Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House cyber guru says

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via SMS

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.

DHS investigates possible vulnerabilities in medical devices, report indicates

DHS investigates possible vulnerabilities in medical devices, report indicates

Reuters reported on Wednesday that DHS is investigating roughly 24 cases of suspected vulnerabilities in medical devices and hospital equipment.

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit card data

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts say

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.

Pennyslvania man sentenced after 'swatting' prank

Pennyslvania man sentenced after 'swatting' prank

David Barnhouse was sentenced to 18 months in prison after he hacked into a neighbor's Verizon FiOS router to post a bomb threat on a Pennsylvania mall's website.

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for real-time cell location tracking

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger components

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.

Hacker sentenced to 30 months in prison and $300k restitution

Hacker sentenced to 30 months in prison and $300k restitution

Lamar Taylor was sentenced in New Jersey this past week for allegedly participating in a cybercrime scheme that accounted for more than $15 million.

President signs Executive Order to improve payment security

President signs Executive Order to improve payment security

President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.

Security, tech firm coalition fights Hikit actors, other advanced groups

Security, tech firm coalition fights Hikit actors, other advanced groups

The coalition began as an effort to stop the spread of the Hikit trojan, previously known for targeting U.S. defense contractors.

Phishing email delivers keylogger malware, also takes screenshots

Phishing email delivers keylogger malware, also takes screenshots

The malware has various features, including the ability to start persistently, take screenshots and bypass user access controls.

Updates, changes to security, could lessen POODLE's bite

Updates, changes to security, could lessen POODLE's bite

Security pros urge operators and users to nix support for the popular, but antiquated, SSL v3.0.

SSDP reflection DDoS attacks on the rise, Akamai warns

SSDP reflection DDoS attacks on the rise, Akamai warns

Attackers are abusing SSDP to carry out reflection and amplification DDoS attacks, according to a PLXsert threat advisory released by Akamai.

POODLE exploits SSL 3.0 fallback

POODLE exploits SSL 3.0 fallback

Researchers at Google have discovered a flaw in SSL 3.0 that allows attackers to exploit the popular cryptography protocol and intercept communications.

Report examines cloud-based security market drivers, concerns

Report examines cloud-based security market drivers, concerns

NSS Labs highlighted the growth of security-as-a-service (SaaS) vendors, and issues facing the market.

Oracle addresses vulnerabilities with 154 security fixes

Oracle addresses vulnerabilities with 154 security fixes

Several of the vulnerabilities addressed by Oracle in its Critical Patch Update can be remotely exploitable without authentication.

On Patch Tuesday, Microsoft plugs 24 bugs, including three zero-days

On Patch Tuesday, Microsoft plugs 24 bugs, including three zero-days

For the month of October, the tech giant released eight patches, including three critical fixes.

'Sandworm Team' exploits zero-day bug in espionage campaign

'Sandworm Team' exploits zero-day bug in espionage campaign

A group of cybercriminals believed to be Russian are exploiting a zero-day vulnerability to deliver malware and gather information from various organizations around the world.

Kmart breach likely exposed payment card data

Kmart breach likely exposed payment card data

Sears revealed in a filing to the SEC that Kmart systems were infected with malware "undetectable" by current AV solutions.

Zero-day attackers exploit Windows kernel, Patch Tuesday brings fix

Zero-day attackers exploit Windows kernel, Patch Tuesday brings fix

FireEye researchers say that two zero-day flaws were used in separate, unrelated attacks.

Dairy Queen confirms breach, Backoff malware intrusion at 395 U.S. stores

Dairy Queen confirms breach, Backoff malware intrusion at 395 U.S. stores

Attackers used a third-party vendor's credentials to compromise systems in 395 U.S. Dairy Queen locations and one Orange Julius site.

New mobile trojan masquerading as Tic-tac-toe game targets Android devices

New mobile trojan masquerading as Tic-tac-toe game targets Android devices

A Tic-tac-toe game is actually a new mobile trojan being used to steal data and spy on Android devices.

Microsoft schedules nine bulletins for Patch Tuesday update

Microsoft schedules nine bulletins for Patch Tuesday update

Out of the nine bulletins, three will address critical RCE bugs in its products.

Researchers observe new type of SYN flood DDoS attack

Researchers observe new type of SYN flood DDoS attack

Researchers with Radware are referring to the new type of distributed denial-of-service attack as a Tsunami SYN Flood Attack.

EFF urges court to find NSLs unconstitutional

EFF urges court to find NSLs unconstitutional

National Security Letters (NSLs) tread on the First Amendment and give the FBI too much authority, EFF argued.

Retail applications hit hardest, Web Application Attack Report indicates

Retail applications hit hardest, Web Application Attack Report indicates

Retail websites were targeted in 48.1 percent of all attack campaigns, whereas 10 percent of attack campaigns targeted financial institutions.

Cisco addresses numerous vulnerabilities in ASA software

Cisco addresses numerous vulnerabilities in ASA software

Many of the vulnerabilities can lead to a denial-of-service condition, but others could result in a full compromise of the affected system.

Compromised WordPress sites increasingly used for phishing

Compromised WordPress sites increasingly used for phishing

Links to fake pages that often ask for credentials are typically spread via phishing emails, according to Sucuri.

AT&T to pay $150M to settle cramming case, covers $80M in refunds

AT&T to pay $150M to settle cramming case, covers $80M in refunds

The settlement marks the largest FCC enforcement action to date, and also involved the FTC and state attorneys general.

Study: Average cost of U.S. cybercrime rises to $12.7 million in 2014

Study: Average cost of U.S. cybercrime rises to $12.7 million in 2014

A new study from the Ponemon Institute found that the cost of cybercrime continued its upward trend this year with attackers deploying more complex attacks.

Twitter sues U.S. government over sharing limits on transparency report data

Twitter sues U.S. government over sharing limits on transparency report data

The social media giant believes the limits imposed by the DOJ on data in transparency reports for its users violates its First Amendment rights.

ATM malware 'Tyupkin' found on over 50 machines in Europe, spreads to U.S.

ATM malware 'Tyupkin' found on over 50 machines in Europe, spreads to U.S.

The malware allowed criminals, with physical access to ATMs, to steal millions, Kaspersky revealed.

Group infects more than 500K systems, targets banking credentials in U.S.

Group infects more than 500K systems, targets banking credentials in U.S.

The group has infected more than 500,000 unique systems with Qbot malware and has sniffed conversations, including account credentials, for roughly 800,000 online banking transactions.

APT 'Nitro' group attacks again in 2014

APT 'Nitro' group attacks again in 2014

The group seems to have changed up its tactics to target various enterprises this year.

Report: After Chase disclosure, bank regulator rallies execs to shore up defenses

Report: After Chase disclosure, bank regulator rallies execs to shore up defenses

As the extent of the Chase breach surfaces, experts urge financial institutions to prepare for continued attacks or face impending consequences.

Bash bug payload downloads KAITEN DDoS malware source code

Bash bug payload downloads KAITEN DDoS malware source code

The purpose is to add compromised systems to botnets that are primarily focused on launching DDoS attacks.

Chase breach affects 76 million accounts, raises questions about detection failure

Chase breach affects 76 million accounts, raises questions about detection failure

As the reach of a recent Chase breach grows to 76 million household and seven million business accounts, security experts call for change.

FBI offers $5K reward for 'Most Wanted Cyber Fugitive'

FBI offers $5K reward for 'Most Wanted Cyber Fugitive'

John Gordon Baden is wanted for stealing thousands of people's personal information and using it to make fraudulent purchases.

SEO poisoning attacks still impacting legitimate websites

SEO poisoning attacks still impacting legitimate websites

After recently helping a client rid their website of SEO spam, security company Sucuri detailed how SEO poisoning attacks are still impacting legitimate websites.

ComputerCOP aimed at protecting kids is really spyware, EFF says

ComputerCOP aimed at protecting kids is really spyware, EFF says

The Electronic Frontier Foundation says the spyware sports a keylogger and is widely distributed by law enforcement agencies.

The worst of Shellshock might have already passed

The worst of Shellshock might have already passed

Slightly more than a week after the bug's disclosure, the attacks on domains might have already peaked, according to new research.

FDA presents guidelines for medical device security

FDA presents guidelines for medical device security

In guidelines finalized on Wednesday, the FDA advises medical device manufacturers on managing security risks and protecting patient health and data.

Millenials improve security habits, more interested in cyber careers, still need guidance

Millenials improve security habits, more interested in cyber careers, still need guidance

Raytheon's second annual survey on the online and security behavior of Millennials shows improvement but still a long way to go.

Four men charged with stealing Microsoft and U.S. Army trade secrets

Four men charged with stealing Microsoft and U.S. Army trade secrets

The young men allegedly used SQL injection and stolen logins to gain access to systems at various companies and steal their intellectual property.

Survey: orgs adopt hybrid cloud environments despite security concerns

Survey: orgs adopt hybrid cloud environments despite security concerns

Despite difficulties and concerns regarding security, more than 60 percent of respondents have adopted or plan to adopt a hybrid cloud environment.

Skills in demand: Communications and messaging experts

Skills in demand: Communications and messaging experts

The demand for infosec-focused communications and messaging pros is growing.

Company news: New execs at Malwarebytes and an acquisition by VMware

The latest mergers and acquisitions and personnel moves, including Malwarebytes, Abacus Group, VMware, Bay Dynamics, vArmour, Secunia, Norse and more.

Bridging the talent gap in health care

Bridging the talent gap in health care

Cybercriminals are primarily after patient data as it really gets them more money.

News briefs: Home Depot and Community Health Systems breached

News briefs: Home Depot and Community Health Systems breached

The latest IT security news regarding Home Depot, PCI Security Standards Council, CryptoLocker, hacks of Tennessee-based Community Health Systems, JPMorgan Chase as well as at least four other financial institutions

SUPERVALU and AB Acquisition LLC report being breached again

SUPERVALU and AB Acquisition LLC report being breached again

The breaches involved different malware and both companies are investigating whether payment card information was stolen.

DDoS down globally, on increase in Americas in Q2, report says

DDoS down globally, on increase in Americas in Q2, report says

DDoS attacks declined in Q2 while Zeus, Storm and Heartbleed made their marks on security, an Akamai report on the state of the internet shows.

Report: 75 million records compromised so far in 2014

Report: 75 million records compromised so far in 2014

An updated report indicates that since this time last year, breaches have increased by 29.4 percent, with 568 breaches occurring this year.

CloudFlare offers free SSL to its customers

CloudFlare offers free SSL to its customers

CloudFlare announced on Monday that it would be supporting SSL connections to every customer, including about two million using its free service.

Apple releases iOS 8.0.2 to quell buggy update complaints

Apple releases iOS 8.0.2 to quell buggy update complaints

The update comes soon after the company released iOS 8.0.1, which caused issues for iPhone 6 and iPhone 6 Plus users.

Attackers quick to exploit Bash bug, security industry responds quicker

Attackers quick to exploit Bash bug, security industry responds quicker

Less than a week after the vulnerability's discovery and only a day after it was revealed, cybercriminals began exploiting the bug to create botnets and determine future attacks.

'Mozart' is malware behind Home Depot, DHS report suggests

'Mozart' is malware behind Home Depot, DHS report suggests

The Wall Street Journal reported that a Secret Service investigation uncovered malware customized to attack Home Depot.

Researchers analyze Dyre sample with new features

Researchers analyze Dyre sample with new features

Researchers with Proofpoint have analyzed a version of the Dyre banking trojan that has been updated with new features.

'Bash Bug' affects Linux, OS X, may be worse than Heartbleed

'Bash Bug' affects Linux, OS X, may be worse than Heartbleed

A researcher at Akamai uncovered a vulnerability in Bash, called ShellShock, that can execute arbitrary commands in affected systems.

Report: Malvertising solutions will require coordination

Report: Malvertising solutions will require coordination

A new report stresses that ad networks and the web sites that use them need to coordinate to mitigate the malvertising risk.

'Spike' toolkit scales multi-vector DDoS with Windows, Linux hosts

'Spike' toolkit scales multi-vector DDoS with Windows, Linux hosts

Akamai's PLXsert researchers analyzed the new DDoS toolkit.

Home Depot breach leads to fraudulent transactions, class-action lawsuits

Home Depot breach leads to fraudulent transactions, class-action lawsuits

The retailer's massive breach has spawned multiple lawsuits and reports of fraudulent transactions.

Mozilla plans to phase out support of SHA-1 hash algorithm

Mozilla plans to phase out support of SHA-1 hash algorithm

Mozilla announced on Tuesday that it would be phasing out certificates with SHA-1 based signature algorithms.

DDoS attacks target enterprises and ISPs, ignore financial institutions

DDoS attacks target enterprises and ISPs, ignore financial institutions

A new report from NSFOCUS found that DDoS attacks' traffic volume is increasing, along with a shift in targets.

More exploits, including Silverlight attack, packed in Nuclear kit

More exploits, including Silverlight attack, packed in Nuclear kit

Since the year's start, the number of exploits used by the kit has doubled, Trend Micro found.

Researchers discover Tinba variant with 64-bit support, other tricks

Researchers discover Tinba variant with 64-bit support, other tricks

Seculert researchers discovered a variant of the Tinba banker trojan that can infect more systems and better skirt detection.

LEADS Act addresses gov't procedure for requesting data stored abroad

LEADS Act addresses gov't procedure for requesting data stored abroad

Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).

Report: Intrustion prevention systems made a comeback in 2013

Report: Intrustion prevention systems made a comeback in 2013

A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.

Mobile device security sacrificed for productivity, study says

Mobile device security sacrificed for productivity, study says

A Ponemon Institute study, sponsored by Raytheon, revealed that employees increasingly use mobile devices for work but cut corners and circumvent security.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS X 10.9.5

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS X 10.9.5

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

PCI Council holds North America community meeting, new GM Orfei speaks

PCI Council holds North America community meeting, new GM Orfei speaks

The PCI Security Standards Council's new general manager Stephen Orfei spoke at the Florida community meeting.

Chinese hackers breach 50 U.S. gov't contractors' systems in one year

Chinese hackers breach 50 U.S. gov't contractors' systems in one year

A new report from the U.S. Senate Armed Services Committee found that multiple successful attempts were made to access and steal information from contractors' systems, and often times, the government didn't know it happened.

Gartner: 75 percent of mobile apps will fail security tests through end of 2015

Gartner: 75 percent of mobile apps will fail security tests through end of 2015

As BYOD and mobile computing become more critical to business, app downloads will raise security risks.

Watering hole attack targets website visitors of oil and gas start-up

Watering hole attack targets website visitors of oil and gas start-up

Malware capable of avoiding detection targets a narrow audience but may see an improved success rate.

Windseeker app spies on chats using injection, hooking techniques

Windseeker app spies on chats using injection, hooking techniques

The Android app targets Chinese users, but its malicious techniques could become more widespread in the mobile arena, a security firm warns.

VBA malware on rise, templates make it easier to write code

VBA malware on rise, templates make it easier to write code

Researchers at SophosLabs found an uptick in VBA samples in July.

Citadel used in APT attacks against petrochemical firms

Citadel used in APT attacks against petrochemical firms

In an interesting twist, financial malware Citadel was used to infect firms outside of the finance sector via APT attacks, Trusteer found.

Yelp and TinyCo settle with FTC over COPPA Rule violations

Yelp and TinyCo settle with FTC over COPPA Rule violations

Yelp will pay $450,000, and TinyCo will pay $300,000 to settle charges that their mobile apps collected information from children under the age of 13.

Tinba variant aimed at U.S., international banks

Tinba variant aimed at U.S., international banks

Researchers at AVAST have unlocked a Tinba variant and discovered it has been customized to target U.S. financial institutions.

Android bug allowing SOP bypass a 'privacy disaster,' researcher warns

Android bug allowing SOP bypass a 'privacy disaster,' researcher warns

Google reportedly addressed the issue, but many users likely await the fix from providers or OEMs.

Phishing campaign targeting financial and healthcare institutions

Phishing campaign targeting financial and healthcare institutions

Several thousand phishing emails have been sent to employees at small to medium-sized financial and healthcare organizations in the U.S.

'Moafee' and 'DragonOK' APT groups leverage similar attack tools, techniques

'Moafee' and 'DragonOK' APT groups leverage similar attack tools, techniques

FireEye investigated the "production line" approach taken up by various APT groups infiltrating organizations.

Mobile app study reveals privacy concerns

Mobile app study reveals privacy concerns

Of the more than 1,200 mobile apps that were assessed in a recent study, 75 percent requested one or more permissions.

Former CTO of Liberty Reserve pleads guilty in New York

Former CTO of Liberty Reserve pleads guilty in New York

Mark Marmilev pleaded guilty on Thursday for his part in a money laundering conspiracy.

PCI Council updates skimming prevention guidance

PCI Council updates skimming prevention guidance

On Wednesday, PCI SSC updated its card skimming prevention guidance for the first time in five years.

21-year-old 'swatting' suspect arrested in Connecticut

21-year-old 'swatting' suspect arrested in Connecticut

Matthew Tollis is thought to have participated in multiple swatting Skype calls that targeted Harvard University and Boston University, among others.

Google says Gmail credential dump not result of company breach

Google says Gmail credential dump not result of company breach

Gmail credentials for nearly 5 million accounts leaked Wednesday, but many of the username-password combinations appeared to be incorrect or old.

Internet Explorer security feature blocks outdated ActiveX controls

Internet Explorer security feature blocks outdated ActiveX controls

Microsoft introduced a security feature in versions of Internet Explorer that blocks out-of-date ActiveX controls.

Microsoft held in contempt, moves closer to appeal over customer email warrant

Microsoft held in contempt, moves closer to appeal over customer email warrant

Microsoft continues to fight an order requesting it to turn over customer emails stored in a data center in Ireland.

Report: 31 percent of detected threats in 2014 attributed to Conficker

Report: 31 percent of detected threats in 2014 attributed to Conficker

F-Secure noted in its mid-year report that the Conficker worm continues to impact users and that Gameover Zeus still poses a threat.

Microsoft addresses 42 bugs in four bulletins on Patch Tuesday

Microsoft addresses 42 bugs in four bulletins on Patch Tuesday

One bulletin is deemed critical and addresses 37 vulnerabilities in Internet Explorer that enable remote code execution.

Sensys Networks releases updates to address vehicle traffic sensor vulnerabilities

Sensys Networks releases updates to address vehicle traffic sensor vulnerabilities

Sensys Networks addressed two vulnerabilities in its vehicle traffic sensors that were discovered by Cesar Cerrudo, CTO of IOActive Labs.

Target tells court its not liable in bank class-action suit

Target tells court its not liable in bank class-action suit

In a filing in U.S. District Court, Target said merchants and banks "have no direct dealings" in payment transactions.

Salesforce warns of Dyre malware possibly targeting users

Salesforce warns of Dyre malware possibly targeting users

Salesforce posted a notification that its users are possibly being targeted by Dyre malware and offered some recommendations to avoid the threat.

BlackPOS malware that struck Target also linked to Home Depot breach, report says

BlackPOS malware that struck Target also linked to Home Depot breach, report says

The same malware that reportedly struck Target also hit Home Depot's POS systems, a new report from Brian Krebs reveals.

Phishing continues to be effective, McAfee Labs report shows

Phishing continues to be effective, McAfee Labs report shows

Out of 16,000 business users who took the McAfee Phishing Quiz, 80 percent fell for at least one of seven phishing emails.

Microsoft plans four patches, one critical, for Patch Tuesday

Microsoft plans four patches, one critical, for Patch Tuesday

The sole critical patch this month will address remote code execution issues in Internet Explorer.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US