But the U.S. still remains the top country in detections, a Symantec report found.
Trend Micro researchers observed spammers leveraging DMARC in order to improve the chances of infecting users with TorrentLocker.
Experts consider the lasting impact of data brokers, and potential breaches, on genetic information.
Financial sources told Brian Krebs that fraudulent activity had been detected that indicated the grocer's POS systems had been accessed.
The White House released a draft of its Consumer Privacy Bill of Rights Act on Friday to wide criticism from the greater privacy and technology communities.
Unauthorized access was gained to one of Uber's databases in May 2014, putting names and driver's license numbers at risk for 50,000 current and former drivers.
The latest updates on personnel shifts, M&A activity and more, including ESET, ZeroFOX, Norse, Wandera, Bastille, Secure Islands and Zscaler.
Latest updates on Computer Fraud and Abuse Act, Barrett Brown, research from Qualys and Dell SecureWorks.
Anthem breach investigators initially claimed that tools, linked exclusively to Chinese espionage attackers, were used against the health insurer.
Bluebox Security analyzed the top nine Android tablets for children and found that the majority had multiple security issues that could put childrens' data at-risk.
The increase in medical identity theft is attributed to a variety of factors, including healthcare-related data breaches.
After analyzing 80,000 health-related websites, a University of Pennsylvania doctoral researcher found that 90 percent shared user data with third-party advertisers and data brokers.
The Anthem breach has affected millions - here's a tally so far, broken down by state.
EPIC filed a complaint with the FTC this week after media outlets pointed out Samsung's vague policy regarding their Smart TV voice recognition feature.
A vulnerable Google Maps plug-in for Joomla allowed attackers to spoof the source of DDoS attacks.
With President Obama drawing attention to a possible federal data breach law, one study found that 14 percent of small business owners are "not at all confident" with their states' current laws.
The vulnerability exists in versions 3.9.5 and lower of the Slimstat web analytics plugin for WordPress.
The Ramnit worm, discovered in 2010, evolved after incorporating code from the notorious banking trojan Zeus.
The American Civil Liberties Union (ACLU) has released documents obtained from Florida police and sheriff's departments that reveal Stingray use and raise privacy concerns.
GFI Software wrote in a post that 7,038 vulnerabilities were added to the National Vulnerability Database in 2014.
In most cases, law enforcement alerted organizations that an intrusion had taken place.
Two legislators reintroduce bill aimed at protecting consumers from data breaches.
The HP Cyber Risk Report looks back at 2014, and notes that 44 percent of known breaches were possible due to vulnerabilities identified years ago.
Facebook found over a dozen applications that use the same third-party SSL decryption library from Komodia that Superfish leverages.
Google is providing developers with a multipipe approach to scanning applications for security flaws.
A recent survey by Ponemon Institute and Raytheon found senior executives don't fully understand the extent of security threats.
The SIM card maker said it will "devote all resources necessary" to investigate hacking claims revealed in Snowden leaks.
The 24-year-old Swedish man behind the creation of the BlackShades RAT and organization has pleaded guilty to distributing malicious software.
The report indicates that UDP amplification attacks leveraging Network Time Protocol are still the most common DDoS attack vector.
After facing backlash, Lenovo removed the software from its computers.
A set of suits filed in a Denver court accuse the insurance giant of inadequate security and false promises.
Twitter sued the government last year for violating its First Amendment rights concerning NSL disclosures.
Two very popular websites were compromised so that visitors would be infected with malware.
Both operations, though separate in their aims, were said to have ties to Gaza, Trend Micro found.
Governments, militaries and financial institutions in more than 30 countries around the globe are among the targets of the "Equation" group, according to Kaspersky Lab.
A cybercrime collected distributed the Carbanak malware via email to banking employees to infiltrate systems and snare over $1 billion, according to Kaspersky Lab.
Speaking at the Cybersecurity and Consumer Protection Summit the president hopes to encourage industry and government to share threat information more freely.
Last year, more than one billion records were breached worldwide, Gemalto found.
Trend Micro researchers observed upgraded CTB-Locker ransomware being distributed via fake Google Chrome and Facebook emails.
A techie in India discovered a vulnerability that allowed him to delete victims' Facebook photos and albums.
Cisco researchers identified a campaign involving phishing emails that purport to come from the Microsoft Volume Licensing Service Center.
Findings from IBM serve as a reminder this Valentine's Day to boost mobile security efforts, even when dealing with apps from so-called "trusted" marketplaces.
Security researchers said the attack was likely the work of a Chinese espionage group aiming to penetrate the systems of financial services and defense contracting firms.
The updated guide will offer insight on reducing risks to industrial control systems, such as malware, equipment failures, and other threats.
The NYDFS conducted a survey of 43 insurance companies to gain insight into how the insurance industry is preventing cybercrime and protecting sensitive data.
CrowdStrike's Global Threat Intel Report details some of the attacks IT security professionals have seen in 2014 and can expect to see more of this year.
It took Microsoft a year to patch the critical Windows bug allowing remote code execution (RCE).
This latest variant of Simplocker generates a unique key for each device that it infects, making it more difficult to decrypt the files on each device.
Twitter's new transparency report indicates that requests for user information have increased, both in the U.S. and abroad.
Among 16 major automakers, only two said they could diagnose or meaningfully respond to intrusions in real-time.
Core Security researchers said that the vulnerability in EKI-1221D can be exploited remotely by attackers to execute arbitrary code.
Plaintiffs in California, Georgia, Indiana and Alabama have filed suits and Anthem warned customers to brace for more phishing scams.
Experts argue that encryption is not the key piece in the Anthem breach if the incident involved a targeted attack on admin credentials.
Following its headline-grabbing data breach, Anthem's public relation's agency, Ketchum, went into action addressing the public.
The developers of FancyBox have issued a patch to address the bug, which was actively being exploited in the wild.
Experts are speculating that attackers exploited a vulnerability in Anthem's IT system, or obtained credentials via social engineering.
Mandiant was brought on site Tuesday, after Anthem started their own internal investigation.
Managed health care company Anthem announced on Wednesday that it was the target of a cyber attack, and that member information was compromised.
The bipartisan Electronic Communications Privacy Act Amendments Act of 2015 would offer protection from warrantless digital searches.
Trend Micro researchers identified two mobile apps for iOS that are being used to eavesdrop on communications among high-profile government, embassy and defense personnel.
A technical paper challenges the misconception that APT groups are inevitable "masters of exploitation."
Anyone who visited the websites of The Huffington Post and LA Weekly - among other websites - on Saturday or Sunday stands to be infected with a Kovter trojan used for advertising click fraud.
A bipartisan trio of legislators reintroduced the Online Communication and Geolocation Protection Act to extend Fourth Amendment rights to electronic communications.
In some instances, it took 30 days for the newly-installed apps to display "abnormal" behavior.
The German automobile maker issued a patch for a security issue that could have affected more than 2 million vehicles and allowed attackers to gain physical access to the cars.
Attackers sent malware through Skype chats promising pictures, FireEye reveals.
Apple fixed a number of flaws with its latest iOS update and improved stability and performance.
Adobe said it is aware of reports that a newly identified Flash Player zero-day vulnerability is being actively exploited in the wild.
The latest personnel moves, merger and acquisition activity and other developments in the IT security field.
President Obama imposed sanctions against North Korea, a medical services provider will be forced to pay a "neglect" penalty over HIPAA violations, the House passed the Intelligence Authorization Act, and other security news.
In Q4 2014, Akamai observed an even busier season for attackers than expected.
High-Tech Bridge is referring to the threat as 'RansomWeb' because it involves encrypting databases and holding websites for ransom.
The Dell SecureWorks Counter Threat Unit first noticed the ZeroAccess botnet reactivating from March 21, 2014, to July 2, 2014.
A new Zeus trojan variant is targeting a number of banks in Canada, including Bank of Montreal, Royal Bank of Canada, and National Bank of Canada.
Security firm Symantec found a backdoor, called Winnti, on a computer also infected with Skeleton Key.
The Federal Trade Commission has prohibited a revenge porn site operator from sharing nude photos, using deceptive tactics and revealing personal information.
Hundreds of computers belonging to University of Florida students and faculty were infected with Upatre and Dyre in a multistage attack.
Testimony in House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade hearing aimed at shaping national data breach notification law.
A new report from the Federal Trade Commission (FTC) provides data security steps for businesses and promotes data minimization.
Qualys has identified a buffer overflow vulnerability in the Linux GNU C Library that, if exploited, could enable an attacker to remotely take complete control of a victim's system.
Source code for the keylogger, called QWERTY, was published in Snowden documents.
The 2015 Vormetric Insider Threat Report found that a large majority of U.S. companies believe they are vulnerable to insider threats.
The Internet Crime Compliant Center issued a warning on Thursday about a new scam that might be rooted in an initial ransomware infection.
In the Worldwide Infrastructure Security Report by Arbor Networks, 38 percent of respondents said that they have experienced more than 21 attacks per month.
WikiLeaks penned a letter to Google CEO Eric Schmidt requesting more information about search warrants under which the company handed over WikiLeaks staffers' data.
The app is no longer available from the Google Play store, but prior to being removed it had been installed between 50,000 and 100,000 times.
The security community is voicing concern over proposed revisions to the Computer Fraud and Abuse Act (CFAA) by taking to Twitter and personal blogs.
As part of a recent spam campaign, Trend Micro researchers observed a variant of CTB-Locker ransomware asking for 3 Bitcoins within 96 hours.
Two stand-alone modules, dubbed Hopscotch and Legspin, were analyzed by Kaspersky Lab.
The National Association of Federal Credit Unions sent Congressional leaders a letter calling for the creation of a bipartisan working group to shape breach legislation.
Google gave out thousands of dollars in rewards to several external researchers who dug up and reported bugs, several of which were deemed high impact.
In April 2014, Brown pleaded guilty to posting an online threat aimed at a federal agent, as well as other charges.
Adobe said it is aware of reports that an exploit for the bug exists.
In its "Security on the Shelf" report, Osterman Research found that for every $115 a company spends per user on security-related software, $33 of the investment is "not working as well as it can" or is never used at all.
The President urged Congress to pass law that would better protect the nation from emerging cyber threats.
The company's January quarterly release addressed vulnerabilities across hundreds of products and patched bugs that could have been remotely exploitable without authentication.
A New Jersey congressman has asked the Justice Department to investigate whether New Jersey Governor Chris Christie and a Port Authority official violated state privacy laws when they revealed E-ZPass data.
The "Cisco 2015 Annual Security Report" explores what's trending with regard to attackers, users, and defenders.
The New York Times revealed new info on NSA's years-long surveillance efforts against North Korea.
Sign up to our newsletters
SC Magazine Articles
- State breakdowns: Anthem breach by the numbers
- Malware on Lime Crime website, payment cards compromised
- Florida law enforcement docs show widespread stingray use, secrecy
- Botnet of Joomla servers furthers DDoS-for-hire scheme
- Bug in popular WordPress plugin opens up websites to SQL injection attacks
- State breakdowns: Anthem breach by the numbers
- Carbanak APT campaign made off with $1B from banks globally
- BMW issues security patch for bug allowing attackers physical access into vehicles
- NIST requests final comments on ICS security guide
- Disconnect yawns between CISOs, exec leadership, study says
- Infections caused by prevalent financial trojans dropped 53 percent last year
- Spammers leverage DMARC to more successfully distribute ransomware
- Laptop stolen from employee contained data on Pioneer Bank customers
- In growing market for genetic data, privacy implications prove lasting
- Natural Grocers investigating unauthorized access to POS systems