Cybersecurity bills move forward on Capitol Hill

Cybersecurity bills move forward on Capitol Hill

A flurry of legislative activity on Capitol Hill hints that Congress may be shaking off its inertia and there may be some long-awaited forward movement on key issues.

Flash EK leveraged in potentially widespread malvertising attack

Flash EK leveraged in potentially widespread malvertising attack

Researchers with Malwarebytes have identified a malvertising attack carried out through Merchenta, an advertising network that claims to reach more than 28 billion consumers per month in the U.S.

Study: Average organization has 4,000 instances of exposed credentials stored in the cloud

Study: Average organization has 4,000 instances of exposed credentials stored in the cloud

CloudLock released its "Cloud Cybersecurity Report: The Extended Perimeter" earlier this week that looked at enterprises' use of cloud applications and storage.

Member of group that hacked Farmers Insurance, DirecTV, sentenced to 3 years

Member of group that hacked Farmers Insurance, DirecTV, sentenced to 3 years

The New York resident, Mario Chuisano, was also ordered to pay nearly $2.7 million in restitution.

Banking industry security protocol falters in third-party vendor contracts

Banking industry security protocol falters in third-party vendor contracts

The New York State Department of Financial Services issued an update on cyber security in the banking sector with concern to third-party service providers.

POS threat 'Punkey' allows additional malware download for greater access

POS threat 'Punkey' allows additional malware download for greater access

Trustwave also found that the Punkey threat family and NewPosThings share the same code base.

Researchers identify new targets in 'Operation Pawn Storm' campaign

Researchers identify new targets in 'Operation Pawn Storm' campaign

The campaign was written about by Trend Micro in October 2014, and the latest findings highlight some new tactics being used by the attackers.

Cyber attacks to rise, but competent security talent scarce, study says

Cyber attacks to rise, but competent security talent scarce, study says

A whopping 82 percent of security and IT pros surveyed in an ISACA and RSA Conference study believe cyberattacks will rise in 2015 and 35 percent say they can't find qualified talent to fill security positions.

Whistleblowers' lawyer claims Ark. police dept. put malware on hard drive

Whistleblowers' lawyer claims Ark. police dept. put malware on hard drive

An Arkansas lawyer representing whistleblowers asked a court to sanction an Arkansas police department after a hard drive he had provided for discovery materials was returned with malware on it.

Hellsing APT retaliates against Naikon attackers with own phishing ploy

Hellsing APT retaliates against Naikon attackers with own phishing ploy

After analyzing a phishing attack, Kaspersky found that ensuing email correspondence could be linked to two APT groups, Naikon and Hellsing.

Oracle's patch update includes 98 security fixes

Oracle's patch update includes 98 security fixes

The Critical Patch Update released by Oracle on Tuesday includes 98 security fixes, and is the final release of public updates for Java 7.

2014 deemed the year of 'far-reaching' vulnerabilities in Symantec annual report

2014 deemed the year of 'far-reaching' vulnerabilities in Symantec annual report

Symantec's annual threat report doesn't exactly depict a rosy cyber security world.

In annual report, Verizon uses new breach cost model for estimating loss

In annual report, Verizon uses new breach cost model for estimating loss

Verizon says it has a new-and-improved model for determining breach costs.

Microsoft addresses 26 vulnerabilities, some critical, on Patch Tuesday

Microsoft addresses 26 vulnerabilities, some critical, on Patch Tuesday

Microsoft addressed 26 vulnerabilities in 11 bulletins for its monthly Patch Tuesday release, and four of the bulletins are deemed critical.

APT group detects threat monitoring and backs away in documented first

APT group detects threat monitoring and backs away in documented first

After continuously trying to regain access to a specific target's systems, Hurricane Panda willfully stepped away once it saw that the company was monitoring Indicators of Attack (IOA).

Global groups dismantle 'Simda' botnet

Global groups dismantle 'Simda' botnet

Less than a week after the 'Beebone' botnet was taken down, INTERPOL Global Complex for Innovation, along with other global companies and agencies, has dismantled the 'Simda' botnet.

FighterPOS malware strikes over 100 terminals in Brazil, captures info for 22K cards

FighterPOS malware strikes over 100 terminals in Brazil, captures info for 22K cards

Trend Micro warns that the threat could spread, as the sole perpetrator of the attacks is selling the malware.

Researchers identify attack technique, all Windows versions at risk

Researchers identify attack technique, all Windows versions at risk

Researchers with Cylance identified the "Redirect to SMB" technique, which can enable the theft of user credentials from PCs, tablets and servers running any version of Windows.

Survey: 65 percent of online tax filers do so on open access WiFi network

Survey: 65 percent of online tax filers do so on open access WiFi network

Nearly half of Americans file their taxes online, and of those who do, 65 percent file them on an open access WiFi network, according to new research from Protect Your Bubble.

Researchers identify malware campaign targeting Russian businesses, banks

Researchers identify malware campaign targeting Russian businesses, banks

The campaign is being referred to by ESET researchers as Operation Buhtrap, and is believed to have been active for longer than a year.

Banking threat Emotet expands target list, evades two-factor auth

Banking threat Emotet expands target list, evades two-factor auth

The malware, which is still spread through phishing emails, is now in its third iteration, Kaspersky Lab researchers revealed.

International effort takes down 'Beebone' botnet

International effort takes down 'Beebone' botnet

A botnet of more than 12,000 computers was taken down on Wednesday through a collaborative effort by various international law enforcement agencies and tech companies.

Compromised forums redirect to Fiesta Exploit Kit, distribute malware possibly for click fraud

Compromised forums redirect to Fiesta Exploit Kit, distribute malware possibly for click fraud

Cyphort Labs researchers observed a number of popular forum websites redirecting visitors to the Fiesta Exploit Kit.

Apple issues updates for iOS, OS X, Apple TV and Safari

Apple issues updates for iOS, OS X, Apple TV and Safari

Apple released iOS 8.3 on Wednesday along with updates to OS X Yosemite, OS X Mavericks, OS X Mountain Lion, Safari, Xcode and Apple TV.

FCC fines AT&T $25M for call center breaches

FCC fines AT&T $25M for call center breaches

The FTC imposed a $25 million fine, its largest data privacy enforcement fine to date, on AT&T for three call center breaches that exposed information on 280,000 customers.

Blend of old and new techniques help attackers dodge detection, report says

Blend of old and new techniques help attackers dodge detection, report says

The 2015 Websense Threat Report found that threat actors are employing previously used C&C URLs to launch new threats.

Malicious Google Chrome extension collected users' data for third parties

Malicious Google Chrome extension collected users' data for third parties

"Webpage Screenshot," a Google Chrome extension, was found to be malicious by two security firms earlier this week.

Cross-platform RAT 'AlienSpy' targets Mac OS X, Windows and Android users

Cross-platform RAT 'AlienSpy' targets Mac OS X, Windows and Android users

The AlienSpy remote access trojan (RAT) is being sold to attackers via subscription plans, ranging from around $20 to $220.

FBI warns of WordPress defacements as new plugin vulnerability is found

FBI warns of WordPress defacements as new plugin vulnerability is found

The FBI warned that individuals sympathetic to ISIL, or ISIS, are defacing WordPress websites by exploiting vulnerabilities in plugins.

Russian hackers eyed in attack on White House, State Dept.

Russian hackers eyed in attack on White House, State Dept.

CNN has reported that Russian hackers used their intrusion into the State Department's systems as a way to get into White House systems.

Breach readiness survey shows most stray from IRP best practices

Breach readiness survey shows most stray from IRP best practices

The responses of global practitioners were compared with Global 1000 security execs, which provided a best practices benchmark.

Drive-by-login attack identified and used in lieu of spear phishing campaigns

Drive-by-login attack identified and used in lieu of spear phishing campaigns

A new attack, drive-by-logins, allows attackers to target specific victims on sites they trust.

Nearly 75 percent of Global 2000 orgs still vulnerable to Heartbleed

Nearly 75 percent of Global 2000 orgs still vulnerable to Heartbleed

Venafi Labs researchers found that 74 percent of 1,642 Global 2000 organizations had not completed Heartbleed remediation across all public-facing servers.

New ransomware makes encrypted files appear quarantined

New ransomware makes encrypted files appear quarantined

The ransomware, detected by Trend Micro as CRYPVAULT, is being distributed as an attachment in spam emails and is targeting Russian speakers.

DHS LPR program draws sharp criticism from ACLU

DHS LPR program draws sharp criticism from ACLU

To the chagrin of the ACLU, the Department of Homeland Security (DHS) has renewed its efforts to procure license plate reader (LPR) data through a third party.

NIST calls for final comments on draft covering sensitive information protection

NIST calls for final comments on draft covering sensitive information protection

NIST and NARA collaborated to produce the final draft of "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations."

Revenge porn site operator Bollaert sentenced to 18 years

Revenge porn site operator Bollaert sentenced to 18 years

Kevin Bollaert, 28, operated the now-infamous revenge porn sites U Got Posted and Change My Reputation.

Snapchat issues first transparency report, detailing more than 300 requests

Snapchat issues first transparency report, detailing more than 300 requests

Snapchat issued its first transparency report on Thursday, which disclosed the more than 300 government requests the company received for user data over the past four months.

'NewPosThings' malware evolves, malicious traffic traced to airports

'NewPosThings' malware evolves, malicious traffic traced to airports

Trend Micro believes that point-of-sale malware attackers will increasingly target travelers.

'Do Not Track' no longer default setting for Microsoft browsers

'Do Not Track' no longer default setting for Microsoft browsers

With standards language clarified by the W3C, Microsoft says removing DNT from default settings lets users, not vendors, express tracking preference.

Google: Android PHA installs decreased by nearly 50 percent throughout 2014

Google: Android PHA installs decreased by nearly 50 percent throughout 2014

The rate of Potentially Harmful Application installs on Android devices decreased nearly 50 percent from early 2014 to later that year, according to a Google report.

Man pleads guilty to intellectual property theft conspiracy impacting Microsoft, other firms

Man pleads guilty to intellectual property theft conspiracy impacting Microsoft, other firms

Austin Alcala, 19, is the fourth member of an international hacking ring to plead guilty in the case.

Four indicted in Federal Reserve Notes counterfeiting operation

Four indicted in Federal Reserve Notes counterfeiting operation

One individual being charged allegedly set up a website on the dark web that was dedicated to manufacturing and selling the counterfeit Federal Reserve Notes.

Google says it will no longer trust digital certs issued by CNNIC

Google says it will no longer trust digital certs issued by CNNIC

Google made the decision after investigating a security incident in which digital certs were "misissued."

Obama orders new sanctions program to deter foreign cyber attackers

Obama orders new sanctions program to deter foreign cyber attackers

On Wednesday, the President declared the need to address "malicious cyber-enabled activities" orchestrated by foreign attackers a national emergency.

'Volatile Cedar' APT group spies on enterprises, focusing on Lebanese companies

'Volatile Cedar' APT group spies on enterprises, focusing on Lebanese companies

Check Point Software Technologies issued a report on the group, which has been targeting enterprises since 2012, with its customized "Explosive" malware.

Orgs need to share info, crave more board oversight, study says

Orgs need to share info, crave more board oversight, study says

A Blue Lava Consulting survey of more than 300 information security professionals shows that progress in reshaping security model, but highlights challenges ahead.

Human error cited as leading contributor to breaches, study shows

Human error cited as leading contributor to breaches, study shows

According to a new CompTIA study, human error accounts for 52 percent of the root cause of security breaches.

IBM will invest $3 billion in new IoT unit

IBM will invest $3 billion in new IoT unit

IBM will investing $3 billion over the next four years to establish a new Internet of Things (IoT) business unit along with a cloud-based platform to help build IoT solutions.

Infostealer Laziok targets energy companies

Infostealer Laziok targets energy companies

Symantec researchers wrote in a Monday blog post that the malware is being used to target energy sector companies, primarily in the Middle East.

30 percent of practitioners say they would pay cyber extortionists to retrieve their data

30 percent of practitioners say they would pay cyber extortionists to retrieve their data

In a recent survey, most, but not all, security professionals said they'd refuse to negotiate with cybercriminals.

British Airways says rewards accounts hacked, locked down

British Airways says rewards accounts hacked, locked down

An unauthorized third party generated suspicious activity on some Executive Club and Registered Customer accounts.

Documents on NSA's zero-day policy provide little insight, EFF says

Documents on NSA's zero-day policy provide little insight, EFF says

The Electronic Frontier Foundation obtained government documents about its use of zero-days and its policy for when to disclose them.

GitHub on DDoS alert, efforts to curb its largest attack continue

GitHub on DDoS alert, efforts to curb its largest attack continue

GitHub.com was reportedly overwhelmed by traffic that was hijacked from Chinese search engine Baidu.

Puush urges users to change passwords after cyber attack

Puush urges users to change passwords after cyber attack

The screen sharing platform Puush was hit by a cyber attack this weekend that injected malware into the server.

Yahoo releases transparency report for last half of 2014

Yahoo releases transparency report for last half of 2014

The company released its newest transparency report iteration on Thursday, which demonstrated a drop in requests from the prior six months.

Botnet services attract scammers on Twitch seeking quick viewer boost

Botnet services attract scammers on Twitch seeking quick viewer boost

Symantec observed that the botnet services were being advertised on the underground, but also through public postings.

Report: More than 15,000 vulnerabilities in nearly 4,000 applications reported in 2014

Report: More than 15,000 vulnerabilities in nearly 4,000 applications reported in 2014

The number of product vulnerabilities reported in 2014 jumped up 18 percent, according to research from Secunia.

Orgs predict $53M risk, on average, from crypto key, digital cert attacks

Orgs predict $53M risk, on average, from crypto key, digital cert attacks

In a Ponemon report, 2,300 security pros provided their two-year outlook on cryptographic key and digital certificate attacks.

Popular adult website XTube compromised, delivers malware

Popular adult website XTube compromised, delivers malware

Visitors to XTube could be redirected to the Neutrino Exploit Kit, which Malwarebytes Labs researchers observed exploiting a Flash vulnerability.

Protecting work info ranks low in mobile privacy survey

Protecting work info ranks low in mobile privacy survey

In the Lookout survey, only five percent of smartphone users said they would take the most steps to protect work-related data.

Hanjuan Exploit Kit leveraged in malvertising campaign

Hanjuan Exploit Kit leveraged in malvertising campaign

The New York Daily News website and Metacafe website were among the sites serving malvertisements, according to Malwarebytes researchers.

Yahoo Trust 'UnConference' to convene after RSA Conference

Yahoo Trust 'UnConference' to convene after RSA Conference

The event is said to be TrustyCon's successor.

One in three of the top million websites are 'risky,' researchers find

One in three of the top million websites are 'risky,' researchers find

Menlo Security defines "risky" as meaning the website is compromised, or is running vulnerable software that puts it at risk of being compromised.

Android vulnerability leaves apps open to malicious overwriting

Android vulnerability leaves apps open to malicious overwriting

Palo Alto Networks detailed a vulnerability in the way apps are saved on Android in a Tuesday blog post.

'Privilege Gone Wild' report examines account management habits vs. concerns

'Privilege Gone Wild' report examines account management habits vs. concerns

BeyondTrust released its 2015 survey on the state of privileged account management.

Legislators set to introduce student privacy bill

Legislators set to introduce student privacy bill

On Monday, Reps. Luke Messer and Jared Polis will reportedly introduce the legislation in the House.

'PoSeidon' point-of-sale malware targets payment card information

'PoSeidon' point-of-sale malware targets payment card information

Cisco identified a new point-of-sale malware family that researchers are referring to as 'PoSeidon.'

Drupal SQL injection vulnerability attacks persist, despite patch release

Drupal SQL injection vulnerability attacks persist, despite patch release

Although a highly critical Drupal SQL injection vulnerability was patched nearly six months ago, attackers continue to successfully exploit websites that have failed to update their systems.

New Dridex variant spotted in tax rebate phish

New Dridex variant spotted in tax rebate phish

The variant takes new measures to avoid VM detection, PhishMe researchers found

Threat group targeting Israel and Europe believed to be state-sponsored

Threat group targeting Israel and Europe believed to be state-sponsored

The group, known as Rocket Kitten, has shifted tactics in its latest campaign, referred to by Trend Micro as Operation Woolen-GoldFish.

Privacy buffs say amended CISA bill can still further gov't surveillance

Privacy buffs say amended CISA bill can still further gov't surveillance

The threat information-sharing bill was approved by the Senate Intelligence Committee last week.

Study: Mobile app security risk well-known, but enterprises lack proper usage policy

Study: Mobile app security risk well-known, but enterprises lack proper usage policy

Although most IT professionals believe mobile apps in the workplace have increased security risks, less than half of organizations have a policy in place to define acceptable mobile app use.

Premera warned to fix security holes shortly before being breached

Premera warned to fix security holes shortly before being breached

In mid-April 2014, Premera received an audit report and was advised, in 10 recommendations, to address vulnerabilities.

Cloud trends survey: 9 out of 10 orgs concerned about public cloud security

Cloud trends survey: 9 out of 10 orgs concerned about public cloud security

Crowd Research Partners conducted a study with cooperation from AlertLogic, AlienVault, Bitglass and other cloud security providers.

Apps submitted to Google Play are now reviewed by 'experts'

Apps submitted to Google Play are now reviewed by 'experts'

Despite Google's new review process, mobile security company Lookout recently identified 13 apps with adware that made it into Google Play.

Court rules New York sheriff's office must turn over 'stingray' docs to NYCLU

Court rules New York sheriff's office must turn over 'stingray' docs to NYCLU

A New York court ordered the Erie County Sheriff's Office to turn over documents about its purchase and use of stingray devices to the New York Civil Liberties Union (NYCLU) earlier this week.

Google Project Zero exploit 'rowhammer' hardware bug

Google Project Zero exploit 'rowhammer' hardware bug

Researchers were able to exploit a hardware bug, called "rowhammer," to obtain kernel privileges.

Report: committee approves rule change that expands FBI's hacking authority

Report: committee approves rule change that expands FBI's hacking authority

If modified, Rule 41 would give judges the ability to grant search warrants for electronic information located outside their judicial district.

Premera Blue Cross breached, info on 11 million customers at risk

Premera Blue Cross breached, info on 11 million customers at risk

Premera Blue Cross announced on Tuesday that attackers had gained unauthorized access to its IT systems.

Study: Americans taking steps to hide online activities from U.S. government

Study: Americans taking steps to hide online activities from U.S. government

The Pew Research Center surveyed hundreds of American adults about their behaviors online and the steps they've taken to keep their identity and actions hidden.

Facebook received 14,274 U.S. gov't requests in 2014 H2

Facebook received 14,274 U.S. gov't requests in 2014 H2

Facebook said that at least some data was produced for nearly 80 percent of the requests.

Yahoo CISO Alex Stamos tweets 'on-demand' password defense

Yahoo CISO Alex Stamos tweets 'on-demand' password defense

Three days after Yahoo announced its new "on-demand" passwords (ODP), the company's CISO Alex Stamos took to Twitter to defend the company's decision and address criticism from the security community.

Facebook, Twitter update policies, take stronger stance on revenge porn

Facebook, Twitter update policies, take stronger stance on revenge porn

Facebook and Twitter joined Google and Reddit in updating their community standards to ban certain images and clarify what is acceptable and what's not.

Obama administration seeks additional authority to combat botnets

Obama administration seeks additional authority to combat botnets

The Obama administration announced a proposed amendment to existing law that would give federal courts more authority in the ongoing was against botnets.

Yahoo releases e2e encryption source code and launches 'on-demand' passwords

Yahoo releases e2e encryption source code and launches 'on-demand' passwords

Yahoo took advantage of South by Southwest's (SXSW) opening weekend this week to make major announcements surrounding its services' security, including the launch of its "on-demand" password service.

Short, planned outage helps State Dept. banish hackers

Short, planned outage helps State Dept. banish hackers

Four months after it revealed that hackers had breached its non-classified email system, the State Dept. said it would take some systems offline temporarily to bolster security.

Private WHOIS data disclosed for hundreds of thousands of Google Apps domains

Private WHOIS data disclosed for hundreds of thousands of Google Apps domains

A software glitch exposed the private WHOIS information of 94 percent of the nearly 306,000 domains registered via Google App using eNom, Cisco Talos found.

'TeslaCrypt' holds video game files hostage in ransomware first

'TeslaCrypt' holds video game files hostage in ransomware first

Bromium Labs detailed a new ransomware campaign that holds video game and iTunes files hostage.

Attackers spread worm via Facebook, leverage cloud services

Attackers spread worm via Facebook, leverage cloud services

Malwarebytes researchers observed Facebook users being infected with a worm when clicking on a link in a post promising pornographic content.

Experts debate whether 'right to be forgotten' should be adopted in the U.S.

Experts debate whether 'right to be forgotten' should be adopted in the U.S.

Four privacy and technology experts met on Wednesday night to debate the ruling and whether it should be implemented in the U.S.

Report: 71 percent of orgs were successfully attacked in 2014

Report: 71 percent of orgs were successfully attacked in 2014

In the CyberEdge Group report, 22 percent of respondents said that their organization was successfully attacked more than six times in 2014.

Verizon: PCI requirement to test security systems a compliance weak point for orgs

Verizon: PCI requirement to test security systems a compliance weak point for orgs

The percentage of companies compliant with PCI DSS Requirement 11 dropped to 33 percent last year, a Verizon report found.

Bain Capital acquires Blue Coat Systems for $2.4 billion

Bain Capital acquires Blue Coat Systems for $2.4 billion

Blue Coat Systems, Inc., a Sunnyvale, Calif.-based enterprise security solutions provider, has announced that it will be acquired by Bain Capital for $2.4 billion.

Self-deleting malware targets home routers to gather information

Self-deleting malware targets home routers to gather information

The malware purports to be an Adobe Flash update, and was detected by Trend Micro as TROJ_VICEPASS.A, or VICEPASS.

Serious bug in Dropbox SDK for Android disclosed by IBM

Serious bug in Dropbox SDK for Android disclosed by IBM

The flaw could ultimately expose user data, saved to Dropbox through vulnerable third-party apps, to attackers.

2,400 unsafe mobile apps on employee devices in average large enterprise

2,400 unsafe mobile apps on employee devices in average large enterprise

Veracode researchers analyzed a pool of about 400,000 applications installed in multiple global enterprises in various industries.

Study: Security pros felt more pressure to secure their organization in 2014 than year prior

Study: Security pros felt more pressure to secure their organization in 2014 than year prior

Trustwave polled security professionals on the pressures they felt this past year to keep their enterprise secure.

Hillary Clinton says private email system was not breached

Hillary Clinton says private email system was not breached

Clinton said that the private email system she used during her tenure as Secretary of State was "effective and secure."

Microsoft issues 14 bulletins on Patch Tuesday, mitigates FREAK attacks

Microsoft issues 14 bulletins on Patch Tuesday, mitigates FREAK attacks

The tech giant released five critical patches and nine important updates.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US