Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.

Feds: $45M drained from bank accounts in international cyber heist

Feds: $45M drained from bank accounts in international cyber heist

For their role in a brazen heist, eight New York-area individuals are accused of withdrawing around $2 million in one day from hacked prepaid debit card accounts. Globally, the crime ring was responsible for stealing around $45 million.

Hackers hit domain registrar, access credit card data and passwords

Name.com said it believed its encryption is sufficient enough to prevent the hackers from using any of the sensitive information that was stolen.

Microsoft offers temporary fix for live Internet Explorer exploit

The software giant is trying to put the brakes on a serious flaw that is being leveraged as part of possible espionage campaign against U.S. energy workers.

OpUSA hacktivist campaign failed to produce much mayhem

DHS said the operation would likely culminate in "limited disruptions" and "nuisance-level attacks" against websites of government agencies and U.S. banks. And that appears to be what happened.

Senators introduce bill that would flag countries, products that benefit from espionage

Senators introduce bill that would flag countries, products that benefit from espionage

The proposal from two Republican and two Democratic senators requires the director of national intelligence to create a "watch list" of nations suspected of cyber spying.

SpyEye trojan developer and marketer extradited to U.S. to face charges

SpyEye trojan developer and marketer extradited to U.S. to face charges

One of the masterminds behind the pernicious SpyEye banking trojan has been extradited to the United States, where he will face charges for computer and wire fraud.

Pentagon clears new versions of Samsung, BlackBerry for mobile use

Pentagon clears new versions of Samsung, BlackBerry for mobile use

Once exclusively a BlackBerry shop, the U.S. Department of Defense is close to expanding its mobile device usage to Android and Apple iOS platforms as they prove their enterprise security resiliency.

Stats confirm that trojans spreading, malware being built at record rates

Stats confirm that trojans spreading, malware being built at record rates

PandaLabs confirms what many of us already assumed to be fact: Malware is growing at never-before-seen levels. But it's got the statistics to back it up.

U.S. Department of Labor website was serving zero-day Internet Explorer 8 exploit

U.S. Department of Labor website was serving zero-day Internet Explorer 8 exploit

Originally, researchers believed that the Labor Department site led to malware that took advantage of a known vulnerability. But that is no longer the case, and Microsoft has confirmed a fresh, unpatched vulnerability in IE 8.

Medical identity theft to be explored at FTC hearing

Medical identity theft to be explored at FTC hearing

Concerns over identity theft affecting senior citizens prompted the hearing.

Adobe confirms PDF tracking issue, plans to ship fix soon

Adobe confirms PDF tracking issue, plans to ship fix soon

The software maker seemed to downplay the threat posed by issue, which McAfee is calling a security vulnerability that could be used in APT-style campaigns.

U.S. Department of Labor web page serves watering hole attack

According to reports, the compromised page, for the Site Exposure Matrices (SEM), has been cleaned, but it remains offline.

Websites gradually shedding vulnerabilities, though most still contain a serious one

Websites gradually shedding vulnerabilities, though most still contain a serious one

WhiteHat Security's annual survey of tens of thousands of websites also studied whether certain best practices are helpful in preventing such flaws as information leakage and cross-site scripting.

Company that manages users' online reputation hit by breach

Sensitive information and encrypted passwords of customers were accessed, according to Reputation.com.

Report: Army database housing sensitive data on major U.S. dams breached

An intruder gained access to the U.S. Army Corps of Engineers' National Inventory of Dams (NID) in January, according to a spokesman for the military command.

Company news: A new CTO at Easy Solutions and Tufin Technologies' new hire

This month's company news include a new CTO at Easy Solutions, ForeScout's new CFO, and the new vice president of marketing at Tufin Technologies.

News briefs: Malware cripples South Korea, largest DDos ever, and more

News briefs: Malware cripples South Korea, largest DDos ever, and more

This month's news briefs cover recent headlining bits on the malware that struck South Korean companies, a new law requiring federal agencies to review IT equipment sourced from China, and more.

New Ramnit variant seeks to evade two-factor authentication

The trojan carries out a one-time password scam. Researchers who studied the new malware strain, affecting U.K. bank customers, said they are fascinated by the attention to detail the fraudsters applied to the ruse.

FinFisher command-and-control hubs turn up in 11 new countries

That brings the total number of nations found to be housing C&C servers for the spy software, either actively or in the past, at 36.

Researchers investigate Adobe vulnerability that enables a PDF to be tracked

Researchers investigate Adobe vulnerability that enables a PDF to be tracked

McAfee said it considers this a security issue because the flaw could be leveraged as part of a malicious attack to gather reconnaissance about a target.

Dutch man alleged with carrying out widescale DDoS on Spamhaus arrested

Sven Olaf Kamphuis, a man from the Netherlands with ties to Dutch web host CyberBunker, reportedly has been pegged as the suspect.

LivingSocial updates encryption practices after password breach affects 50m

LivingSocial updates encryption practices after password breach affects 50m

On Friday, the popular coupon site announced that hackers breached its servers.

Controversial government program gives ISPs immunity from wiretapping laws

AT&T and CenturyLink were given legal immunity to turn over threat-related data on their networks to the government.

Study: DDoS attacks increase across industries

Although attacks on the financial sector get a majority of the headlines, disruptive threats in the retail industry have more than doubled in the last year.

Travnet trojan compresses files to send more info to data thieves

The Travnet botnet uploads Microsoft Office files, PDFs and text files to remote servers run by attackers.

Study finds hosting providers offer phishing paradise

The Anti-Phishing Working Group found that 47 percent of all phishing attacks involve shared web hosting, like one might find on WordPress or Joomla.

Adobe names Brad Arkin its first-ever CSO

Adobe names Brad Arkin its first-ever CSO

Arkin will report to Bryan Lamkin, senior vice president of technology and corporate development, and he will work in partnership with CIO Gerri Martin-Flickinger.

Going digital poses a challenge for critical infrastructure operators

Not only are there new security concerns, but leaders must ensure disparate groups of workers can adequately collaborate.

Panel: Expect productivity gains with BYOD

A panel of CISOs speaking this week in London said businesses will benefit from an environment in which employees are entrusted with their own mobile devices.

Two-factor authentication may have done little to stop the AP Twitter hijack

Two-factor authentication may have done little to stop the AP Twitter hijack

Ample criticism has been lobbed toward Twitter after Tuesday's false AP tweet that President Obama was injured in an apparent attack on the White House. But could the microblogging service have prevented this?

Alleged LulzSec leader charged with hacking Australian government site

Alleged LulzSec leader charged with hacking Australian government site

Matthew Flannery, who is employed at a Sydney, Australia-based IT firm, faces up to 22 years in prison if convicted of the alleged offenses.

Security pros must be master negotiators to gain executive support

A panel of CISOs at the InfoSecurity Europe conference in London agreed that by communicating with executives in a way that they can comprehend - specifically in terms of risk and business growth - everybody wins.

Fake AP tweet says Obama injured in White House explosion

Phishing attacks may have enabled hackers to hijack the Twitter account of the Associated Press to post a message Tuesday that there had been explosions at the White House and that President Obama was injured.

New Java exploit on the loose following recent security update

New Java exploit on the loose following recent security update

In addition to the exploit, which leverages a recently patched bug, a researcher has discovered a fresh vulnerability in the newly minted version of Java SE.

Latest Gozi trojan variant comes packaged with rootkit

Despite the arrests of Gozi ringleaders, the banking trojan still persists and is behind thousands of new infections in the United States.

Verizon study finds China-based groups behind 96 percent of espionage attacks

The landmark annual data breach report analyzed 621 breaches from caseloads across 19 organizations throughout the world.

DDoS attacks continue to grow in size

DDoS attacks continue to grow in size

The average size of distributed denial-of-service (DDoS) attacks have weighed in at 20 percent higher so far this year than they did in 2012, according to statistics released Monday by security firm Arbor Networks.

BadNews infections in Google Play spread premium-rate SMS trojan

Attackers wanting to compromise apps in Google's official store leveraged an advertising network to foist their malware to unsuspecting victims.

ACLU asks FTC for help forcing mobile carriers to patch bugs faster

The American Civil Liberties Union has filed a complaint with the Federal Trade Commission over several major carriers' alleged sluggish patching practices, a concern for enterprises as BYOD pervades the business world.

Reddit site downed by DDoS attacks

It's unclear if the attack is related to members' efforts to identify possible suspects in the Boston bombings.

CISPA passes House amid continued concerns over inadequate privacy safeguards

CISPA passes House amid continued concerns over inadequate privacy safeguards

In a bipartisan victory for a measure that would formalize threat intelligence sharing, the U.S. House passed the bill in a 288-to-127 vote, drawing more Democrats than when a version was approved last year. CISPA now moves to the Senate.

Threats from the web becoming more prevalent than network worms

Client-side, web-based threats are beginning to overtake malware mainstays such as Conficker, according to a Microsoft report.

Trojan uses "magic" code to infect organizations around globe

A trojan that uses a "magical" authentication code to communicate with its command-and-control server has compromised thousands of organizations around the globe. So far, however, it has remained largely silent.

Boston Marathon blasts breed malware ruses, surge in dubious websites

As expected, the web's unscrupulous element is taking advantage of the attention surrounding the Boston Marathon bombings to spread malware and trick people into donating to fake causes.

Oracle releases 42 fixes for Java bugs as part of wider security update

An improved notification system will help protect users from running risky applications from untrusted sources.

White House threatens CISPA veto, again

White House threatens CISPA veto, again

The Obama administration said it is perturbed by the same reasons it promised a veto last year - privacy protection.

"Syrian Electronic Army" defaces NPR website, Twitter accounts

"Syrian Electronic Army" defaces NPR website, Twitter accounts

The SEA, believed to be made up of supporters of the repressive regime of Syrian President Bashir Assad, implied in a tweet that NPR should know why it was targeted.

"Watering hole" websites present largest innovation for targeted attacks

Symantec's annual "Internet Security Threat Report 2013" concentrated on the success attackers are attaining by sabotaging legitimate websites.

Schnucks supermarket chain discloses breach that stole 2.4 million credit card numbers

Schnucks supermarket chain discloses breach that stole 2.4 million credit card numbers

The numbers corresponded to cards used by shoppers at 79 of 100 Schnucks Markets locations in the Midwest. The attacks may have persisted as long as four months, from last December through March 29.

WordPress attacks showcase botnet owner's expanding tricks

More than 90,000 IP addresses were used to crack admin accounts on the blogging platform.

Obama proposes $800m cyber budget increase for Pentagon

Obama proposes $800m cyber budget increase for Pentagon

The president recommended that $4.7 billion be allocated to the Pentagon for cyber initiatives in the fiscal year beginning Oct.1. That includes earmarks for offensive missions.

Researcher demonstrates Android app that could hack airplanes

Researcher demonstrates Android app that could hack airplanes

The "PlaneSploit" application was three years in the making, and is able to remotely attack flight management systems, though the program was built to only work on virtual aircraft.

Microsoft shelves patch, asks customers to uninstall, after error discovered

The software giant said applying the update could prevent machines and applications from properly restarting and loading.

CISPA moves forward, but rejected amendments frustrate privacy advocates

CISPA moves forward, but rejected amendments frustrate privacy advocates

The amendments to the threat intelligence sharing bill would have tightened controls around the corporate release of personally identifiable information to three-letter agencies, including the NSA.

Bitcoin mining botnet has become one of the most prevalent cyber threats

Bitcoin mining botnet has become one of the most prevalent cyber threats

Fortinet researchers have tracked 100,000 new ZeroAccess trojan infections per week, making the botnet very lucrative to its owners.

House Intelligence Committee OKs amended version of controversial CISPA

House Intelligence Committee OKs amended version of controversial CISPA

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.

Microsoft fixes three "critical" flaws with Patch Tuesday release

The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.

White House says new Chinese IT equipment rule may disrupt business without helping security

White House says new Chinese IT equipment rule may disrupt business without helping security

Several U.S. trade groups also have objected to the provision, part of a recently passed appropriations bill, which bars certain federal agencies from buying IT tech gear produced by Chinese government-related companies.

Court says Hannaford breach lawsuit doesn't meet standards of class-action

Plaintiffs' failure to have an expert verify their damages was a "fatal" flaw in the case, according to a federal judge.

Judge says lawsuit against comScore can proceed as class action

The web measurement company is accused of secretly collecting data on millions and then sharing it with clients.

Roughly 20 charged in Eastern Europe with building Carberp banking trojan

Law enforcement in Russian and Ukraine have dealt a major blow to a prolific banking malware operation.

"Right to Know" bill proposes more transparency for California data collectors

"Right to Know" bill proposes more transparency for California data collectors

The state, no stranger to pioneering data security and privacy legislation, is at it again with a proposed measure that would force companies to be transparent about with whom they are sharing customer information.

April's Patch Tuesday from Microsoft includes another Internet Explorer patch

April's Patch Tuesday from Microsoft includes another Internet Explorer patch

The software giant expects to distribute eight other fixes to correct vulnerabilities in Windows, Office, Server Software and Security Software.

Malware tries to invade technology companies once every 60 seconds

Malware tries to invade technology companies once every 60 seconds

No matter the industry, organizations are facing a flurry of sophisticated attacks, with the main goal being to hijack intellectual property, according to new findings from security firm FireEye.

Sophos' flagship web security product open to attack

The security company is urging customers to upgrade to the latest version of the appliance, which is not susceptible to the vulnerabilities reported Wednesday by researchers at SEC Consult.

Android malware targeting Tibetans has state-sponsored fingerprints

New clues turned up by researchers at the University of Toronto show that an Android malware spy campaign appears to be the work of Chinese hackers, possibly with the assistance of the nation's government or a major corporation.

Public safety personnel targeted by DoS attacks flooding phone lines

Fraudsters pretending to be from collections companies are seeking to recover non-existent loans. If victims don't pay up, their administrative call centers are hit by telephone denial-of-service attacks. 9-1-1 lines weren't targeted.

Market for DDoS prevention to hit $870 million

Despite being an age-old problem, recent DoS and DDoS attacks are driving huge growth for mitigation solutions.

China unhappy with new U.S. requirement that its IT gear must face review

The rule, part of a general appropriations bill signed by President Obama last week, comes following growing evidence of China's organized cyber espionage operations.

Company news: dinCloud's new CTO, and Bluebox Security's new research team

This month's company news features new additions to the dinCloud, Tripwire, and Crocus Technology, as well as Bluebox Security's new research team that will analyze mobile security threats.

News briefs: Mandiant uncovers espionage, Evernote is breached, and more

News briefs: Mandiant uncovers espionage, Evernote is breached, and more

This month's news briefs includes recent news on Mandiant uncovering China's cyber espionage efforts, security firm Bit9's breach, and the Obama administrations latest efforts on combating the theft of trade secrets.

Federal judge to weigh in on FBI's "stingray" cell phone surveillance

In a matter of weeks, an Arizona federal judge is expected to decide whether the FBI illegally caught an accused fraudster.

Web-based malware threats primary challenge for industry pros, survey says

Of the companies polled in a recent survey, eight in 10 indicated that they experienced web attacks in 2012.

Anonymous takedown of Koch sites leads to indictment of Wisconsin man

Eric Rosol, 37, of Wisconsin was indicted Tuesday by a grand jury.

New U.S. law says government agencies will need OK before buying Chinese IT equipment

According to the legislation, the review process will quell cyber espionage threats from China.

New study finds malware variants skirting AV, mostly delivered via web

New study finds malware variants skirting AV, mostly delivered via web

As the debate on the usefulness of anti-virus continues, recent research reveals that a majority of malware is delivered via web browsing, skirting AV along the way.

Alleged fight between anti-spam group and blacklisted company incites massive DDoS

Alleged fight between anti-spam group and blacklisted company incites massive DDoS

Spam-fighting nonprofit Spamhaus says the DDoS attacks began more than a week ago.

Research reveals 94 percent of endpoints currently running outdated versions of Java

Owing to outdated browsers, an attack aimed at older Java vulnerabilities can be just as successful for miscreants as targeting new vulnerabilities, according to new research.

Report: Among simple, yet effective web app attacks, cloud environments hit hardest

A security firm found that more than half of survey respondents were impacted by web application attacks.

Draft of cyber bill exacerbates flaws of anti-hacking law

Draft of cyber bill exacerbates flaws of anti-hacking law

The bill draft, which is in a preliminary stage, included harsher penalties for Computer Fraud and Abuse Act violations.

Spear phishes used to infect South Korean corporate networks

Security researchers have found evidence that, not surprisingly, social engineering tactics were leveraged by the attackers, who set their malware to "go off" three days after reaching victims.

New "watering hole" attack plants malware at news sites to spy on Chinese dissidents

New "watering hole" attack plants malware at news sites to spy on Chinese dissidents

A recently fixed Internet Explorer vulnerability is being leveraged to spy on the activists.

VSkimmer trojan steals card data on point-of-sale systems

VSkimmer trojan steals card data on point-of-sale systems

The trojan was recently a topic of discussion on an underground Russian forum, researchers found.

Apple releases two-factor authentication

Apple releases two-factor authentication

Apple ID and iCloud users will now have the option to use the security feature for purchases or account changes.

Yontoo adware used to cash in on clicks targets Mac and Windows users

Saboteurs are spreading the Yontoo trojan, which infects computers so they display certain advertisements to infected users.

South Korean corporations hit by widespread attack that wiped data and shut down systems

Researchers at Symantec believe a trojan called "Jokra" was used in the attacks. Neighboring North Korea is considered a suspect, but there's no evidence suggesting it is to blame.

Lawmakers propose change to "outdated" email privacy law

Senators say current provisions of the Electronic Communications Privacy Act give law enforcement too many liberties when accessing the electronic communications of Americans.

Florida voting "hack" shows how voting is susceptible to logic attacks

A failed attempt to rig an election in Florida doesn't mean hackers won't find another way in as electronic voting becomes more common.

Two men charged with hacking Subways to load up gift cards

The defendants are accused of selling vulnerable point-of-sale equipment to Subway franchises, and then hacking into the systems to add $40,000 in value to gift cards, which they sold or kept for themselves.

Experiment shows how often hackers want to attack critical infrastructure

Experiment shows how often hackers want to attack critical infrastructure

Honeypots installed by researchers at security firm Trend Micro provided bait for 39 attacks on simulated ICS environments over the course of a month.

Hacker who wanted to embarrass AT&T sentenced to 41 months

Andrew Auernheimer is an alienating figure in certain web communities, but many security researchers have come to his defense, claiming he's a victim of an overreaching criminal justice system. Prosecutors disagree.

Welcome to the new and improved SCMagazine.com

Welcome to the new and improved SCMagazine.com

With new capabilities and seamless design, the top website for information security news, opinions, analysis and more has gone through a comprehensive redesign.

Popular ad blocking app nixed from Google Play

Known for creating an undeterred web surfing experience and bolstering privacy, Google has decided to remove AdBlock Plus from its Android market place.

Apple updates Mountain Lion OS, includes Java Web Start fix

Apple updates Mountain Lion OS, includes Java Web Start fix

The security update patched 21 vulnerabilities and a Java Web Start bug that could allow apps to be launched automatically.

Legal fight between Cisco and Swiss firm continues with latest data theft accusations

Swiss firm Multiven has accused Cisco of using "scraping" software to steal thousands of its files.

Advertisement

How to Prevent Insider Threats!

POLL