Bromium researchers observed that malicious advertisements impacted news and entertainment websites more than 50 percent of the time in the first half of 2015.
UConn has repaired a vulnerability exploited by hackers to gain access to servers in its School of Engineering and, while the university found no evidence of data theft, it has notified users whose information may have been compromised.
Remote Access Trojans (RATs) proliferate through YouTube tutorials and hacker forums, a new report from Digital Citizens Alliance suggested.
Tor Project and Library Freedom Project aim to help library patrons and staff protect their right to digital free expression by creating Tor exit nodes in libraries.
In the first half of 2015, Cisco found that increasingly innovative threat actors are becoming faster at attacking, quicker at adapting, and better at evading detection.
Between BYOD and Microsoft's Wi-Fi Sense, soon there won't be such a thing as a private Wi-Fi network anymore.
Hackers could take advantage of a newly discovered flaw in the Bind DNS server software to disrupt the internet; a single packet could leave the internet in a bind, warn experts.
Details are emerging of the takedown of a Darknet site specialising in the distribution of child sexual abuse materials.
The NYU Polytechnic School of Engineering hosted a cybersecurity conference to help foster interest in the field among young women and teens.
Potao was first being used against targets in Russia, but after a lull in activity, malware activity increased against targets in Ukraine.
GM's OnStar RemoteLink mobile application contains a vulnerability that can enable an attacker to identify, start a vehicle and more.
French broadcaster TV5Monde is still without Internet and other key IT functions three months after a nation-state hacker took control of its TV channels and hijacked social media accounts. Meanwhile, the data breach costs are mounting up.
Google Cloud allows users to bring-their-own-keys to lock their data.
United Airlines reportedly experienced a breach by a Chinese hacker group believed to be behind breaches at OPM and Anthem.
Cybersecurity firm FireEye released a new report on APT29's complex malware HAMMERTOSS.
Trend Micro has identified a new Android denial-of-service bug that can be exploited to make devices unresponsive and practically unusable.
Windows 10 launched today, but there were immediately security questions raised within the industry about some aspects and features on the new operating system.
Google Drive-inspired new phishing campaign discovered by Elastica Cloud Threat Labs.
Researcher Sijmen Ruwhof uncovered several critical security vulnerabilities in PHP File Manager that leave user data unprotected.
A new poll indicates that Americans want the government to retaliate for cyberattacks that compromise sensitive data.
Symantec said it believes a threat group known as Black Vine is responsible for the Anthem breach, as well as a number of other attacks.
A zero-day flaw in Apple's online AppStore and iTunes store reportedly allows attackers to hijack users' purchasing sessions, buy and download any app or movie they want, then charge it to the original user.
Israeli researchers detailed a new attack that can steal data from air-gapped computers, which are often seen as relatively safe.
Successfully exploiting the vulnerabilities could allow an attacker to spy on users, or even completely take over the device.
A federal appeals court ruled there is no expectation of privacy for "butt dials" that a caller doesn't' take reasonable steps to prevent.
HP's Zero Day Initiative (ZDI) disclosed four unpatched zero-day vulnerabilities in Internet Explorer Mobile that enable web-based attacks.
According to the latest findings by Arbor Networks, 20.8 percent of DDoS attacks were greater than 1 Gbps in Q2 of this year.
A Google survey among security experts and "non-experts" found that both groups operate very differently when trying to keep themselves and their devices safe online.
A pair of researchers discovered an exploit in Uconnect-enabled Fiat Chrysler vehicles that allows an attacker to take control of the vehicle.
Some strains of Bartalex malware have recently been seen dropping Pony loader malware and the Dyre banking Trojan.
All ten smartwatches tested by HP Fortify reported significant security vulnerabilities, along with their Android and iOS cloud and mobile application components, according to a new report.
Hacking Team's spokesman said the company broke no laws when selling its technology, and a researcher points out that the company used his open source tool to create part of its surveillance software.
After a pair of breaches rocked OPM and a vulnerability was discovered in the agency's e-QIP system; now user access is slowly being re-enabled.
Like Google before it, Microsoft will make it easier for victims to report images posted without their permission and will take steps to remove them globally.
The XSS vulnerability can be exploited to compromise an affected website, but certain conditions must first be met.
Japan will train approximately 50,000 people in the public and private sectors on cyber-security ahead of the 2020 Summer Olympics in Tokyo, according to local reports.
Israeli and American federal authorities coordinated to arrest four men who allegedly had an integral part in the cyber attacks on JPMorgan Chase and other financial institutions.
The threat is detected by Avast as Clicker-AR, and by requesting a certain permission it can redirect Android users to porn sites via their browser or other apps.
More than 50 percent of respondents indicated that sophisticated attacks targeted directly at the organization is their greatest concern.
The call for comments on the Wassenaar Arrangement closed on Monday after multiple heavy hitting tech experts and companies filed their thoughts.
Vulnerabilities and other threats exposed in the Hacking Team leaks has spurred Rook Security and Facebook to each release free security tools.
VFS Global closes visa application portal following SC Magazine investigation. Editable Schengen visa application forms accessed FOUR DAYS after operating company VFS Global said a vulnerability had been fixed.
A survey from Intel Security found that many information security professionals are overconfident in their systems' ability to thwart an attack.
As of Monday, photo center websites were down for CVS, Walmart Canada, Rite Aid, Costco, Sam's Club and Tesco.
Online cheating site Ashley Madison has been hacked by a group calling itself 'The Impact Team', with 37 million customers' details potentially exposed.
Windows XP infections are set to skyrocket as Microsoft finally ends support for its anti-malware and malicious software removal tool.
After a FireEye intern was found selling his own custom RAT on a dark web forum, industry experts reemphasize the importance of understanding cybercrime and how to hire the right people.
Researchers with Trend Micro observed the malware threat being distributed predominately in the U.S. and Canada.
Mathy Vanhoef and Frank Piessens indicated that their technique is so effective that users may want to consider not using the RC4 encryption algorithm.
The majority of "Right to be forgotten" requests in Europe come from ordinary citizens, as opposed to criminals, celebrities and politicians, new data demonstrates.
The government has argued that it can continue to collect data during the 180-day transition period to the USA Freedom Act.
Mainly known for its targeting of gaming files, TeslaCrypt continues to re-up its techniques to make it a debilitating threat.
According to the FBI, the crackdown led to U.S. indictments against 12 individuals, including Darkode's alleged administrator.
The update includes 25 security fixes for Oracle Java SE, and seven of the bugs received a CVSS Base Score score of 10.0.
Cyber-espionage group 'Pawn Storm' has been exploiting an unusual Java zero-day vulnerability to carry out drive-by-download attacks on a NATO country and US defence company, according to Trend Micro.
This month, Microsoft released four critical patches and 10 bulletins ranked "important."
Cloudflare issued its newest transparency report on Tuesday, which covers the first half of 2015.
The Flash Player updates are for Windows, Macintosh and Linux and address two critical bugs that were identified in the Hacking Team leaks.
Although the number of data breach victims is now qualified, the true effects of the breaches might continue for years to come.
Despite reports that iOS devices must be jailbroken before compromise, researchers found other ways to install the spyware.
Mandarin Oriental properties in New York, San Francisco, Hong Kong and more were all affected beginning on June 18, 2014.
Both Adobe Flash Player vulnerabilities are being reported by security researchers as zero-day bugs that came out of the recent Hacking Team leaks.
Arizona's broad revenge porn law would have put artistic and news photographers, booksellers, publishers, librarians and others at risk.
A pair of security firms observed an uptick in Dyre infections with new variants exploiting a vulnerability already patched by Microsoft.
Cowboy Adventure is a working game with between 500,000 and 1,000,000 downloads, but it is also malware that has been observed stealing Facebook credentials.
The National Telecommunications and Information Administration (NTIA) announced on Thursday plans to launch its first cybersecurity "multistakeholder process" with a focus on vulnerability disclosure.
In a New York federal court, Vladimir Tsastsin admitted his role in the years-long click-fraud operation.
Many information security pros said threats discovered were shared strictly within the organization, but 81 percent wanted more public-to-private sector sharing.
The technique involves several PDF files being generated and filled with searchable keywords.
Hacking Team's internal communications and company secrets went on public display earlier this week after a hacker compromised its systems. The company and the InfoSec community are still grappling with the breach's full extent.
NYSE began rolling out a software release, causing communication issues between customer gateways and trading units.
A study by Lloyd's of London and the Centre for Risk Studies at Cambridge University predicted severe losses in a catastrophic attack on the power grid and a separate poll found that voters were worried as well about those attacks.
"Operation Kofer," as Cybereason refers to the group, targets European companies with a ransomware campaign that avoids detection through APT group techniques.
The group, Morpho, continues its corporate espionage activities, and has been linked to the 2013 attacks on Apple, Microsoft, Facebook and Twitter.
Adobe has patched a Flash Player zero-day vulnerability, CVE-2015-5119, identified in the recent Hacking Team leak.
Reports indicated that trading in New York came to a half a little after 11:30 a.m.
The malicious third-party Android app conducts click fraud, premium rate SMS fraud and downloads additional malicious APKs.
Mozilla released Firefox 39 on Thursday, and some of the vulnerabilities that were addressed are deemed critical.
Following the Hacking Team breach, Trend Micro discovered three exploits: two that target Flash Player and another that targets Windows kernel.
Security firm Veracode released its "State of Software Security" report, breaking down trends by industry verticals.
An unknown number of hackers accessed, downloaded and posted at least 400 GB-worth of documents from Hacking Team, a company often seen as aiding in human rights violations.
ERPScan has identified 549 Oracle PeopleSoft systems that are accessible via the internet, and observed that 231 of those systems are vulnerable to a critical attack.
FireKeepers Casino Hotel announced that tens of thousands of payment cards may have been compromised, as well as personal information such as Social Security numbers.
Users of the video-sharing site Plex have been left vulnerable to an attack after the company revealed that members' passwords had been compromised.
The Louisiana man, Brian Johnson, was arrested Wednesday following his federal grand jury indictment last week.
On June 19, an intrusion was discovered on the Faculty of Arts and Sciences and Central Administration information technology networks.
According to an Akamai threat advisory, attackers leveraged an outdated routing protocol RIPv1 for their malicious aims.
Mobile malware jumped 6.4 percent from Q4 2015 to Q1 2015 with half of the malware being financially motivated, a G DATA study showed.
In both the OS X and iOS updates, Apple addressed CVE-2015-4000 in coreTLS, also known as Logjam.
The Federal Trade Commission banned app developers Equiliv Investments and Ryan Ramminger from creating and distributing malware after their "Prized" app commandeered consumer devices to mine digital currency.
OPM shut down one of its background investigation systems after it discovered a vulnerability, on that same day, the country's largest federal employees union filed a lawsuit against the agency.
In the survey, 50 percent of respondents said they are very concerned about the security of customer data in the public cloud.
Speaking at a Federal Reserve Bank of Kansas City conference, Jerome Powell called EMV card deployment a step forward but questioned the security of cards that use signatures, not PINs, for authentication.
ESET analysts believe the sophisticated backdoor is the work of French speaking developers.
A vulnerability found in OPM's e-QIP background check system has prompted the agency to shut it down until enhanced security measures are in place.
Yoandy Perez Llanes is charged with using information acquired in the 2014 UPMC breach to defraud the IRS and the U.S. Treasury.
The twins, Muneeb and Sohaib Akhter, face a maximum 50- and 30-year prison sentence, respectively.
Heimdal Security outlined a recent Dridex-spreading spam campaign that tries to trick users into opening a malicious macros-enabled document.
Although often considered relatively innocuous, click-fraud malware infections could be the start of serious enterprise security issues.
In the U.S., 51 percent of Facebook tech staff are white, while Black and Hispanic employees respectively account for 1 and 3 percent of tech staff.
Sign up to our newsletters
SC Magazine Articles
- 'GSMem' malware designed to infiltrate air-gapped computers, steal data
- United reportedly hacked by same group that breached Anthem, OPM
- Security concerns raised at Windows 10 roll-out
- Does Windows 10 Wi-Fi Sense spell end of private wireless networks?
- TV5Monde in chaos as data breach costs roll into the millions
- Oracle PeopleSoft attack could enable big data breaches
- Zero-day in Fiat Chrysler feature allows remote control of vehicles
- Cyber attack on U.S. power grid could rack up $1 trillion in losses, study says
- All smartwatches are vulnerable to attack, finds study
- 'GSMem' malware designed to infiltrate air-gapped computers, steal data
- Report: News, entertainment websites serve majority of malvertisements
- UConn School of Engineering cyberintrusion originated in China
- Report delves into RAT videos on YouTube
- Tor Project, Library Freedom Project to establish Tor exit nodes in libraries
- PagerDuty requires password change for all customers following breach