Although said to be patched, researcher Eloi Vanderbeken discovered during the Easter holiday that backdoors existing in certain wireless routers can be reactivated.
Among the addressed vulnerabilities, was a bug affecting WindowServer, which could allow an attacker to execute malicious code outside the sandbox.
The National Institute of Standards and Technology is looking to remove the flawed Dual_EC_DRBG algorithm from its guidelines.
While China continued to lead cyber espionage activity against organizations, Eastern Europe accounted for more than 20 percent of related incidents, according to an annual data breach report.
A motion filed in Maricopa County Court says that by delaying notification and lying about last April's breach, MCCCD put victims' PII at risk.
In the "CyberRx" exercise, many organizations expressed concerns about communicating threat information to integral team members outside IT.
An update to the P2P Zeus banking trojan results in the installation of a rootkit driver that makes deleting the malware even tougher.
A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.
The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.
A Windows trojan delivered via drive-by download is injecting malicious content into Facebook and ultimately fooling users into downloading Android malware that can allow for the capturing of SMS messages.
According to the U.S. Government Accountability Office (GAO), SEC, among other lapses, failed to adequately oversee a contractor, which migrated its financial system to a new data center.
An investigation dating back to January has finally confirmed that malware on point-of-sale systems may have compromised payment card data for millions of Michaels Stores and Aaron Brothers customers.
A federal appeals court backed an earlier ruling penalizing the email service.
The Royal Canadian Mounted Police arrested a 19-year-old man in Ontario who they believe exploited the Heartbleed bug to steal information from a federal agency.
Critical security issues that leave satellite communications vulnerable to being intercepted, manipulated or blocked were detailed in a white paper.
Long lag times between detection and resolution and reliance on traditional methods impair an organization's ability to combat SQL injection attacks.
A fingerprint spoof created in September 2013 to bypass the Touch ID on the iPhone 5s was used to bypass the fingerprint scanner on the Samsung Galaxy S5, which was released on Friday.
Oracle's Critical Patch Update (CPU) plugged 37 holes in the popular Java browser plug-in.
Defense Secretary Chuck Hagel recently announced the recruitment efforts during a speech in Fort Meade, Md.
Researchers proved the Heartbleed bug was real in a challenge issued by CloudFlare to prove private keys can be stolen, right around the time companies are claiming they were breached because of the critical flaw.
The permissions issue could allow a malicious app to alter legitimate home screen icons.
After a Bloomberg article reported that unnamed sources indicated that the NSA knew of the major flaw and utilized it for surveillance purposes, the agency denied the claims.
According to a sealed indictment published online, three men face more than a dozen charges for hacking into computer systems and stealing data from the U.S. Army, Microsoft and more.
This week, critical infrastructure operators were notified of potential threats arising from the critical OpenSSL flaw.
Nine individuals are charged in an operation dating back to 2009, which involved infecting computers with the Zeus trojan and using the malware to steal millions.
An incident response firm found that 93 percent of phishing emails were sent out on weekdays, with the most popular day being Wednesday.
Rogue Android apps can steal authentication tokens and risk the accounts of some of the most widely used services, including Google, Facebook and Twitter.
An engineer, who was contracted to work for the University of Maryland, says that his goal was to spur action at the school.
Organizations vulnerable to the SSL/TLS encryption-breaking Heartbleed Bug, a critical vulnerability in widely used versions of the OpenSSL library, are updating quickly.
A survey reveals that employees routinely make security mistakes but 45 percent employees get awareness training in a single, short annual session.
Orbit Open Ad Server was vulnerable to SQL injection attacks, which could result in website visitors' information being stolen via malvertising, a security firm found.
Targeted attacks grew by 91 percent and lasted three times longer, according to a recent threat report.
The court battle began when the FTC filed a 2012 complaint against hotelier Wyndham, accusing it of deceptive and unfair practices against consumers following data breaches.
This month's Patch Tuesday marks the end of support for the dated, but widely used, products.
Internet communications utilizing SSL/TLS encryption may be at risk due to the Heartbleed Bug, a critical vulnerability in widely used versions of the OpenSSL library.
An HHS report, based on audits between 2010 and 2012, noted serious vulnerabilities affecting 10 state Medicaid agencies.
Anti-virus company Comodo has identified a variant of the infamous Zeus trojan that is avoiding detection by using a valid digital signature.
The group being implicated has stolen over 160 million card numbers over the years by hacking organizations, including Heartland Payment Systems, Visa and 7-Eleven.
The breach struck Experian subsidiary, Court Ventures, and compromised the personal and financial data of more than 200 million Americans.
The company also revealed that a zero-day flaw in Word 2010 will be patched next week.
Website security company Incapsula defended a client from a DDoS attack that was carried out using a persistent XSS vulnerability in a highly popular site that hosts video content.
The number of data breaches reported by U.S. government agencies more than doubled in a four-year period, jeopardizing PII, a GAO official tells Senate committee.
Symantec and a company it contracted, Digital River, are accused of misleading consumers who paid for antivirus download insurance.
More than 24 million home routers have open DNS proxies that enable DNS-based DDoS attacks, and 5.3 million of the devices were used to generate attack traffic in February, according to Nominum.
Google continues to fight a court ruling that its interception of Wi-Fi traffic, using Street View, may have been unlawful.
Cryptocurrency mining malware has been discovered on DVRs that record footage taken by surveillance cameras.
The men, who are New York and Massachusetts residents, led "cash out" operations for an international scheme.
Researchers have uncovered an NSA tool, known as "Extended Random," that enables the government agency to more quickly crack a flawed community-developed encryption algorithm.
Nearly 40 percent of IT decision-makers don't believe they have the ability to detect AETs, which fly under the radar of most firewalls.
Coinbase responded to a researcher's claims that the San Francisco-based Bitcoin exchange is vulnerable to information disclosure, user enumeration, and lack of rate limitation for sending money requests.
A plaintiff says she would have viewed her premium LinkedIn subscription as "less valuable" had the company disclosed "lax security practices," before its 2012 password breach.
This month's company news features a new CTO at McAfee, Bit9 merging with Carbon Black, and a partnership between Qualys and AlgoSec.
This month's news briefs includ revelations at the RSA Conference 2014 in San Francisco, new malware, zero-day fixes and more security news.
A researcher at Black Hat Asia highlighted security issues affecting Tesla Model S cars.
Researchers have discovered a new attack, known as Cross-Device Scripting, that can allow an attacker to compromise most smartphones by injecting malicious code through HTML5-based apps.
The companies were accused of failing to securely transmit credit card data, Social Security numbers, and other sensitive data collected by their mobile apps.
Trustmark National Bank has dropped its claims related to the class-action lawsuit filed last week against the retail giant and the security firm.
Using stolen debit card information, the defendants created phony replicas of cards to make fraudulent transactions at various Chicago ATMs.
Researchers with security company ReVuln released a video in which they demonstrated how recent Philips smart TVs are vulnerable to numerous attacks.
Researchers at RSA noted the "battle of the botmasters" taking place.
In a paper released on Wednesday, Swiss researchers suggest the transaction malleability Bitcoin flaw did not ruin Mt. Gox, despite what the Tokyo-based company announced.
Legal experts say the settlement serves as a small win for plaintiffs, and a much bigger one for their attorneys.
A WinRAR vulnerability is being taken advantage of in a malware campaign targeting government and international organizations, as well as Fortune Global 500 companies.
University President Wallace Loh told Senate members that the attackers cloaked their activity by using the Tor network.
Cribit ransomware demands Bitcoin payment to decrypt hostage files, Trend Micro reveals.
A report investigates how static, or hard to change personal data, like SSNs or dates of birth, are impacted by repeated breaches.
PhishLabs researchers have identified a man-in-the-middle attack campaign that involves hackers posing as major organizations, including banks.
Under the right conditions, simply updating any Android device can enable an attacker to escalate app privileges and carry out all sorts of malicious things.
Banks impacted by the Target data breach have banded together to file a class-action against the retail giant, as well as against security firm Trustwave.
Along with the White House's legislative proposal, the House Intelligence Committee also introduces its own bill tackling the NSA surveillance practice.
Researchers at FireEye say firms were targeted with phishing emails mentioning the mysterious flight.
A new multipurpose bot known as Zorenium has recently been updated to work with iOS devices, according to the alleged author.
Criminals are using SMS messages to get cash out of ATMs, according to Symantec.
The zero-day vulnerability is a remote code execution flaw in Word 2010.
Recent Snowden leaks allege that the NSA targeted Chinese telecom firm Huawei for corporate data, including product source code.
Name.com, Facebook and Verizon are among the companies backing the newly-formed Secure Domain Foundation (SDF).
Basecamp has become the latest victim of an extortion-based distributed denial-of-service (DDoS) attack, according to a Monday notification.
Snowden leaks detail the agency's practice of going after the gatekeepers of networks to gather intel.
An updated version of a malicious software package designed to automate the process of hacking websites is being offered up on underground markets for $3,800 a year, according to a blog by Trend Micro.
An email sent out to the social media management platform's users states that the assault began Thursday at 6:45 a.m. PST, making the service temporarily unavailable.
On Thursday, California Attorney General Kamala Harris released the 118-page report on international criminal groups targeting the state.
A study by IDC and the National University of Singapore also found a close link between pirated software and cyber security breaches.
An IntelCrawler report shines some new light on the Syrian Electronic Army, including its attacks, tactics, members and more.
Apple ID accounts, payment card data and other personal information are at risk for victims of a fairly convincing phishing scam being hosted on a compromised EA Games server.
Farid Essebar, also known as Diabl0, previously served prison time for his role in creating the Zotob worm.
A PHP vulnerability originally disclosed in March 2012 - and revised in October 2013 after a hacker found an easier way to take advantage of the exploit - is still impacting users after all these years.
The Darlloz worm installs coin mining software on infected computers running Intel x86 architectures.
After analyzing 200,000 Android apps Marble Security Labs found communication apps pose the greatest risk, while game apps were the least risky.
Researchers with FireEye have identified two phishing campaigns involving a remote administration tool known as WinSpy, that also comes packaged with an Android component known as GimmeRAT.
After compromising Unix and Linux servers, attackers make money by redirecting users to advertisements or exploit pages that serve malware.
Three men on their way to scoring more than $15 million in a cyber crime scheme instead scored formal charges in New Jersey District Court for their alleged roles in the international conspiracy, according to an indictment.
The software and IT services giant published an open letter to its clients on Friday.
Vermont-based Norwich University, a longtime SC Magazine collaborator, ranked second in the 2014 Best Schools for Cybersecurity study by the Ponemon Institute and sponsored by HP Enterprise Security.
A distributed denial-of-service attack carried out against various NATO websites on Sunday was likely a Domain Name Server amplification attack or a Network Time Protocol reflection attack, or a combination of both.
After claiming it saw no evidence that payment card data was taken in a breach, the chain now says fewer than 25,000 records were "illegally accessed."
A security researcher published a white paper on Wednesday that breaks down exactly how the Early Random PRNG, which protects mobile operating systems from kernel exploits, is vulnerable to brute force.
On Friday, the hacktivist group threatened to release the data, including "hundreds of documents" it obtained, in coming days.
Security site Malwarebytes.org first warned users about the threat targeting Windows users.
Mt. Gox bankruptcy documents filed in the U.S. on Sunday refer to a Bitcoin flaw known as transaction malleability, which may have caused the Tokyo-based company to lose half a billion dollars in the virtual currency.