Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.
The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.
Several U.S. trade groups also have objected to the provision, part of a recently passed appropriations bill, which bars certain federal agencies from buying IT tech gear produced by Chinese government-related companies.
Plaintiffs' failure to have an expert verify their damages was a "fatal" flaw in the case, according to a federal judge.
The web measurement company is accused of secretly collecting data on millions and then sharing it with clients.
Law enforcement in Russian and Ukraine have dealt a major blow to a prolific banking malware operation.
The state, no stranger to pioneering data security and privacy legislation, is at it again with a proposed measure that would force companies to be transparent about with whom they are sharing customer information.
The software giant expects to distribute eight other fixes to correct vulnerabilities in Windows, Office, Server Software and Security Software.
No matter the industry, organizations are facing a flurry of sophisticated attacks, with the main goal being to hijack intellectual property, according to new findings from security firm FireEye.
The security company is urging customers to upgrade to the latest version of the appliance, which is not susceptible to the vulnerabilities reported Wednesday by researchers at SEC Consult.
New clues turned up by researchers at the University of Toronto show that an Android malware spy campaign appears to be the work of Chinese hackers, possibly with the assistance of the nation's government or a major corporation.
Fraudsters pretending to be from collections companies are seeking to recover non-existent loans. If victims don't pay up, their administrative call centers are hit by telephone denial-of-service attacks. 9-1-1 lines weren't targeted.
Despite being an age-old problem, recent DoS and DDoS attacks are driving huge growth for mitigation solutions.
The rule, part of a general appropriations bill signed by President Obama last week, comes following growing evidence of China's organized cyber espionage operations.
This month's company news features new additions to the dinCloud, Tripwire, and Crocus Technology, as well as Bluebox Security's new research team that will analyze mobile security threats.
This month's news briefs includes recent news on Mandiant uncovering China's cyber espionage efforts, security firm Bit9's breach, and the Obama administrations latest efforts on combating the theft of trade secrets.
In a matter of weeks, an Arizona federal judge is expected to decide whether the FBI illegally caught an accused fraudster.
Of the companies polled in a recent survey, eight in 10 indicated that they experienced web attacks in 2012.
Eric Rosol, 37, of Wisconsin was indicted Tuesday by a grand jury.
According to the legislation, the review process will quell cyber espionage threats from China.
As the debate on the usefulness of anti-virus continues, recent research reveals that a majority of malware is delivered via web browsing, skirting AV along the way.
Spam-fighting nonprofit Spamhaus says the DDoS attacks began more than a week ago.
Owing to outdated browsers, an attack aimed at older Java vulnerabilities can be just as successful for miscreants as targeting new vulnerabilities, according to new research.
A security firm found that more than half of survey respondents were impacted by web application attacks.
The bill draft, which is in a preliminary stage, included harsher penalties for Computer Fraud and Abuse Act violations.
Security researchers have found evidence that, not surprisingly, social engineering tactics were leveraged by the attackers, who set their malware to "go off" three days after reaching victims.
A recently fixed Internet Explorer vulnerability is being leveraged to spy on the activists.
The trojan was recently a topic of discussion on an underground Russian forum, researchers found.
Apple ID and iCloud users will now have the option to use the security feature for purchases or account changes.
Saboteurs are spreading the Yontoo trojan, which infects computers so they display certain advertisements to infected users.
Researchers at Symantec believe a trojan called "Jokra" was used in the attacks. Neighboring North Korea is considered a suspect, but there's no evidence suggesting it is to blame.
Senators say current provisions of the Electronic Communications Privacy Act give law enforcement too many liberties when accessing the electronic communications of Americans.
A failed attempt to rig an election in Florida doesn't mean hackers won't find another way in as electronic voting becomes more common.
The defendants are accused of selling vulnerable point-of-sale equipment to Subway franchises, and then hacking into the systems to add $40,000 in value to gift cards, which they sold or kept for themselves.
Honeypots installed by researchers at security firm Trend Micro provided bait for 39 attacks on simulated ICS environments over the course of a month.
Andrew Auernheimer is an alienating figure in certain web communities, but many security researchers have come to his defense, claiming he's a victim of an overreaching criminal justice system. Prosecutors disagree.
With new capabilities and seamless design, the top website for information security news, opinions, analysis and more has gone through a comprehensive redesign.
Known for creating an undeterred web surfing experience and bolstering privacy, Google has decided to remove AdBlock Plus from its Android market place.
The security update patched 21 vulnerabilities and a Java Web Start bug that could allow apps to be launched automatically.
Swiss firm Multiven has accused Cisco of using "scraping" software to steal thousands of its files.
According to a court document, Auernheimer and his legal team believe he should serve months of probation rather than years behind bars.
The new offering shows that, as cyber criminals become more sophisticated, they'll need more options to secure their infrastructure.
Cyber Command Chief Gen. Keith Alexander is now assembling 13 teams of IT experts for this purpose.
Sportswear retailer Genesco is suing Visa after the credit card company imposed more than $13 million in fines.
The results of a recent report indicate that apps on the iOS mobile platform access more information on a device than Android.
The vulnerability allows anyone with "casual physical access, such as a custodian sweeping your office at night or a security guard making his rounds" to plug in a USB device and become an administrator, according to Microsoft.
The data allegedly includes Social Security numbers, financial information and other sensitive details belonging to a list of high profile public figures.
The Chinese official said the country is being unfairly singled out as a purveyor of corporate espionage, and it is supportive of developing agreed-upon international rules of conduct in cyber space.
Defendants are charged with inundating consumers with texts promising "free" gift cards - and running sites that profited off the scam.
A group of hackers is dissatisfied with efforts to remove an anti-Muslim video from YouTube.
They address flaws in Internet Explorer (IE), Windows, Office, Server Software and Silverlight.
The plaintiffs failed to prove that a 2012 breach caused them financial loss or future harm, despite their claims that publicly posted credentials placed them at greater risk for identity theft.
Despite the best efforts by browser and operating system manufacturers to shore up their offerings, exploit hunters are still finding success at attacking the world's best-known platforms - especially when there is a large chunk of change on the line.
Researchers believe the stolen private key belonged to an unwitting Texas consulting company.
Attackers behind the MiniDuke spy campaign have targeted government entities and other organizations around the world since at least 2011.
When it comes to credit card fraud, the hospitality industry has offered an attractive target for cyber criminals. Now, one trade group is helping these properties overcome security and compliance hurdles with a new framework.
The company apparently was able to distribute a fix so quickly because it actually learned of this vulnerability on Feb. 1, but wasn't able to include a patch in the Feb. 19 update to Java.
The company advised its 50 million users on Saturday that it "detected and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas" of its service.
The move follows two instances in the past few weeks when Adobe unexpectedly issued a Flash Player update to close vulnerabilities under active attack.
Just a few weeks after Oracle rushed a patch for the commonly exploited Java software, it is experiencing yet another meltdown.
Java zero-days are the "threat of the month," a vulnerability that allows remote code execution via browsers.
The latest acquisitions and personnel moves from the likes of CipherCloud, Yahoo, Marble Cloud, Twitter, and more.
Security incidents at the U.S. Department of Health and Human Services and Zaxby's Franchising, and more.
Robust growth in the information security profession is a sign of economic health in the overall economy, according to a new report from (ISC)2. And personnel skilled in emerging technologies and security as a business will be the ones who excel.
Hacktivist-turned-snitch Hector Monsegur, aka Sabu, was scheduled to be sentenced Friday in New York, but the hearing was not held for an unknown reason.
Twitter announced Thursday that is adopting Domain-Based Message Authentication, Reporting and Conformance (DMARC), a new specification designed to authenticate emails so users don't fall for fraudulent emails.
The consumer protection agency said vulnerabilities and the "insecure implementation" of diagnostic software propelled action against the American division of the mobile device maker for a number of security shortfalls.
Cyber criminals are repurposing data-stealing trojans, once used primarily to steal banking information, to collect intellectual property, which can be sold for a higher price tag, according to a McAfee study.
Security firm Seculert is tracking two versions of the threat: one which is targeting Japanese organizations and the other directed, ironically, toward Chinese journalists.
The news comes after a detailed report emerged that U.S. firms were the target of Chinese government-backed espionage operations.
The tech giant is crediting the drop with new security measures, in which login attempts to accounts such as Gmail are tested against 120 variables to ensure a person is who they say they are.
Security firm Mandiant may have documented among the most convincing evidence to date of the significant espionage threat emanating from China.
On Friday, Facebook announced that a number of employee laptops were infected with malware after workers visited a mobile developer website that had been hijacked. On Tuesday, Apple said it was hit with a similar attack.
The passcode flaw affects iOS 6.1, allowing pranksters to bypass its security feature.
Lawmakers have begun debate on the controversial threat information-sharing bill known as CISPA, which would complement the president's cyber security executive order. But it has a host of privacy objections to clear first.
Attackers primarily want cardholder data, which can be easily bought and sold underground to commit fraud, according to security firm Trustwave.
Exploits that are taking advantage of the vulnerabilities are able to evade Adobe's sandbox technology, which was implemented with the release of Reader and Acrobat X.
Viewers of four TV stations, in Michigan and Montana, had their Monday evenings interrupted by an Emergency Alert System broadcast warning of a zombie invasion. It turned out to be a hacking hoax.
Two men have been indicted in Manhattan on charges they operated a nationwide ATM skimming ring that defrauded bank customers out of more than $3 million, the U.S. attorney's office has announced.
Adobe may be dealing with another zero-day vulnerability, this time appearing in the latest version of its PDF software, Reader.
One security bulletin fixes 13 flaws that could allow an attack to remotely execute code in several versions of IE.
As comprehensive cyber security legislation languishes in Congress, President Obama may be close to acting on an executive order, according to a report.
In the PC world, attackers prefer to compromise legitimate sites to spread malware. But in the realm of mobile, pornographic sites are the preferred launching pad for viruses.
The whitelisting company says it was breached because it failed to install its own software on a number of its computers, giving saboteurs access to a code-signing certificate.
The Payment Card Industry Security Standards Council (PCI SSC) released recommendations for card data security and compliance in cloud environments.
The software company has updated its ubiquitous Flash software because of two pressing zero-day vulnerabilities.
The software giant expects to release a dozen patches on Tuesday, but all eyes are on two bulletins that address security flaws in Internet Explorer.
Half of new retail customer identities will be social networking-based by the end of 2015, which is why merchants need to boost their controls, according to Gartner.
Microsoft, in partnership with security firm Symantec, announced Wednesday that it has disrupted the Bamital botnet, known for rerouting victim machines to websites, online advertisements and links of the attackers' choosing.
On Sunday, Anonymous said it hacked the Fed, before exposing the data of 4,000 bankers. Now, it appears the claims are true.
Valeri Aleksejev, an Estonian, pleaded guilty for his role in "Operation Ghost Click," where DNSChanger malware infected four million computers worldwide.
Several hundred employees and contractors at the U.S. Department of Energy were compromised in the breach, though reportedly no classified information was accessed by hackers.
The move was part of a larger operation by the hacktivist collective to protest prosecutorial overreach in computer crime cases, prompted by the death of Aaron Swartz.
Twitter, with more than 500 million registered users globally, may soon be adding additional login protections. The company disclosed Friday that 250,000 people may have had their account data compromised.
Path, a company that operates a virtual journal application for iOS and Android devices, agreed to pay the FTC $800,000.
Two weeks ago, Rep. Lofgren took to Reddit to announce her plans to revise the Computer Fraud and Abuse Act so that people like Aaron Swartz, the computer programmer and freedom-of-information activist who committed suicide in January, are not punishable by decades in prison.
The council charged with administering the PCI standard has documented common vulnerabilities in online payment environment and offered suggestions for installing technology to deter threats.
The latest personnel announcements and M&A activity from the likes of Lancope, SafeNet, BeyondTrust, Blue Coat Systems and more.
This month's news briefs include bits on Android, spammers, breach penalties, crime networks, hacktivism and more.
The New York Times Co. is the latest victim of an advanced persistent threat attack after the paper disclosed that hackers roamed its systems for four months, looking for correspondence related to a single story.
