The Ponemon Institute and IBM released their annual cost of data breach study on Wednesday and found that data breaches continue to cost enterprises more than in previous years.
The IRS announced on Wednesday that attackers used taxpayer-specific data acquired from non-IRS sources to gain access to information on more than 100,000 tax accounts.
KnowBe4 is alerting IT managers to be vigilant of a new ransomware threat that leverages a sleeper function.
While the U.S. House of Representatives overwhelmingly supported the USA Freedom Act, the Senate failed to garner enough votes to pass the new legislation.
The ransomware locks up the screen with an FBI warning and initially requires a payment of $500 in order to unlock the device.
The case has resulted in the first federal conviction of a website operator for such crimes.
The Internet Security Alliance called for data driven analysis to determine incentives, prioritization and cost-effectiveness to encourage voluntary use of NIST Framework.
WhiteHat Security's "2015 Website Security Statistics Report" looks at vulnerabilities in websites and the amount of time it took to patch them.
Adult FriendFinder website owner FriendFinder Networks Inc. announced that it was aware of and investigating a potential data security issue.
A federal judge recently denied banks' motion to block the settlement, but now the deal has been nixed for different reasons.
In a Wednesday blog post the FTC explained the process it follows to investigate security breaches and said it looks favorably on companies that cooperate in law enforcement investigations.
The guidance is organized into 10 categories, and serves as "starting point for a more complete code," report authors said.
The USA Freedom Act's fate will soon be decided with Senate Majority Leader Mitch McConnell (R-Ky.) announcing on Thursday that the Senate will convene for a rare Saturday vote on the bill.
When downloaded and executed, the SVG files cause websites to open up that download what appears to be CryptoWall ransomware.
The Justice Department claims that two of the six defendants are former employees of U.S. tech firms.
Chrome 43 was promoted to the stable channel for Windows, Mac and Linux on Tuesday.
Information could have been accessed by attackers who gained limited, unauthorized access to a single CareFirst database in June 2014.
Akamai's Q1 State of the Internet Report shows an increase in frequent, longer lasting low bandwidth attacks.
Computer scientists have identified weaknesses in the way popular cryptographic algorithm Diffie-Hellman key exchange is deployed.
While most people acknowledge the security risks of opening an email from an unknown sender or downloading an app from an unauthorized app store, many continue to engage in this risky behavior.
Potentially millions of devices around the globe are vulnerable due to a remotely exploitable kernel stack buffer overflow in NetUSB.
Individuals with active user accounts for tools used by the Federal Reserve Bank of St. Louis are being asked to change their credentials.
Claims that researcher Chris Roberts actually, briefly, commandeered a plane in flight after hacking its entertainment systems may be up for debate; contentions that the aircraft may be vulnerable are not.
The attack involves stealing credentials from oil companies, accessing the networks of the companies, and attaining proof of product documentation.
The FTC has recommended a list of conditions that a bankruptcy court should impose on the sale of RadioShack's information assets.
A panel of financial industry experts at a conference sponsored by Columbia University's School of International and Public Affairs (SIPA) discussed security challenges facing the sector.
Of the 83 files, 79 were unique, and more than 50 percent were confirmed to be malware, adware, or potentially unwanted programs.
Between February and April, cybercriminals used the ransomware to extort $76,522 from 163 victims, FireEye found.
The vulnerabilities are in a variety of Cisco TelePresence products and users are being advised to update.
The USA Freedom Act was passed by the House Wednesday but critics call for strengthening of bill in the Senate.
ICS-CERT is now aware of more vulnerabilities impacting Hospira infusion pumps.
Four men were arrested for allegedly participating in a nationwide identity theft scheme that allowed them to obtain millions of dollars in fraudulent tax refunds.
FireEye Threat Intelligence and the Microsoft Threat Intelligence Center observed a command-and-control obfuscation tactic leveraging the TechNet website.
A year after Europe's "right to be forgotten" ruling, academics and a U.K. regulatory office are asking Google for further information on how it adheres to it.
Security firm Root9B believes that the hacking group started preparing for the campaign nearly a year ahead of time.
Starbucks customers say auto-reload feature is being used to steal from their linked credit cards and bank accounts.
While Congress ramps up for its discussions and vote on the USA Freedom Act, Washington state has taken privacy into its own hands through legislation requiring a warrant to use the devices.
A vulnerability in virtual floppy drive code used by numerous computer virtualization platforms has been identified by a researcher with CrowdStrike.
Microsoft issued 13 bulletins today in possibly one of its last official Patch Tuesday releases.
The celebrity chef's website was again redirecting visitors to the Fiesta Exploit Kit and infecting their systems with malware.
Nexgate, a division of Proofpoint, analyzed compliance related to more than 32,000 social media accounts belonging to Fortune 100 companies.
Charles Harvey Eccleston allegedly targeted U.S Department of Energy and U.S. Nuclear Regulatory Commission employees with spear phishing emails designed to drop malware on their systems.
In the ruling, the judge shared his concerns about the fairness of the settlement terms, however.
Attackers targeted a server operated by New Jersey-based advertising network, Mad Ads Media, in order to redirect users to an exploit kit.
Half of respondents in a survey indicated they are at least somewhat confident in the security of emerging payment systems.
Malwarebytes wrote on its blog that this new campaign requires no user interaction to drop the malicious payload on unsuspecting adult website visitors.
A New York federal appeals court found the National Security Agency's bulk collection of phone records illegal, but a separate ruling this week set privacy rules back with the approval of law enforcement's collection of warrantless phone location data.
Testimony by a former Tiversa investigator calls into question the truthfulness of information sent to the FTC about a LabMD breach.
Sucuri disclosed an XSS vulnerability impacting millions of WordPress websites on the same day Fortinet disclosed a bug affecting a Joomla extension.
An annual health care study found that criminal attacks replaced device theft and loss as the leading cause of breaches.
After allegedly notifying CyberLock of security flaws in some of its products, IOActive issued an advisory warning of the issues.
Onapsis found that most SAP systems remain vulnerable to attacks that could compromise a company's business data and processes.
Kaspersky Lab saw 3.3 times as many new malicious mobile programs in Q1 2015 than it did in the final quarter of last year.
An independent researcher identified the improper authorization vulnerability and insufficient verification of data authenticity flaw.
The Rombertik malware goes to extreme measures to avoid detection and cause damage to victims' computers.
Visitors to torrent website SubTorrents[dot]com are being redirected to the Fiesta Exploit Kit and served malware, according to Malwarebytes.
The brothers allegedly hacked into the website of a cosmetics company and stole customer credit card data and personal information.
The Department of Justice confirmed that it is looking into its policies surrounding cell-site simulators and surveillance technology.
The threat actors set up malicious adult websites to distribute the malware, and so far infection rates are estimated to be in the thousands.
EllisLab doesn't yet know who's responsible for hacking into its servers March 24 and potentially compromising customer information.
U.S. Senate Commerce, Science and Transportation Committee chairman requests info on White House breach
Chairman John Thune penned a letter to President Obama this past Thursday to ask him to clarify whether any personal information was compromised in October's cyber attack on the White House.
The Department of Homeland Security (DHS) certified FireEye technology under the SAFETY Act, effectively shielding the company's customers from any liability in the event of a cyber terrorism attack.
Mumblehard remained undetected for more than five years, according to a researcher at ESET.
A researcher with Duo Security identified the vulnerability, which exists in MySQL client libraries, as well as forks such as MariaDB and Percona.
A security alert issued Friday warns of an unfixed bug in D-Link and Trendnet routers.
Secunia issued its quarterly country report earlier this week, which looked at what programs the average PC user had installed and what percentage was patched.
Proofpoint researchers observed attackers submitting weaponized Microsoft Word documents to job postings listed on the CareerBuilder website.
The bill was introduced Wednesday with some revisions that would improve transparency regarding how student information is shared, used or sold.
The U.S. Committee on Oversight & Government Reform met on Wednesday to hear arguments on default encryption and didn't let law enforcement off easy.
High-Tech Bridge identified multiple vulnerabilities in TheCartPress eCommerce shopping cart plugin for WordPress websites.
EMV, despite its security features over magnetic stripe cards, cannot prevent against "wholesale breaches of large numbers of credit card numbers," report authors said.
The Atlanta-based medical testing lab has, again, filed to have FTC's complaint dismissed.
Trend Micro described a new attack as an "outbreak" of spam that's impacting mainly U.S. companies.
The legislation aims to improve trust when law enforcement information is shared between the U.S. and EU.
The largest distributed denial-of-service attack ever detected by Arbor Networks systems was observed in the first quarter of this year.
During a speech at Stanford University this past week, U.S. Defense Secretary Ash Carter acknowledged the government's desire to hire young talent for cybersecurity work.
The malicious advertisement was spotted on Friday and taken down by the end of Saturday, according to Malwarebytes Labs.
Nearly 94 percent of respondents believed that NSA's surveillance had increased or remained the same since Snowden began leaking classified information in June 2013.
F-Secure Labs released a threat report for the last half of 2014 and found that North America wasn't receiving the brunt of Conficker attacks, as opposed to other parts of the world.
Legislation, mobility and personalization are forces driving healthcare in the U.S., Frank Kim said at RSA Conference 2015.
The counterterrorism, security and aviation communities must contemplate how unintended use of aircraft systems or networks could have a downstream impact.
Gib Sorebo used his session at RSA to discuss the Internet of Things (IoT) and its possible repercussions.
Technology can't replace the value of online safety education, the key to keeping kids out of predators' paths, panelists shared.
An SEC commissioner's chief of staff and shareholder advocacy expert discussed complex disclosure expectations among investors.
Although users often take much of the blame when a phishing attack is successful, technology must be compromised as well.
Senate Majority Leader Mitch McConnell introduced a bill that would grant intelligence agencies authority under the USA PATRIOT Act to continue mass surveillance until 2020
The death of email, widely anticipated 10 years ago, has not come to pass, thanks to email authentication schemes such as SPF, DKIM and most recently DMARC.
The majority of threat actors attacking organisations are cyber-criminals, according to a landmark survey for ISACA and RSA Conference.
As Robert Hinden, Check Point fellow, described in his Wednesday RSA session, "Protecting Critical Infrastructure," hacking physical infrastructure is something that can affect us all, and like IT systems, there are many vulnerabilities, but the consequences are much greater, and the attacks have begun.
Proposed legislation would rein in the CFAA to avoid overzealous prosecution.
Panelists discussed cyber espionage and intellectual property theft affecting U.S. companies and steps the private and public sector must take to curb the threat.
The vulnerabilities exploited in most point-of-sale breaches are relatively simple, security experts discussed at RSA Conference 2015.
Sharing of industry and government data, collated centrally to create a cyber-threat weather map is now underway in the U.S., with threat indicators being issued.
Nearly six months after the State Department announced an attack on its unclassified email system, the likely attackers have been identified and their tactics detailed.
Role playing during an RSA 2015 session highlighted security issues associated with the Internet of Things.
According to the co-founders of Skycure, which presented on the attack at RSA Conference, Apple has not completely resolved the security issue.
Contactless payment systems such as EMV cards and Apple Pay are convenient, but are not without weaknesses.
Following years of wrangling in Congress and a slew of headline-grabbing breaches, the House gave the go-ahead to a cybersecurity bill.
Despite the rush to the cloud, certificate authentication is still the Achilles' heel of the industry, according to Scott Charney, corporate vice president, Trustworthy Computing at Microsoft.
The FCC joins the FTC as a force to be reckoned with on cybersecurity and privacy issues, agency chief Wheeler indicated in an RSA Conference speech.
Sign up to our newsletters
SC Magazine Articles
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Report: $19M breach settlement between MasterCard, Target terminated
- Android ransomware distributed to English speakers in spam campaign
- Researchers observe SVG files being used to distribute ransomware
- Researchers publish developer guidance for medical device security
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Android ransomware distributed to English speakers in spam campaign
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- Study: Average cost of data breach is $6.5M
- Data acquired from non-IRS sources enabled access to 100K taxpayer accounts
- Ransomware threat 'Locker' has sleeper component
- Beacon Health System notifies patients of possible data compromise
- Data security in the 21st century: Essentials of solid protection