A flurry of legislative activity on Capitol Hill hints that Congress may be shaking off its inertia and there may be some long-awaited forward movement on key issues.
Researchers with Malwarebytes have identified a malvertising attack carried out through Merchenta, an advertising network that claims to reach more than 28 billion consumers per month in the U.S.
CloudLock released its "Cloud Cybersecurity Report: The Extended Perimeter" earlier this week that looked at enterprises' use of cloud applications and storage.
The New York resident, Mario Chuisano, was also ordered to pay nearly $2.7 million in restitution.
The New York State Department of Financial Services issued an update on cyber security in the banking sector with concern to third-party service providers.
Trustwave also found that the Punkey threat family and NewPosThings share the same code base.
The campaign was written about by Trend Micro in October 2014, and the latest findings highlight some new tactics being used by the attackers.
A whopping 82 percent of security and IT pros surveyed in an ISACA and RSA Conference study believe cyberattacks will rise in 2015 and 35 percent say they can't find qualified talent to fill security positions.
An Arkansas lawyer representing whistleblowers asked a court to sanction an Arkansas police department after a hard drive he had provided for discovery materials was returned with malware on it.
After analyzing a phishing attack, Kaspersky found that ensuing email correspondence could be linked to two APT groups, Naikon and Hellsing.
The Critical Patch Update released by Oracle on Tuesday includes 98 security fixes, and is the final release of public updates for Java 7.
Symantec's annual threat report doesn't exactly depict a rosy cyber security world.
Verizon says it has a new-and-improved model for determining breach costs.
Microsoft addressed 26 vulnerabilities in 11 bulletins for its monthly Patch Tuesday release, and four of the bulletins are deemed critical.
After continuously trying to regain access to a specific target's systems, Hurricane Panda willfully stepped away once it saw that the company was monitoring Indicators of Attack (IOA).
Less than a week after the 'Beebone' botnet was taken down, INTERPOL Global Complex for Innovation, along with other global companies and agencies, has dismantled the 'Simda' botnet.
Trend Micro warns that the threat could spread, as the sole perpetrator of the attacks is selling the malware.
Researchers with Cylance identified the "Redirect to SMB" technique, which can enable the theft of user credentials from PCs, tablets and servers running any version of Windows.
Nearly half of Americans file their taxes online, and of those who do, 65 percent file them on an open access WiFi network, according to new research from Protect Your Bubble.
The campaign is being referred to by ESET researchers as Operation Buhtrap, and is believed to have been active for longer than a year.
The malware, which is still spread through phishing emails, is now in its third iteration, Kaspersky Lab researchers revealed.
A botnet of more than 12,000 computers was taken down on Wednesday through a collaborative effort by various international law enforcement agencies and tech companies.
Cyphort Labs researchers observed a number of popular forum websites redirecting visitors to the Fiesta Exploit Kit.
Apple released iOS 8.3 on Wednesday along with updates to OS X Yosemite, OS X Mavericks, OS X Mountain Lion, Safari, Xcode and Apple TV.
The FTC imposed a $25 million fine, its largest data privacy enforcement fine to date, on AT&T for three call center breaches that exposed information on 280,000 customers.
The 2015 Websense Threat Report found that threat actors are employing previously used C&C URLs to launch new threats.
"Webpage Screenshot," a Google Chrome extension, was found to be malicious by two security firms earlier this week.
The AlienSpy remote access trojan (RAT) is being sold to attackers via subscription plans, ranging from around $20 to $220.
The FBI warned that individuals sympathetic to ISIL, or ISIS, are defacing WordPress websites by exploiting vulnerabilities in plugins.
CNN has reported that Russian hackers used their intrusion into the State Department's systems as a way to get into White House systems.
The responses of global practitioners were compared with Global 1000 security execs, which provided a best practices benchmark.
A new attack, drive-by-logins, allows attackers to target specific victims on sites they trust.
Venafi Labs researchers found that 74 percent of 1,642 Global 2000 organizations had not completed Heartbleed remediation across all public-facing servers.
The ransomware, detected by Trend Micro as CRYPVAULT, is being distributed as an attachment in spam emails and is targeting Russian speakers.
To the chagrin of the ACLU, the Department of Homeland Security (DHS) has renewed its efforts to procure license plate reader (LPR) data through a third party.
NIST and NARA collaborated to produce the final draft of "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations."
Kevin Bollaert, 28, operated the now-infamous revenge porn sites U Got Posted and Change My Reputation.
Snapchat issued its first transparency report on Thursday, which disclosed the more than 300 government requests the company received for user data over the past four months.
Trend Micro believes that point-of-sale malware attackers will increasingly target travelers.
With standards language clarified by the W3C, Microsoft says removing DNT from default settings lets users, not vendors, express tracking preference.
The rate of Potentially Harmful Application installs on Android devices decreased nearly 50 percent from early 2014 to later that year, according to a Google report.
Austin Alcala, 19, is the fourth member of an international hacking ring to plead guilty in the case.
One individual being charged allegedly set up a website on the dark web that was dedicated to manufacturing and selling the counterfeit Federal Reserve Notes.
Google made the decision after investigating a security incident in which digital certs were "misissued."
On Wednesday, the President declared the need to address "malicious cyber-enabled activities" orchestrated by foreign attackers a national emergency.
Check Point Software Technologies issued a report on the group, which has been targeting enterprises since 2012, with its customized "Explosive" malware.
A Blue Lava Consulting survey of more than 300 information security professionals shows that progress in reshaping security model, but highlights challenges ahead.
According to a new CompTIA study, human error accounts for 52 percent of the root cause of security breaches.
IBM will investing $3 billion over the next four years to establish a new Internet of Things (IoT) business unit along with a cloud-based platform to help build IoT solutions.
Symantec researchers wrote in a Monday blog post that the malware is being used to target energy sector companies, primarily in the Middle East.
In a recent survey, most, but not all, security professionals said they'd refuse to negotiate with cybercriminals.
An unauthorized third party generated suspicious activity on some Executive Club and Registered Customer accounts.
The Electronic Frontier Foundation obtained government documents about its use of zero-days and its policy for when to disclose them.
GitHub.com was reportedly overwhelmed by traffic that was hijacked from Chinese search engine Baidu.
The screen sharing platform Puush was hit by a cyber attack this weekend that injected malware into the server.
The company released its newest transparency report iteration on Thursday, which demonstrated a drop in requests from the prior six months.
Symantec observed that the botnet services were being advertised on the underground, but also through public postings.
The number of product vulnerabilities reported in 2014 jumped up 18 percent, according to research from Secunia.
In a Ponemon report, 2,300 security pros provided their two-year outlook on cryptographic key and digital certificate attacks.
Visitors to XTube could be redirected to the Neutrino Exploit Kit, which Malwarebytes Labs researchers observed exploiting a Flash vulnerability.
In the Lookout survey, only five percent of smartphone users said they would take the most steps to protect work-related data.
The New York Daily News website and Metacafe website were among the sites serving malvertisements, according to Malwarebytes researchers.
The event is said to be TrustyCon's successor.
Menlo Security defines "risky" as meaning the website is compromised, or is running vulnerable software that puts it at risk of being compromised.
Palo Alto Networks detailed a vulnerability in the way apps are saved on Android in a Tuesday blog post.
BeyondTrust released its 2015 survey on the state of privileged account management.
On Monday, Reps. Luke Messer and Jared Polis will reportedly introduce the legislation in the House.
Cisco identified a new point-of-sale malware family that researchers are referring to as 'PoSeidon.'
Although a highly critical Drupal SQL injection vulnerability was patched nearly six months ago, attackers continue to successfully exploit websites that have failed to update their systems.
The variant takes new measures to avoid VM detection, PhishMe researchers found
The group, known as Rocket Kitten, has shifted tactics in its latest campaign, referred to by Trend Micro as Operation Woolen-GoldFish.
The threat information-sharing bill was approved by the Senate Intelligence Committee last week.
Although most IT professionals believe mobile apps in the workplace have increased security risks, less than half of organizations have a policy in place to define acceptable mobile app use.
In mid-April 2014, Premera received an audit report and was advised, in 10 recommendations, to address vulnerabilities.
Crowd Research Partners conducted a study with cooperation from AlertLogic, AlienVault, Bitglass and other cloud security providers.
Despite Google's new review process, mobile security company Lookout recently identified 13 apps with adware that made it into Google Play.
A New York court ordered the Erie County Sheriff's Office to turn over documents about its purchase and use of stingray devices to the New York Civil Liberties Union (NYCLU) earlier this week.
Researchers were able to exploit a hardware bug, called "rowhammer," to obtain kernel privileges.
If modified, Rule 41 would give judges the ability to grant search warrants for electronic information located outside their judicial district.
Premera Blue Cross announced on Tuesday that attackers had gained unauthorized access to its IT systems.
The Pew Research Center surveyed hundreds of American adults about their behaviors online and the steps they've taken to keep their identity and actions hidden.
Facebook said that at least some data was produced for nearly 80 percent of the requests.
Three days after Yahoo announced its new "on-demand" passwords (ODP), the company's CISO Alex Stamos took to Twitter to defend the company's decision and address criticism from the security community.
Facebook and Twitter joined Google and Reddit in updating their community standards to ban certain images and clarify what is acceptable and what's not.
The Obama administration announced a proposed amendment to existing law that would give federal courts more authority in the ongoing was against botnets.
Yahoo took advantage of South by Southwest's (SXSW) opening weekend this week to make major announcements surrounding its services' security, including the launch of its "on-demand" password service.
Four months after it revealed that hackers had breached its non-classified email system, the State Dept. said it would take some systems offline temporarily to bolster security.
A software glitch exposed the private WHOIS information of 94 percent of the nearly 306,000 domains registered via Google App using eNom, Cisco Talos found.
Bromium Labs detailed a new ransomware campaign that holds video game and iTunes files hostage.
Malwarebytes researchers observed Facebook users being infected with a worm when clicking on a link in a post promising pornographic content.
Four privacy and technology experts met on Wednesday night to debate the ruling and whether it should be implemented in the U.S.
In the CyberEdge Group report, 22 percent of respondents said that their organization was successfully attacked more than six times in 2014.
The percentage of companies compliant with PCI DSS Requirement 11 dropped to 33 percent last year, a Verizon report found.
Blue Coat Systems, Inc., a Sunnyvale, Calif.-based enterprise security solutions provider, has announced that it will be acquired by Bain Capital for $2.4 billion.
The malware purports to be an Adobe Flash update, and was detected by Trend Micro as TROJ_VICEPASS.A, or VICEPASS.
The flaw could ultimately expose user data, saved to Dropbox through vulnerable third-party apps, to attackers.
Veracode researchers analyzed a pool of about 400,000 applications installed in multiple global enterprises in various industries.
Trustwave polled security professionals on the pressures they felt this past year to keep their enterprise secure.
Clinton said that the private email system she used during her tenure as Secretary of State was "effective and secure."
The tech giant released five critical patches and nine important updates.
Sign up to our newsletters
SC Magazine Articles
- Cyber attacks to rise, but competent security talent scarce, study says
- APT group detects threat monitoring and backs away in documented first
- Researchers identify attack technique, all Windows versions at risk
- FighterPOS malware strikes over 100 terminals in Brazil, captures info for 22K cards
- Microsoft addresses 26 vulnerabilities, some critical, on Patch Tuesday
- Human error cited as leading contributor to breaches, study shows
- Data possibly exposed for more than 364K Auburn University students
- IBM will invest $3 billion in new IoT unit
- Banking industry security protocol falters in third-party vendor contracts
- Cyber attacks to rise, but competent security talent scarce, study says
- Cybersecurity bills move forward on Capitol Hill
- Flash EK leveraged in potentially widespread malvertising attack
- Study: Average organization has 4,000 instances of exposed credentials stored in the cloud
- Member of group that hacked Farmers Insurance, DirecTV, sentenced to 3 years
- HSBC mortgage customer info was publicly accessible on the internet