Researcher hacks network connected devices in own home

Researcher hacks network connected devices in own home

In his own home, a researcher was able to hack various network connected devices that are not computers and mobile phones.

Study: Most higher ed malware infections attributed to 'Flashback'

Study: Most higher ed malware infections attributed to 'Flashback'

Flashback caused a stir in 2012 when some 650,000 Macs were infected with the malware.

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

Community Health Systems attackers exploited Heartbleed bug for access, firm says

Community Health Systems attackers exploited Heartbleed bug for access, firm says

Sources close to the breach investigation tipped off TrustedSec CEO David Kennedy.

AP denied security docs on HealthCare.gov, a risk to private information

AP denied security docs on HealthCare.gov, a risk to private information

The Associated Press was denied a request made under the Freedom of Information Act for documents that contain security information on HealthCare.gov.

Privacy rights group files complaint over Adobe, AOL Safe Harbor compliance

Privacy rights group files complaint over Adobe, AOL Safe Harbor compliance

The Center for Digital Democracy has asked the FTC to investigate 30 U.S. firms' data collection practices, including Adobe, AOL and Datalogix.

Community Health Systems breach may impact more than four million patients

Community Health Systems breach may impact more than four million patients

More than four million patients had data compromised after attackers hacked into the computer network of Community Health Systems and installed malware, according to reports.

Chinese national indicted over Boeing, Lockheed Martin hack

Chinese national indicted over Boeing, Lockheed Martin hack

With the help of two unknown co-conspirators, Su Bin allegedly stole trade secrets related to aircraft models from the defense contractors.

Mother sues Rady Children's Hospital, claims daughter's records revealed

Mother sues Rady Children's Hospital, claims daughter's records revealed

A mother says a breach at Rady Children's Hospital revealed her daughter's sensitive medical records.

SUPERVALU, AB Acquisition announce payment card breaches at grocery chains

SUPERVALU, AB Acquisition announce payment card breaches at grocery chains

SUPERVALU and AB Acquisition LLC are working together to investigate breaches that impacted both companies over the same time frame.

Infection rate from Zeus variant grows 1,879 percent

Infection rate from Zeus variant grows 1,879 percent

Arbor Networks used data from five sinkholes to assess the threat posed by newGOZ, a Zeus variant that steals banking credentials from victims.

Volumetric DDoS activity up big-time in Q2 2014, report indicates

Volumetric DDoS activity up big-time in Q2 2014, report indicates

In the second quarter of 2014, Verisign researchers noted a spike in volumetric DDoS activity when compared to previous quarters.

NSA works to automatically detect attacks, return strikes from foreign adversaries

NSA works to automatically detect attacks, return strikes from foreign adversaries

The NSA program, called "MonsterMind," is reportedly being developed by the intelligence agency.

ACLU, NYCLU court filing backs Facebook challenge to Manhattan DA

ACLU, NYCLU court filing backs Facebook challenge to Manhattan DA

The civil liberties groups contend in a brief filed in New York Supreme Court, that warrants and a gag order issued in the case were unconstitutional.

FCC creates task force to scrutinize illegal stingray use

FCC creates task force to scrutinize illegal stingray use

The task force will examine the use of the technology by foreign intelligence agencies and criminals targeting Americans.

Malware threatens virtual machines, according to report

Malware threatens virtual machines, according to report

Malware has become a threat to virtual machines and, nowadays, should be incorporated into security strategy, according to a Symantec report.

On Patch Tuesday, Microsoft releases nine patches for 37 bugs

On Patch Tuesday, Microsoft releases nine patches for 37 bugs

The tech giant's monthly security update includes two critical patches for IE and Windows.

Researchers trace 'Epic Turla' infection vector

Researchers trace 'Epic Turla' infection vector

Ten months after German security firm G-Data SecurityLabs released its findings on , researchers at Kaspersky Lab and Symantec have detailed a massive cyber-espionage operation.

Security movement urges automakers to collaborate with researchers

Security movement urges automakers to collaborate with researchers

A group of security pros called "I am The Cavalry" introduced a five star automotive cyber safety program.

PCI council releases third-party security assurance guidance

PCI council releases third-party security assurance guidance

The guidance is meant to help merchants and third parties better understand their roles and responsibilities in the payment security ecosystem.

Two new Gameover Zeus variants in the wild

Two new Gameover Zeus variants in the wild

About two months after botnet takedown efforts, new versions of the malware have surfaced in the U.S. and abroad.

DefCon: You cannot 'cyberhijack' an airplane, but you can create mischief

DefCon: You cannot 'cyberhijack' an airplane, but you can create mischief

In a session at DefCon 22, speakers explained that it is not possible to hack a plane and take control of the aircraft, but creating some mischief is still possible.

DefCon: Panel discusses diversty in security and just being yourself

DefCon: Panel discusses diversty in security and just being yourself

Being yourself and being able to be yourself were topics discussed at a panel on diversity in information security at DefCon 22.

DefCon: Stolen data markets are as organized as legitimate online businesses

DefCon: Stolen data markets are as organized as legitimate online businesses

In order to cause disruption within the stolen data markets of the dark web, its organizational structure must be analyzed, according to one expert at DefCon 22 in Las Vegas.

DefCon: Traffic control systems vulnerable to hacking

DefCon: Traffic control systems vulnerable to hacking

Cesar Cerrudo spoke at DefCon about how traffic control systems used in the U.S. and other countries can be hacked.

Black Hat 2014: Experts demo badUSB proof-of-concept tools

Black Hat 2014: Experts demo badUSB proof-of-concept tools

A wide host of devices rely on USB to make them usable but USB contains vulnerabilities that attackers can exploit.

Microsoft previews nine bulletins, critical fixes for Windows, IE ahead

Microsoft previews nine bulletins, critical fixes for Windows, IE ahead

Two critical fixes from the tech giant will plug RCE bugs impacting Windows and IE users.

Black Hat: Hackers execute code on mobile POS devices, play their version of Flappy Bird

Black Hat: Hackers execute code on mobile POS devices, play their version of Flappy Bird

Two hackers demonstrated how device vulnerabilities could allow attackers to access sensitive card data using multiple attack vectors.

Black Hat: Researchers hack into Cisco EnergyWise

Black Hat: Researchers hack into Cisco EnergyWise

Vulnerabilities in EnergyWise could let attackers cause huge blackouts if abused.

Black Hat: Bruce Schneier talks incident response, trends

Black Hat: Bruce Schneier talks incident response, trends

Bruce Schneier spoke on the state of incident response at Black Hat 2014, emphasizing that hackers will invariably breach networks.

Black Hat:"Saving cyberspace" requires next-level defense focus

Black Hat:"Saving cyberspace" requires next-level defense focus

Speaker Jason Healey warned that the internet can only endure so much abuse before it's irreversibly damaged.

Black Hat: Expert sheds light on government sponsored malware creation

Black Hat: Expert sheds light on government sponsored malware creation

F-Secure Chief Research Officer and acclaimed security expert Mikko Hypponen discussed the evolution of government-sponsored malware at Black Hat 2014.

Black Hat: Airport security equipment at risk

Black Hat: Airport security equipment at risk

Bugs in trace detection scanners, x-ray machines and time and attendance clocks could make them vulnerable to attack, according to experts at this year's Black Hat conference.

Black Hat: Hidden controls open 2 billion mobile devices to exploitation

Black Hat: Hidden controls open 2 billion mobile devices to exploitation

A pair of researchers from Accuvant at the 2014 Black Hat conference showed how the OMA-DM protocol can be leveraged to gain access to mobile devices.

Black Hat: Researcher demonstrates how he controlled room devices in luxury hotel

Black Hat: Researcher demonstrates how he controlled room devices in luxury hotel

An insecure home automation protocol allowed the hacker to control room amenities, like lights, TVs and temperature settings.

Black Hat keynote talks cyber policies for field's future

Black Hat keynote talks cyber policies for field's future

On Wednesday, Dan Geer delivered his keynote called "Cybersecurity as Realpolitik" at Black Hat.

More than a billion unique credentials pilfered by Russian hackers

More than a billion unique credentials pilfered by Russian hackers

Hold Security identified a Russian hacker group, dubbed "CyberVor," that is in possession of more than a billion unique credentials.

NIST drafts updated guidance for agencies assessing security, privacy

NIST drafts updated guidance for agencies assessing security, privacy

The guidance gives federal agencies improved assessment procedures for securing their information systems and networks.

PayPal addressing another two-factor authentication bypass

PayPal addressing another two-factor authentication bypass

An Australian researcher has discovered and posted a method for getting past PayPal's two-factor authentication, but it requires primary credentials.

NTP DrDoS down in Q2, multi-vector attacks up, study finds

NTP DrDoS down in Q2, multi-vector attacks up, study finds

Black Lotus's second quarter threat report attributed the decline in amplified attacks to successful patching and systems upgrades.

Android malware SandroRAT disguised as mobile security app

Users were lured by phishing emails, which supposedly contained a free Kaspersky mobile security app.

Script fails, thousands of Mozilla developer emails, passwords possibly exposed

Script fails, thousands of Mozilla developer emails, passwords possibly exposed

The script for a data sanitization process on the Mozilla Developer Network failed and the email addresses and passwords of thousands of users was publicly accessible.

About 2,800 victims of worldwide info-stealing campaign targeting various sectors

About 2,800 victims of worldwide info-stealing campaign targeting various sectors

Unknown attackers have claimed about 2,800 victims in an ongoing information-stealing campaign identified by Kaspersky Lab as "Crouching Yeti."

Study: CISO leadership capacity undervalued by most C-level execs

Study: CISO leadership capacity undervalued by most C-level execs

According to a ThreatTrack Security study, 74 percent of execs believed that CISOs didn't belong on organization's senior leadership teams.

PittyTiger spearphishing campaign speaks multiple languages

PittyTiger spearphishing campaign speaks multiple languages

A threat group operating out of China continues its damage using older exploits, FireEye researchers said.

Latest Citadel trick allows RDP access after malware's removal

Latest Citadel trick allows RDP access after malware's removal

Trusteer, an IBM company, said the new Citadel configuration was detected this month.

Nearly 600 U.S. businesses compromised by 'Backoff' POS malware

Nearly 600 U.S. businesses compromised by 'Backoff' POS malware

Attackers are brute-forcing remote desktop software to infect point-of-sale devices with relatively new malware known as Backoff.

SC Magazine brings home national and regional honors

SC Magazine brings home national and regional honors

SC Magazine earned distinction from two trade associations for its editorial content, art direction, use of social media and website.

Apple hit with privacy class-action over iPhone location service

Apple hit with privacy class-action over iPhone location service

A woman claims she did not realize the company was using location services to track her and accuses the company of giving the data to third parties.

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce reforms

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

OTI report exposes economic costs of NSA spying

OTI report exposes economic costs of NSA spying

A report from New America OTI found that the NSA surveillance program has had a chilling effect on U.S. commerce and foreign policy.

Symantec Endpoint Protection vulnerabilities enable privilege escalation

Symantec Endpoint Protection vulnerabilities enable privilege escalation

Vulnerabilities existing in Symantec Endpoint Protection can be exploited to escalate privileges, perhaps resulting in a complete Windows domain takeover.

Breach index: Encryption used in 4 percent of Q2 incidents

Breach index: Encryption used in 4 percent of Q2 incidents

Out of the 237 disclosed data breaches last quarter, encryption was used in only 10 instances.

IG scolds NOAA on security deficiencies, recommends fixes

IG scolds NOAA on security deficiencies, recommends fixes

An audit of NOAA by the inspector general found security shortcomings, including the link between information systems and satellite systems.

HP tests 10 popular IoT devices, most raise privacy concerns

HP tests 10 popular IoT devices, most raise privacy concerns

In a study, HP Fortify tested 10 popular Internet of Things (IoT) devices, including TVs, webcams and device control hubs.

Vulnerability impacting multiple versions of Android could enable device takeover

Vulnerability impacting multiple versions of Android could enable device takeover

Researchers with Bluebox, who uncovered the vulnerability, dubbed it "Fake ID" because it enables the identity of trusted applications to be copied.

EFF asks court to find NSA internet spying a violation of Fourth Amendment

EFF asks court to find NSA internet spying a violation of Fourth Amendment

Complete with a colorful graphic, the EFF showed a federal court how the NSA essentially runs a digital dragnet that can pick up innocent Americans.

Companies accused of peddling bogus AV ordered to pay $5.1M

Companies accused of peddling bogus AV ordered to pay $5.1M

A federal court in New York issued default judgments against 14 companies and individuals who allegedly operated the scams.

Bug in MailPoet plugin exploited to compromise thousands of WordPress sites

Bug in MailPoet plugin exploited to compromise thousands of WordPress sites

Attackers are taking advantage of a vulnerability in the popular MailPoet plugin, which has nearly two million users, to compromise thousands of WordPress sites.

Survey: 53 percent change privileged logins quarterly

A Lieberman Software survey highlights the issue or poor password management, even among security pros.

Andromeda bot spreads Tor-using CTB-Locker ransomware

Andromeda bot spreads Tor-using CTB-Locker ransomware

Kaspersky Lab has observed Andromeda bot being used to deliver CTB-Locker, a new ransomware that hides its command-and-control server on the Tor network.

Text message spammer settles charges filed by FTC

Text message spammer settles charges filed by FTC

Rishab Verma and his company agreed to settle charges filed by the FTC that Verma sent millions of spam text messages that deceitfully promised free merchandise.

Sony to shell out $15M in PSN breach settlement

Sony to shell out $15M in PSN breach settlement

The 2011 hack exposed the personal information of roughly 77 million users registered with PlayStation Network and Qriocity.

eBay faces class-action suit over breach

eBay faces class-action suit over breach

A suit filed in a federal court in Louisiana charges the company with failing to protect personal information and seeks damages on multiple counts.

With RATs at their disposal, 419 scammers target businesses

With RATs at their disposal, 419 scammers target businesses

A new report reveals how Nigeria's 419 scammers are spreading malware to pocket business funds.

InfoSec pros worried BYOD ushers in security exploits, survey says

InfoSec pros worried BYOD ushers in security exploits, survey says

A study by the Information Security Community on LinkedIn found most organizations don't have proper polices and support for BYOD.

Six charged in global StubHub scheme, company defrauded out of $1 million

Six charged in global StubHub scheme, company defrauded out of $1 million

Manhattan DA Cyrus Vance announced on Monday that six individuals are charged for their roles in a global scheme that defrauded StubHub out of $1 million.

DDoS attacks remain up, stronger in Q2, report says

DDoS attacks remain up, stronger in Q2, report says

Prolexic's second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth.

Op Emmental spoofs bank sites, uses Android malware to maintain account access

Op Emmental spoofs bank sites, uses Android malware to maintain account access

On Tuesday, Trend Micro released a report detailing Operation Emmental, which targets victims in Austria, Switzerland, Sweden and Japan.

Vice.com hacked, possibly The Wall Street Journal website too

Vice.com hacked, possibly The Wall Street Journal website too

A reported Russian hacker group known as W0rm tweeted on Monday that it had hacked Vice.com and The Wall Street Journal website.

EFF intros wireless router software to boost industry standard

EFF intros wireless router software to boost industry standard

This weekend, the digital rights group released a "hacker alpha" version of its Open Wireless Router software.

Breaches driving organizational security strategy, survey indicates

Breaches driving organizational security strategy, survey indicates

CyberArk interviewed 373 IT security executives and other senior management in North America, Europe and the Asia-Pacific as part of its eighth annual Global Advanced Threat Landscape survey.

Snowden, Ellsberg ask hackers to help obscure whistleblower activity

Snowden, Ellsberg ask hackers to help obscure whistleblower activity

At the HOPE X conference in New York, Daniel Ellsberg and Edward Snowden discussed the importance of keeping government spying in check.

U.S. hosted most Q2 malware, top 10 ISPs still main sources

U.S. hosted most Q2 malware, top 10 ISPs still main sources

Solutionary's SERT research team analyzed threats for the second quarter for its Quarterly Threat Intelligence Report.

Diluting data profiles with obfuscation, a hot topic at HOPE X hacker conference

Diluting data profiles with obfuscation, a hot topic at HOPE X hacker conference

Daniel Howe spoke about obfuscation and presented a couple of tools that he helped create at hacker conference HOPE X.

Report: Old bugs in Microsoft XML still haunt users, program 'most exposed'

Report: Old bugs in Microsoft XML still haunt users, program 'most exposed'

A Secunia quarterly report found Microsoft XML Core Services 4 to be the "most exposed" of widely used programs.

Severe RCE vulnerability affects several Cisco products

Severe RCE vulnerability affects several Cisco products

An RCE vulnerability existing in several Cisco Wireless Residential Gateway products can be exploited to serve up fraudulent advertisements and deliver malware.

Russian espionage malware adapted for ransomware scams

Russian espionage malware adapted for ransomware scams

Sentinel Labs dubbed the repurposed malware "Gyges."

Report: 31 percent of IT security teams don't speak to company execs

Report: 31 percent of IT security teams don't speak to company execs

A Ponemon Institute survey found nearly a third of IT security teams don't formally speak with company executives, increasing the risk of attack.

Senate subcommittee looks to stop botnet threat

Senate subcommittee looks to stop botnet threat

In a Tuesday hearing, a Senate subcommittee heard testimony from government and private sector security experts over the botnet explosion.

Compromised Japanese porn websites distribute banking trojan

Compromised Japanese porn websites distribute banking trojan

Popular Japanese adult websites have been compromised to distribute the Aibatook banking trojan, a threat that could make its way to the U.S.

Pushdo botnet gets DGA update, over 6,000 machines host new variant

Pushdo botnet gets DGA update, over 6,000 machines host new variant

In less than a day, over 6,000 infected machines were updated with the new Pushdo variant.

Oracle releases 113 bug fixes in Critical Patch Update

Oracle releases 113 bug fixes in Critical Patch Update

The most critical flaws were in Java and Oracle Database Server.

Active Directory flaw opens enterprise services to unauthorized access

Active Directory flaw opens enterprise services to unauthorized access

Microsoft blames a "well known" design limitation in Active Directory's authentication protocol, but researchers who discovered the exploit beg to differ.

Survey: 77 percent of IT staffers have incorrectly reported the cause of a security incident

Survey: 77 percent of IT staffers have incorrectly reported the cause of a security incident

An Emulex survey revealed that 77 percent of IT staffers have incorrectly reported the root cause of a security incident to their executive team.

Chinese man charged with hack of Boeing, Lockheed Martin aircraft data

Chinese man charged with hack of Boeing, Lockheed Martin aircraft data

Stephen Su is accused of accessing U.S. firms' systems, including defense contractors Boeing and Lockheed Martin.

Fraudsters market new malware Kronos on underground

Fraudsters market new malware Kronos on underground

Trusteer warns that the financial malware was first advertised last week on a major underground forum.

Man pleads guilty to bank fraud, 48-hour global operation netted $14 million

Man pleads guilty to bank fraud, 48-hour global operation netted $14 million

A man arrested in Germany and extradited to the United States in 2012 pleaded guilty to bank fraud on Friday for his role in a global operation that netted $14 million within 48 hours.

NightHunter campaign dates back to 2009, targets credentials and other data

NightHunter campaign dates back to 2009, targets credentials and other data

Using phishing emails, attackers are targeting various industries with unique keylogger malware as part of an ongoing campaign, NightHunter, that dates back to 2009.

Study: Security not prioritized in critical infrastructure, though most admit compromise

Study: Security not prioritized in critical infrastructure, though most admit compromise

Nearly 70 percent of critical infrastructure organizations said they experienced a security compromise in the last year.

Two new Boleto malware families discovered

Two new Boleto malware families discovered

Trusteer, an IBM company, revealed details on the bolware variants, which employ new tactics to manipulate web pages used for Boletos transactions.

Police, security firms abate Shylock malware threat

Police, security firms abate Shylock malware threat

In 2013, the banking trojan was deemed one of the most active banking trojans by Dell SecureWorks.

Gmail iOS app vulnerable to MitM attack, emails and credentials at risk

Gmail iOS app vulnerable to MitM attack, emails and credentials at risk

Emails and user credentials can be stolen in a man-in-the-middle attack because the Gmail iOS app does not perform certificate pinning.

Senate Intelligence Committee approves cyber security bill

Senate Intelligence Committee approves cyber security bill

The Cybersecurity Information Sharing Act of 2014 encourages threat information sharing between government and the private sector.

Facebook disrupts cryptocurrency-mining botnet Lecpetex

Facebook disrupts cryptocurrency-mining botnet Lecpetex

Lecpetex attackers may have infected up to 250,000 computers, Facebook revealed.

Attackers brute-force POS systems utilizing RDP in global botnet operation

Attackers brute-force POS systems utilizing RDP in global botnet operation

Thousands of infected computers around the world are being used to brute-force point-of-sale systems utilizing remote desktop protocols.

Study: AV, anti-malware most used controls for APT defense

Study: AV, anti-malware most used controls for APT defense

Ninety-six percent of security pros employed AV and anti-malware solutions to protect data from APT attacks, while protections for mobile entry points fell at the bottom of the list.

Russian man arrested for POS hacks draws Russia's ire

Russian man arrested for POS hacks draws Russia's ire

Roman Seleznev, son of a Russian lawmaker, was picked up in Maldives and taken into U.S. custody in Guam, three years after being indicted.

Nude pics, other data, recovered from 'wiped' Android phones purchased on eBay

Nude pics, other data, recovered from 'wiped' Android phones purchased on eBay

After purchasing 20 "wiped" Android smartphones on eBay, AVAST researchers were able to restore photos and other personal information.

Microsoft addresses 29 bugs in IE, Windows, with six bulletins

Microsoft addresses 29 bugs in IE, Windows, with six bulletins

In its monthly Patch Tuesday update, Microsoft plugged a slew of critical bugs in Internet Explorer that could allow remote code execution.

Sign up to our newsletters

POLL