devices are prone to a newly discovered ransomware variant - the first to employ "clickjacking" as a way to fool users into giving away their administrator rights, Symantec warned today in its Security Response blog.

NCH Healthcare suffers data breach

NCH Healthcare last week notified medical staff and employees of a data breach that took place when two company servers were compromised.

In a first, alleged ISIL-linked hacker extradited to U.S.

In what prosecutors are calling a "first of its kind" case, a hacker linked to the Islamic State of Iraq and the Levant (ISIL) has been extradited to the U.S. to face charges.

Cisco advises firewall users to patch critical vulnerability

Cisco yesterday warned users of a critical vulnerability in the web-based interface of its EV220W Wireless Network Security Firewall devices, which if exploited could allow remote attackers to access administrative privileges by circumventing the authentication process.

Mozilla patches 11 issues with Firefox, three rated critical

Mozilla released 11 patches for Firefox 44 and Firefox ESR 38.6 with three being rated as critical.

White House establishes new office to secure OPM background checks

The White House will establish a new office, managed by the DoD, that will secure OPM background checks.

Israel's Electric Authority hit by massive cyberattack

The Israeli Electric Authority was hit by a massive cyberattack during a period of record-breaking power consumption.

Opponents to Swiss surveillance law force direct public vote

A Swiss digital surveillance law that has rankled online privacy advocates will now subjected to a public vote, after opponents collected enough signatures to challenge the legislation.

Lawsuit dismissed in Georgia after state admits to massive breach

Plaintiffs in Atlanta had a class-action lawsuit dismissed on Monday following the state's acknowledgement it had put at risk the data of more than six million registered voters.

Apple can read your iMessages despite them being encrypted

Despite Apple taking a pro-encryption stance, with its CEO Tim Cook insisting that iMessages are safely encrypted, it turns out that if users backup data using iCloud Backup, they need to be aware that although Apple stores the backup in encrypted form, it uses its own key.

Lucrative pay offered India hackers to work for ISIS

Hackers in India are being handsomely rewarded for taking on work for ISIS.

N.Y. state police uncover horseracing hack for inside information

A former jockey agent has been charged by the District Attorney of Queens County, New York, with illegally accessing the New York Racing Association's (NYRA) computer system to access insider information.

Advocacy groups call for repeal Cybersecurity Act of 2015

A coalition including the ACLU, FreedomWorks, and other digital privacy advocacy groups sent a letter to members of the House urging them to repeal the Cybersecurity Act of 2015.

Carson proposes new agency dedicated to winning 'Cyberspace Race'

Comparing global cyberspace ambitions to the "Space Race" of the 1960s, Republican U.S. presidential candidate Ben Carson has proposed a National Cyber Security Administration (NCSA) that would consolidate efforts to strengthen and defend America's online assets.

Zero-click fraud scheme 'subscribes' Japanese victims to porn service, requests $2K fee

Symantec researchers have observed one-click fraud scammers changing to more aggressive tactics in a zero-click fraud scheme that subscribes visitors to porn websites.

Oversight Committee seeks response from agencies about Juniper

The Senate's Committee on Oversight and Government Reform has requested information from 24 federal agencies and government departments following the illicit code announced by Juniper Networks.

Lenovo patches problems found in SHAREit app

Lenovo issued patches to fix four issues found on some ThinkPad and IdeaPad devices that use the SHAREit app, including allowing remote system access and unauthorized access of transferred files.

Ray Rothrock: "Assume attackers are in your system"

As cyber attacks continue to increase, IT departments continue to be challenged by older techniques, such as targeted phishing attacks, because the attacks bypass perimeter defenses and are difficult to prevent.

Report: Israel cybersecurity startups attract large investments

Cybersecurity startups hold a premium position within Israel's investment ecosystem and are second only to the U.S., according to researchers at YL Ventures.

LeChiffre ransomware dissected, then cracked

Security researchers have devised a decryptor program for the LeChiffre ransomware, allowing users to unlock their stolen files for free.

Variant of DNS-changer adware works around Powershell restriction

Malwarebytes detected "a particularly interesting method" that coders used to circumvent default restrictions mandated for Powershell scripts.

Telephonic DoS tied to Ukraine power grid takedown

More information is being revealed regarding the late December attack on the Ukrainian power grid with reports indicating the attack on the utility was supported by a simultaneous telephonic denial of service (DoS)incident.

Flint hospital hit with cyber attack after Anonymous threatens action

Hurley Medical Center in Flint, Mich. was hit by a cyber attack Thursday after Anonymous threatened to take action over for the city's water crisis.

U.S. Air Force cyberspace weapon first to reach full operational status

The U.S. Air Force now boasts the first-ever cyberspace weapon system to reach Full Operational Capability status, the military branch announced earlier this week.

Google: Linux flaw impact on Android devices not as widespread as predicted

After patching a critical flaw in the Android OS's code and releasing it to open source, Google hinted that Perception Point's estimate that more than two-thirds of the devices would be impacted by the Linux vulnerability was "exaggerated,"

FBI indiscriminately used spyware in TorMail investigation, report says

The FBI is facing allegations from the press that it hacked into the TorMail accounts of innocent people during a 2013 investigation.

TeslaCrypt encryption key storage algorithm flaw lets victims retrieve files

A flaw in TeslaCrypt's encryption key storage algorithm - since fixed in version 3.0 - lets the trojan's victims retrieve their files, according to a report in

Google Chrome update includes 37 patches, two for high-risk vulnerabilities

Google promoted its Chrome browser to a stable channel and patched 37 bugs, two of them high risk.

Chinese soldiers involved in U.S. hacking scheme: Report

By connecting several dots together the Canadian government has tied what it believes are two Chinese soldiers to a hacking ring that included a third Chinese citizen currently living in Vancouver.

Clinton server could have been hacked by foreign adversaries, ex-Pentagon chief

Classified information on a server belonging to Hillary Clinton may have been hacked by foreign adversaries, ex-Pentagon chief Robert Gates said.

RSA event asking security execs for Twitter passwords

File it under "irony" or "misguided," but executives at some of the world's largest IT security companies willingly gave up Twitter passwords while registering for a security event.

Document: U.S. gov't OKs exploiting certain zero-days during investigations

The U.S. government acknowledges in its "Vulnerabilities Equities Process" (VEP) to sometimes condoning withholding information on zero-day vulnerabilities so they can be exploited for intelligence and law enforcement purposes.

Extradited Ukrainian hacker pleads guilty in U.S. court to ID theft, conspiracy

A Ukranian hacker Sergey Vovnenko pleaded guilty in a U.S. district court in New Jersey to aggravated identity theft and conspiracy to commit wire fraud.

Malwarebytes receives $50M funding

Malwarebytes received a $50 million Series B funding round from Fidelity Management and Research Co.

FireEye Snaps up iSight Partners in $200M cash deal

FireEye today announced it has acquired the privately held iSight Partners in a $200 million cash deal that was closed on January 14.

Putin's key internet adviser accused of owning a torrent site

Vladimir Putin's key adviser on internet-related affairs was accused of being the owner of a locally operated torrent site.

May the brute force be with you: Worst 2015 passwords pay homage to Star Wars

SplashData's list of the 25 worst passwords of 2015 includes multiple references to Star Wars: The Force Awakens, including "starwars," "solo" and "princess."

Dridex using Dyre tricks to deceive victims

Researchers at IBM's X-Force have observed the Dridex banking trojan using DNS cache poisoning attacks to redirect victims to fake banking sites.

U.S., Australia vow to take on ISIS cyberthreat together

Australian Prime Minister Malcolm Turnbull and President Obama promised to increase their team effort to combat the ISIS online threat.

Unregulated Chinese firms sell IMSI catchers on black market

Unregulated Chinese tech companies are selling IMSI catchers on the black market to oppressive regimes.

Intel patches vulnerable driver update utility

Intel today issued a patch to fix a vulnerability associated with the Intel driver update utility MiTM that could have been remotely exploited by a bad actor.

Kernel bug allows full takeover of Linux devices

Researchers discovered a serious vulnerability in the Linux operating system kernel that could allow attackers to take full control of Linux devices, including PCs, Android phones and servers.

ICS-CERT: Manufacturing sees greater share of 2015 critical infrastructure attacks

A report from the U.S. Department of Homeland Security's Industrial Control Systems Cybersecurity Emergency Response Team (ICS-CERT) noted a rise in reported cyberattacks against critical manufacturing organizations during 2015.

Gatekeeper flaw opens Apple systems to intrusion

Mac users who have long felt secure from cyberattacks, may now be susceptible owing to a reported flaw.

HSBC error leads to potential exposure of customer PII

HSBC bank is informing some of its customers that their personal information, including Social Security and various bank account numbers, may have been exposed to a third party.

Marijuana stock driven high, then dumped, by spam campaign

Symantec is investigating a pump and dump stock spam campaign that used the long-lived W.32 Waledac botnet to target a marijuana farming company possibly generating thousands in illegal profits.

Rep. Amash introduces bill to repeal fledgling Cybersecurity Act

A bipartisan coalition of U.S. House members led by Rep. Justin Amash (R-Mich.) introduced a bill that would repeal recently passed cybersecurity legislation.

Cisco patched critical bugs; would allow device takeover

Cisco patched multiple vulnerabilities, including two that are critical, affecting its wireless LAN Controller software, Identity Services Engine software, and Aironet access points.

Yijia Zhang sentenced to 31 months under CFAA

Yijia Zhang was sentenced to 31 months in prison for violating the Computer Fraud and Abuse Act (CFAA) when he stole electronic documents from his financial services company employer.

ICS-CERT: U.S. critical infrastructure susceptible to cyberattacks

A senior U.S. official said the direct connection of the industrial control systems (ICS) handling the country's critical infrastructure networks to the internet has led to an uptick in penetrations during the past year.

Let's spam! David Bowie death exploited by social engineering campaign

Cybercriminals wasted no time in exploiting the media attention focused on the passing of rock icon David Bowie.

Yahoo $4M settlement in email privacy case will go to lawyers

Yahoo Inc. has agreed to pay up to $4 million in fees to settle a class-action lawsuit filed, but the lawyers, not the plaintiffs will get the pay-out.

Audit: Network of U.S. Nuclear Regulatory Commission not optimized against cyberthreats

An audit of the Security Operations Center (SOC) responsible for securing the U.S. Nuclear Regulatory Commission's (NRC) network infrastructure reveals the SOC's procedures are currently not optimized to meet many cyberthreats.

Teen who reportedly hacked CIA email targeted National Intelligence director

Teen involved in hacking the CIA director's email last year is now claiming to have hacked into the National Intelligence director's account.

'High risk' for users of FRITZ!Box routers

A number of remote code execution bugs in several models of FRITZ!Box broadband routers could allow intruders to place phone calls through the device.

Trend Micro patched flaws would let hackers execute malicious code

Trend Micro patched several critical flaws in Password Manager found by a Google Project Zero research that allowed hackers to execute malicious code.

Amex, affiliate reports three breaches to California AG

American Express Travel Related Services Company reported three breaches to the California Attorney General.

Oregon militia accessed computers at occupied wildlife refuge: reports

The armed militia currently occupying the Malheur Wildlife National Refuge in Oregon reportedly breached a computer system at the facility and accessed personal information on employees who work at the station.

Recently patched XSS vulnerability on eBay invited spearphishing

A cross-site scripting (XSS) vulnerability on eBay's website that could have been exploited by spearphishers "to steal funds from people, use trusted eBay accounts to scam other users, and more," according to an independent researcher.

Judge thwarts Chicago police's attempt to deny public stingray records

A Cook County Circuit Court Judge yesterday denied a Chicago Police Department (CPD) motion to dismiss an activist's request for public documentation pertaining to the CDP's use of stingray devices.

Adobe addresses Reader, Acrobat issues on Patch Tuesday

Adobe's first Patch Tuesday of 2016 featured 17 fixes for various versions of Reader and Acrobat, all rated critical.

We can read encrypted emails on BlackBerry devices, Dutch team says

Despite an encrypted email service on BlackBerry smartphones, forensic investigators in the Netherlands said they can read encrypted messages sent on the devices.

First major blackout caused by hackers likely due to malware, says SANS

A cyberattack on a power plant in the Ukraine "demonstrated planning, coordination and the ability to use malware," says SANS.

Microsoft ends support for old Internet Explorer versions Jan. 12

Microsoft is ending support for older versions Internet Explorer (IE) starting January 12.

NHTSA closes investigation into Fiat Chrysler vehicle hack

The NHTSA closed an investigation into Fiat Chrysler after determining that non Fiat Chrysler entertainment units weren't vulnerable.

St. Louis Cards official pleads guilty to hacking Astros site

A former director of baseball development for the St. Louis Cardinals pleaded guilty to charges of accessing computers belonging to the Houston Astros without authorization.

Turkish hacker's latest sentence brings total to unprecedented 334 years in jail

A Turkish criminal court sentenced a 26-year-old Onur Kopcak to 135 years in prison on Sunday for stealing 11 consumers' credit card information and selling it on the black market.

Facebook cookie challenged in EU

A court ruling on Monday upped the challenge to Facebook on how the social media site uses a cookie to track data of European citizens.

GM teams with HackerOne on vulnerability submission program

General Motors launched a vulnerability submission program earlier this week, promising not to sue researchers who submit their findings through the program website who follow its guidelines.

Malvertising campaign on PopAds uses pop-under ads to spread CryptoWall 4.0

Researchers at Malwarebytes uncovered a malvertising campaign on the PopAds network that launches the Magnitude exploit kit (EK), infecting victims using old versions of Flash Player with CryptoWall 4.0 ransomware, according to a blog post.

VTech unveils home monitoring system, promises tighter security

Unveiling a porfolio of new devices at CES as part of its Wireless Monitoring System, VTech claimed it's tightened security to better protect customers' personal data.

U.S. utilities warned to beef up defenses following Ukraine attack

Following a cyberattack on a utility provider in the Ukraine, the Electricity Information Sharing and Analysis Center warned its members to improve their network defenses.

Cyberscammers cashout on fake Instagram profiles, porn

Researchers at Symantec spotted cyberscammers making money using fake Instagram profiles to lure users to adult sites.

South Korea boosts cyberdefenses against the DPRK

In the wake of North Korea testing a nuclear device earlier this week, the South Korean military has raised its cybersecurity level as a precautionary measure.

DarkSideLoader rogue app store available to non-jailbroken iOS devices

Researchers identified a rogue app store that is accessible from anywhere in the world and allows users to download iOS apps to non-jailbroken devices.

Federal court dismisses Michaels class action suit

A federal court judge said plaintiffs didn't show harm after a 2014 data breach at Michaels Stores Inc.

Time Warner Cable says 320,000 customer emails potentially stolen

Time Warner Cable (TWC) is blaming a phishing attack conducted on one of its vendors for a data breach that may have resulted in 320,000 TWC customer emails and other personal information being stolen.

WordPress 4.4.1 patches 52 issues, adds new emojis

WordPress issued its latest security release, version 4.4.1, to patch more than 50 problems, including a cross-site scripting vulnerability affecting versions 4.4 and earlier.

Gozi co-author who plead guilty spared more prison time

The Latvian man who admitted to co-authoring the notorious banking malware will be spared further jail time.

Zerodium offers $100K bounty to crack new Flash security feature

The security exploit acquisition firm Zerodium announced a $100,000 bounty to anyone capable of bypassing Adobe Flash Player heap isolation mitigation protocol.

Sign up to our newsletters