Prolexic's second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth.
On Tuesday, Trend Micro released a report detailing Operation Emmental, which targets victims in Austria, Switzerland, Sweden and Japan.
A reported Russian hacker group known as W0rm tweeted on Monday that it had hacked Vice.com and The Wall Street Journal website.
This weekend, the digital rights group released a "hacker alpha" version of its Open Wireless Router software.
CyberArk interviewed 373 IT security executives and other senior management in North America, Europe and the Asia-Pacific as part of its eighth annual Global Advanced Threat Landscape survey.
At the HOPE X conference in New York, Daniel Ellsberg and Edward Snowden discussed the importance of keeping government spying in check.
Solutionary's SERT research team analyzed threats for the second quarter for its Quarterly Threat Intelligence Report.
Daniel Howe spoke about obfuscation and presented a couple of tools that he helped create at hacker conference HOPE X.
A Secunia quarterly report found Microsoft XML Core Services 4 to be the "most exposed" of widely used programs.
An RCE vulnerability existing in several Cisco Wireless Residential Gateway products can be exploited to serve up fraudulent advertisements and deliver malware.
Sentinel Labs dubbed the repurposed malware "Gyges."
A Ponemon Institute survey found nearly a third of IT security teams don't formally speak with company executives, increasing the risk of attack.
In a Tuesday hearing, a Senate subcommittee heard testimony from government and private sector security experts over the botnet explosion.
Popular Japanese adult websites have been compromised to distribute the Aibatook banking trojan, a threat that could make its way to the U.S.
In less than a day, over 6,000 infected machines were updated with the new Pushdo variant.
The most critical flaws were in Java and Oracle Database Server.
Microsoft blames a "well known" design limitation in Active Directory's authentication protocol, but researchers who discovered the exploit beg to differ.
An Emulex survey revealed that 77 percent of IT staffers have incorrectly reported the root cause of a security incident to their executive team.
Stephen Su is accused of accessing U.S. firms' systems, including defense contractors Boeing and Lockheed Martin.
Trusteer warns that the financial malware was first advertised last week on a major underground forum.
A man arrested in Germany and extradited to the United States in 2012 pleaded guilty to bank fraud on Friday for his role in a global operation that netted $14 million within 48 hours.
Using phishing emails, attackers are targeting various industries with unique keylogger malware as part of an ongoing campaign, NightHunter, that dates back to 2009.
Nearly 70 percent of critical infrastructure organizations said they experienced a security compromise in the last year.
Trusteer, an IBM company, revealed details on the bolware variants, which employ new tactics to manipulate web pages used for Boletos transactions.
In 2013, the banking trojan was deemed one of the most active banking trojans by Dell SecureWorks.
Emails and user credentials can be stolen in a man-in-the-middle attack because the Gmail iOS app does not perform certificate pinning.
The Cybersecurity Information Sharing Act of 2014 encourages threat information sharing between government and the private sector.
Lecpetex attackers may have infected up to 250,000 computers, Facebook revealed.
Thousands of infected computers around the world are being used to brute-force point-of-sale systems utilizing remote desktop protocols.
Ninety-six percent of security pros employed AV and anti-malware solutions to protect data from APT attacks, while protections for mobile entry points fell at the bottom of the list.
Roman Seleznev, son of a Russian lawmaker, was picked up in Maldives and taken into U.S. custody in Guam, three years after being indicted.
After purchasing 20 "wiped" Android smartphones on eBay, AVAST researchers were able to restore photos and other personal information.
In its monthly Patch Tuesday update, Microsoft plugged a slew of critical bugs in Internet Explorer that could allow remote code execution.
CrowdStrike revealed that the attack group is now targeting sensitive data about political affairs in Iraq.
Noting that consumers are being asked to provide more information than ever before and are less protected, the National Consumers League has proposed reforms.
Remote code execution (RCE) flaws in Windows and IE will receive top priority this month.
Frustrated by the NSA dragging its heels on a FOIA request, the EFF takes the NSA to court to secure records on vulnerabilities disclosure criteria.
The HijackRAT for Android mobile devices is capable of numerous attacks, such as pilfering banking information and disabling anti-virus apps.
Hackers abused Microsoft's Visual Basic for Applications (VBA) to rig email attachments, Cisco reveals.
In its quarterly "State of the Internet" report Akamai observed 283 DDoS attacks in the first quarter of 2014.
RSA has revealed the extent of bolware attacks in the country, which have remained a pervasive issue in the financial sector.
The number of phishing websites observed in the first quarter of 2014 went up 10 percent over the previous quarter, and the U.S. hosts the majority.
The legal action was taken to disrupt the spread of remote access trojans njRAT and njw0rm.
The Houston Astros were hacked, and trade conversations dating back to June 2013 between the Texas ball club and several other major league teams were posted online.
Bugat's worm component sends phishing emails to new sets of potential victims, researchers warn.
The new Zeus variant employs AES-128 encryption as opposed to the older RC4 cipher used by other Zeus iterations.
The FISMA reform act, which eases reporting requirements and clarifies the roles of DHS and OMB, easily passes the Senate Homeland Security and Governmental Affairs Committee.
Banking malware identified as EMOTET is being delivered in Germany via phishing emails, but is also making its way over to the U.S.
The legal fight stems from a 2013 request by the Manhattan district attorney, seeking data from the Facebook accounts of 381 people.
A security intelligence report analyzed 150 health care vendors, both small and large.
A years-old information stealer trojan known as Pony Loader, or Fareit, has been updated to steal cryptocurrency wallets such as Bitcoin.
The WebShot feature of TimThumb, an image resizing utility commonly used on blogging platform WordPress, is affected by a remote code execution vulnerability.
Privacy advocates say the Wednesday ruling will have a positive impact on forthcoming cases involving data security.
A recent study has found a significant gap between perceived risk and the actual safeguarding of sensitive data.
F-Secure detected 88 variants of the malware, which infected companies in Europe, as well as a California firm.
A vulnerability exists that allows anyone with legitimate account credentials to bypass two-factor authentication on some of PayPal's mobile applications.
Researchers at Lookout found the malware, which masqueraded as a legitimate banking app for customers of an Israeli bank.
HackingTeam is an Italian seller of hacking software marketed to police and governments.
A nasty trojan known as Caphaw is being served up to anyone that visits multiple pages across AskMen.com, most likely via the Nuclear Pack exploit kit.
FireEye researchers are tracking spikes in malicious emails attributed to an ongoing Asprox campaign.
On Monday, ad network Taboola confirmed that it was hacked by the Syrian Electronic Army.
Attackers are going after online dating accounts in a massive campaign that makes use of a phishing kit featuring hundreds of fraudulent PHP scripts.
Michaels insurer petitions a federal court while a retail group asks Congress not to put the onus on retailers.
A patch was issued for CVE-2012-0158 in April 2012, but Trend Micro found that it is the most commonly exploited vulnerability related to targeted attacks in the second half of 2013.
At SC Congress Toronto, industry experts gave insight on security concerns introduced by the influx on internet-connected devices.
Following a DDoS attack, attackers deleted sensitive data and put code hosting and project management services provider Code Spaces out of business.
Under investigation is FTC's relationship with security firm Tiversa, which provided the agency evidence in an ongoing data security case.
LinkedIn users that do not have HTTPS always enabled by default are at risk of having their accounts taken over in a man-in-the-middle attack.
The campaign was first noted on Wednesday morning, where more than 40,000 malicious emails were quarantined by researchers.
Microsoft issued an update to its Malware Protection Engine in order to fix a vulnerability that could enable a denial-of-service.
Timothy French was arrested by the FBI on June 11 and charged on Monday with conspiracy to commit computer fraud and abuse.
Security personnel are busy mitigating infrastructure attacks rather than protecting their organizations, say experts at SC Congress Toronto.
Dyre is a new malware strain primarily targeting banking credentials, and is also capable of modifying network traffic and bypassing SSL mechanisms.
IBM's global CISO advised security pros on engaging boards of directors about organizational threats.
An exploit being used by an application to 'root' Android devices could be repackaged by attackers to compromise cell phones.
A new IBM report reveals that organizations experienced more than 91 million "security events" last year.
The defendants were allegedly behind unauthorized charges to consumers cell phone bills.
A hacker group that stole data on 650,000 French and Belgian Domino's customers is threatening to release the information if the pizza company does not pay more than $40,000.
On Thursday, the FBI announced new charges against the hacker, including counts of cyberstalking and unauthorized access of a protected computer.
While P.F. Chang's investigates a breach, it has shifted to manual payment card imprinting, suggesting that point-of-sale devices may have been compromised.
Trend Micro detected over 375 spurious apps spreading mobile malware to soccer fans.
A three-judge panel in the 11th Circuit Court of Appeals says a Florida man's Fourth Amendment expectation of privacy was violated.
An advisory published Tuesday by PLXsert warns Fortune 500 companies of an evolving Zeus crimeware kit threat.
Earlier versions of Svpeng impacted mobile users in Russia, stealing card details from customers of major banks.
Most respondents in a Ponemon Institute study scan irregularly or not at all and the bulk believe retail breaches are likely the work of crime syndicates.
The operation previously targeted victims by exploiting bugs in popular software, FireEye said.
So far, the new variant has targeted 14 major banks in the country, Trusteer found.
Researchers with IntelCrawler have identified a unique type of malware, known as POSCLOUD, which targets cloud-based point-of-sale software.
A cumulative security update for Internet Explorer, addressing 59 bugs, was pegged as the top priority patch in the bunch.
CrowdStrike revealed that the spy network "Putter Panda" appears to share resources with the infamous espionage group APT1.
Pandemiya, a new trojan based on 25,000 lines of C code, is being sold for as much as $2,000 on underground forums.
Incapsula has observed an uptick in multi-vector DDoS attacks, particularly after fighting off a five-vector 100Gbps DDoS attack against an online gambling website on Friday.
A report from the Center for Strategic and International Studies puts a dollar figure on cybercrime costs but shows wider economic fallout.
Marcel Lehel Lazar, also known as "Guccifer," could spend up to seven years in prison for his crimes.
If firms pinpoint attackers early on, they can prevent most of this activity, Imperva found.
A PhishMe researcher determined that attackers may have compromised 350,000 systems with CryptoWall ransomware and earned more than $70,000 in Bitcoins as part of an ongoing Dropbox phishing scheme.
The critical patches will remediate remote code execute (RCE) bugs in Windows, IE, Office and Microsoft Lync.
Following an analysis of roughly 2,000 passwords, an AVAST researcher concluded that hacker passwords are not much stronger than those used by the average user.
The revelations were published Friday in the company's law enforcement disclosure report.
The campaign kicks off a year after Snowden leaks about NSA's snooping programs surfaced.