Study: 'High priority' issues hamper endpoint security solution implementation

Study: 'High priority' issues hamper endpoint security solution implementation

A survey from Digital Guardian and Enterprise Strategy Group collected IT security professionals' thoughts on endpoint security solutions and the challenges they face when implementing them.

Researchers identify POS malware targeting ticket machines, electronic kiosks

Researchers identify POS malware targeting ticket machines, electronic kiosks

Electronic kiosks and ticketing systems are among the targets of a new type of point-of-sale threat known as "d4re|dev1|".

Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor

Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor

A backdoor referred to as CryptoPHP is being packaged with pirated Joomla, WordPress and Drupal themes and plugins and used for illegal search engine optimization.

DDoS attacks grew in size, threats became more complex, Q3 reports say

DDoS attacks grew in size, threats became more complex, Q3 reports say

A trio of third quarter reports from security firms reveal changes and complexities in the threat landscape.

Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards

Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards

A California man was sentenced to 18 months in prison for remotely accessing POS machines that he sold to Subway restaurant franchises, and loading up at least $40,000 onto gift cards.

APT operation 'Double Tap' exploits serious Windows OLE bug

APT operation 'Double Tap' exploits serious Windows OLE bug

The group, APT3, is also believed to be behind Operation Clandestine Fox, which used social engineering to lure victims into installing malware.

Regin: nation-state possibly behind the stealthy modular spying malware

Regin: nation-state possibly behind the stealthy modular spying malware

Symantec is referring to the malware as 'groundbreaking,' particularly due to the advanced techniques it uses to conceal itself.

CoinVault changes up traditional ransomware techniques

CoinVault changes up traditional ransomware techniques

A newly identified ransomware takes extra precaution to hide from researchers and possibly show good faith on the attackers' part.

Study: Third of employees use company devices for social media and online shopping

Study: Third of employees use company devices for social media and online shopping

GFI Software and Opinion Matters found that employees used company devices for activities not related to work and had no qualms about stealing company intellectual property after they leave.

'DoubleDirect' MitM attack affects iOS, Android and OS X users

'DoubleDirect' MitM attack affects iOS, Android and OS X users

Security firm Zimperium detected attacks in the wild over the past six to eight months.

Swedish appeals court nixes Assange's plea

Swedish appeals court nixes Assange's plea

Julian Assange remains holed up in Ecuador's U.K. embassy after a court refused to rescind a warrant for Assange's arrest, which could ultimately result in his extradition to the U.S.

Critical XSS vulnerability addressed in WordPress

Critical XSS vulnerability addressed in WordPress

A critical cross-site scripting vulnerability was addressed, which could enable an anonymous user to compromise a site.

Citadel variant targets master passwords, authentication solutions

Citadel variant targets master passwords, authentication solutions

Credentials, entered through password management software and a Nexus authentication tool, are the target of this new variant.

USPS draws ire of Congress over data breach response

USPS draws ire of Congress over data breach response

Members of the USPS testified before a House subcommittee Wednesday, drawing criticism over the delay in its breach notification to impacted employees.

Buffer overflow vulnerabilities identified in Hikvision DVR devices

Buffer overflow vulnerabilities identified in Hikvision DVR devices

Three buffer overflow vulnerabilities identified in Hikvision digital video recorder devices can, if exploited, enable a remote attacker to gain full control of the device.

Android malware 'NotCompatible' evolves, spawns resilient botnet

Android malware 'NotCompatible' evolves, spawns resilient botnet

Mobile security firm Lookout detailed how the malware has grown in complexity to hide its botnet activity.

Vulnerabilities identified in three Advantech products

Vulnerabilities identified in three Advantech products

Researchers with Core Security have identified vulnerabilities in three products manufactured by Advantech, some of which can be exploited remotely.

USA Freedom Act foiled by Senate Republicans

USA Freedom Act foiled by Senate Republicans

The USA Freedom Act, aimed at NSA surveillance reform, failed to pick up enough votes to avoid a Republican filibuster.

Mozilla, Cisco and others sponsor certificate provider Let's Encrypt

Mozilla, Cisco and others sponsor certificate provider Let's Encrypt

The Internet Security Research Group (ISRG) plans to launch its Let's Encrypt software in 2015 that will let anyone receive a free trusted certificate.

TRUSTe settles FTC charges over its 'certified' privacy seals

TRUSTe settles FTC charges over its 'certified' privacy seals

The company has agreed to pay $200,000 as part of the settlement, and will be required to beef up its COPPA-related reporting activities.

Survey: real-time SIEM solutions help orgs detect attacks within minutes

Survey: real-time SIEM solutions help orgs detect attacks within minutes

Real-time security information and event management solutions help organizations detect targeted attacks and advanced persistent threats within minutes, according to a McAfee survey.

Healthcare sector's broad data sets will attract increased attacks in 2015

Healthcare sector's broad data sets will attract increased attacks in 2015

A number of Websense threat predictions point back to the vulnerable healthcare industry as a major target for cybercriminals.

State Department hack may be tied to White House network breach

State Department hack may be tied to White House network breach

The AP reported on Sunday that the State Department had its unclassified system compromised. The news follows the breach of three other government entities' systems.

Microsoft report explores dangers of running expired security software

Microsoft report explores dangers of running expired security software

The dangers of running expired security software is a key takeaway from the Microsoft Security Intelligence Report 17.

'Carder.su' crime ring participant sentenced to 115 months in prison

'Carder.su' crime ring participant sentenced to 115 months in prison

Cameron Harrison, 28, posessed more than 260 compromised credit and debit card numbers at the time of his arrest and is one of 55 people facing charges pertaining to their association with "Carder.su."

U.S. spy program targeting Americans' mobile phones, report says

U.S. spy program targeting Americans' mobile phones, report says

The U.S. Department of Justice is attaching small devices to airplanes that gather massive amounts of mobile phone data, including the data of innocent Americans, a Wall Street Journal report indicates.

Automakers pen 'privacy principles' for in-car technology

Automakers pen 'privacy principles' for in-car technology

The Alliance of Automobile Manufacturers and the Association of Global Automakers created "baseline privacy commitments" for the industry.

Debt sellers exposed personal info of 70K consumers, draws FTC action

Debt sellers exposed personal info of 70K consumers, draws FTC action

Two debt sellers allegedly posted the people's personal information on unencrypted, publicly accessible spreadsheets that were post online.

DDoS attacks cost organizations $40,000 per hour, survey finds

DDoS attacks cost organizations $40,000 per hour, survey finds

An Incapsula survey revealed that the average DDoS attack costs a business roughly $40,000 per hour.

Waste no time patching Windows Schannel, OLE bugs, experts warn

Waste no time patching Windows Schannel, OLE bugs, experts warn

Neglecting to implement the Patch Tuesday fix for both bugs could prove dangerous, researchers say.

Study: 9 in 10 Americans agree control over personal information is lost

Study: 9 in 10 Americans agree control over personal information is lost

A new Pew Research study on Americans' privacy perceptions after the Edward Snowden leaks shows that most people assume their personal data isn't kept private online.

Shellshock used in BrowserStack attack

Shellshock used in BrowserStack attack

BrowserStack experienced an attack on Sunday that resulted in partial user information being accessed and bogus emails being sent to about 5,000 users.

Report provides in-depth look at POS malware used in some of the biggest breaches

Report provides in-depth look at POS malware used in some of the biggest breaches

A Cyphort Labs report provides an in-depth analysis of Backoff, BlackPOS and FrameworkPOS, malware used in some of the biggest breaches.

Patch Tuesday brings 14 security bulletins, fixes 33 bugs

Patch Tuesday brings 14 security bulletins, fixes 33 bugs

Among the updates is a critical fix for a Windows OLE flaw, marking a second patch for the bug.

Tor network moderators unsure how feds discovered and shut down Silk Road 2.0

Tor network moderators unsure how feds discovered and shut down Silk Road 2.0

The anonymity software's moderators aren't entirely sure how up to 50 illicit websites were discovered and shut down this past week.

'Masque Attack' writes over genuine apps; steals personal and financial data

'Masque Attack' writes over genuine apps; steals personal and financial data

Using WireLurker malware, the attack plays off a vulnerability in third-party app stores to overwrite legitimate apps with malicious ones.

Mobile fraud report notes reliance on OTPs as top concern

Mobile fraud report notes reliance on OTPs as top concern

One-time passwords (OTPs) sent via SMS are increasingly the target of Android malware, the report by Javelin revealed.

USPS investigates breach, more than 800K employees possibly affected

USPS investigates breach, more than 800K employees possibly affected

The United States Postal Service (USPS) announced on Monday that an investigation is underway regarding a cyber security intrusion into some of its systems.

Slew of black marketplaces, including Silk Road 2.0, go dark in Fed sweep

Slew of black marketplaces, including Silk Road 2.0, go dark in Fed sweep

Seventeen suspected members of online marketplaces, including Silk Road 2.0's alleged operator, have been arrested.

Home Depot announces 53M email addresses stolen in breach

Home Depot announces 53M email addresses stolen in breach

Home Depot announced on Thursday that approximately 53 million email addresses were stolen in the data breach that the company confirmed in early September.

Microsoft schedules massive Patch Tuesday release with 16 bulletins, five 'critical'

Microsoft schedules massive Patch Tuesday release with 16 bulletins, five 'critical'

This month's bulletins include five "critical" and nine "important" fixes that address remote code execution, elevation of privilege, and denial of service bugs, among others.

John Gordon Baden arrested in Tijuana

John Gordon Baden arrested in Tijuana

After months of looking for him, Baden was nabbed in Tijuana when tips began coming in about his whereabouts.

Apple addresses OS X, iOS WireLurker malware threat, C&C goes offline

Apple addresses OS X, iOS WireLurker malware threat, C&C goes offline

WireLurker was first observed infecting OS X systems when a user downloaded a trojanized app from a third-party store in China, and then infecting iOS devices that connected to the infected OS X system via USB.

Cousin of Bugat trojan, 'Dridex,' spreads using macros

Cousin of Bugat trojan, 'Dridex,' spreads using macros

Trend Micro detailed the variant and attackers' delivery techniques.

Study: Organizations assailed by cyber attacks, 15 percent are targeted

Study: Organizations assailed by cyber attacks, 15 percent are targeted

Vectra's Post Breach Report analyzed data gathered from more than 100,000 hosts over five months.

Study: 68 percent of healthcare breaches caused by loss or theft of devices, files

Study: 68 percent of healthcare breaches caused by loss or theft of devices, files

Security firm Bitglass analyzed three years worth of HHS breach records for its report.

Amex debuts token service

Amex debuts token service

American Express Token Service is based on a technical framework developed by EMVCo.

Researchers observe a new phishing technique

Researchers observe a new phishing technique

Trend Micro researchers observed a phishing attack involving the use of a proxy program that acts as a relay to a legitimate website.

Experts share new insight on Sandworm APT exploits, BlackEnergy malware

Experts share new insight on Sandworm APT exploits, BlackEnergy malware

The Sandworm Team, a supposed Russian APT group, is known for spreading BlackEnergy malware by way of spear phishing.

Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes

Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes

On Oct. 27, researchers with Symantec observed that Spin.com was redirecting visitors to the Rig Exploit Kit to serve them malware.

Affected by breaches, consumers ready for more intensive security measures

Affected by breaches, consumers ready for more intensive security measures

A new study found that consumers are becoming more aware of security procedures at retailers after breaches have dominated this year's news cycle.

New version of Backoff detected, malware variant dubbed 'ROM'

New version of Backoff detected, malware variant dubbed 'ROM'

Researchers at Fortinet detailed the new variant on Monday, and urged businesses to keep their AV up to date.

Some samples in 'Rotten Tomato' campaign not effectively executed

Some samples in 'Rotten Tomato' campaign not effectively executed

Researchers at Sophos provided additional details on the malware used in the attacks.

Researcher details iWorm infection vector, persistence mechanism, in paper

Researcher details iWorm infection vector, persistence mechanism, in paper

Mac users were getting infected by iWorm when going to The Pirate Bay and downloading infected pirated applications, such as Photoshop.

Company news: Big moves at Veracode, Malwarebytes and CipherCloud

The latest news in the security field, including personnel moves and mergers and acquisitions.

News briefs: The latest on JPMorgan Chase, the Mozart malware and more

News briefs: The latest on JPMorgan Chase, the Mozart malware and more

The latest security news, including JPMorgan Chase, Bash bug, new POS malware Mozart and more.

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox botnet instead

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, survey finds

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.

Deloitte releases paper on vetting leaks, avoiding costly hoax

Deloitte releases paper on vetting leaks, avoiding costly hoax

The research presents techniques for distinguishing legit data leaks from false claims.

Software automates fake purchases on compromised credit cards

Software automates fake purchases on compromised credit cards

Cyber intelligence company IntelCrawler has identified software being offered on underground forums that automates credit card data being sent to payment gateways.

Layering EMV chip, tokenization, encryption bolsters card payment security

Layering EMV chip, tokenization, encryption bolsters card payment security

A whitepaper from the Smart Card Alliance Payments Council recommends combining the three technologies to prevent card fraud.

Coalition sheds more light on Hikit threat, Axiom spy group

Coalition sheds more light on Hikit threat, Axiom spy group

In a detailed report, an array of malicious tools and tactics used by a cyberespionage group, called Axiom, are divulged.

FireEye identifies cyber espionage group possibly tied to Russian government

FireEye identifies cyber espionage group possibly tied to Russian government

The group, referred to as APT28, is believed to have been operating since at least 2007 and is possibly sponsored by the Russian government.

Targeted attacks on rise, costly, survey says

Targeted attacks on rise, costly, survey says

A Kaspersky Lab survey found that more than a third of businesses have been hit by at least one cybersecurity incident in the last 12 months.

WorldPay hacker sentenced to 11 years for role in $9.4M scheme

WorldPay hacker sentenced to 11 years for role in $9.4M scheme

An Estonian man, Sergei Tsurikov, was sentenced Friday after helping to steal over $9.4 million from payment processor RBS WorldPay in 2008.

Report: POS malware sees sharp increase in Q3

Report: POS malware sees sharp increase in Q3

As the holiday shopping season approaches, Damballa's 2014 Q3 State of Infections Report found that malware attacks spiked.

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

NIST finalizes cloud computing roadmap

NIST finalizes cloud computing roadmap

The NIST architecture is designed to accelerate the adoption of cloud computing.

Chinese MitM attack targets iCloud users

Chinese MitM attack targets iCloud users

The attack used a false certificate to trick iCloud users into handing over personal data and login credentials. With an attack of this size, some experts and researchers believe the Chinese government could be to blame.

SEDNIT malware delivered in 'Operation Pawn Storm'

SEDNIT malware delivered in 'Operation Pawn Storm'

Military, governments and media from around the world are targets in a campaign identified by Trend Micro.

Malvertising impacts Yahoo, AOL visitors, spreads ransomware

Malvertising impacts Yahoo, AOL visitors, spreads ransomware

The malvertising campaign is serving CryptoWall 2.0, researchers at Proofpoint revealed.

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House cyber guru says

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via SMS

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.

DHS investigates possible vulnerabilities in medical devices, report indicates

DHS investigates possible vulnerabilities in medical devices, report indicates

Reuters reported on Wednesday that DHS is investigating roughly 24 cases of suspected vulnerabilities in medical devices and hospital equipment.

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit card data

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts say

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.

Pennyslvania man sentenced after 'swatting' prank

Pennyslvania man sentenced after 'swatting' prank

David Barnhouse was sentenced to 18 months in prison after he hacked into a neighbor's Verizon FiOS router to post a bomb threat on a Pennsylvania mall's website.

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for real-time cell location tracking

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger components

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.

Hacker sentenced to 30 months in prison and $300k restitution

Hacker sentenced to 30 months in prison and $300k restitution

Lamar Taylor was sentenced in New Jersey this past week for allegedly participating in a cybercrime scheme that accounted for more than $15 million.

President signs Executive Order to improve payment security

President signs Executive Order to improve payment security

President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.

Security, tech firm coalition fights Hikit actors, other advanced groups

Security, tech firm coalition fights Hikit actors, other advanced groups

The coalition began as an effort to stop the spread of the Hikit trojan, previously known for targeting U.S. defense contractors.

Phishing email delivers keylogger malware, also takes screenshots

Phishing email delivers keylogger malware, also takes screenshots

The malware has various features, including the ability to start persistently, take screenshots and bypass user access controls.

Updates, changes to security, could lessen POODLE's bite

Updates, changes to security, could lessen POODLE's bite

Security pros urge operators and users to nix support for the popular, but antiquated, SSL v3.0.

SSDP reflection DDoS attacks on the rise, Akamai warns

SSDP reflection DDoS attacks on the rise, Akamai warns

Attackers are abusing SSDP to carry out reflection and amplification DDoS attacks, according to a PLXsert threat advisory released by Akamai.

POODLE exploits SSL 3.0 fallback

POODLE exploits SSL 3.0 fallback

Researchers at Google have discovered a flaw in SSL 3.0 that allows attackers to exploit the popular cryptography protocol and intercept communications.

Report examines cloud-based security market drivers, concerns

Report examines cloud-based security market drivers, concerns

NSS Labs highlighted the growth of security-as-a-service (SaaS) vendors, and issues facing the market.

Oracle addresses vulnerabilities with 154 security fixes

Oracle addresses vulnerabilities with 154 security fixes

Several of the vulnerabilities addressed by Oracle in its Critical Patch Update can be remotely exploitable without authentication.

On Patch Tuesday, Microsoft plugs 24 bugs, including three zero-days

On Patch Tuesday, Microsoft plugs 24 bugs, including three zero-days

For the month of October, the tech giant released eight patches, including three critical fixes.

'Sandworm Team' exploits zero-day bug in espionage campaign

'Sandworm Team' exploits zero-day bug in espionage campaign

A group of cybercriminals believed to be Russian are exploiting a zero-day vulnerability to deliver malware and gather information from various organizations around the world.

Kmart breach likely exposed payment card data

Kmart breach likely exposed payment card data

Sears revealed in a filing to the SEC that Kmart systems were infected with malware "undetectable" by current AV solutions.

Zero-day attackers exploit Windows kernel, Patch Tuesday brings fix

Zero-day attackers exploit Windows kernel, Patch Tuesday brings fix

FireEye researchers say that two zero-day flaws were used in separate, unrelated attacks.

Dairy Queen confirms breach, Backoff malware intrusion at 395 U.S. stores

Dairy Queen confirms breach, Backoff malware intrusion at 395 U.S. stores

Attackers used a third-party vendor's credentials to compromise systems in 395 U.S. Dairy Queen locations and one Orange Julius site.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US