Following its own investigation, the Department of Justice issued new policies surround cell-site simulators, and in particular, 'stingrays.'
Heimdal Security reported an increase in malicious scripts infecting legitimate websites that then redirect the victim to the Neurtino exploit kit server that could potentially impact more than 400 million web users.
Blackmailers are seeking money in exchange for not releasing data, and scammers are offering services that supposedly remove Ashley Madison data.
The ACLU told the Justice Department that the LAPD's body camera policy falls short and does not meet the criteria to receive grant money.
Most network security professionals agree that there's no such thing as a perfect system. But that's not what keeps them up at night.
Russian government moves to implement partial ban on foreign technology which is seen as a threat to national security.
PhantomAlert, a Waze competitor, claims the company stole its "Points of Interest" database for its own gain.
Security researchers have discovered malicious adverts on the UK version of dating site Match.com.
Anonymous has launched another online battle against members of the Islamic State group.
ReverbNation is notifying users of a breach that occurred in 2014, and is asking them to change their passwords.
Rather than wait for the user to do it himself, middle men in the Chinese mobile phone industry are pre-stalling malware according to G Data.
Indiana State Police cited a state law defining agricultural terrorism to deny a request for information about cellular surveillance equipment.
Employees love to gamble with their employer's internet security by installing potentially vulnerable gambling apps on their company issued mobile devices, according to a report by Veracode.
Youthful mischief online can wreak havoc for offenders. Can IT security community leaders provide alternatives?
Recent cyberattacks have left U.S. officials mulling economic sanctions as retaliation against Russia and China.
Research from Rapid7 uncovered vulnerabilities in video baby monitors that could provide a pathway to compromise other devices and networks that link to business resources.
The creator of PGP, Phil Zimmermann, said he doesn't use PGP because it isn't compatible with his MacBook, and the security community began talking about what this means for broader encryption efforts.
Fortinet has released a firmware update for its endpoint security solution FortiClient in order to address four vulnerabilities reported by Core Security.
Four new updates to Windows 7 and 8 allow Microsoft to collect a variety of usage information.
Flaws have not been patched and there are no workarounds for many of them, says US CERT.
WH Smith has had to apologise for leaking personal information about its customers to hundreds of other customers in a contact form malfunction.
In an apparent coordinated announcement, Google, Mozilla and Microsoft announced that they would stop using the RC4 stream cipher in their respective browsers.
IBM's X-Force research team has uncovered a new piece of data-swiping malware whose modular design allows it to be quickly altered and made even more dangerous.
When does cyberespionage cross the line into cyberwar? Adam Segal at the Council on Foreign Relations has answers.
The Electronic Frontier Foundation filed an amicus brief with the Supreme Court of the United States over the need for police to obtain a search warrant before receiving Americans' cell phone location data.
Six arrested teenagers from around the UK have been released on bail after suspicions of using Lizard Squad's cyber-attack tool to target websites and services.
After conducting London-based tests on bitcoin, Barclays will let people begin to make charitable contributions using the virtual currency.
IBM Security X-Force has identified a new advanced banking Trojan that is attacking 14 Japanese banks and other institutions, but possibly preparing to expand its reach.
The report provides a recollection of threats from the last five years, GPU malware assessment and techniques for withdrawing data from corporate networks.
The FBI reported that BEC scams have cost U.S. victims nearly $750 million and have impacted more than 7,000 people.
Personnel announcements, M&A activity and other happenings in the security marketplace.
Breaking security news including Hacking Team, Uconnect, malware and more.
A KPMG Health Care and Cyber Security report found that four-fifths of execs said their data has been compromised in cyber attacks.
The Linux Foundation (LF) gave internet users a peek into its employees' security practices in a Github post this past week that details their various techniques for maintaining secure workstations.
KeyRaider malware is stealing valid Apple accounts, and the compromised credentials are being actively abused as part of another seemingly related threat.
Internet service providers in Russia were ordered to block access to Wikipedia but efforts have been thwarted by HTTPs.
A Kaspersky Labs study found some consumers are tremendously worried about hacking and malware, while almost half are not concerned at all and others simply believe they are not of interest to cybercriminals.
Both Amazon and Google took steps to downplay or completely rid its company's entities of Flash ads.
A team of researchers created an app vetting scanner referred to as "MassVet," and used it to identify 127,429 malicious apps on 33 Android markets.
The alleged leader of ISIS' CyberCaliphate hacking group, Junaid Hussain, is believed to have been killed in a recent drone air strike.
ALM CEO Noel Biderman may be the latest victim of the massive AshleyMadison.com hack with the company announcing his immediate resignation today.
Agora, one of the largest online black market sites, halted operations after concerns arose of vulnerabilities in Tor's hidden service.
Sensitive data of California residents including, social security numbers, health records, and income tax information vulnerable
Virginia killer Vester Lee Flanagan II, a.k.a., Bryce Williams was tracked down Wednesday with the help of a license plate reader Wednesday, but larger issues surrounding security and individual freedom still worry privacy advocates.
Canadian researchers at Citizen Lab released a report today describing a phishing campaign being conducted against Iranian dissidents and how utilizing a two-factor authentication (2FA) tool helped foil most of the attacks.
After independent journalist Brian Krebs reported that a Twitter user may be connected to the Ashley Madison hack, the user has denied involvement.
iOS 8.4 could have a hard time making apps go to sleep, according to security researchers at FireEye.
A pastor and former Morgan Stanley VP charged by federal prosecutors as "the linchpin of a sprawling financial and hacking conspiracy" is free on $2 million bail.
The extrapolated total annual cost of phishing for the average organization is more than $3.7 million, but $1.8 million could be saved with the right training.
Five police officers accused of shooting unarmed civilians post-Katrina say they did not get a fair trial in part because "adverse online comments" by prosecutors created an "air of bullying," an appeals court ruled.
The Office of the Inspector General investigated and found that staffers at the U.S. embassy in Tokyo used their personal emails for professional matters.
The Oakland Police Department said it will now only hold data gathered with its automatic license plate reader (ALPR) devices for six months, which could prove beneficial to the privacy of the vehicle owners who came across the device's path.
Symantec has found that the Sundown exploit kit (EK) has begun to take advantage of a recent IE vulnerability, CVE-2015-2444
The Securities and Exchange Commission will not penalize Target Corp. for a cyberattack two years ago in which credit card and other personal information of millions of customers was exposed.
The Diplomatic Council is calling for more transparency regarding government surveillance across the world.
Cyphort Labs's latest study on malvertising indicates a massive uptick with this form of attack has taken place over the last few years driven, in part, by the proliferation of zero-day and Angler kit exploits.
Data breach by holiday company, Thomson, reveals the personal details of nearly 500 customers.
The Office of Inspector General investigated the Department of Veteran Affairs' use of Yammer, a supposedly private and closed social network. Their findings indicate serious security lapses and lack of judgment on users' parts.
In a first of its kind ruling in New York state, a Westchester Supreme Court justice said a man can use information from his ex-wife's Facebook page as evidence in a child custody battle.
The Recordable Activator app was available in the Google Play store and was observed exploiting the Certifi-gate vulnerability.
Symantec reported today that its security software is now protecting more than 1 billion Internet of Things (IoT) devices and as this number expands so will security risks associated with these products.
Online rumblings began pointing to a lone female as the perpetrator of the Ashley Madison data breach while class-action lawsuits were filed and reward offered.
The growing threat posed by ransomware and the possibility that cybercriminals will graduate from extorting end users to large corporations topped the worry list of IBM's X-Force threat team in its Q3 threat intelligence report.
McCuneWright, LLP, along with other firms, filed a class action complaint against the IRS on Thursday in the U.S. District Court for the District of Columbia.
Following a number of recent headline-grabbing breaches, a panel of foreign relations experts convened at the Atlantic Council to discuss retaliation against hackers.
The 'media content' home page of Australia's largest telecommunications company Telstra has been infected with 'malvertising' which links a malicious exploit kit.
Dolphin and Mercury Android browsers can be hacked to execute code remotely.
The Royal Saudi Airforce is the latest victim of hacktivists after military intervention in Yemen.
Zscaler has been seeing attackers targeting WordPress sites running version 4.2 and lower.
Facebook is looking to expand its ThreatExchange while also keeping government participation at a non-existent level.
Sensitive government data may be at risk due to agencies failing to implement bring your own device policies.
Level 3 has pegged the Portmapper attack vector as the future of amplification DDoS attacks and is warning IT security professionals to start preparing now.
A former London-based State Department worker has been indicted by a federal grand jury in connection with an online hacking and sextortion scheme.
The vulnerability, which is being referred to by Appthority as Quicksand, was patched by Apple in iOS 8.4.1.
OS X flaw is exposed by teenage Italian security researcher without warning Apple - reigniting the debate about 'irresponsible' bug disclosure.
Spending on the outsourcing of IT functions is rising, according to a new report from Computer Economics.
Michael Martinez, 26, allegedly solicited three females, including a minor, for sexually explicit photos and then extorted them.
A patch released Tuesday addresses a critical memory corruption vulnerability that can be exploited by an attacker to enable remote code execution.
DARPA has started accepting applications to develop a stronger defense against DDoS attacks.
A hacker group posted 9.7 gigabytes of data in apparent retaliation for the site allegedly claiming to delete customer details for a fee, but then not doing so.
Researchers at Akamai reported an increase in the quantity and strengths of DDoS style attacks in Q2 of 2015 compared to last year.
Trend Micro's second quarter threat report hit on several security issues, including threats that pose an actual physical threat to the public.
While the IRS continues investigating its May data breach, the accessing of sensitive information brings up the idea of two-factor authentication and passwords.
Google has addressed the bug, CVE-2015-3842, which can be exploited via a malicious app that does not require any permissions.
Leaked Edward Snowden documents reveal that up until at least 2013, the U.S. government held intimate ties with AT&T and to a lesser extent Verizon.
GM's OnStar RemoteLink mobile application contains a vulnerability that can enable an attacker to identify, start a vehicle and more.
Portions of University of Virginia's information technology systems have been accessed, but no personal information appears to have been affected.
Hackers went old school during the first half of 2015, resurrecting the use of malicious email attachments and also began targeting businesses with a new stream of phishing attacks, according to Proofpoint's first half threat report.
A Reuters article claimed the Russian cybersecurity firm intentionally poisoned good files to throw off competitors' antivirus detection.
As six major retailers spanning the U.S., Canada and the U.K. enter the second month of having their online photo print operations shuttered by hackers, industry analysts say the damage to consumers and the retailers could be significant in both data and dollars.
The vulnerability was identified by security researchers with MWR Labs, and it impacts Google Admin version 2014101605 and lower.
Security professionals are most concerned about the endpoint, citing it as the greatest source of risk in a Bromium survey of more than 100 pros who attended Black Hat USA 2015 in Las Vegas last week.
Former Secretary of State Hillary Clinton's private email server was handed to the FBI after investigators found it contained messages that were later classified top secret.
Apple's update to iOS and iTunes included dozens of security patches along with fixes for the iCloud Music Library and Apple Music.
SC Magazine picked up five Azbee Awards for editorial excellence, design and online presence at a gala event on Aug. 12 in New York.
Microsoft's Windows 10 allows for certain data-sharing settings to be disabled, but in some cases, turning them off does nothing to stop the sharing.
The cross-site scripting vulnerability has been addressed, but it could have been exploited by an attacker to distribute malware and carry out phishing attacks.
Researchers say that campaigns leveraging the Asprox botnet have disappeared after reaching a peak last year.
Attackers have been observed substituting Cisco's IOS bootstrap with a malicious ROMMON image after first accessing the company's IOS devices.
Sign up to our newsletters
SC Magazine Articles
- Women in IT Security: 10 Power Players
- Report: Phishing costs average organization $3.7 million per year
- Scanner identifies thousands of malicious Android apps on Google Play, other markets
- Women in IT Security: Women of influence
- DARPA seeks to develop program that drastically improves DDoS defense
- DOJ issues new 'stingray' policies and begins requiring a warrant
- Outdated websites deliver TeslaCrypt via Neutrino Exploit Kit: Heimdal
- Scammers and schemers look to cash in on Ashley Madison breach
- ACLU asks DOJ to withhold funds for LAPD body cams
- A question of balance between security solutions and the people who use it