Report: News, entertainment websites serve majority of malvertisements

Report: News, entertainment websites serve majority of malvertisements

Bromium researchers observed that malicious advertisements impacted news and entertainment websites more than 50 percent of the time in the first half of 2015.

UConn School of Engineering cyberintrusion originated in China

UConn School of Engineering cyberintrusion originated in China

UConn has repaired a vulnerability exploited by hackers to gain access to servers in its School of Engineering and, while the university found no evidence of data theft, it has notified users whose information may have been compromised.

Report delves into RAT videos on YouTube

Report delves into RAT videos on YouTube

Remote Access Trojans (RATs) proliferate through YouTube tutorials and hacker forums, a new report from Digital Citizens Alliance suggested.

Tor Project, Library Freedom Project to establish Tor exit nodes in libraries

Tor Project, Library Freedom Project to establish Tor exit nodes in libraries

Tor Project and Library Freedom Project aim to help library patrons and staff protect their right to digital free expression by creating Tor exit nodes in libraries.

Cisco: Attackers innovating, evading defenses in first half of 2015

Cisco: Attackers innovating, evading defenses in first half of 2015

In the first half of 2015, Cisco found that increasingly innovative threat actors are becoming faster at attacking, quicker at adapting, and better at evading detection.

Does Windows 10 Wi-Fi Sense spell end of private wireless networks?

Does Windows 10 Wi-Fi Sense spell end of private wireless networks?

Between BYOD and Microsoft's Wi-Fi Sense, soon there won't be such a thing as a private Wi-Fi network anymore.

Critical Bind vulnerability could snuff out large parts of internet

Critical Bind vulnerability could snuff out large parts of internet

Hackers could take advantage of a newly discovered flaw in the Bind DNS server software to disrupt the internet; a single packet could leave the internet in a bind, warn experts.

Darknet site specialising in child sex abuse material taken down

Darknet site specialising in child sex abuse material taken down

Details are emerging of the takedown of a Darknet site specialising in the distribution of child sexual abuse materials.

NYU conference encourages women to pursue cybersecurity

NYU conference encourages women to pursue cybersecurity

The NYU Polytechnic School of Engineering hosted a cybersecurity conference to help foster interest in the field among young women and teens.

Modular Potao malware used to spy on targets in Ukraine, Russia

Modular Potao malware used to spy on targets in Ukraine, Russia

Potao was first being used against targets in Russia, but after a lull in activity, malware activity increased against targets in Ukraine.

GM says OnStar app flaw fixed, researcher says still exploitable

GM says OnStar app flaw fixed, researcher says still exploitable

GM's OnStar RemoteLink mobile application contains a vulnerability that can enable an attacker to identify, start a vehicle and more.

TV5Monde in chaos as data breach costs roll into the millions

TV5Monde in chaos as data breach costs roll into the millions

French broadcaster TV5Monde is still without Internet and other key IT functions three months after a nation-state hacker took control of its TV channels and hijacked social media accounts. Meanwhile, the data breach costs are mounting up.

Google Cloud features BYO encryption keys

Google Cloud features BYO encryption keys

Google Cloud allows users to bring-their-own-keys to lock their data.

United reportedly hacked by same group that breached Anthem, OPM

United reportedly hacked by same group that breached Anthem, OPM

United Airlines reportedly experienced a breach by a Chinese hacker group believed to be behind breaches at OPM and Anthem.

HAMMERTOSS malware represents culmination of 'best practices' for cyber attackers

HAMMERTOSS malware represents culmination of 'best practices' for cyber attackers

Cybersecurity firm FireEye released a new report on APT29's complex malware HAMMERTOSS.

Majority of Android devices vulnerable to denial-of-service bug

Majority of Android devices vulnerable to denial-of-service bug

Trend Micro has identified a new Android denial-of-service bug that can be exploited to make devices unresponsive and practically unusable.

Security concerns raised at Windows 10 roll-out

Windows 10 launched today, but there were immediately security questions raised within the industry about some aspects and features on the new operating system.

Google Drive influences new phishing campaign

Google Drive-inspired new phishing campaign discovered by Elastica Cloud Threat Labs.

Researcher finds several vulnerabilities in PHP File Manager

Researcher finds several vulnerabilities in PHP File Manager

Researcher Sijmen Ruwhof uncovered several critical security vulnerabilities in PHP File Manager that leave user data unprotected.

Survey: Nearly all Americans support and want retaliation for cyberattacks

Survey: Nearly all Americans support and want retaliation for cyberattacks

A new poll indicates that Americans want the government to retaliate for cyberattacks that compromise sensitive data.

'Black Vine' group breached Anthem, leveraged zero-day bugs in various campaigns

'Black Vine' group breached Anthem, leveraged zero-day bugs in various campaigns

Symantec said it believes a threat group known as Black Vine is responsible for the Anthem breach, as well as a number of other attacks.

Apple App Store and iTunes buyers hit by zero-day

Apple App Store and iTunes buyers hit by zero-day

A zero-day flaw in Apple's online AppStore and iTunes store reportedly allows attackers to hijack users' purchasing sessions, buy and download any app or movie they want, then charge it to the original user.

'GSMem' malware designed to infiltrate air-gapped computers, steal data

'GSMem' malware designed to infiltrate air-gapped computers, steal data

Israeli researchers detailed a new attack that can steal data from air-gapped computers, which are often seen as relatively safe.

Critical Android bugs can be exploited via MMS, 950M users affected

Critical Android bugs can be exploited via MMS, 950M users affected

Successfully exploiting the vulnerabilities could allow an attacker to spy on users, or even completely take over the device.

Federal appeals court rules no expectation of privacy for preventable 'butt dials'

Federal appeals court rules no expectation of privacy for preventable 'butt dials'

A federal appeals court ruled there is no expectation of privacy for "butt dials" that a caller doesn't' take reasonable steps to prevent.

Internet Explorer Mobile contains four unpatched vulnerabilities

Internet Explorer Mobile contains four unpatched vulnerabilities

HP's Zero Day Initiative (ZDI) disclosed four unpatched zero-day vulnerabilities in Internet Explorer Mobile that enable web-based attacks.

DDoS attacks grow stronger in Q2 2015, report shows

DDoS attacks grow stronger in Q2 2015, report shows

According to the latest findings by Arbor Networks, 20.8 percent of DDoS attacks were greater than 1 Gbps in Q2 of this year.

Survey: Security experts and regular users vastly different in preferred safety practices

Survey: Security experts and regular users vastly different in preferred safety practices

A Google survey among security experts and "non-experts" found that both groups operate very differently when trying to keep themselves and their devices safe online.

Zero-day in Fiat Chrysler feature allows remote control of vehicles

Zero-day in Fiat Chrysler feature allows remote control of vehicles

A pair of researchers discovered an exploit in Uconnect-enabled Fiat Chrysler vehicles that allows an attacker to take control of the vehicle.

Bartalex variants drop Pony and Dyre

Bartalex variants drop Pony and Dyre

Some strains of Bartalex malware have recently been seen dropping Pony loader malware and the Dyre banking Trojan.

All smartwatches are vulnerable to attack, finds study

All smartwatches are vulnerable to attack, finds study

All ten smartwatches tested by HP Fortify reported significant security vulnerabilities, along with their Android and iOS cloud and mobile application components, according to a new report.

Hacking Team issues new statement while researcher clears up Android tool confusion

Hacking Team issues new statement while researcher clears up Android tool confusion

Hacking Team's spokesman said the company broke no laws when selling its technology, and a researcher points out that the company used his open source tool to create part of its surveillance software.

OPM bringing users back on to e-QIP in increments

OPM bringing users back on to e-QIP in increments

After a pair of breaches rocked OPM and a vulnerability was discovered in the agency's e-QIP system; now user access is slowly being re-enabled.

Microsoft to remove revenge porn images per victim requests

Microsoft to remove revenge porn images per victim requests

Like Google before it, Microsoft will make it easier for victims to report images posted without their permission and will take steps to remove them globally.

WordPress 4.2.3 released, addresses critical XSS vulnerability

WordPress 4.2.3 released, addresses critical XSS vulnerability

The XSS vulnerability can be exploited to compromise an affected website, but certain conditions must first be met.

Japan to train thousands on cyber-security ahead of 2020 Olympics

Japan to train thousands on cyber-security ahead of 2020 Olympics

Japan will train approximately 50,000 people in the public and private sectors on cyber-security ahead of the 2020 Summer Olympics in Tokyo, according to local reports.

Alleged JPMorgan hack leaders arrested

Alleged JPMorgan hack leaders arrested

Israeli and American federal authorities coordinated to arrest four men who allegedly had an integral part in the cyber attacks on JPMorgan Chase and other financial institutions.

Fake games in Google Play redirect Android users to porn sites

Fake games in Google Play redirect Android users to porn sites

The threat is detected by Avast as Clicker-AR, and by requesting a certain permission it can redirect Android users to porn sites via their browser or other apps.

Survey: Black Hat 2015 attendees most concerned about targeted attacks

Survey: Black Hat 2015 attendees most concerned about targeted attacks

More than 50 percent of respondents indicated that sophisticated attacks targeted directly at the organization is their greatest concern.

Security pros issue comments before Wassenaar Arrangement deadline

Security pros issue comments before Wassenaar Arrangement deadline

The call for comments on the Wassenaar Arrangement closed on Monday after multiple heavy hitting tech experts and companies filed their thoughts.

Free security tools help detect Hacking Team malware

Free security tools help detect Hacking Team malware

Vulnerabilities and other threats exposed in the Hacking Team leaks has spurred Rook Security and Facebook to each release free security tools.

Exclusive: Visa application portal closed following SC Magazine investigation

Exclusive: Visa application portal closed following SC Magazine investigation

VFS Global closes visa application portal following SC Magazine investigation. Editable Schengen visa application forms accessed FOUR DAYS after operating company VFS Global said a vulnerability had been fixed.

Study: Half of critical infrastructure IT professionals believe major attack looming

Study: Half of critical infrastructure IT professionals believe major attack looming

A survey from Intel Security found that many information security professionals are overconfident in their systems' ability to thwart an attack.

PNI Digital Media investigates potential credit card 'issue' as more photo center websites go down

PNI Digital Media investigates potential credit card 'issue' as more photo center websites go down

As of Monday, photo center websites were down for CVS, Walmart Canada, Rite Aid, Costco, Sam's Club and Tesco.

Extramarital website Ashley Madison hacked

Extramarital website Ashley Madison hacked

Online cheating site Ashley Madison has been hacked by a group calling itself 'The Impact Team', with 37 million customers' details potentially exposed.

Abandon XP! Malware is coming to get you

Abandon XP! Malware is coming to get you

Windows XP infections are set to skyrocket as Microsoft finally ends support for its anti-malware and malicious software removal tool.

Avoid hiring a cybercriminal: understand motivations and thoroughly vet employees

Avoid hiring a cybercriminal: understand motivations and thoroughly vet employees

After a FireEye intern was found selling his own custom RAT on a dark web forum, industry experts reemphasize the importance of understanding cybercrime and how to hire the right people.

Andromeda botnet used to distribute new point-of-sale malware

Andromeda botnet used to distribute new point-of-sale malware

Researchers with Trend Micro observed the malware threat being distributed predominately in the U.S. and Canada.

Researchers develop quicker RC4 encryption algorithm attack

Researchers develop quicker RC4 encryption algorithm attack

Mathy Vanhoef and Frank Piessens indicated that their technique is so effective that users may want to consider not using the RC4 encryption algorithm.

'Right to be forgotten' mostly not for hiding crimes and misdemeanors

'Right to be forgotten' mostly not for hiding crimes and misdemeanors

The majority of "Right to be forgotten" requests in Europe come from ordinary citizens, as opposed to criminals, celebrities and politicians, new data demonstrates.

ACLU asks appeals court to bar NSA bulk collection of data

ACLU asks appeals court to bar NSA bulk collection of data

The government has argued that it can continue to collect data during the 180-day transition period to the USA Freedom Act.

TeslaCrypt 2.0 comes with stronger encryption and a CryptoWall disguise

TeslaCrypt 2.0 comes with stronger encryption and a CryptoWall disguise

Mainly known for its targeting of gaming files, TeslaCrypt continues to re-up its techniques to make it a debilitating threat.

Black market 'Darkode' bust leads to arrests in 20 countries

Black market 'Darkode' bust leads to arrests in 20 countries

According to the FBI, the crackdown led to U.S. indictments against 12 individuals, including Darkode's alleged administrator.

Oracle's patch update contains 193 security fixes

Oracle's patch update contains 193 security fixes

The update includes 25 security fixes for Oracle Java SE, and seven of the bugs received a CVSS Base Score score of 10.0.

Russian hackers exploit unusual Java zero-day to hit unnamed NATO country

Russian hackers exploit unusual Java zero-day to hit unnamed NATO country

Cyber-espionage group 'Pawn Storm' has been exploiting an unusual Java zero-day vulnerability to carry out drive-by-download attacks on a NATO country and US defence company, according to Trend Micro.

Microsoft releases 14 bulletins on Patch Tuesday, ends Windows Server 2003 support

Microsoft releases 14 bulletins on Patch Tuesday, ends Windows Server 2003 support

This month, Microsoft released four critical patches and 10 bulletins ranked "important."

CloudFlare details more than 50 requests for user data

CloudFlare details more than 50 requests for user data

Cloudflare issued its newest transparency report on Tuesday, which covers the first half of 2015.

Adobe fixes Flash Player zero-day vulnerabilities, bugs in other products

Adobe fixes Flash Player zero-day vulnerabilities, bugs in other products

The Flash Player updates are for Windows, Macintosh and Linux and address two critical bugs that were identified in the Hacking Team leaks.

OPM repercussions might never be fully understood, says former White House cybersecurity advisor

OPM repercussions might never be fully understood, says former White House cybersecurity advisor

Although the number of data breach victims is now qualified, the true effects of the breaches might continue for years to come.

iPhones, jailbroken and not, vulnerable to Hacking Team spyware, firm finds

iPhones, jailbroken and not, vulnerable to Hacking Team spyware, firm finds

Despite reports that iOS devices must be jailbroken before compromise, researchers found other ways to install the spyware.

Mandarin Oriental says 10 properties impacted in credit card breach

Mandarin Oriental says 10 properties impacted in credit card breach

Mandarin Oriental properties in New York, San Francisco, Hong Kong and more were all affected beginning on June 18, 2014.

Adobe working to patch two critical zero-day vulnerabilities in Flash Player

Adobe working to patch two critical zero-day vulnerabilities in Flash Player

Both Adobe Flash Player vulnerabilities are being reported by security researchers as zero-day bugs that came out of the recent Hacking Team leaks.

Arizona reaches agreement with ACLU, won't enforce revenge porn law

Arizona reaches agreement with ACLU, won't enforce revenge porn law

Arizona's broad revenge porn law would have put artistic and news photographers, booksellers, publishers, librarians and others at risk.

Dyre infections surge, variants spread through Windows exploit

Dyre infections surge, variants spread through Windows exploit

A pair of security firms observed an uptick in Dyre infections with new variants exploiting a vulnerability already patched by Microsoft.

Popular Android games on Google Play observed stealing Facebook credentials

Popular Android games on Google Play observed stealing Facebook credentials

Cowboy Adventure is a working game with between 500,000 and 1,000,000 downloads, but it is also malware that has been observed stealing Facebook credentials.

Government agency initiates vulnerability disclosure discussions

Government agency initiates vulnerability disclosure discussions

The National Telecommunications and Information Administration (NTIA) announced on Thursday plans to launch its first cybersecurity "multistakeholder process" with a focus on vulnerability disclosure.

Operation Ghost Click leader pleads guilty

Operation Ghost Click leader pleads guilty

In a New York federal court, Vladimir Tsastsin admitted his role in the years-long click-fraud operation.

Threat intelligence survey: 43 percent only share info internally

Threat intelligence survey: 43 percent only share info internally

Many information security pros said threats discovered were shared strictly within the organization, but 81 percent wanted more public-to-private sector sharing.

Researchers observe PDF files poisoning Google search results

Researchers observe PDF files poisoning Google search results

The technique involves several PDF files being generated and filled with searchable keywords.

Hacking Team comments on breach while industry reels from data trove

Hacking Team comments on breach while industry reels from data trove

Hacking Team's internal communications and company secrets went on public display earlier this week after a hacker compromised its systems. The company and the InfoSec community are still grappling with the breach's full extent.

NYSE provides additional info on recent trade-halting 'configuration issue'

NYSE provides additional info on recent trade-halting 'configuration issue'

NYSE began rolling out a software release, causing communication issues between customer gateways and trading units.

Cyber attack on U.S. power grid could rack up $1 trillion in losses, study says

Cyber attack on U.S. power grid could rack up $1 trillion in losses, study says

A study by Lloyd's of London and the Centre for Risk Studies at Cambridge University predicted severe losses in a catastrophic attack on the power grid and a separate poll found that voters were worried as well about those attacks.

Ransomware mimicks APT campaigns for first time

Ransomware mimicks APT campaigns for first time

"Operation Kofer," as Cybereason refers to the group, targets European companies with a ransomware campaign that avoids detection through APT group techniques.

Spy gang that compromised U.S. tech giants still active years later

Spy gang that compromised U.S. tech giants still active years later

The group, Morpho, continues its corporate espionage activities, and has been linked to the 2013 attacks on Apple, Microsoft, Facebook and Twitter.

Exploit kits observed using Flash Player zero-day bug, Adobe issues fix

Exploit kits observed using Flash Player zero-day bug, Adobe issues fix

Adobe has patched a Flash Player zero-day vulnerability, CVE-2015-5119, identified in the recent Hacking Team leak.

NYSE says trading halted due to 'technical issue,' not breach

NYSE says trading halted due to 'technical issue,' not breach

Reports indicated that trading in New York came to a half a little after 11:30 a.m.

Google pulls phony BatteryBot Pro app from Play store

Google pulls phony BatteryBot Pro app from Play store

The malicious third-party Android app conducts click fraud, premium rate SMS fraud and downloads additional malicious APKs.

Mozilla releases Firefox 39, fixes several vulnerabilities

Mozilla releases Firefox 39, fixes several vulnerabilities

Mozilla released Firefox 39 on Thursday, and some of the vulnerabilities that were addressed are deemed critical.

Analysts find exploits in Hacking Team leaks, investigate zero-day attacks

Analysts find exploits in Hacking Team leaks, investigate zero-day attacks

Following the Hacking Team breach, Trend Micro discovered three exploits: two that target Flash Player and another that targets Windows kernel.

Study: Only 27 percent of flaws found in gov't applications fixed

Study: Only 27 percent of flaws found in gov't applications fixed

Security firm Veracode released its "State of Software Security" report, breaking down trends by industry verticals.

Hacking Team hacked; leaked documents confirm sale of software to Sudan and Ethiopia

Hacking Team hacked; leaked documents confirm sale of software to Sudan and Ethiopia

An unknown number of hackers accessed, downloaded and posted at least 400 GB-worth of documents from Hacking Team, a company often seen as aiding in human rights violations.

Oracle PeopleSoft attack could enable big data breaches

Oracle PeopleSoft attack could enable big data breaches

ERPScan has identified 549 Oracle PeopleSoft systems that are accessible via the internet, and observed that 231 of those systems are vulnerable to a critical attack.

FireKeepers confirms breach, says about 85,000 cards and other info are at risk

FireKeepers confirms breach, says about 85,000 cards and other info are at risk

FireKeepers Casino Hotel announced that tens of thousands of payment cards may have been compromised, as well as personal information such as Social Security numbers.

Plex video sharing customers left at risk after hack attack

Plex video sharing customers left at risk after hack attack

Users of the video-sharing site Plex have been left vulnerable to an attack after the company revealed that members' passwords had been compromised.

Former Georgia-Pacific sysadmin charged with damaging protected computers

Former Georgia-Pacific sysadmin charged with damaging protected computers

The Louisiana man, Brian Johnson, was arrested Wednesday following his federal grand jury indictment last week.

Harvard University announces network intrusion, possible data exposure

Harvard University announces network intrusion, possible data exposure

On June 19, an intrusion was discovered on the Faculty of Arts and Sciences and Central Administration information technology networks.

Saboteurs leverage RIPv1 for DDoS reflection attacks

Saboteurs leverage RIPv1 for DDoS reflection attacks

According to an Akamai threat advisory, attackers leveraged an outdated routing protocol RIPv1 for their malicious aims.

More than 440K new Android malware strains found in Q1, study finds

More than 440K new Android malware strains found in Q1, study finds

Mobile malware jumped 6.4 percent from Q4 2015 to Q1 2015 with half of the malware being financially motivated, a G DATA study showed.

Apple releases OS X 10.10.4 and iOS 8.4, numerous bugs addressed

Apple releases OS X 10.10.4 and iOS 8.4, numerous bugs addressed

In both the OS X and iOS updates, Apple addressed CVE-2015-4000 in coreTLS, also known as Logjam.

'Prized' app developers banned from distributing malware in FTC settlement

'Prized' app developers banned from distributing malware in FTC settlement

The Federal Trade Commission banned app developers Equiliv Investments and Ryan Ramminger from creating and distributing malware after their "Prized" app commandeered consumer devices to mine digital currency.

OPM shuts down background investigation system, faces lawsuit

OPM shuts down background investigation system, faces lawsuit

OPM shut down one of its background investigation systems after it discovered a vulnerability, on that same day, the country's largest federal employees union filed a lawsuit against the agency.

Survey: Security concerns holding back orgs from adopting cloud infrastructure

Survey: Security concerns holding back orgs from adopting cloud infrastructure

In the survey, 50 percent of respondents said they are very concerned about the security of customer data in the public cloud.

Federal Reserve's Powell concerned about security of chip and signature

Federal Reserve's Powell concerned about security of chip and signature

Speaking at a Federal Reserve Bank of Kansas City conference, Jerome Powell called EMV card deployment a step forward but questioned the security of cards that use signatures, not PINs, for authentication.

Researchers analyze backdoor 'Dino' linked to Animal Farm spy group

Researchers analyze backdoor 'Dino' linked to Animal Farm spy group

ESET analysts believe the sophisticated backdoor is the work of French speaking developers.

NEWS ALERT: OPM shuts down eQip system

A vulnerability found in OPM's e-QIP background check system has prompted the agency to shut it down until enhanced security measures are in place.

Indictment returned in UPMC identity theft, tax fraud operation

Indictment returned in UPMC identity theft, tax fraud operation

Yoandy Perez Llanes is charged with using information acquired in the 2014 UPMC breach to defraud the IRS and the U.S. Treasury.

Akhter twins plead guilty to State Dept. hack, other crimes

Akhter twins plead guilty to State Dept. hack, other crimes

The twins, Muneeb and Sohaib Akhter, face a maximum 50- and 30-year prison sentence, respectively.

Dridex banking malware spreading through new spam campaign

Dridex banking malware spreading through new spam campaign

Heimdal Security outlined a recent Dridex-spreading spam campaign that tries to trick users into opening a malicious macros-enabled document.

Study: Click-fraud malware often leads to more dire infections

Study: Click-fraud malware often leads to more dire infections

Although often considered relatively innocuous, click-fraud malware infections could be the start of serious enterprise security issues.

Facebook diversity report offers glimpse into tech workforce gaps

Facebook diversity report offers glimpse into tech workforce gaps

In the U.S., 51 percent of Facebook tech staff are white, while Black and Hispanic employees respectively account for 1 and 3 percent of tech staff.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US