Botnet operators are using a domain-generation algorithm to conceal their command-and-control center. And once they knew security researchers were on to their tricks, they got even slicker.
Security researchers are studying an apparent new strain of Mac malware that turned up on the computer of a participant at the just-concluded Oslo Freedom Forum, an annual human rights conference.
The sentences range from 20 to 32 months, with none of the defendants likely to serve the full time. There has been no formal request to extradite the U.K. men to the United States to face charges here.
Mozilla has updated its Firefox web browser to repair 13 vulnerabilities.
Their crimes include hacking and launching DDoS attacks against high-profile organizations such as the CIA, the U.K.'s Serious Organised Crime Agency, Sony and Nintendo.
Security experts hope information gleaned by this probe into two affected processors could protect others in the financial industry.
Redmond also distributed a cumulative fix for the browser to prevent drive-by download attacks.
The U.S. security and privacy researcher was contacted to lend assistance to the government surveillance project. He declined the offer, and decided to expose the email exchanges he had.
According to Microsoft, the malware is affecting users in Brazil, but could spread elsewhere.
The bill would provide consumers nationwide with similar protections already enforced by a California law.
Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.
Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.
For their role in a brazen heist, eight New York-area individuals are accused of withdrawing around $2 million in one day from hacked prepaid debit card accounts. Globally, the crime ring was responsible for stealing around $45 million.
Name.com said it believed its encryption is sufficient enough to prevent the hackers from using any of the sensitive information that was stolen.
The software giant is trying to put the brakes on a serious flaw that is being leveraged as part of possible espionage campaign against U.S. energy workers.
DHS said the operation would likely culminate in "limited disruptions" and "nuisance-level attacks" against websites of government agencies and U.S. banks. And that appears to be what happened.
The proposal from two Republican and two Democratic senators requires the director of national intelligence to create a "watch list" of nations suspected of cyber spying.
One of the masterminds behind the pernicious SpyEye banking trojan has been extradited to the United States, where he will face charges for computer and wire fraud.
Once exclusively a BlackBerry shop, the U.S. Department of Defense is close to expanding its mobile device usage to Android and Apple iOS platforms as they prove their enterprise security resiliency.
PandaLabs confirms what many of us already assumed to be fact: Malware is growing at never-before-seen levels. But it's got the statistics to back it up.
Originally, researchers believed that the Labor Department site led to malware that took advantage of a known vulnerability. But that is no longer the case, and Microsoft has confirmed a fresh, unpatched vulnerability in IE 8.
Concerns over identity theft affecting senior citizens prompted the hearing.
The software maker seemed to downplay the threat posed by issue, which McAfee is calling a security vulnerability that could be used in APT-style campaigns.
According to reports, the compromised page, for the Site Exposure Matrices (SEM), has been cleaned, but it remains offline.
WhiteHat Security's annual survey of tens of thousands of websites also studied whether certain best practices are helpful in preventing such flaws as information leakage and cross-site scripting.
Sensitive information and encrypted passwords of customers were accessed, according to Reputation.com.
An intruder gained access to the U.S. Army Corps of Engineers' National Inventory of Dams (NID) in January, according to a spokesman for the military command.
This month's company news include a new CTO at Easy Solutions, ForeScout's new CFO, and the new vice president of marketing at Tufin Technologies.
This month's news briefs cover recent headlining bits on the malware that struck South Korean companies, a new law requiring federal agencies to review IT equipment sourced from China, and more.
The trojan carries out a one-time password scam. Researchers who studied the new malware strain, affecting U.K. bank customers, said they are fascinated by the attention to detail the fraudsters applied to the ruse.
That brings the total number of nations found to be housing C&C servers for the spy software, either actively or in the past, at 36.
McAfee said it considers this a security issue because the flaw could be leveraged as part of a malicious attack to gather reconnaissance about a target.
Sven Olaf Kamphuis, a man from the Netherlands with ties to Dutch web host CyberBunker, reportedly has been pegged as the suspect.
On Friday, the popular coupon site announced that hackers breached its servers.
AT&T and CenturyLink were given legal immunity to turn over threat-related data on their networks to the government.
Although attacks on the financial sector get a majority of the headlines, disruptive threats in the retail industry have more than doubled in the last year.
The Travnet botnet uploads Microsoft Office files, PDFs and text files to remote servers run by attackers.
The Anti-Phishing Working Group found that 47 percent of all phishing attacks involve shared web hosting, like one might find on WordPress or Joomla.
Arkin will report to Bryan Lamkin, senior vice president of technology and corporate development, and he will work in partnership with CIO Gerri Martin-Flickinger.
Not only are there new security concerns, but leaders must ensure disparate groups of workers can adequately collaborate.
A panel of CISOs speaking this week in London said businesses will benefit from an environment in which employees are entrusted with their own mobile devices.
Ample criticism has been lobbed toward Twitter after Tuesday's false AP tweet that President Obama was injured in an apparent attack on the White House. But could the microblogging service have prevented this?
Matthew Flannery, who is employed at a Sydney, Australia-based IT firm, faces up to 22 years in prison if convicted of the alleged offenses.
A panel of CISOs at the InfoSecurity Europe conference in London agreed that by communicating with executives in a way that they can comprehend - specifically in terms of risk and business growth - everybody wins.
Phishing attacks may have enabled hackers to hijack the Twitter account of the Associated Press to post a message Tuesday that there had been explosions at the White House and that President Obama was injured.
In addition to the exploit, which leverages a recently patched bug, a researcher has discovered a fresh vulnerability in the newly minted version of Java SE.
Despite the arrests of Gozi ringleaders, the banking trojan still persists and is behind thousands of new infections in the United States.
The landmark annual data breach report analyzed 621 breaches from caseloads across 19 organizations throughout the world.
The average size of distributed denial-of-service (DDoS) attacks have weighed in at 20 percent higher so far this year than they did in 2012, according to statistics released Monday by security firm Arbor Networks.
Attackers wanting to compromise apps in Google's official store leveraged an advertising network to foist their malware to unsuspecting victims.
The American Civil Liberties Union has filed a complaint with the Federal Trade Commission over several major carriers' alleged sluggish patching practices, a concern for enterprises as BYOD pervades the business world.
It's unclear if the attack is related to members' efforts to identify possible suspects in the Boston bombings.
In a bipartisan victory for a measure that would formalize threat intelligence sharing, the U.S. House passed the bill in a 288-to-127 vote, drawing more Democrats than when a version was approved last year. CISPA now moves to the Senate.
Client-side, web-based threats are beginning to overtake malware mainstays such as Conficker, according to a Microsoft report.
A trojan that uses a "magical" authentication code to communicate with its command-and-control server has compromised thousands of organizations around the globe. So far, however, it has remained largely silent.
As expected, the web's unscrupulous element is taking advantage of the attention surrounding the Boston Marathon bombings to spread malware and trick people into donating to fake causes.
An improved notification system will help protect users from running risky applications from untrusted sources.
The Obama administration said it is perturbed by the same reasons it promised a veto last year - privacy protection.
The SEA, believed to be made up of supporters of the repressive regime of Syrian President Bashir Assad, implied in a tweet that NPR should know why it was targeted.
Symantec's annual "Internet Security Threat Report 2013" concentrated on the success attackers are attaining by sabotaging legitimate websites.
The numbers corresponded to cards used by shoppers at 79 of 100 Schnucks Markets locations in the Midwest. The attacks may have persisted as long as four months, from last December through March 29.
More than 90,000 IP addresses were used to crack admin accounts on the blogging platform.
The president recommended that $4.7 billion be allocated to the Pentagon for cyber initiatives in the fiscal year beginning Oct.1. That includes earmarks for offensive missions.
The "PlaneSploit" application was three years in the making, and is able to remotely attack flight management systems, though the program was built to only work on virtual aircraft.
The software giant said applying the update could prevent machines and applications from properly restarting and loading.
The amendments to the threat intelligence sharing bill would have tightened controls around the corporate release of personally identifiable information to three-letter agencies, including the NSA.
Fortinet researchers have tracked 100,000 new ZeroAccess trojan infections per week, making the botnet very lucrative to its owners.
Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.
The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.
Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.
The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.
Several U.S. trade groups also have objected to the provision, part of a recently passed appropriations bill, which bars certain federal agencies from buying IT tech gear produced by Chinese government-related companies.
Plaintiffs' failure to have an expert verify their damages was a "fatal" flaw in the case, according to a federal judge.
The web measurement company is accused of secretly collecting data on millions and then sharing it with clients.
Law enforcement in Russian and Ukraine have dealt a major blow to a prolific banking malware operation.
The state, no stranger to pioneering data security and privacy legislation, is at it again with a proposed measure that would force companies to be transparent about with whom they are sharing customer information.
The software giant expects to distribute eight other fixes to correct vulnerabilities in Windows, Office, Server Software and Security Software.
No matter the industry, organizations are facing a flurry of sophisticated attacks, with the main goal being to hijack intellectual property, according to new findings from security firm FireEye.
The security company is urging customers to upgrade to the latest version of the appliance, which is not susceptible to the vulnerabilities reported Wednesday by researchers at SEC Consult.
New clues turned up by researchers at the University of Toronto show that an Android malware spy campaign appears to be the work of Chinese hackers, possibly with the assistance of the nation's government or a major corporation.
Fraudsters pretending to be from collections companies are seeking to recover non-existent loans. If victims don't pay up, their administrative call centers are hit by telephone denial-of-service attacks. 9-1-1 lines weren't targeted.
Despite being an age-old problem, recent DoS and DDoS attacks are driving huge growth for mitigation solutions.
The rule, part of a general appropriations bill signed by President Obama last week, comes following growing evidence of China's organized cyber espionage operations.
This month's company news features new additions to the dinCloud, Tripwire, and Crocus Technology, as well as Bluebox Security's new research team that will analyze mobile security threats.
This month's news briefs includes recent news on Mandiant uncovering China's cyber espionage efforts, security firm Bit9's breach, and the Obama administrations latest efforts on combating the theft of trade secrets.
In a matter of weeks, an Arizona federal judge is expected to decide whether the FBI illegally caught an accused fraudster.
Of the companies polled in a recent survey, eight in 10 indicated that they experienced web attacks in 2012.
Eric Rosol, 37, of Wisconsin was indicted Tuesday by a grand jury.
According to the legislation, the review process will quell cyber espionage threats from China.
As the debate on the usefulness of anti-virus continues, recent research reveals that a majority of malware is delivered via web browsing, skirting AV along the way.
Spam-fighting nonprofit Spamhaus says the DDoS attacks began more than a week ago.
Owing to outdated browsers, an attack aimed at older Java vulnerabilities can be just as successful for miscreants as targeting new vulnerabilities, according to new research.
A security firm found that more than half of survey respondents were impacted by web application attacks.
The bill draft, which is in a preliminary stage, included harsher penalties for Computer Fraud and Abuse Act violations.
Security researchers have found evidence that, not surprisingly, social engineering tactics were leveraged by the attackers, who set their malware to "go off" three days after reaching victims.
A recently fixed Internet Explorer vulnerability is being leveraged to spy on the activists.
The trojan was recently a topic of discussion on an underground Russian forum, researchers found.
Apple ID and iCloud users will now have the option to use the security feature for purchases or account changes.
Saboteurs are spreading the Yontoo trojan, which infects computers so they display certain advertisements to infected users.
Researchers at Symantec believe a trojan called "Jokra" was used in the attacks. Neighboring North Korea is considered a suspect, but there's no evidence suggesting it is to blame.
