Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox botnet instead

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, survey finds

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.

Deloitte releases paper on vetting leaks, avoiding costly hoax

Deloitte releases paper on vetting leaks, avoiding costly hoax

The research presents techniques for distinguishing legit data leaks from false claims.

Software automates fake purchases on compromised credit cards

Software automates fake purchases on compromised credit cards

Cyber intelligence company IntelCrawler has identified software being offered on underground forums that automates credit card data being sent to payment gateways.

Layering EMV chip, tokenization, encryption bolsters card payment security

Layering EMV chip, tokenization, encryption bolsters card payment security

A whitepaper from the Smart Card Alliance Payments Council recommends combining the three technologies to prevent card fraud.

Coalition sheds more light on Hikit threat, Axiom spy group

Coalition sheds more light on Hikit threat, Axiom spy group

In a detailed report, an array of malicious tools and tactics used by a cyberespionage group, called Axiom, are divulged.

FireEye identifies cyber espionage group possibly tied to Russian government

FireEye identifies cyber espionage group possibly tied to Russian government

The group, referred to as APT28, is believed to have been operating since at least 2007 and is possibly sponsored by the Russian government.

Targeted attacks on rise, costly, survey says

Targeted attacks on rise, costly, survey says

A Kaspersky Lab survey found that more than a third of businesses have been hit by at least one cybersecurity incident in the last 12 months.

WorldPay hacker sentenced to 11 years for role in $9.4M scheme

WorldPay hacker sentenced to 11 years for role in $9.4M scheme

An Estonian man, Sergei Tsurikov, was sentenced Friday after helping to steal over $9.4 million from payment processor RBS WorldPay in 2008.

Report: POS malware sees sharp increase in Q3

Report: POS malware sees sharp increase in Q3

As the holiday shopping season approaches, Damballa's 2014 Q3 State of Infections Report found that malware attacks spiked.

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

NIST finalizes cloud computing roadmap

NIST finalizes cloud computing roadmap

The NIST architecture is designed to accelerate the adoption of cloud computing.

Chinese MitM attack targets iCloud users

Chinese MitM attack targets iCloud users

The attack used a false certificate to trick iCloud users into handing over personal data and login credentials. With an attack of this size, some experts and researchers believe the Chinese government could be to blame.

SEDNIT malware delivered in 'Operation Pawn Storm'

SEDNIT malware delivered in 'Operation Pawn Storm'

Military, governments and media from around the world are targets in a campaign identified by Trend Micro.

Malvertising impacts Yahoo, AOL visitors, spreads ransomware

Malvertising impacts Yahoo, AOL visitors, spreads ransomware

The malvertising campaign is serving CryptoWall 2.0, researchers at Proofpoint revealed.

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House cyber guru says

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via SMS

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.

DHS investigates possible vulnerabilities in medical devices, report indicates

DHS investigates possible vulnerabilities in medical devices, report indicates

Reuters reported on Wednesday that DHS is investigating roughly 24 cases of suspected vulnerabilities in medical devices and hospital equipment.

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit card data

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts say

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.

Pennyslvania man sentenced after 'swatting' prank

Pennyslvania man sentenced after 'swatting' prank

David Barnhouse was sentenced to 18 months in prison after he hacked into a neighbor's Verizon FiOS router to post a bomb threat on a Pennsylvania mall's website.

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for real-time cell location tracking

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger components

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.

Hacker sentenced to 30 months in prison and $300k restitution

Hacker sentenced to 30 months in prison and $300k restitution

Lamar Taylor was sentenced in New Jersey this past week for allegedly participating in a cybercrime scheme that accounted for more than $15 million.

President signs Executive Order to improve payment security

President signs Executive Order to improve payment security

President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.

Security, tech firm coalition fights Hikit actors, other advanced groups

Security, tech firm coalition fights Hikit actors, other advanced groups

The coalition began as an effort to stop the spread of the Hikit trojan, previously known for targeting U.S. defense contractors.

Phishing email delivers keylogger malware, also takes screenshots

Phishing email delivers keylogger malware, also takes screenshots

The malware has various features, including the ability to start persistently, take screenshots and bypass user access controls.

Updates, changes to security, could lessen POODLE's bite

Updates, changes to security, could lessen POODLE's bite

Security pros urge operators and users to nix support for the popular, but antiquated, SSL v3.0.

SSDP reflection DDoS attacks on the rise, Akamai warns

SSDP reflection DDoS attacks on the rise, Akamai warns

Attackers are abusing SSDP to carry out reflection and amplification DDoS attacks, according to a PLXsert threat advisory released by Akamai.

POODLE exploits SSL 3.0 fallback

POODLE exploits SSL 3.0 fallback

Researchers at Google have discovered a flaw in SSL 3.0 that allows attackers to exploit the popular cryptography protocol and intercept communications.

Report examines cloud-based security market drivers, concerns

Report examines cloud-based security market drivers, concerns

NSS Labs highlighted the growth of security-as-a-service (SaaS) vendors, and issues facing the market.

Oracle addresses vulnerabilities with 154 security fixes

Oracle addresses vulnerabilities with 154 security fixes

Several of the vulnerabilities addressed by Oracle in its Critical Patch Update can be remotely exploitable without authentication.

On Patch Tuesday, Microsoft plugs 24 bugs, including three zero-days

On Patch Tuesday, Microsoft plugs 24 bugs, including three zero-days

For the month of October, the tech giant released eight patches, including three critical fixes.

'Sandworm Team' exploits zero-day bug in espionage campaign

'Sandworm Team' exploits zero-day bug in espionage campaign

A group of cybercriminals believed to be Russian are exploiting a zero-day vulnerability to deliver malware and gather information from various organizations around the world.

Kmart breach likely exposed payment card data

Kmart breach likely exposed payment card data

Sears revealed in a filing to the SEC that Kmart systems were infected with malware "undetectable" by current AV solutions.

Zero-day attackers exploit Windows kernel, Patch Tuesday brings fix

Zero-day attackers exploit Windows kernel, Patch Tuesday brings fix

FireEye researchers say that two zero-day flaws were used in separate, unrelated attacks.

Dairy Queen confirms breach, Backoff malware intrusion at 395 U.S. stores

Dairy Queen confirms breach, Backoff malware intrusion at 395 U.S. stores

Attackers used a third-party vendor's credentials to compromise systems in 395 U.S. Dairy Queen locations and one Orange Julius site.

New mobile trojan masquerading as Tic-tac-toe game targets Android devices

New mobile trojan masquerading as Tic-tac-toe game targets Android devices

A Tic-tac-toe game is actually a new mobile trojan being used to steal data and spy on Android devices.

Microsoft schedules nine bulletins for Patch Tuesday update

Microsoft schedules nine bulletins for Patch Tuesday update

Out of the nine bulletins, three will address critical RCE bugs in its products.

Researchers observe new type of SYN flood DDoS attack

Researchers observe new type of SYN flood DDoS attack

Researchers with Radware are referring to the new type of distributed denial-of-service attack as a Tsunami SYN Flood Attack.

EFF urges court to find NSLs unconstitutional

EFF urges court to find NSLs unconstitutional

National Security Letters (NSLs) tread on the First Amendment and give the FBI too much authority, EFF argued.

Retail applications hit hardest, Web Application Attack Report indicates

Retail applications hit hardest, Web Application Attack Report indicates

Retail websites were targeted in 48.1 percent of all attack campaigns, whereas 10 percent of attack campaigns targeted financial institutions.

Cisco addresses numerous vulnerabilities in ASA software

Cisco addresses numerous vulnerabilities in ASA software

Many of the vulnerabilities can lead to a denial-of-service condition, but others could result in a full compromise of the affected system.

Compromised WordPress sites increasingly used for phishing

Compromised WordPress sites increasingly used for phishing

Links to fake pages that often ask for credentials are typically spread via phishing emails, according to Sucuri.

AT&T to pay $150M to settle cramming case, covers $80M in refunds

AT&T to pay $150M to settle cramming case, covers $80M in refunds

The settlement marks the largest FCC enforcement action to date, and also involved the FTC and state attorneys general.

Study: Average cost of U.S. cybercrime rises to $12.7 million in 2014

Study: Average cost of U.S. cybercrime rises to $12.7 million in 2014

A new study from the Ponemon Institute found that the cost of cybercrime continued its upward trend this year with attackers deploying more complex attacks.

Twitter sues U.S. government over sharing limits on transparency report data

Twitter sues U.S. government over sharing limits on transparency report data

The social media giant believes the limits imposed by the DOJ on data in transparency reports for its users violates its First Amendment rights.

ATM malware 'Tyupkin' found on over 50 machines in Europe, spreads to U.S.

ATM malware 'Tyupkin' found on over 50 machines in Europe, spreads to U.S.

The malware allowed criminals, with physical access to ATMs, to steal millions, Kaspersky revealed.

Group infects more than 500K systems, targets banking credentials in U.S.

Group infects more than 500K systems, targets banking credentials in U.S.

The group has infected more than 500,000 unique systems with Qbot malware and has sniffed conversations, including account credentials, for roughly 800,000 online banking transactions.

APT 'Nitro' group attacks again in 2014

APT 'Nitro' group attacks again in 2014

The group seems to have changed up its tactics to target various enterprises this year.

Report: After Chase disclosure, bank regulator rallies execs to shore up defenses

Report: After Chase disclosure, bank regulator rallies execs to shore up defenses

As the extent of the Chase breach surfaces, experts urge financial institutions to prepare for continued attacks or face impending consequences.

Bash bug payload downloads KAITEN DDoS malware source code

Bash bug payload downloads KAITEN DDoS malware source code

The purpose is to add compromised systems to botnets that are primarily focused on launching DDoS attacks.

Chase breach affects 76 million accounts, raises questions about detection failure

Chase breach affects 76 million accounts, raises questions about detection failure

As the reach of a recent Chase breach grows to 76 million household and seven million business accounts, security experts call for change.

FBI offers $5K reward for 'Most Wanted Cyber Fugitive'

FBI offers $5K reward for 'Most Wanted Cyber Fugitive'

John Gordon Baden is wanted for stealing thousands of people's personal information and using it to make fraudulent purchases.

SEO poisoning attacks still impacting legitimate websites

SEO poisoning attacks still impacting legitimate websites

After recently helping a client rid their website of SEO spam, security company Sucuri detailed how SEO poisoning attacks are still impacting legitimate websites.

ComputerCOP aimed at protecting kids is really spyware, EFF says

ComputerCOP aimed at protecting kids is really spyware, EFF says

The Electronic Frontier Foundation says the spyware sports a keylogger and is widely distributed by law enforcement agencies.

The worst of Shellshock might have already passed

The worst of Shellshock might have already passed

Slightly more than a week after the bug's disclosure, the attacks on domains might have already peaked, according to new research.

FDA presents guidelines for medical device security

FDA presents guidelines for medical device security

In guidelines finalized on Wednesday, the FDA advises medical device manufacturers on managing security risks and protecting patient health and data.

Millennials improve security habits, more interested in cyber careers, still need guidance

Millennials improve security habits, more interested in cyber careers, still need guidance

Raytheon's second annual survey on the online and security behavior of Millennials shows improvement but still a long way to go.

Four men charged with stealing Microsoft and U.S. Army trade secrets

Four men charged with stealing Microsoft and U.S. Army trade secrets

The young men allegedly used SQL injection and stolen logins to gain access to systems at various companies and steal their intellectual property.

Survey: orgs adopt hybrid cloud environments despite security concerns

Survey: orgs adopt hybrid cloud environments despite security concerns

Despite difficulties and concerns regarding security, more than 60 percent of respondents have adopted or plan to adopt a hybrid cloud environment.

Skills in demand: Communications and messaging experts

Skills in demand: Communications and messaging experts

The demand for infosec-focused communications and messaging pros is growing.

Company news: New execs at Malwarebytes and an acquisition by VMware

The latest mergers and acquisitions and personnel moves, including Malwarebytes, Abacus Group, VMware, Bay Dynamics, vArmour, Secunia, Norse and more.

Bridging the talent gap in health care

Bridging the talent gap in health care

Cybercriminals are primarily after patient data as it really gets them more money.

News briefs: Home Depot and Community Health Systems breached

News briefs: Home Depot and Community Health Systems breached

The latest IT security news regarding Home Depot, PCI Security Standards Council, CryptoLocker, hacks of Tennessee-based Community Health Systems, JPMorgan Chase as well as at least four other financial institutions

SUPERVALU and AB Acquisition LLC report being breached again

SUPERVALU and AB Acquisition LLC report being breached again

The breaches involved different malware and both companies are investigating whether payment card information was stolen.

DDoS down globally, on increase in Americas in Q2, report says

DDoS down globally, on increase in Americas in Q2, report says

DDoS attacks declined in Q2 while Zeus, Storm and Heartbleed made their marks on security, an Akamai report on the state of the internet shows.

Report: 75 million records compromised so far in 2014

Report: 75 million records compromised so far in 2014

An updated report indicates that since this time last year, breaches have increased by 29.4 percent, with 568 breaches occurring this year.

CloudFlare offers free SSL to its customers

CloudFlare offers free SSL to its customers

CloudFlare announced on Monday that it would be supporting SSL connections to every customer, including about two million using its free service.

Apple releases iOS 8.0.2 to quell buggy update complaints

Apple releases iOS 8.0.2 to quell buggy update complaints

The update comes soon after the company released iOS 8.0.1, which caused issues for iPhone 6 and iPhone 6 Plus users.

Attackers quick to exploit Bash bug, security industry responds quicker

Attackers quick to exploit Bash bug, security industry responds quicker

Less than a week after the vulnerability's discovery and only a day after it was revealed, cybercriminals began exploiting the bug to create botnets and determine future attacks.

'Mozart' is malware behind Home Depot, DHS report suggests

'Mozart' is malware behind Home Depot, DHS report suggests

The Wall Street Journal reported that a Secret Service investigation uncovered malware customized to attack Home Depot.

Researchers analyze Dyre sample with new features

Researchers analyze Dyre sample with new features

Researchers with Proofpoint have analyzed a version of the Dyre banking trojan that has been updated with new features.

'Bash Bug' affects Linux, OS X, may be worse than Heartbleed

'Bash Bug' affects Linux, OS X, may be worse than Heartbleed

A researcher at Akamai uncovered a vulnerability in Bash, called ShellShock, that can execute arbitrary commands in affected systems.

Report: Malvertising solutions will require coordination

Report: Malvertising solutions will require coordination

A new report stresses that ad networks and the web sites that use them need to coordinate to mitigate the malvertising risk.

'Spike' toolkit scales multi-vector DDoS with Windows, Linux hosts

'Spike' toolkit scales multi-vector DDoS with Windows, Linux hosts

Akamai's PLXsert researchers analyzed the new DDoS toolkit.

Home Depot breach leads to fraudulent transactions, class-action lawsuits

Home Depot breach leads to fraudulent transactions, class-action lawsuits

The retailer's massive breach has spawned multiple lawsuits and reports of fraudulent transactions.

Mozilla plans to phase out support of SHA-1 hash algorithm

Mozilla plans to phase out support of SHA-1 hash algorithm

Mozilla announced on Tuesday that it would be phasing out certificates with SHA-1 based signature algorithms.

DDoS attacks target enterprises and ISPs, ignore financial institutions

DDoS attacks target enterprises and ISPs, ignore financial institutions

A new report from NSFOCUS found that DDoS attacks' traffic volume is increasing, along with a shift in targets.

More exploits, including Silverlight attack, packed in Nuclear kit

More exploits, including Silverlight attack, packed in Nuclear kit

Since the year's start, the number of exploits used by the kit has doubled, Trend Micro found.

Researchers discover Tinba variant with 64-bit support, other tricks

Researchers discover Tinba variant with 64-bit support, other tricks

Seculert researchers discovered a variant of the Tinba banker trojan that can infect more systems and better skirt detection.

LEADS Act addresses gov't procedure for requesting data stored abroad

LEADS Act addresses gov't procedure for requesting data stored abroad

Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).

Report: Intrustion prevention systems made a comeback in 2013

Report: Intrustion prevention systems made a comeback in 2013

A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.

Mobile device security sacrificed for productivity, study says

Mobile device security sacrificed for productivity, study says

A Ponemon Institute study, sponsored by Raytheon, revealed that employees increasingly use mobile devices for work but cut corners and circumvent security.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS X 10.9.5

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS X 10.9.5

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

PCI Council holds North America community meeting, new GM Orfei speaks

PCI Council holds North America community meeting, new GM Orfei speaks

The PCI Security Standards Council's new general manager Stephen Orfei spoke at the Florida community meeting.

Chinese hackers breach 50 U.S. gov't contractors' systems in one year

Chinese hackers breach 50 U.S. gov't contractors' systems in one year

A new report from the U.S. Senate Armed Services Committee found that multiple successful attempts were made to access and steal information from contractors' systems, and often times, the government didn't know it happened.

Gartner: 75 percent of mobile apps will fail security tests through end of 2015

Gartner: 75 percent of mobile apps will fail security tests through end of 2015

As BYOD and mobile computing become more critical to business, app downloads will raise security risks.

Watering hole attack targets website visitors of oil and gas start-up

Watering hole attack targets website visitors of oil and gas start-up

Malware capable of avoiding detection targets a narrow audience but may see an improved success rate.

Windseeker app spies on chats using injection, hooking techniques

Windseeker app spies on chats using injection, hooking techniques

The Android app targets Chinese users, but its malicious techniques could become more widespread in the mobile arena, a security firm warns.

VBA malware on rise, templates make it easier to write code

VBA malware on rise, templates make it easier to write code

Researchers at SophosLabs found an uptick in VBA samples in July.

Citadel used in APT attacks against petrochemical firms

Citadel used in APT attacks against petrochemical firms

In an interesting twist, financial malware Citadel was used to infect firms outside of the finance sector via APT attacks, Trusteer found.

Yelp and TinyCo settle with FTC over COPPA Rule violations

Yelp and TinyCo settle with FTC over COPPA Rule violations

Yelp will pay $450,000, and TinyCo will pay $300,000 to settle charges that their mobile apps collected information from children under the age of 13.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US