A group of organizations and businesses nearly 50-strong urged Congressional leaders to take swift action on the Open, Permanent, Electronic, and Necessary (OPEN) Government Data Act.
Third-party risks pose a "serious threat" to organizations but upper management may be able to curb the threat, according to a recent study.
C-suites and boards of directors are increasing their knowledge of IT security risks and needs - before a breach happens.
Researchers found a series of malicious apps containing Android/Clicker.G on the Google Play store. The campaign targets mobile devices in Russia, but they affect apps that are available globally.
The leaders of a group of tech industry associations asked the presidential candidates to strengthen the United States' cybersecurity posture, and attached a "Technology Sector Presidential Platform" that lays out recommendations.
A vigilante hacker turned the tables on a major Locky ransomware distributor, after hacking into its command and control server and swapping out the malicious payload with a script that contains the message "Stupid Locky."
An employee at a Troy, Mich. Investment firm was tricked using a spearphishing attack into transferring almost $500,000 to a Hong Kong bank.
Marcel Lehel Lazar, better known as the Romanian hacker Guccifer, has claimed in an interview with NBC News that he didn't just publicly expose U.S. presidential candidate Hillary Clinton's email address, but actually broke into her email server.
Online fraud transactions are expected to reach $25.6 billion (£17.6bn) by 2020, up from $10.7 billion (£7.4B) last year. Meaning that by the end of the decade, $4 (£2.7) in every $1,000 (£687) of online payments will be fraudulent.
Surprising no one, ransomware continues its relentless march into the systems of individuals and businesses despite our familiarity with the attack method and the best efforts of anti-malware products.
Documents declassified on Tuesday reveal that the Justice Department aggressively sought to impose administrative penalties on whistleblowers, rather than pursue criminal penalties.
Hold Security reported that one of its researchers discovered, and then acquired, a mega-size load of 272 million stolen email credentials from a hacker.
Open-source image processing software provider ImageMagick has issued patches and workarounds for a series of recently disclosed vulnerabilities, including one that could allow hackers to remotely execute code via the uploading of maliciously crafted images.
Palo Alto researchers spotted an Iranian malware family, dubbed Infy, used in targeted attacks for nearly a decade under the radar.
The 5th of May is World Password Day, the ideal opportunity to raise awareness of passwords with your organisation's staff and senior management.
Israel-based cyber-threat specialists Cyberint insists it has found a serious flaw in Google security despite the tech giant's denials that email injection can bypass security filters.
Criminal outfits are increasingly distributing "designer" spam and malware, customized to optimally target victims in specific geographic regions, according to new research from Sophos' research division, SophosLabs.
At least one major corporation that uses ADP as its payroll vendor had some of its employees W-2 tax information compromised.
Google released patches for 40 security vulnerabilities affecting Android devices. Vulnerabilities include remote code execution, elevated privilege, and remote denial of service (DoS) flaws.
Gozi banking malware creator Nikita Kuzmin sentenced to time served and a $7 million fine as the U.S. Attorney's office tells judge Kuzmin provided "substantial assistance" to the government.
Lizard Squad is back with a vengeance, according to an advisory from Action Fraud UK which is advising organisations to report the attacks, keep detailed records and seek help from their ISPs.
Microsoft continues to expand its bug bounty program, announcing it will pay up to $15,000 for vulnerabilities found in Nano Server.
The long-besieged Privacy Shield agreement proposed by U.S. and European officials faces a new round of challenges following recent decisions by the U.S. Foreign Surveillance Intelligence Court and the Supreme Court.
The market, not government regulation, will push IoT security to a higher standard, says John Ellis of Ellis & Associates.
University of Michigan researchers remotely pick locks of Samsung SmartThings connected home systems
In a series of attacks, University of Michigan researchers hacked into Samsung SmartThings connected home systems and remotely unlocked doors.
The FBI recently pressed for a 29-year-old Los Angeles woman to provide her fingerprint to open her phone after she was sentenced in an identity theft case.
A Michigan school district network engineer discovered a security vulnerability affecting the pwnedlist.com service that exposed 866 million account credentials.
Mobile attacks can workaround two-factor authentication on Android phones and inject malware onto iOS phones.
After an investigation confirmed that data was exported during a December breach of the DNC voter file system but cleared the Sanders campaign of wrongdoing, the presidential hopeful withdrew a lawsuit it had filed against the DNC.
Claiming that Wendy's didn't properly protect data, First Choice Credit Union filed a class action lawsuit against the retailer over a breach experienced last year.
Minutes before the NFL Draft commenced on Thursday night, an apparent hacker accessed the Twitter account of top prospect Laremy Tunsil and posted an old video of the Ole Miss player smoking from a bong, damaging his value.
Zscaler researchers spotted an Android infostealer disguised as a Google Chrome update that is capable of terminating antivirus applications and even ending calls.
IBM security researchers have spotted an uptick in mobile malware competition in pricing, features and quality on the black market.
High Court judge Mr. Justice Mann has ruled the go ahead for claims against The Sun newspaper for phone hacking.
The day after security researchers discovered the website for toy maker Maisto was not only selling radio-controlled cars and planes, but was also pushing CryptXXX ransomware, the site was down for maintenance.
Malware embedded on a USB drive was delivered to members of the American Dental Association (ADA).
Marcher Madness continues with a new, stealthier iteration of the Marcher banking malware targeting Android users in Australia.
Belgium's minister of defence, Steven Vandeput has stated the importance of investing in technology for national security.
Qatar National bank has had 1.4 GB of internal files published online including the names of intelligence agents, government departments and the Qatari royal family. A turkish fascist group has claimed responsibility.
To say that a day does not pass without a ransomware attack being perpetrated upon an organization somewhere the United States is no hyperbolic statement, but there is a glimmer of hope as several defective ransomware variants have been found.
Hackers reportedly posted employee data and private documents belonging to a publicly listed gold-mining company on a paste site.
The PCI Data Security Standard version 3.2 released Thursday not only includes new requirements to safeguard payment data, including multifactor authentication.
Richard Nichols, RSA's head of EMEA strategy compared playing the violin to conducting an effective security strategy, to encourage businesses to harmonise security strategy and promote greater visibility of threats on the business.
U.S. Chief Information Officer Tony Scott Tuesday hinted his office may be working to help guide federal agencies to adopt "bimodal IT."
It appears that the developer mode of MS Windows, otherwise known as 'God Mode', is being leveraged by attackers to hide malware.
In a letter to the OMB, Senate Homeland Security Committee Chairman Ron Johnson and ranking member Tom Carper asked the agency's director Shaun Donovan to complete changes to a privacy and cyber policy framework.
Singapore Telecommunications (Singtel) has opened a new facility to help enterprises enhance cyber-security skills and test their networks in dealing with cyber-threats.
The director of CERT UK laid out some of the problems facing UK cyber-space and outlined what cyber-security could do to help fix them.
Over 10 percent of the UK population has pretended to be someone else online by snooping or sending messages through someone else's social media or email accounts without their permission.
A Manhattan federal court judge sentenced Estonian Vladimir Tsastsin to 87 months in prison for his role in perpetrating an internet fraud scheme that infected more than four million computers in more than 100 countries.
Pro-ISIS hacking groups joining forces behind a super-hacker team, the United Cyber Caliphate, are sharpening their skills and showing a willingness to coordinate and amp up cyberattacks, a new report revealed.
A new site was discovered on the dark web that allows hackers to upload stolen data and sell the data to criminals or criminal groups.
Automakers, Uber, Google form Self-Driving Coalition for Safer Streets as GAO releases vehicle cybersecurity report
Automakers form join forces in the Self-Driving Coalition for Safer Streets coalition one day after the GAO released auto cybersecurity report.
Researchers from the University of California, Santa Barbara have uncovered a hacking technique that could allow bad actors to sabotage location-based mobile apps by simulating large number of devices that don't actually exist.
The House Wednesday passed the Email Privacy Act (EPA) 419-0, a reformation of the aging Electronics Privacy Act (ECPA) and drew immediate praise from rights groups.
The PLATINUM team has "gone to great lengths" over many years "to develop covert techniques" so their cyber-espionage campaigns will evade detection, even using Windows's support for "hotpatching" against it.
The Federal Bureau of Investigation won't share the method that was used to unlock an iPhone 5c used by one of the San Bernardino shooters because the mechanism belongs to the third party who cracked the phone.
Verizon's 2016 Data Breach Investigative Report (DBIR) discovered something the late, great steel driving man John Henry learned the hard way; humans don't stand a chance when it comes to battling soulless machinery
Lifeboat Network, which runs servers for Minecraft Pocket Edition — the smartphone version of the immensely popular video game Minecraft — was hacked in January 2016, resulting in a data breach compromising 7 million-plus gamers.
Malware discovered at a nuclear power plant in Germany prompted RWE AG to shut down the power plant as a precaution.
Though deeply unpopular in some circles, a new YouGov poll has shown broad approval for the enumeration of government surveillance powers in the Investigatory Powers Bill.
The financial messaging organization SWIFT has issued a warning to its customers stating its system has undergone repeated attacks similar to those that lead to $81 million from a Bangladesh bank.
A team from Gibraltar won the final round of the CyberCenturion 2016 competition held at Bletchley Park's National Museum of Computing today.
With the bombardment of DDoS attacks fairly consistent worldwide throughout 2015, it's no longer a matter of if or when attacks might happen, but how often and how long the attack will last.
Retailers believe they can detect a data breach in a week or less, a new survey commissioned by Tripwire revealed, while another report by Arbor Network showed it takes them on average 197 days to spot advanced threats.
The personal information of 1.2 million members of the "exclusive" dating site BeautifulPeople.com is being sold on the dark web.
A new malware type has been spotted that utilizes a couple of original moves not seen yet by researchers; it is self installing and the cybercriminals require that the ransom be paid in iTunes gift cards.
In order to better improve and ensure cyber-security of government websites, Philippine senator Ralph Recto plans to recruit "bored" Filipino hackers to serve as "cyber-commandos".
The root of the problem with malicious smart city hacking lies in the fact that sensors typically collect 'raw' data and then merely pass it on.
James Clapper, director of national intelligence has blamed the NSA whistleblower Edward Snowden for making it harder for the US to monitor and arrest terrorists by advancing the development of more advanced and widely available encryption.
Poor endpoint security practices are propelling the great ransomware epidemic of 2016 — and if allowed to fester, the threat will spread to new endpoints including IoT devices, cars and ICS and SCADA systems, a new report said.
The U.S. government is mulling ways it might disclose the number of Americans who have been caught up in government surveillance under the Prism program, set to expire in 2017.
Spotify may have experienced a security breach based on a list of customer account credentials discovered on Pastebin.
IBM's X-Force reported today the actors behind the hybrid GozNym banking trojan that stole $4 million from U.S. banks in March have released a new configuration that is targeting European banks.
A recent SecureAuth study found one in three Americans resort to risky behaviors to remember passwords.
The Justice Department told a federal court that it was dropping its case against the tech giant after it received a passcode for the device from an unnamed source.
A Taiwan-based security researcher, known as "Orange Tsai, who was awarded a $10,000 bug bounty in February, published a report detailing the exploits that led to his discovery of illicit code on a Facebook server.
Rep. James Langevin wrote an open letter to the Food and Drug Administration's (FDA) praising draft guidance that would strengthen the cybersecurity of medical devices.
Germany, the United States and Australia were not shy when it came to asking Apple for customer information filing thousands of requests in the second half of 2015.
Pro-democracy activists in Hong Kong are being targeted by a new variant of Poison Ivy, a malware package that previously hadn't seen an update in six or seven years.
Filipino voting records which were breached earlier this month have now been made public and searchable.
The two men responsible for the SpyEye banking trojan, used to steal user information from financial institutions, were sentenced to a combined 24-1/2 years in prison.
MacKeeper Security Researcher Chris Vickery claimed to have discovered 93.4 million Mexican voter registration records.
Report examines the shifting direction of cyberattacks noted attackers turning their attention away from financial services, in favor of attacks against manufacturing and healthcare companies.
Researchers at DB Networks and Osterman Research find many orgs lack the proper tools to monitor their data bases.
A new report from FireEye Threat Intelligence said that one case investigated by Mandiant indicated that a victim computer "was originally compromised with GRABNEW malware by a separate threat actor."
Over half (51 percent) of senior decision-makers in large businesses are kept awake at night due to the threat of a data breach caused by a cyber-attack.
Researchers have discovered a new trick for concealing the installation of RATs, after identifying malware samples that never touch the hard drive throughout execution, remaining in memory until the malware is fully enabled.
According to a new report by Imperva, South Korea serves as the most prolific point of origin for global DDoS attacks.
A coalition of industry groups representing some of the largest tech companies in Silicon Valley penned an open letter to Sen. Richard Burr (R-NC) and Sen. Dianne Feinstein (D-Calif.).
A federal district court judge has ruled that an Eastern Virginia magistrate overstepped her authority when granting the FBI a warrant to collect data from the user of a child pornography site, because the data resided on a computer in Massachusetts, outside her jurisdiction.
Attacks are getting fiercer and attackers more sophisticated and organized, according to the "2016 Trustwave Global Security Report," released this week.
Trend Micro has dissected malware used in the Operation C-Major attack officers of the Indian army and tracked it back to malware that originated from Pakistan.
Despite the many efforts Google undertakes to protect its customers from malicious applications, many Android users may remain vulnerable to attack because they're using outdated software.
The best way to encourage the U.S, government to take quick action on a cyber security issue is to anger a congressman.
Cisco Talos researchers took a deep dive in the Nuclear EK and found that it was well organized and successful.
In a declassified ruling, a federal judge of the Foreign Intelligence Surveillance Court (FISC) ruled that the FBI's search of Americans' emails without a warrant during criminal investigations is not contradictory to the Constitution or the FISA Amendments Act.
Less than two months after cybersecurity experts identified KeRanger as the first fully functioning ransomware targeting OS X, an enterprising researcher has chronicled his own attempt at creating a behavior-based ransomware detection tool for Macs.
Microsoft is rolling out new certifications provided through the company's data portal.
SC Magazine Articles
- Updated: Gmail, Yahoo email credentials among millions found on the dark web
- Pwnedlist vulnerability exposed 866M accounts
- Some U.S. Bancorp workers' W-2 info exposed in ADP data breach
- Turkish fascists claim responsibility for Qatar bank data breach
- Spearphishing attack nets $495K from investment firm
- DōTERRA breach exposes customer info; including SS, DOB, and addresses
- Some U.S. Bancorp workers' W-2 info exposed in ADP data breach
- Federal court bucks trend, rules general liability insurance covers data breach
- The anatomy of a spearphishing scam, or how to steal $100M with a fake email
- Report: Ransomware feeds off poor endpoint security
- Organizations, business, tech leaders urge Congress to pass OPEN Government Data Act
- 2,800 St. Agnes Medical Center workers compromised in W-2 attack
- Organizations need formal vendor risk management programs, study
- Educating C-suites and corporate boards on security risks
- Android/Clicker.G malware found in Google Play apps