Report: From Q3 to Q4, 90 percent increase in global DDoS attacks observed

Report: From Q3 to Q4, 90 percent increase in global DDoS attacks observed

In Q4 2014, Akamai observed an even busier season for attackers than expected.

Researchers observe databases being encrypted, websites held for ransom

Researchers observe databases being encrypted, websites held for ransom

High-Tech Bridge is referring to the threat as 'RansomWeb' because it involves encrypting databases and holding websites for ransom.

ZeroAccess botnet reactivates, click fraud activity resumes

ZeroAccess botnet reactivates, click fraud activity resumes

The Dell SecureWorks Counter Threat Unit first noticed the ZeroAccess botnet reactivating from March 21, 2014, to July 2, 2014.

Zeus variant targeting Canadian banks, U.S. banks may also be a target

Zeus variant targeting Canadian banks, U.S. banks may also be a target

A new Zeus trojan variant is targeting a number of banks in Canada, including Bank of Montreal, Royal Bank of Canada, and National Bank of Canada.

Winnti trojan may help set stage for Skeleton Key attacks, analysts say

Winnti trojan may help set stage for Skeleton Key attacks, analysts say

Security firm Symantec found a backdoor, called Winnti, on a computer also infected with Skeleton Key.

FTC settles with revenge porn site operator

FTC settles with revenge porn site operator

The Federal Trade Commission has prohibited a revenge porn site operator from sharing nude photos, using deceptive tactics and revealing personal information.

Upatre, Dyre used in Univ. of Florida attack

Upatre, Dyre used in Univ. of Florida attack

Hundreds of computers belonging to University of Florida students and faculty were infected with Upatre and Dyre in a multistage attack.

House subcommittee hears testimony on data breach law

House subcommittee hears testimony on data breach law

Testimony in House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade hearing aimed at shaping national data breach notification law.

FTC publishes security recommendations for IoT device makers

FTC publishes security recommendations for IoT device makers

A new report from the Federal Trade Commission (FTC) provides data security steps for businesses and promotes data minimization.

'GHOST' bug in Linux library enables remote takeover of victim's system

'GHOST' bug in Linux library enables remote takeover of victim's system

Qualys has identified a buffer overflow vulnerability in the Linux GNU C Library that, if exploited, could enable an attacker to remotely take complete control of a victim's system.

Firm finds link between Regin spy tool and QWERTY keylogger

Firm finds link between Regin spy tool and QWERTY keylogger

Source code for the keylogger, called QWERTY, was published in Snowden documents.

Insider threats changing security spending, report says

Insider threats changing security spending, report says

The 2015 Vormetric Insider Threat Report found that a large majority of U.S. companies believe they are vulnerable to insider threats.

New attack uses ransomware to drop trojans and keyloggers

New attack uses ransomware to drop trojans and keyloggers

The Internet Crime Compliant Center issued a warning on Thursday about a new scam that might be rooted in an initial ransomware infection.

Size and frequency of DDoS attacks increasing, annual report shows

Size and frequency of DDoS attacks increasing, annual report shows

In the Worldwide Infrastructure Security Report by Arbor Networks, 38 percent of respondents said that they have experienced more than 21 attacks per month.

WikiLeaks requests information on staffers search warrant data requests

WikiLeaks requests information on staffers search warrant data requests

WikiLeaks penned a letter to Google CEO Eric Schmidt requesting more information about search warrants under which the company handed over WikiLeaks staffers' data.

'Sexy Girls' wallpaper app in Google Play store accessed account info

'Sexy Girls' wallpaper app in Google Play store accessed account info

The app is no longer available from the Google Play store, but prior to being removed it had been installed between 50,000 and 100,000 times.

Proposed CFAA revisions agitate IT security community

Proposed CFAA revisions agitate IT security community

The security community is voicing concern over proposed revisions to the Computer Fraud and Abuse Act (CFAA) by taking to Twitter and personal blogs.

CTB-Locker ransomware variant being distributed in spam campaign

CTB-Locker ransomware variant being distributed in spam campaign

As part of a recent spam campaign, Trend Micro researchers observed a variant of CTB-Locker ransomware asking for 3 Bitcoins within 96 hours.

Analysts detail spying tool Regin's malicious modules

Analysts detail spying tool Regin's malicious modules

Two stand-alone modules, dubbed Hopscotch and Legspin, were analyzed by Kaspersky Lab.

NAFCU asks Congress to create bipartisan data breach working group

NAFCU asks Congress to create bipartisan data breach working group

The National Association of Federal Credit Unions sent Congressional leaders a letter calling for the creation of a bipartisan working group to shape breach legislation.

Chrome 40 promoted to stable channel, includes 62 security fixes

Chrome 40 promoted to stable channel, includes 62 security fixes

Google gave out thousands of dollars in rewards to several external researchers who dug up and reported bugs, several of which were deemed high impact.

Barrett Brown sentenced to 63 months in prison

Barrett Brown sentenced to 63 months in prison

In April 2014, Brown pleaded guilty to posting an online threat aimed at a federal agent, as well as other charges.

Adobe plugs Flash zero-day, investigates separate exploit reports

Adobe plugs Flash zero-day, investigates separate exploit reports

Adobe said it is aware of reports that an exploit for the bug exists.

Study: Lack of planning and resources leads to persistence of 'shelfware'

Study: Lack of planning and resources leads to persistence of 'shelfware'

In its "Security on the Shelf" report, Osterman Research found that for every $115 a company spends per user on security-related software, $33 of the investment is "not working as well as it can" or is never used at all.

Obama talks cybersecurity legislation in State of the Union

Obama talks cybersecurity legislation in State of the Union

The President urged Congress to pass law that would better protect the nation from emerging cyber threats.

Oracle releases quarterly patches; issues 169 fixes

Oracle releases quarterly patches; issues 169 fixes

The company's January quarterly release addressed vulnerabilities across hundreds of products and patched bugs that could have been remotely exploitable without authentication.

Congressman asks Holder to review Christie's access to private E-ZPass data

Congressman asks Holder to review Christie's access to private E-ZPass data

A New Jersey congressman has asked the Justice Department to investigate whether New Jersey Governor Chris Christie and a Port Authority official violated state privacy laws when they revealed E-ZPass data.

Roughly 40 percent of orgs are patching, annual Cisco report shows

Roughly 40 percent of orgs are patching, annual Cisco report shows

The "Cisco 2015 Annual Security Report" explores what's trending with regard to attackers, users, and defenders.

Report: NSA efforts influenced U.S. stance on Sony attack

Report: NSA efforts influenced U.S. stance on Sony attack

The New York Times revealed new info on NSA's years-long surveillance efforts against North Korea.

PCI compliance not synonymous with security, panel says

PCI compliance not synonymous with security, panel says

A panel held during the annual NRF conference discussed ways that retailers could bolster security.

Affordable Care Act phishing campaign identified, US-CERT issues advisory

Affordable Care Act phishing campaign identified, US-CERT issues advisory

US-CERT issued an advisory on Thursday, warning of phishing emails referencing the Affordable Care Act.

New York AG proposes legal protections for medical data, login info

New York AG proposes legal protections for medical data, login info

The attorney general is pushing lawmakers to back legislation that would expand the definition of protected "private information."

Android malware encounters surged in 2014, up by 75 percent, report says

Android malware encounters surged in 2014, up by 75 percent, report says

Mobile security company Lookout released its annual Mobile Threat Report on Thursday, which demonstrated a major uptick in Android malware encounters.

Several vulnerabilities addressed in Firefox 35, some deemed critical

Several vulnerabilities addressed in Firefox 35, some deemed critical

Numerous Firefox vulnerabilities, some deemed critical, have been addressed by Mozilla in the latest release of its web browser.

Investment in end-user training could reduce cost by 60 percent

Investment in end-user training could reduce cost by 60 percent

The Aberdeen Group teamed up with Wombat Security Technologies to create a Monte Carlo model that would quantify how employees' online actions correlate with an enterprise's risk

On heels of Obama privacy talk, senator to reintroduce breach notification bill

On heels of Obama privacy talk, senator to reintroduce breach notification bill

A Florida senator is drafting the Data Security and Breach Notification Act of 2015, a year after similar legislation was introduced.

Survey: most orgs not very prepared to recover IT assets following a disaster

Survey: most orgs not very prepared to recover IT assets following a disaster

According to a survey of more than 2,000 executive and IT professionals, less than half feel very prepared to recover their IT and related assets following a disaster or other incident.

'Skeleton Key' malware installed as in-memory patch on Active Directory DCs

'Skeleton Key' malware installed as in-memory patch on Active Directory DCs

Researchers at Dell SecureWorks CTU discovered two variants on the malware, which targets Windows 64-bit systems.

Microsoft issues eight bulletins, one critical, in Patch Tuesday release

Microsoft issues eight bulletins, one critical, in Patch Tuesday release

Microsoft's bulletins this month addressed multiple issues that had already been disclosed online, including one from Google's "Project Zero" team.

Executives concerned about cloud security, report shows

Executives concerned about cloud security, report shows

The security of data in the cloud, loss of control over IT services, and compromised accounts are some of the challenges holding back cloud adoption.

Respected information security journalist Steve Gold dies

Respected information security journalist Steve Gold dies

Steve Gold, one of the U.K.'s most respected information security journalists, who helped found SC Magazine and was renowned for helping his family, friends and colleagues, has died.

Pro-ISIS attackers compromise U.S. Central Command Twitter and YouTube accounts

Pro-ISIS attackers compromise U.S. Central Command Twitter and YouTube accounts

The hackers appear to be supporters of the Islamic State, and reportedly began tweeting out from the @CENTCOM Twitter account around 12:30 p.m.

Obama to call for national breach notification law, student privacy bill

Obama to call for national breach notification law, student privacy bill

Speaking to the Federal Trade Commission (FTC), President Obama said he will propose a Personal Data Notification and Protection Act and a Student Data Privacy Act.

Study: Majority of enterprises breached in first half of 2014, regardless of vertical

Study: Majority of enterprises breached in first half of 2014, regardless of vertical

FireEye found that a majority of enterprises had their systems breached during the first half of 2014, and often times, advanced malware allowed for the intrusion.

Declassified info shows FBI's role in warrantless surveillance increased

Declassified info shows FBI's role in warrantless surveillance increased

A FOIA lawsuit by The New York Times stirred the Justice Department to make new information available.

Pro-ISIS Group hijacks Twitter accounts of local media outlets

Pro-ISIS Group hijacks Twitter accounts of local media outlets

A group calling itself CyberCaliphate has claimed credit for the hack, which included militant messages and links to local and state government documents.

FBI shares info on Sony hack, but doubt in N. Korea theory lingers

FBI shares info on Sony hack, but doubt in N. Korea theory lingers

The FBI director said that attackers failed to use proxy servers to conceal their whereabouts when sending threatening emails to Sony employees.

Microsoft's Patch Tuesday preview will no longer be made public

Microsoft's Patch Tuesday preview will no longer be made public

There are still options to receive advanced information, but Microsoft will no longer be issuing a public blog post to preview what is to come on Patch Tuesday.

FTC chairwoman warns of IoT security and privacy risks

FTC chairwoman warns of IoT security and privacy risks

FTC chairwoman Edith Ramirez talked at the Consumer Electronic Show about the Internet of Things and the inherent privacy and security risks that come with the technology development.

New versions of OpenSSL released, eight vulnerabilities addressed

New versions of OpenSSL released, eight vulnerabilities addressed

Altogether eight vulnerabilities are addressed, two of which can lead to a denial-of-service attack and are deemed moderate in severity.

Report tracks DLP violations in corporate-sanctioned cloud storage apps

Report tracks DLP violations in corporate-sanctioned cloud storage apps

On Thursday, Netskope released a report analyzing risky app usage in enterprise environments.

Stealthy 'XOR.DDoS' trojan infects Linux systems, installs rootkit

Stealthy 'XOR.DDoS' trojan infects Linux systems, installs rootkit

The newly discovered 'XOR.DDoS trojan infects Linux systems to possibly build an army of devices to be used in distributed denial-of-service (DDoS) attacks.

Variant of Emotet banking malware used in spam campaign

Variant of Emotet banking malware used in spam campaign

German-language speakers are the primary target of a spam campaign that involves a variant of the Emotet banking malware.

FBI clarifies stingray policy, says court warrants not needed when used in public spaces

FBI clarifies stingray policy, says court warrants not needed when used in public spaces

Two senators wrote a letter requesting more information about stingray use and the FBI's policies surrounding the devices.

Gogo caught using fake Google SSL certificates

Gogo caught using fake Google SSL certificates

On a recent flight, a Google engineer discovered that SSL certificates were being signed by Gogo, not Google.

AOL advertising network used to distribute malware

AOL advertising network used to distribute malware

Malware is being distributed to visitors of The Huffington Post website, as well as several other sites, via malicious advertisements served over the AOL advertising network

In child porn case, former HHS cybersecurity director gets 25 years

In child porn case, former HHS cybersecurity director gets 25 years

Timothy DeFoggi, the former acting director of cybersecurity for Health and Human Services, was convicted in August 2014.

Nearly 500K USPS workers may have had injury claim data compromised

Nearly 500K USPS workers may have had injury claim data compromised

The USPS announced in November 2014 that it was looking at a possible cyber intrusion into some of its information systems, and this latest finding was discovered during the investigation.

Google publishes Windows 8.1 flaw details before patch is issued

Google publishes Windows 8.1 flaw details before patch is issued

Google's "Project Zero" team discovered an elevation of privilege flaw in Windows 8.1 and detailed the vulnerability online, 90 days after alerting Microsoft.

Morgan Stanley employee fired for stealing data on 350K clients, reports say

Morgan Stanley employee fired for stealing data on 350K clients, reports say

Morgan Stanley discovered account names, numbers and transaction data for more than 900 clients posted on the internet, according to reports.

President imposes sanctions against North Korea for Sony attack

President imposes sanctions against North Korea for Sony attack

President Obama has issued a formal U.S. response to the Sony hack in the form of sanctions against North Korea.

Tor creators debate research saying 80 percent of dark web traffic attributed to child abuse sites

Tor creators debate research saying 80 percent of dark web traffic attributed to child abuse sites

Although a recent study found that nearly 80 percent of anonymous network Tor's traffic was to child abuse sites, one of the network's original designers and various experts have said the staggering stat cannot be taken at face value.

Bots account for more than half of all 2014 web traffic, report shows

Bots account for more than half of all 2014 web traffic, report shows

This year saw 56 percent of all website traffic coming from bots, with 29 percent of those bots being considered 'bad,' and 27 percent being 'good.'

FBI: Sony hackers threatened U.S. news organization

FBI: Sony hackers threatened U.S. news organization

Early reports suggest that the news organization being threatened is CNN.

Examiner caused Palm Springs credit union breach, NCUA IG to investigate

Examiner caused Palm Springs credit union breach, NCUA IG to investigate

The National Credit Union Association Inspector General will investigate how a thumb drive containing PII went missing and why it took so long for the breach to be reported.

Federal judge approves use of fake Instagram account to obtain case evidence

Federal judge approves use of fake Instagram account to obtain case evidence

A federal judge in New Jersey has approved of law enforcement's use of a fake Instagram account to collect evidence on a man suspected of stealing millions of dollars worth of jewelry.

Researchers investigate, suggest fired employees assisted in Sony hack

Researchers investigate, suggest fired employees assisted in Sony hack

Norse Corporation reportedly had discussions with the FBI, but officials are still saying that North Korea is responsible for the attack on Sony.

ISC website compromised, possibly due to vulnerable WordPress plugin

ISC website compromised, possibly due to vulnerable WordPress plugin

The ISC website was quickly taken down after researchers with Cyphort Labs identified that the main page was ultimately redirecting visitors to the Angler Exploit Kit.

DNS attacks putting organizations at risk, survey finds

DNS attacks putting organizations at risk, survey finds

More than 75 percent of organizations in the U.S. and U.K. have experienced at least one DNS attack.

Modified Zeus trojan targets numerous online banking systems

Modified Zeus trojan targets numerous online banking systems

The trojan was detected by Kaspersky Lab researchers as Chthonic, and it appears to be an evolution of ZeusVM.

Report: SS7 flaws enable listening to cell phone calls, reading texts

Report: SS7 flaws enable listening to cell phone calls, reading texts

Vulnerabilities in Signaling System 7 make it possible for anyone to listen in on phone calls and read text messages, even if encrypted.

Neverquest botnet furthers crimeware-as-a-service biz for fraudsters

Neverquest botnet furthers crimeware-as-a-service biz for fraudsters

Neverquest, also known as Vawtrak, is data stealing malware that targets banking information.

Solo attacker likely responsible for phishing campaign, delivering Zeus variant

Solo attacker likely responsible for phishing campaign, delivering Zeus variant

Phishing emails, a phishing kit and phony browser alerts are being used by the attacker to steal credentials and deliver a variant of the Zeus trojan.

Telecommunications companies on the line with FTC, FCC for cramming schemes

Telecommunications companies on the line with FTC, FCC for cramming schemes

Two major telecommunications companies are under fire from the FTC and FCC for their "cramming" practices.

White House calls Sony hack a "serious national security matter," gov't mulls proper response

White House calls Sony hack a "serious national security matter," gov't mulls proper response

Sony Pictures recently canceled the "The Interview" movie release, following hacker threats.

'Spark' shares traits with Alina, JackPOS, uses AutoIt differently

'Spark' shares traits with Alina, JackPOS, uses AutoIt differently

Researchers at Trustwave SpiderLabs have released details on a new Alina variant dubbed Spark.

California nonprofit sues San Diego Police Department over stingray documents

California nonprofit sues San Diego Police Department over stingray documents

The First Amendment Coalition is suing the San Diego Police Department and the city of San Diego in an effort to get public records released on the force's stingray use.

Critical 'Misfortune Cookie' bug puts millions of internet-connected routers at risk

Critical 'Misfortune Cookie' bug puts millions of internet-connected routers at risk

The vulnerability can enable attackers to steal credentials and personal and business data, as well as infect machines with malware.

Former employees sue Sony, theaters drop 'The Interview'

Former employees sue Sony, theaters drop 'The Interview'

Four former Sony workers have filed two class-action suits claiming the company failed to plug security holes and protect their personal data.

Phishing email contains Word doc, enabling macros leads to malware infection

Phishing email contains Word doc, enabling macros leads to malware infection

An employee with PhishMe was targeted by a crafty phishing email, allowing researchers to analyze an innovative attack that results in a malware infection.

Landmark HIPAA settlement confirms push to firm up patching schedules

Landmark HIPAA settlement confirms push to firm up patching schedules

Anchorage Community Mental Health Services (ACMHS) must pay $150,000 and integrate an action plan to meet HIPAA compliance.

Mobile RAT Xsser continues to threaten Android, iOS device security

Mobile RAT Xsser continues to threaten Android, iOS device security

Back in October, the Chinese iOS trojan was discovered by Lacoon Mobile Security.

Researchers warn of new OphionLocker ransomware

Researchers warn of new OphionLocker ransomware

OphionLocker doesn't diverge much from previous ransomware schemes, although it does generate a unique hardware ID based on the first hard drive's serial number, the motherboard's serial number and other information.

Microsoft appeal over customer email warrant draws support

Microsoft appeal over customer email warrant draws support

Microsoft's early December appeal of the government's efforts to get customer email stored on a server in Ireland has garnered support of rivals and privacy groups.

Impact of Linux bug 'grinch' spans servers, workstations, Android devices and more

Impact of Linux bug 'grinch' spans servers, workstations, Android devices and more

Alert Logic discovered the bug, which is susceptible to exploitation due to the default installation process used by Linux.

Black market tactics mirror those of legit business

Black market tactics mirror those of legit business

A report from DellSecureWorks Counter Threat Unit revealed hacker training tutorials, replacement guarantees and a drop in RAT prices.

As leaks continue, Sony's legal team tells media to destroy 'stolen info'

As leaks continue, Sony's legal team tells media to destroy 'stolen info'

Sony Pictures's attorney David Boies is demanding that news outlets destroy "stolen information" involved in the leaks.

More than 100K WordPress sites compromised by malware due to plugin vulnerability

More than 100K WordPress sites compromised by malware due to plugin vulnerability

WordPress websites are being infected with malware through a previously disclosed vulnerability in the Slider Revolution plugin.

U.S. accounts for most Mac OS X attacks and websites seeded with malware

U.S. accounts for most Mac OS X attacks and websites seeded with malware

Kaspersky Lab summed up its year's findings and saw that U.S. users were the main targets of Mac OS X malware.

House, in rush vote, passes Intelligence Authorization Act

House, in rush vote, passes Intelligence Authorization Act

The Senate passed the Act on Wednesday after adding a controversial amendment and the House rushed to pass it with little room for debate.

Site operator pleads guilty to facilitating prostitution, a first in federal convictions

Site operator pleads guilty to facilitating prostitution, a first in federal convictions

Eric Omuro, who also goes by "Red," ran the site myRedBook.com.

Study: Malicious social media attacks on the upswing

Study: Malicious social media attacks on the upswing

Social media represents the next frontier of threats; 2015 will be the year for social media managers and IT security professionals to unite, one study says.

Audit shows University of Maryland security flaws remain

Audit shows University of Maryland security flaws remain

Citing progress, a state audit report details the vulnerabilities that the University of Maryland College Park (UMCP) needs to fix.

Research examines cost of stolen data, underground services

Research examines cost of stolen data, underground services

Symantec tracked the price of stolen goods and malicious services, as well as black market price fluctuations over the years.

Suit: Comcast public WiFi hotspot network uses home modems, drives up customer costs

Suit: Comcast public WiFi hotspot network uses home modems, drives up customer costs

In a class-action suit filed in federal court, a father-daughter duo accuses Comcast of using their routers to create public Wi-Fi hotspots, increasing their electricity costs and leaving them vulnerable to security issues.

Stealthy 'Inception' attack framework detailed; possible return of 'Red October' group

Stealthy 'Inception' attack framework detailed; possible return of 'Red October' group

Blue Coat Systems broke down its findings on the mysterious perpetrators behind 'Inception,' but in reality, nothing can really be concluded about their location or overarching goals.

Hack decodes Android phone, Samsung smartwatch data exchange

Hack decodes Android phone, Samsung smartwatch data exchange

Encrypted communications between a Samsung smartwatch and Android device were easily cracked by Bitdefender researchers.

Study reveals industry pros troubled most by ransomware threat, damage

Study reveals industry pros troubled most by ransomware threat, damage

A survey of IT security pros commissioned by Malwarebytes revealed that ransomware topped the list of security threats.

SEO poisoning campaign ensares several thousand websites, security expert finds

SEO poisoning campaign ensares several thousand websites, security expert finds

A security expert estimates that around 10,000 legitimate websites were impacted by the campaign.

Microsoft issues seven bulletins, three critical, and fixes 24 bugs in Patch Tuesday release

Microsoft issues seven bulletins, three critical, and fixes 24 bugs in Patch Tuesday release

Three bulletins were determined to be 'critical' and four were rated 'important.'

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US