DOJ issues new 'stingray' policies and begins requiring a warrant

DOJ issues new 'stingray' policies and begins requiring a warrant

Following its own investigation, the Department of Justice issued new policies surround cell-site simulators, and in particular, 'stingrays.'

Outdated websites deliver TeslaCrypt via Neutrino Exploit Kit: Heimdal

Outdated websites deliver TeslaCrypt via Neutrino Exploit Kit: Heimdal

Heimdal Security reported an increase in malicious scripts infecting legitimate websites that then redirect the victim to the Neurtino exploit kit server that could potentially impact more than 400 million web users.

Scammers and schemers look to cash in on Ashley Madison breach

Scammers and schemers look to cash in on Ashley Madison breach

Blackmailers are seeking money in exchange for not releasing data, and scammers are offering services that supposedly remove Ashley Madison data.

ACLU asks DOJ to withhold funds for LAPD body cams

ACLU asks DOJ to withhold funds for LAPD body cams

The ACLU told the Justice Department that the LAPD's body camera policy falls short and does not meet the criteria to receive grant money.

A question of balance between security solutions and the people who use it

A question of balance between security solutions and the people who use it

Most network security professionals agree that there's no such thing as a perfect system. But that's not what keeps them up at night.

Russia may ban government officials from using Google and WhatsApp

Russia may ban government officials from using Google and WhatsApp

Russian government moves to implement partial ban on foreign technology which is seen as a threat to national security.

Waze allegedly stole its competitor's data to better its app

Waze allegedly stole its competitor's data to better its app

PhantomAlert, a Waze competitor, claims the company stole its "Points of Interest" database for its own gain.

Malware attacks hit Match.com UK site

Malware attacks hit Match.com UK site

Security researchers have discovered malicious adverts on the UK version of dating site Match.com.

Anonymous group launches phase of cyber-attacks against IS

Anonymous group launches phase of cyber-attacks against IS

Anonymous has launched another online battle against members of the Islamic State group.

ReverbNation notifies users of breach, recommends changing passwords

ReverbNation notifies users of breach, recommends changing passwords

ReverbNation is notifying users of a breach that occurred in 2014, and is asking them to change their passwords.

Chinese Android smartphones now shipping with pre-installed malware

Chinese Android smartphones now shipping with pre-installed malware

Rather than wait for the user to do it himself, middle men in the Chinese mobile phone industry are pre-stalling malware according to G Data.

Indiana State Police cite agricultural terrorism to deny stingray data request

Indiana State Police cite agricultural terrorism to deny stingray data request

Indiana State Police cited a state law defining agricultural terrorism to deny a request for information about cellular surveillance equipment.

U.S. workers roll the dice by gambling on their company phone

U.S. workers roll the dice by gambling on their company phone

Employees love to gamble with their employer's internet security by installing potentially vulnerable gambling apps on their company issued mobile devices, according to a report by Veracode.

Young hackers: Criminal or innovator?

Youthful mischief online can wreak havoc for offenders. Can IT security community leaders provide alternatives?

U.S. officials may impose sanctions against Russia, China for cyber attacks

U.S. officials may impose sanctions against Russia, China for cyber attacks

Recent cyberattacks have left U.S. officials mulling economic sanctions as retaliation against Russia and China.

Baby monitor vulnerabilities bring IoT security issues into sharp focus

Baby monitor vulnerabilities bring IoT security issues into sharp focus

Research from Rapid7 uncovered vulnerabilities in video baby monitors that could provide a pathway to compromise other devices and networks that link to business resources.

The creator of PGP doesn't use PGP, spurring discussion

The creator of PGP doesn't use PGP, spurring discussion

The creator of PGP, Phil Zimmermann, said he doesn't use PGP because it isn't compatible with his MacBook, and the security community began talking about what this means for broader encryption efforts.

Fortinet addresses four vulnerabilities in FortiClient

Fortinet addresses four vulnerabilities in FortiClient

Fortinet has released a firmware update for its endpoint security solution FortiClient in order to address four vulnerabilities reported by Core Security.

Updates to Windows 7 and 8 compile more data

Updates to Windows 7 and 8 compile more data

Four new updates to Windows 7 and 8 allow Microsoft to collect a variety of usage information.

Belkin Wi-Fi routers at risk from multiple vulnerabilities

Belkin Wi-Fi routers at risk from multiple vulnerabilities

Flaws have not been patched and there are no workarounds for many of them, says US CERT.

Share your contact details with us - and 100s of our customers - says WH Smith

Share your contact details with us - and 100s of our customers - says WH Smith

WH Smith has had to apologise for leaking personal information about its customers to hundreds of other customers in a contact form malfunction.

Aged RC4 cipher to be shunned by security conscious browsers

Aged RC4 cipher to be shunned by security conscious browsers

In an apparent coordinated announcement, Google, Mozilla and Microsoft announced that they would stop using the RC4 stream cipher in their respective browsers.

IBM: CoreBot malware - simple but dangerous info stealer

IBM: CoreBot malware - simple but dangerous info stealer

IBM's X-Force research team has uncovered a new piece of data-swiping malware whose modular design allows it to be quickly altered and made even more dangerous.

Cyberarmies rising?

Cyberarmies rising?

When does cyberespionage cross the line into cyberwar? Adam Segal at the Council on Foreign Relations has answers.

EFF says warrants for phone location data should be mandatory

EFF says warrants for phone location data should be mandatory

The Electronic Frontier Foundation filed an amicus brief with the Supreme Court of the United States over the need for police to obtain a search warrant before receiving Americans' cell phone location data.

Six teens accused of cyber-attacks using DDoS tool

Six teens accused of cyber-attacks using DDoS tool

Six arrested teenagers from around the UK have been released on bail after suspicions of using Lizard Squad's cyber-attack tool to target websites and services.

Barclays first bank to accept bitcoin

Barclays first bank to accept bitcoin

After conducting London-based tests on bitcoin, Barclays will let people begin to make charitable contributions using the virtual currency.

Shifu Trojan now striking 14 Japanese banks: IBM

Shifu Trojan now striking 14 Japanese banks: IBM

IBM Security X-Force has identified a new advanced banking Trojan that is attacking 14 Japanese banks and other institutions, but possibly preparing to expand its reach.

McAfee Labs quarterly report reviews five-year threat retrospective

McAfee Labs quarterly report reviews five-year threat retrospective

The report provides a recollection of threats from the last five years, GPU malware assessment and techniques for withdrawing data from corporate networks.

FBI says business email compromise scams cost U.S. victims $750M

FBI says business email compromise scams cost U.S. victims $750M

The FBI reported that BEC scams have cost U.S. victims nearly $750 million and have impacted more than 7,000 people.

Briefs: Company news, September 2015

Personnel announcements, M&A activity and other happenings in the security marketplace.

News briefs, September 2015

Breaking security news including Hacking Team, Uconnect, malware and more.

KPMG survey: 4 out of 5 health execs say company data has been compromised

KPMG survey: 4 out of 5 health execs say company data has been compromised

A KPMG Health Care and Cyber Security report found that four-fifths of execs said their data has been compromised in cyber attacks.

Linux Foundation publishes best practices for secure workstations

Linux Foundation publishes best practices for secure workstations

The Linux Foundation (LF) gave internet users a peek into its employees' security practices in a Github post this past week that details their various techniques for maintaining secure workstations.

iOS malware targets jailbroken devices, compromises 225K Apple accounts

iOS malware targets jailbroken devices, compromises 225K Apple accounts

KeyRaider malware is stealing valid Apple accounts, and the compromised credentials are being actively abused as part of another seemingly related threat.

Russia moves to block Wikipedia, HTTPs stands in the way

Russia moves to block Wikipedia, HTTPs stands in the way

Internet service providers in Russia were ordered to block access to Wikipedia but efforts have been thwarted by HTTPs.

Hacking number one consumer fear, others not worried: Kaspersky Labs

Hacking number one consumer fear, others not worried: Kaspersky Labs

A Kaspersky Labs study found some consumers are tremendously worried about hacking and malware, while almost half are not concerned at all and others simply believe they are not of interest to cybercriminals.

Adobe Flash steadily heading toward demise

Adobe Flash steadily heading toward demise

Both Amazon and Google took steps to downplay or completely rid its company's entities of Flash ads.

Scanner identifies thousands of malicious Android apps on Google Play, other markets

Scanner identifies thousands of malicious Android apps on Google Play, other markets

A team of researchers created an app vetting scanner referred to as "MassVet," and used it to identify 127,429 malicious apps on 33 Android markets.

ISIS hacking leader killed by drone strike

ISIS hacking leader killed by drone strike

The alleged leader of ISIS' CyberCaliphate hacking group, Junaid Hussain, is believed to have been killed in a recent drone air strike.

Ashley Madison's Noel Biderman ousted as CEO

Ashley Madison's Noel Biderman ousted as CEO

ALM CEO Noel Biderman may be the latest victim of the massive AshleyMadison.com hack with the company announcing his immediate resignation today.

Dark website Agora closes over Tor vulnerability suspicions

Dark website Agora closes over Tor vulnerability suspicions

Agora, one of the largest online black market sites, halted operations after concerns arose of vulnerabilities in Tor's hidden service.

Audit report finds sensitive data at risk for at least 73 Callif. agencies

Audit report finds sensitive data at risk for at least 73 Callif. agencies

Sensitive data of California residents including, social security numbers, health records, and income tax information vulnerable

License plate reader helps spot Virginia killer, but privacy issues remain

License plate reader helps spot Virginia killer, but privacy issues remain

Virginia killer Vester Lee Flanagan II, a.k.a., Bryce Williams was tracked down Wednesday with the help of a license plate reader Wednesday, but larger issues surrounding security and individual freedom still worry privacy advocates.

Researchers uncover possible Iranian-backed phishing scam

Researchers uncover possible Iranian-backed phishing scam

Canadian researchers at Citizen Lab released a report today describing a phishing campaign being conducted against Iranian dissidents and how utilizing a two-factor authentication (2FA) tool helped foil most of the attacks.

After online report, Twitter user denies involvement in Ashley Madison hack

After online report, Twitter user denies involvement in Ashley Madison hack

After independent journalist Brian Krebs reported that a Twitter user may be connected to the Ashley Madison hack, the user has denied involvement.

Apple fixes bad case of Ins0mnia in iOS 8.4.1

Apple fixes bad case of Ins0mnia in iOS 8.4.1

iOS 8.4 could have a hard time making apps go to sleep, according to security researchers at FireEye.

Pastor set free on bail following charge in global hacking ploy

Pastor set free on bail following charge in global hacking ploy

A pastor and former Morgan Stanley VP charged by federal prosecutors as "the linchpin of a sprawling financial and hacking conspiracy" is free on $2 million bail.

Report: Phishing costs average organization $3.7 million per year

Report: Phishing costs average organization $3.7 million per year

The extrapolated total annual cost of phishing for the average organization is more than $3.7 million, but $1.8 million could be saved with the right training.

5th Circuit: Online bullying prevented fair trial for NOPD officers post-Katrina

5th Circuit: Online bullying prevented fair trial for NOPD officers post-Katrina

Five police officers accused of shooting unarmed civilians post-Katrina say they did not get a fair trial in part because "adverse online comments" by prosecutors created an "air of bullying," an appeals court ruled.

Ambassador to Japan Caroline Kennedy used personal email for State Dept. work, report finds

Ambassador to Japan Caroline Kennedy used personal email for State Dept. work, report finds

The Office of the Inspector General investigated and found that staffers at the U.S. embassy in Tokyo used their personal emails for professional matters.

License plate reader data could be potential hacking target

License plate reader data could be potential hacking target

The Oakland Police Department said it will now only hold data gathered with its automatic license plate reader (ALPR) devices for six months, which could prove beneficial to the privacy of the vehicle owners who came across the device's path.

Sundown exploit kit first to use IE flaw in attack on Japan

Sundown exploit kit first to use IE flaw in attack on Japan

Symantec has found that the Sundown exploit kit (EK) has begun to take advantage of a recent IE vulnerability, CVE-2015-2444

SEC will not fine Target in aftermath of 2013 breach

SEC will not fine Target in aftermath of 2013 breach

The Securities and Exchange Commission will not penalize Target Corp. for a cyberattack two years ago in which credit card and other personal information of millions of customers was exposed.

Global think tank calls for global digital privacy

Global think tank calls for global digital privacy

The Diplomatic Council is calling for more transparency regarding government surveillance across the world.

Zero-Day, Angler kit exploits help drive up malvertising by 325%

Zero-Day, Angler kit exploits help drive up malvertising by 325%

Cyphort Labs's latest study on malvertising indicates a massive uptick with this form of attack has taken place over the last few years driven, in part, by the proliferation of zero-day and Angler kit exploits.

Thomson data breach exposes hundreds of customer details

Thomson data breach exposes hundreds of customer details

Data breach by holiday company, Thomson, reveals the personal details of nearly 500 customers.

OIG investigates VA's use of unapproved social network

OIG investigates VA's use of unapproved social network

The Office of Inspector General investigated the Department of Veteran Affairs' use of Yammer, a supposedly private and closed social network. Their findings indicate serious security lapses and lack of judgment on users' parts.

Judge grants father in custody case access to ex-wife's Facebook profile

Judge grants father in custody case access to ex-wife's Facebook profile

In a first of its kind ruling in New York state, a Westchester Supreme Court justice said a man can use information from his ex-wife's Facebook page as evidence in a child custody battle.

App on Google Play store exploited critical 'Certifi-gate' Android vulnerability

App on Google Play store exploited critical 'Certifi-gate' Android vulnerability

The Recordable Activator app was available in the Google Play store and was observed exploiting the Certifi-gate vulnerability.

Symantec now protecting one billion IoT devices

Symantec now protecting one billion IoT devices

Symantec reported today that its security software is now protecting more than 1 billion Internet of Things (IoT) devices and as this number expands so will security risks associated with these products.

John McAfee points to lone woman as Ashley Madison attacker while company offers reward

John McAfee points to lone woman as Ashley Madison attacker while company offers reward

Online rumblings began pointing to a lone female as the perpetrator of the Ashley Madison data breach while class-action lawsuits were filed and reward offered.

IBM: Corporations could be the next target for ransomware attacks

IBM: Corporations could be the next target for ransomware attacks

The growing threat posed by ransomware and the possibility that cybercriminals will graduate from extorting end users to large corporations topped the worry list of IBM's X-Force threat team in its Q3 threat intelligence report.

Class action complaint filed against IRS over data breach

Class action complaint filed against IRS over data breach

McCuneWright, LLP, along with other firms, filed a class action complaint against the IRS on Thursday in the U.S. District Court for the District of Columbia.

Response to cyberespionage debated at Atlantic Council

Response to cyberespionage debated at Atlantic Council

Following a number of recent headline-grabbing breaches, a panel of foreign relations experts convened at the Atlantic Council to discuss retaliation against hackers.

Strewth! Aussie telco Telstra pushes malvertising

Strewth! Aussie telco Telstra pushes malvertising

The 'media content' home page of Australia's largest telecommunications company Telstra has been infected with 'malvertising' which links a malicious exploit kit.

Spotify updates to privacy policy leave users furious

Spotify updates to privacy policy leave users furious

The latest privacy policy update from Spotify has left worldwide users outraged.

Popular Android browsers open to hackers

Dolphin and Mercury Android browsers can be hacked to execute code remotely.

Royal Saudi Airforce website hit by Iranian pro-Yemen-rebel group

The Royal Saudi Airforce is the latest victim of hacktivists after military intervention in Yemen.

WordPress sites redirect to Neutrino EK, CryptoWall pushed via Flash exploit

WordPress sites redirect to Neutrino EK, CryptoWall pushed via Flash exploit

Zscaler has been seeing attackers targeting WordPress sites running version 4.2 and lower.

Facebook updates ThreatExchange info, says gov't agencies not welcome

Facebook updates ThreatExchange info, says gov't agencies not welcome

Facebook is looking to expand its ThreatExchange while also keeping government participation at a non-existent level.

Study: Federal employees risk security to use personal mobile devices

Study: Federal employees risk security to use personal mobile devices

Sensitive government data may be at risk due to agencies failing to implement bring your own device policies.

DDoS attacks enter new frontier with Portmapper

DDoS attacks enter new frontier with Portmapper

Level 3 has pegged the Portmapper attack vector as the future of amplification DDoS attacks and is warning IT security professionals to start preparing now.

Former State Department employee charged in sextortion

Former State Department employee charged in sextortion

A former London-based State Department worker has been indicted by a federal grand jury in connection with an online hacking and sextortion scheme.

Sandbox violation in Apple's iOS affects MDM users, could enable breaches

Sandbox violation in Apple's iOS affects MDM users, could enable breaches

The vulnerability, which is being referred to by Appthority as Quicksand, was patched by Apple in iOS 8.4.1.

Unpatched 0-day threatens Apple Mac users

Unpatched 0-day threatens Apple Mac users

OS X flaw is exposed by teenage Italian security researcher without warning Apple - reigniting the debate about 'irresponsible' bug disclosure.

Outsourcing IT security continues to grow, study finds

Outsourcing IT security continues to grow, study finds

Spending on the outsourcing of IT functions is rising, according to a new report from Computer Economics.

Texas man arrested for alleged sextortion scheme

Texas man arrested for alleged sextortion scheme

Michael Martinez, 26, allegedly solicited three females, including a minor, for sexually explicit photos and then extorted them.

Microsoft patches critical remote code execution bug in Internet Explorer

Microsoft patches critical remote code execution bug in Internet Explorer

A patch released Tuesday addresses a critical memory corruption vulnerability that can be exploited by an attacker to enable remote code execution.

DARPA seeks to develop program that drastically improves DDoS defense

DARPA seeks to develop program that drastically improves DDoS defense

DARPA has started accepting applications to develop a stronger defense against DDoS attacks.

Hackers post Ashley Madison's customer details online

Hackers post Ashley Madison's customer details online

A hacker group posted 9.7 gigabytes of data in apparent retaliation for the site allegedly claiming to delete customer details for a fee, but then not doing so.

Quantity and strength of DDoS attacks increased in Q2 2015, report shows

Quantity and strength of DDoS attacks increased in Q2 2015, report shows

Researchers at Akamai reported an increase in the quantity and strengths of DDoS style attacks in Q2 of 2015 compared to last year.

Cyber threats could put lives at risk, Q2 2015 report explores

Cyber threats could put lives at risk, Q2 2015 report explores

Trend Micro's second quarter threat report hit on several security issues, including threats that pose an actual physical threat to the public.

Expanding IRS breach drags passwords into broader discussion

Expanding IRS breach drags passwords into broader discussion

While the IRS continues investigating its May data breach, the accessing of sensitive information brings up the idea of two-factor authentication and passwords.

Widespread Android vulnerability enables code execution with full privileges

Widespread Android vulnerability enables code execution with full privileges

Google has addressed the bug, CVE-2015-3842, which can be exploited via a malicious app that does not require any permissions.

Partnership between NSA and telecoms pose both security and privacy risk, experts say

Partnership between NSA and telecoms pose both security and privacy risk, experts say

Leaked Edward Snowden documents reveal that up until at least 2013, the U.S. government held intimate ties with AT&T and to a lesser extent Verizon.

GM says OnStar app flaw fixed, researcher says still exploitable

GM says OnStar app flaw fixed, researcher says still exploitable

GM's OnStar RemoteLink mobile application contains a vulnerability that can enable an attacker to identify, start a vehicle and more.

University of Virginia announces breach, says attack came from China

University of Virginia announces breach, says attack came from China

Portions of University of Virginia's information technology systems have been accessed, but no personal information appears to have been affected.

Phishing scams, malicious attachments top, threat report reveals

Phishing scams, malicious attachments top, threat report reveals

Hackers went old school during the first half of 2015, resurrecting the use of malicious email attachments and also began targeting businesses with a new stream of phishing attacks, according to Proofpoint's first half threat report.

Kaspersky Lab denies allegations it induced false positive AV detections

Kaspersky Lab denies allegations it induced false positive AV detections

A Reuters article claimed the Russian cybersecurity firm intentionally poisoned good files to throw off competitors' antivirus detection.

Hacked, shuttered online photo print centers could prove costly to consumers, retailers

Hacked, shuttered online photo print centers could prove costly to consumers, retailers

As six major retailers spanning the U.S., Canada and the U.K. enter the second month of having their online photo print operations shuttered by hackers, industry analysts say the damage to consumers and the retailers could be significant in both data and dollars.

Vulnerability identified in Google Admin app, remains unpatched

Vulnerability identified in Google Admin app, remains unpatched

The vulnerability was identified by security researchers with MWR Labs, and it impacts Google Admin version 2014101605 and lower.

Black Hat 2015 attendees concerned about endpoint risks

Black Hat 2015 attendees concerned about endpoint risks

Security professionals are most concerned about the endpoint, citing it as the greatest source of risk in a Bromium survey of more than 100 pros who attended Black Hat USA 2015 in Las Vegas last week.

Hillary Clinton's private email server turned over to the FBI

Hillary Clinton's private email server turned over to the FBI

Former Secretary of State Hillary Clinton's private email server was handed to the FBI after investigators found it contained messages that were later classified top secret.

Apple's iOS 8.4.1 update addresses dozens of security issues

Apple's iOS 8.4.1 update addresses dozens of security issues

Apple's update to iOS and iTunes included dozens of security patches along with fixes for the iCloud Music Library and Apple Music.

SC Magazine honored with five regional Azbee Awards

SC Magazine honored with five regional Azbee Awards

SC Magazine picked up five Azbee Awards for editorial excellence, design and online presence at a gala event on Aug. 12 in New York.

Windows 10 shares user data with Microsoft, even after disabling settings

Windows 10 shares user data with Microsoft, even after disabling settings

Microsoft's Windows 10 allows for certain data-sharing settings to be disabled, but in some cases, turning them off does nothing to stop the sharing.

Salesforce subdomain affected by reflected XSS vulnerability

Salesforce subdomain affected by reflected XSS vulnerability

The cross-site scripting vulnerability has been addressed, but it could have been exploited by an attacker to distribute malware and carry out phishing attacks.

Asprox botnet mostly disappeared in 2015

Asprox botnet mostly disappeared in 2015

Researchers say that campaigns leveraging the Asprox botnet have disappeared after reaching a peak last year.

Cisco warns IOS device customers on attack 'evolution'

Cisco warns IOS device customers on attack 'evolution'

Attackers have been observed substituting Cisco's IOS bootstrap with a malicious ROMMON image after first accessing the company's IOS devices.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US