Orgs predict $53M risk, on average, from crypto key, digital cert attacks

Orgs predict $53M risk, on average, from crypto key, digital cert attacks

In a Ponemon report, 2,300 security pros provided their two-year outlook on cryptographic key and digital certificate attacks.

Popular adult website XTube compromised, delivers malware

Popular adult website XTube compromised, delivers malware

Visitors to XTube could be redirected to the Neutrino Exploit Kit, which Malwarebytes Labs researchers observed exploiting a Flash vulnerability.

Protecting work info ranks low in mobile privacy survey

Protecting work info ranks low in mobile privacy survey

In the Lookout survey, only five percent of smartphone users said they would take the most steps to protect work-related data.

Hanjuan Exploit Kit leveraged in malvertising campaign

Hanjuan Exploit Kit leveraged in malvertising campaign

The New York Daily News website and Metacafe website were among the sites serving malvertisements, according to Malwarebytes researchers.

Yahoo Trust 'UnConference' to convene after RSA Conference

Yahoo Trust 'UnConference' to convene after RSA Conference

The event is said to be TrustyCon's successor.

One in three of the top million websites are 'risky,' researchers find

One in three of the top million websites are 'risky,' researchers find

Menlo Security defines "risky" as meaning the website is compromised, or is running vulnerable software that puts it at risk of being compromised.

Android vulnerability leaves apps open to malicious overwriting

Android vulnerability leaves apps open to malicious overwriting

Palo Alto Networks detailed a vulnerability in the way apps are saved on Android in a Tuesday blog post.

'Privilege Gone Wild' report examines account management habits vs. concerns

'Privilege Gone Wild' report examines account management habits vs. concerns

BeyondTrust released its 2015 survey on the state of privileged account management.

Legislators set to introduce student privacy bill

Legislators set to introduce student privacy bill

On Monday, Reps. Luke Messer and Jared Polis will reportedly introduce the legislation in the House.

'PoSeidon' point-of-sale malware targets payment card information

'PoSeidon' point-of-sale malware targets payment card information

Cisco identified a new point-of-sale malware family that researchers are referring to as 'PoSeidon.'

Drupal SQL injection vulnerability attacks persist, despite patch release

Drupal SQL injection vulnerability attacks persist, despite patch release

Although a highly critical Drupal SQL injection vulnerability was patched nearly six months ago, attackers continue to successfully exploit websites that have failed to update their systems.

New Dridex variant spotted in tax rebate phish

New Dridex variant spotted in tax rebate phish

The variant takes new measures to avoid VM detection, PhishMe researchers found

Threat group targeting Israel and Europe believed to be state-sponsored

Threat group targeting Israel and Europe believed to be state-sponsored

The group, known as Rocket Kitten, has shifted tactics in its latest campaign, referred to by Trend Micro as Operation Woolen-GoldFish.

Privacy buffs say amended CISA bill can still further gov't surveillance

Privacy buffs say amended CISA bill can still further gov't surveillance

The threat information-sharing bill was approved by the Senate Intelligence Committee last week.

Study: Mobile app security risk well-known, but enterprises lack proper usage policy

Study: Mobile app security risk well-known, but enterprises lack proper usage policy

Although most IT professionals believe mobile apps in the workplace have increased security risks, less than half of organizations have a policy in place to define acceptable mobile app use.

Premera warned to fix security holes shortly before being breached

Premera warned to fix security holes shortly before being breached

In mid-April 2014, Premera received an audit report and was advised, in 10 recommendations, to address vulnerabilities.

Cloud trends survey: 9 out of 10 orgs concerned about public cloud security

Cloud trends survey: 9 out of 10 orgs concerned about public cloud security

Crowd Research Partners conducted a study with cooperation from AlertLogic, AlienVault, Bitglass and other cloud security providers.

Apps submitted to Google Play are now reviewed by 'experts'

Apps submitted to Google Play are now reviewed by 'experts'

Despite Google's new review process, mobile security company Lookout recently identified 13 apps with adware that made it into Google Play.

Court rules New York sheriff's office must turn over 'stingray' docs to NYCLU

Court rules New York sheriff's office must turn over 'stingray' docs to NYCLU

A New York court ordered the Erie County Sheriff's Office to turn over documents about its purchase and use of stingray devices to the New York Civil Liberties Union (NYCLU) earlier this week.

Google Project Zero exploit 'rowhammer' hardware bug

Google Project Zero exploit 'rowhammer' hardware bug

Researchers were able to exploit a hardware bug, called "rowhammer," to obtain kernel privileges.

Report: committee approves rule change that expands FBI's hacking authority

Report: committee approves rule change that expands FBI's hacking authority

If modified, Rule 41 would give judges the ability to grant search warrants for electronic information located outside their judicial district.

Premera Blue Cross breached, info on 11 million customers at risk

Premera Blue Cross breached, info on 11 million customers at risk

Premera Blue Cross announced on Tuesday that attackers had gained unauthorized access to its IT systems.

Study: Americans taking steps to hide online activities from U.S. government

Study: Americans taking steps to hide online activities from U.S. government

The Pew Research Center surveyed hundreds of American adults about their behaviors online and the steps they've taken to keep their identity and actions hidden.

Facebook received 14,274 U.S. gov't requests in 2014 H2

Facebook received 14,274 U.S. gov't requests in 2014 H2

Facebook said that at least some data was produced for nearly 80 percent of the requests.

Yahoo CISO Alex Stamos tweets 'on-demand' password defense

Yahoo CISO Alex Stamos tweets 'on-demand' password defense

Three days after Yahoo announced its new "on-demand" passwords (ODP), the company's CISO Alex Stamos took to Twitter to defend the company's decision and address criticism from the security community.

Facebook, Twitter update policies, take stronger stance on revenge porn

Facebook, Twitter update policies, take stronger stance on revenge porn

Facebook and Twitter joined Google and Reddit in updating their community standards to ban certain images and clarify what is acceptable and what's not.

Obama administration seeks additional authority to combat botnets

Obama administration seeks additional authority to combat botnets

The Obama administration announced a proposed amendment to existing law that would give federal courts more authority in the ongoing was against botnets.

Yahoo releases e2e encryption source code and launches 'on-demand' passwords

Yahoo releases e2e encryption source code and launches 'on-demand' passwords

Yahoo took advantage of South by Southwest's (SXSW) opening weekend this week to make major announcements surrounding its services' security, including the launch of its "on-demand" password service.

Short, planned outage helps State Dept. banish hackers

Short, planned outage helps State Dept. banish hackers

Four months after it revealed that hackers had breached its non-classified email system, the State Dept. said it would take some systems offline temporarily to bolster security.

Private WHOIS data disclosed for hundreds of thousands of Google Apps domains

Private WHOIS data disclosed for hundreds of thousands of Google Apps domains

A software glitch exposed the private WHOIS information of 94 percent of the nearly 306,000 domains registered via Google App using eNom, Cisco Talos found.

'TeslaCrypt' holds video game files hostage in ransomware first

'TeslaCrypt' holds video game files hostage in ransomware first

Bromium Labs detailed a new ransomware campaign that holds video game and iTunes files hostage.

Attackers spread worm via Facebook, leverage cloud services

Attackers spread worm via Facebook, leverage cloud services

Malwarebytes researchers observed Facebook users being infected with a worm when clicking on a link in a post promising pornographic content.

Experts debate whether 'right to be forgotten' should be adopted in the U.S.

Experts debate whether 'right to be forgotten' should be adopted in the U.S.

Four privacy and technology experts met on Wednesday night to debate the ruling and whether it should be implemented in the U.S.

Report: 71 percent of orgs were successfully attacked in 2014

Report: 71 percent of orgs were successfully attacked in 2014

In the CyberEdge Group report, 22 percent of respondents said that their organization was successfully attacked more than six times in 2014.

Verizon: PCI requirement to test security systems a compliance weak point for orgs

Verizon: PCI requirement to test security systems a compliance weak point for orgs

The percentage of companies compliant with PCI DSS Requirement 11 dropped to 33 percent last year, a Verizon report found.

Bain Capital acquires Blue Coat Systems for $2.4 billion

Bain Capital acquires Blue Coat Systems for $2.4 billion

Blue Coat Systems, Inc., a Sunnyvale, Calif.-based enterprise security solutions provider, has announced that it will be acquired by Bain Capital for $2.4 billion.

Self-deleting malware targets home routers to gather information

Self-deleting malware targets home routers to gather information

The malware purports to be an Adobe Flash update, and was detected by Trend Micro as TROJ_VICEPASS.A, or VICEPASS.

Serious bug in Dropbox SDK for Android disclosed by IBM

Serious bug in Dropbox SDK for Android disclosed by IBM

The flaw could ultimately expose user data, saved to Dropbox through vulnerable third-party apps, to attackers.

2,400 unsafe mobile apps on employee devices in average large enterprise

2,400 unsafe mobile apps on employee devices in average large enterprise

Veracode researchers analyzed a pool of about 400,000 applications installed in multiple global enterprises in various industries.

Study: Security pros felt more pressure to secure their organization in 2014 than year prior

Study: Security pros felt more pressure to secure their organization in 2014 than year prior

Trustwave polled security professionals on the pressures they felt this past year to keep their enterprise secure.

Hillary Clinton says private email system was not breached

Hillary Clinton says private email system was not breached

Clinton said that the private email system she used during her tenure as Secretary of State was "effective and secure."

Microsoft issues 14 bulletins on Patch Tuesday, mitigates FREAK attacks

Microsoft issues 14 bulletins on Patch Tuesday, mitigates FREAK attacks

The tech giant released five critical patches and nine important updates.

Facebook login bug lets attackers hijack accounts on Mashable, other sites

Facebook login bug lets attackers hijack accounts on Mashable, other sites

A Facebook login bug has gone unfixed for a year, according to a blog.

Majority of WordPress users not backing up, survey indicates

Majority of WordPress users not backing up, survey indicates

More than 75 percent WordPress users are not using a backup plugin, and 47 percent are backing up their websites every few months.

Analysts discover two POS malware families, PwnPOS and LogPOS

Analysts discover two POS malware families, PwnPOS and LogPOS

Trend Micro detailed the PwnPOS family, while Morphick discovered LogPOS malware that uses Windows mailslots for data storage.

Study: Fraud losses drop by $2 billion in 2014

Study: Fraud losses drop by $2 billion in 2014

A new study from Javelin Strategy & Research has found that both the fraud rate and the amount of money lost to fraud decreased this year.

Xiaomi says Mi 4 smartphone tested for security issues was a fake

Xiaomi says Mi 4 smartphone tested for security issues was a fake

Bluebox Security thought it tested a legitimate Xiaomi Mi 4 device, riddled with security issues.

CIA to reorganize, create digital directorate

CIA to reorganize, create digital directorate

CIA Director John Brennan said the agency will create a Directorate of Digital Innovation that will accelerate the integration of its cyber and digital capabilities.

Study: Financial firms cite data security as top concern regarding cloud adoption

Study: Financial firms cite data security as top concern regarding cloud adoption

Confidentiality of data, loss of control of data, and data breaches are some of the biggest concerns for financial services firms when it comes to cloud adoption.

Financial cybercrime landscape changing, experts say

Financial cybercrime landscape changing, experts say

Privacy officers and CISOs must work closely together to ensure privacy at financial institutions, an IAPP Privacy Summit panel said.

Google counsel talks privacy, innovation

Google counsel talks privacy, innovation

Google general counsel Kent Walker said Google tries to put control of privacy in user's hands.

Indictment reveals theft of one billion email addresses from ESPs, three charged

Indictment reveals theft of one billion email addresses from ESPs, three charged

Prosecutors say the defendants were behind one of the largest reported data breaches in U.S. history.

Clinton's use of private email spawns security, transparency debate

Clinton's use of private email spawns security, transparency debate

Hillary Clinton used a private email account during her tenure as secretary of state.

Android 'Gazon' worm proliferates through texts, infects more than 4k phones

Android 'Gazon' worm proliferates through texts, infects more than 4k phones

The worm has gained traction through spam text messages that promise users an Amazon giftcard.

Ramirez: FTC focus on data security, fraud, cross device tracking

Ramirez: FTC focus on data security, fraud, cross device tracking

FTC Chairwoman Edith Ramirez says the agency will continue to ramp up its expertise to protect consumer privacy.

Greenwald says Snowden invoked changes toward privacy

Greenwald says Snowden invoked changes toward privacy

Although legislation hasn't moved forward, there have been significant and heartening changes toward privacy, Glenn Greenwald said in a keynote address.

Mandarin Oriental Hotel Group is investigating a credit card breach

Mandarin Oriental Hotel Group is investigating a credit card breach

The hotel investment and management group said it is conducting an investigation to identify and resolve the issue.

Angler EK hijacks domain registrant credentials to create malicious pages

Angler EK hijacks domain registrant credentials to create malicious pages

The Angler Exploit kit has adopted a new technique for dropping its malware.

New SSL/TLS vulnerability, FREAK, puts secure communications at risk

New SSL/TLS vulnerability, FREAK, puts secure communications at risk

The FREAK vulnerability can be exploited by attackers to obtain private information, including usernames and passwords.

Tsukuba trojan aimed at Japanese banking customers

Tsukuba trojan aimed at Japanese banking customers

The Tsukuba trojan like other proxy changers is not technically advanced but uses an interesting social engineering technique, researchers at IBM Trusteer found.

GAO releases report on FAA security lapses, experts remain unconcerned

GAO releases report on FAA security lapses, experts remain unconcerned

The U.S. Government Accountability Office analyzed the Federal Aviation Administration's cyber security protocol and issued recommendations for the agency to improve.

Infections caused by prevalent financial trojans dropped 53 percent last year

Infections caused by prevalent financial trojans dropped 53 percent last year

But the U.S. still remains the top country in detections, a Symantec report found.

Spammers leverage DMARC to more successfully distribute ransomware

Spammers leverage DMARC to more successfully distribute ransomware

Trend Micro researchers observed spammers leveraging DMARC in order to improve the chances of infecting users with TorrentLocker.

In growing market for genetic data, privacy implications prove lasting

In growing market for genetic data, privacy implications prove lasting

Experts consider the lasting impact of data brokers, and potential breaches, on genetic information.

Natural Grocers investigating unauthorized access to POS systems

Natural Grocers investigating unauthorized access to POS systems

Financial sources told Brian Krebs that fraudulent activity had been detected that indicated the grocer's POS systems had been accessed.

Proposed Consumer Privacy Bill of Rights Act doesn't go far enough, critics say

Proposed Consumer Privacy Bill of Rights Act doesn't go far enough, critics say

The White House released a draft of its Consumer Privacy Bill of Rights Act on Friday to wide criticism from the greater privacy and technology communities.

Data at risk for about 50,000 current and former Uber drivers

Data at risk for about 50,000 current and former Uber drivers

Unauthorized access was gained to one of Uber's databases in May 2014, putting names and driver's license numbers at risk for 50,000 current and former drivers.

Company news: New additions at ESET and Norse, ZeroFOX acquires Vulnr

The latest updates on personnel shifts, M&A activity and more, including ESET, ZeroFOX, Norse, Wandera, Bastille, Secure Islands and Zscaler.

News briefs: Barrett Brown sentenced, research from Qualys and Dell SecureWorks

News briefs: Barrett Brown sentenced, research from Qualys and Dell SecureWorks

Latest updates on Computer Fraud and Abuse Act, Barrett Brown, research from Qualys and Dell SecureWorks.

Researchers investigate link between Axiom spy group, Anthem breach

Researchers investigate link between Axiom spy group, Anthem breach

Anthem breach investigators initially claimed that tools, linked exclusively to Chinese espionage attackers, were used against the health insurer.

Top Android tablets for children riddled with security lapses, study finds

Top Android tablets for children riddled with security lapses, study finds

Bluebox Security analyzed the top nine Android tablets for children and found that the majority had multiple security issues that could put childrens' data at-risk.

Medical identity theft up 22 percent in 2014, annual report says

Medical identity theft up 22 percent in 2014, annual report says

The increase in medical identity theft is attributed to a variety of factors, including healthcare-related data breaches.

Report: Majority of health-related websites leak data to third parties

Report: Majority of health-related websites leak data to third parties

After analyzing 80,000 health-related websites, a University of Pennsylvania doctoral researcher found that 90 percent shared user data with third-party advertisers and data brokers.

State breakdowns: Anthem breach by the numbers

State breakdowns: Anthem breach by the numbers

The Anthem breach has affected millions - here's a tally so far, broken down by state.

EPIC files complaint over Samsung Smart TV privacy policy

EPIC files complaint over Samsung Smart TV privacy policy

EPIC filed a complaint with the FTC this week after media outlets pointed out Samsung's vague policy regarding their Smart TV voice recognition feature.

Botnet of Joomla servers furthers DDoS-for-hire scheme

Botnet of Joomla servers furthers DDoS-for-hire scheme

A vulnerable Google Maps plug-in for Joomla allowed attackers to spoof the source of DDoS attacks.

Study: SMBs lack thorough understanding of state data breach notification laws

Study: SMBs lack thorough understanding of state data breach notification laws

With President Obama drawing attention to a possible federal data breach law, one study found that 14 percent of small business owners are "not at all confident" with their states' current laws.

Bug in popular WordPress plugin opens up websites to SQL injection attacks

Bug in popular WordPress plugin opens up websites to SQL injection attacks

The vulnerability exists in versions 3.9.5 and lower of the Slimstat web analytics plugin for WordPress.

Europol, private sector target Ramnit botnet ensnaring 3.2 million computers

Europol, private sector target Ramnit botnet ensnaring 3.2 million computers

The Ramnit worm, discovered in 2010, evolved after incorporating code from the notorious banking trojan Zeus.

Florida law enforcement docs show widespread stingray use, secrecy

Florida law enforcement docs show widespread stingray use, secrecy

The American Civil Liberties Union (ACLU) has released documents obtained from Florida police and sheriff's departments that reveal Stingray use and raise privacy concerns.

Study: Thousands more vulnerabilities reported in 2014 than previous years

Study: Thousands more vulnerabilities reported in 2014 than previous years

GFI Software wrote in a post that 7,038 vulnerabilities were added to the National Vulnerability Database in 2014.

M-Trends report: Nearly 70 percent of breached firms alerted by outside source

M-Trends report: Nearly 70 percent of breached firms alerted by outside source

In most cases, law enforcement alerted organizations that an intrusion had taken place.

New Jersey Congressmen to reintroduce privacy bill

New Jersey Congressmen to reintroduce privacy bill

Two legislators reintroduce bill aimed at protecting consumers from data breaches.

Older vulnerabilities a top enabler of breaches, according to report

Older vulnerabilities a top enabler of breaches, according to report

The HP Cyber Risk Report looks back at 2014, and notes that 44 percent of known breaches were possible due to vulnerabilities identified years ago.

After Superfish-Lenovo incident, Facebook probes larger issue of SSL-sniffing adware

After Superfish-Lenovo incident, Facebook probes larger issue of SSL-sniffing adware

Facebook found over a dozen applications that use the same third-party SSL decryption library from Komodia that Superfish leverages.

Google Cloud Security Scanner released in beta

Google Cloud Security Scanner released in beta

Google is providing developers with a multipipe approach to scanning applications for security flaws.

Disconnect yawns between CISOs, exec leadership, study says

Disconnect yawns between CISOs, exec leadership, study says

A recent survey by Ponemon Institute and Raytheon found senior executives don't fully understand the extent of security threats.

Gemalto investigates claims that gov't spies hacked SIM card encryption keys

Gemalto investigates claims that gov't spies hacked SIM card encryption keys

The SIM card maker said it will "devote all resources necessary" to investigate hacking claims revealed in Snowden leaks.

BlackShades co-creator, Alex Yucel, pleads guilty

BlackShades co-creator, Alex Yucel, pleads guilty

The 24-year-old Swedish man behind the creation of the BlackShades RAT and organization has pleaded guilty to distributing malicious software.

Average DDoS attack size at 7.39 Gbps in Q4 2014, according to report

Average DDoS attack size at 7.39 Gbps in Q4 2014, according to report

The report indicates that UDP amplification attacks leveraging Network Time Protocol are still the most common DDoS attack vector.

Lenovo PCs shipped with 'Superfish,' adware that opens users to MitM attacks

Lenovo PCs shipped with 'Superfish,' adware that opens users to MitM attacks

After facing backlash, Lenovo removed the software from its computers.

Customers cry foul in two more Anthem suits

Customers cry foul in two more Anthem suits

A set of suits filed in a Denver court accuse the insurance giant of inadequate security and false promises.

Tech companies, media join Twitter's fight to divulge NSL info

Tech companies, media join Twitter's fight to divulge NSL info

Twitter sued the government last year for violating its First Amendment rights concerning NSL disclosures.

Jamie Oliver website, RedTube distributes malware via malicious iFrames

Jamie Oliver website, RedTube distributes malware via malicious iFrames

Two very popular websites were compromised so that visitors would be infected with malware.

Malware operations targeting orgs in Israel, Egypt traced to Gaza

Malware operations targeting orgs in Israel, Egypt traced to Gaza

Both operations, though separate in their aims, were said to have ties to Gaza, Trend Micro found.

Researchers identify advanced espionage team, the 'Equation' group

Researchers identify advanced espionage team, the 'Equation' group

Governments, militaries and financial institutions in more than 30 countries around the globe are among the targets of the "Equation" group, according to Kaspersky Lab.

Carbanak APT campaign made off with $1B from banks globally

Carbanak APT campaign made off with $1B from banks globally

A cybercrime collected distributed the Carbanak malware via email to banking employees to infiltrate systems and snare over $1 billion, according to Kaspersky Lab.

Obama Executive Order paves way for threat intelligence sharing

Obama Executive Order paves way for threat intelligence sharing

Speaking at the Cybersecurity and Consumer Protection Summit the president hopes to encourage industry and government to share threat information more freely.

Breach index: Mega breaches, rise in identity theft mark 2014

Breach index: Mega breaches, rise in identity theft mark 2014

Last year, more than one billion records were breached worldwide, Gemalto found.

Ransomware delivered via fake Chrome and Facebook emails, tied to PayPal phishing

Ransomware delivered via fake Chrome and Facebook emails, tied to PayPal phishing

Trend Micro researchers observed upgraded CTB-Locker ransomware being distributed via fake Google Chrome and Facebook emails.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US