Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Keep me logged in Forgot your password?

Please wait...

Please wait...

Hospital agrees to pay $750,000 over data breach allegations

May 25, 2012

After violating state and federal laws, South Shore Hospital has agreed to pay the price.
 

Researchers uncover causes of MilitarySingles.com hack

May 25, 2012

A common web application vulnerability, poor detection capabilities and a lack of adequate encryption led to the recent hack of a military dating site, which resulted in the exposure of the personal data on 170,000 people.
 

Yahoo rushes to fix Axis browser certificate leak in Chrome

May 24, 2012

Barely a day old, Yahoo's new Axis browser already is facing its first security issue, after source code for its Chrome add-on contained the private key used to sign it.
 

Officials preparing for cyber attacks, scams as Olympics nears

May 24, 2012

With the London Olympics set to kick off in July, U.S. security officials are warning about the event being a target for cyber criminals.
 

Google to help rid PCs of trojan that will prevent web access

May 23, 2012

With a July 9 deadline looming for machines infected with the DNSChanger trojan to still be able to access the internet, Google is lending a helping hand to inform users of compromise.
 

Report finds 1,200 percent boom in Android malware

May 23, 2012

The latest McAfee Threats Report revealed that the amount of Android malware still is soaring.
 

Targeted attacks cost companies an average of $200k

May 22, 2012

A recent survey indicates that successful targeted attacks end up costing companies more than $200,000.
 

Cyber crime ringleader sentenced to five years in prison

May 18, 2012

One of the masterminds behind the infamous "Operation Phish Phry" was sentenced by a district judge to five years in prison for her part in the international ring.
 

Schmidt, White House cyber security coordinator, to retire

May 18, 2012

Howard Schmidt, who began as White House cyber security coordinator in January 2010, announced Thursday that he is retiring and returning to private life. He will be replaced by a White House intelligence chief.
 

Report says cyber security still takes a backseat for major companies

May 18, 2012

A recent study finds that major enterprises have yet to catch on to the importance of cyber security.
 

IT head fired, ombudsman hired in wake of Utah breach

May 16, 2012

An apologetic governor of Utah on Tuesday announced the resignation of the state's executive director of technology services, and the hiring of two others, following a massive breach affecting Medicaid claimants.
 

PCI releases help for retailers using mobile to take sales

May 16, 2012

The body that manages debit and credit card security standards on Wednesday released best practices for retailers wishing to accept payments via mobile devices.
 

Pros of managing security in cloud make it attractive

May 16, 2012

A move to the cloud means spending less on managing security for small to midsize companies, says a new report.
 

Exploits greeting users at foreign policy, human rights sites

May 15, 2012

A host of websites, including the U.S.-based Center for Defense Information, have been compromised with malicious code in order to target and infect visitors.
 

Alleged LulzSec hacker Hammond pleads innocent

May 14, 2012

Accused Stratfor hacker Jeremy Hammond plans to fight the charges filed against him for the devastating breach of the global affairs firm.
 

IC3 annual report shows 3.4 percent rise in fraud loss

May 11, 2012

The Internet Crime Complaint Center's annual report spotlights a growing scam in which unsuspecting individuals are targeted by emails claiming to be from the FBI.
 

SC Congress Canada: Threat intel can mitigate attacks

May 10, 2012

Two of the people who head security at Scotiabank, Canada's third largest bank, cited malware and data leakage as their biggest worries, but said shared threat intelligence data can provide helpful insight.
 

Feds warn of booby-trapped hotel Wi-Fi connections

May 09, 2012

The Internet Crime Complaint Center (IC3) on Tuesday issued a warning to travelers to be on the lookout for malware on their hotel's wireless connection.
 

SC Congress Canada: What scares the living IT out of you?

May 09, 2012

Dan Kaplan, executive editor of SC Magazine, sits with author and vendor Winn Schwartau to discuss what exactly keeps him up at night as a security professional.
 

SC Congress Canada: Policies can combat mobile worries

May 09, 2012

Experts at this year's SC Congress Canada in Toronto discussed the challenges of BYOD and how implementing policies may be the industry's biggest weapon.
 

SC Congress Canada: "Social engineer back" employees

May 09, 2012

Social engineering isn't necessarily a bad thing if security professionals use it to their advantage, according to a speaker at SC Congress Canada.
 

Microsoft hands out more Duqu fixes despite prior patch

May 08, 2012

Just when you thought all of the windows that control system recon trojan Duqu used to propagate had been roped off, the software giant releases a new set of fixes.
 

Major software flaws in iPhones, iPads fixed in update

May 07, 2012

A difficult-to-find vulnerability, disclosed in March at Google's inaugural hacker competition, was among the iOS fixes.
 

Natural gas pipeline companies under siege, DHS arm warns

May 07, 2012

A sustained attack against the nation's natural gas pipelines, apparently orchestrated by the same malicious party, is proving difficult to quell.
 

Flash flaw being used to deliver email based attacks

May 04, 2012

Adobe on Friday issued an emergency patch for a critical bug in its Flash Player software that is being used in targeted malware attacks.
 

Android malware spreads via website-injection campaigns

May 03, 2012

Mobile virus authors have adopted another tactic from their PC-sabotaging counterparts: infecting websites to spread their wares.
 

Chinese firewall maker booted from Microsoft sharing program

May 03, 2012

The leak of details regarding a major Windows bug, which resulted in the removal of DPTech Technologies as a trusted Microsoft partner, calls into question how impervious a vulnerability sharing program can be.
 

Global Payments working to again validate its PCI compliance

May 02, 2012

For the first time, breached processor Global Payments disclosed on Tuesday that a number of card brands have removed the company from their approved list of service providers.
 

Oracle lists workarounds following zero-day disclosure

May 01, 2012

Oracle on Monday urged customers to apply a number of technical measures so organizations can avoid falling victim to a zero-day vulnerability for which proof-of-concept code has been posted.
 

Spam is down, but malware is as hot as ever, Symantec finds

April 30, 2012

Security firm Symantec's latest "Internet Security Threat Report" found that malicious attacks and malware variants are more prevalent than ever, and are being delivered to their victims in mass and targeted ways.
 

CISPA approved in House despite online freedom objections

April 27, 2012

CISPA has passed the U.S. House, despite vocal opposition contending that the proposal would hurt Americans' civil liberties far worse than it would aid organizations in fighting cyber attackers.
 

Researcher confused over handling of Oracle database bug

April 26, 2012

A security researcher who reported a vulnerability in the popular Oracle database product said Thursday that his discovery was never patched and remains wide open to attack.
 

Firefox and Opera unveil new security, privacy features

April 26, 2012

Firefox's update includes a new auto-update capability, while Opera's new release contains functionality to prevent the tracking of online users by websites.
 

Thanks to weak passwords, Conficker worm still rampant

April 25, 2012

Detection numbers continue to rise for the infamous Conficker worm within enterprises, even though there is a patch available and no new variants have appeared in two years.
 

Russian cyber crime market more organized, lucrative

April 24, 2012

Traditional mafia groups are entering the cyber crime scene in Russia, which is leading to more centralization and professionalization -- and bigger profits.
 

Drastic drop of Flashback-ridden Macs appears premature

April 23, 2012

At least two security firms that estimated a significant drop in Mac systems infected with the data-stealing Flashback trojan admit they made erroneous calls.
 

WordPress sites served as launching pad for Flashback

April 19, 2012

Researchers have discovered a correlation between infected WordPress sites and the propagation of the prolific Mac Flashback trojan.
 

Trojan designed to take screenshots of hotel payment apps

April 19, 2012

A new development in the criminal underground is to peddle trojans that steal credit card data from hotels.
 

Bounties keep reported bug count low, but severity high

April 18, 2012

Researchers are focusing on higher-risk vulnerabilities more than ever thanks to an increased interest in selling their finds to legitimate buyers.
 

Securities fraud hacker charged after $1 million heist

April 18, 2012

A Russian national is in custody in Newark, N.J., facing charges of hacking into the web accounts of several brokerages to initiate sham stock trades that allegedly netted $1 million.
 

Roughly 140K Flashback-infected computers remain

April 17, 2012

Symantec analysis of the botnet shows that many computers remain compromised with the trojan, though hundreds of thousands have been cleaned, and the infrastructure contains a Twitter communication apparatus.
 

Third person pleads in New England skimming racket

April 17, 2012

A third defendant accused of participating in an ATM skimming spree that hit banks in Connecticut, Massachusetts and Rhode Island has pleaded guilty.
 

Experts discover Mac OS X malware, "Sabpub," used as APT

April 16, 2012

A new trojan is targeting the same Java vulnerability that the Flashback malware took advantage of last week.
 

Third Apple Java update rids infections and turns off Java

April 13, 2012

Apple has released a third update related to Flashback, but this time, the patch comes with a detection and removal capability for the prolific trojan, and disables Java by default.
 

Oracle to issue quarterly patches next week

April 13, 2012

Oracle next week will release 88 new security vulnerability fixes across hundreds of its products.
 

Court ruling limits reach of U.S. anti-hacking law

April 12, 2012

A U.S. Circuit Court of Appeals ruling has said employees who violate their organization's user policies do not violate the federal Computer Fraud and Abuse Act (CFAA).
 

New Zeus variant targets billing services providers

April 11, 2012

The purveyors of the pernicious Zeus trojan, which traditionally have targeted corporate bank accounts, have found a new cash cow: payroll accounts.
 

Apple says it is working to shut down Flashback infections

April 11, 2012

The company said it is creating software that will detect and remove Flashback, as well as coordinating with global ISPs to dismantle the botnet's infrastructure.
 

Microsoft patches 11 security issues, attacks underway

April 10, 2012

Administrators better hurry to patch at least one vulnerability, in Windows Common Controls, that is being used in limited but targeted exploits.
 

Flashback botnet activity cools over the weekend

April 10, 2012

Security researchers said the number of Flashback-infected Mac computers significantly fell over the weekend, but that doesn't mean the botnet has been crippled.
 

Number of victims in state of Utah breach significantly rises

April 09, 2012

A misconfigured server is to blame for the attack, which impacted roughly 780,000 Medicaid and Children's Health Insurance Plan recipients.
 

Apple releases another update to quell Flashback spread

April 06, 2012

Security experts are backing up one anti-virus vendor's estimate of the massive size of a Mac trojan botnet.
 

Twitter sues five over spamming, providing automated tools

April 06, 2012

Twitter on Thursday filed a lawsuit against five entities that allegedly provide tools so spammers can tweet unwanted links to legitimate users.
 

U.S. accounts for over half of Flashback-infected Macs

April 05, 2012

Although Apple released a Java update this week to prevent the spread of a dangerous trojan, experts say the botnet continues to grow, and the U.S. accounts for over half of the compromised Macs.
 

Microsoft to sew up 11 security vulnerabilities next week

April 05, 2012

Get ready IT administrators: Scheduled patches from Microsoft -- and Adobe -- are set to arrive on Tuesday.
 

Zeus' coffin not yet closed as domains still living

April 04, 2012

Three domains, which are feeding instructions to computers infected with the Zeus trojan, still are operational despite a Microsoft-led effort to disable the botnet, according to researchers at security firm FireEye.
 

Apple updates Java after malware spreads

April 03, 2012

Enterprise users of Java for the Mac OS X should ensure their machines are updated with the latest security patch from Apple, released Tuesday.
 

Flight check-in emails lead to Zeus infection

April 03, 2012

Cyber criminals have cloaked spam to resemble US Airways check-in emails in phishing attempts that lead to Zeus trojan infections.
 

Visa expels Global Payments following 1.5M-card breach

April 02, 2012

Global Payments, a major credit card processor based in Atlanta, is off Visa's approved list after it confirmed it was breached of some 1.5 million card numbers. The incident, however, is still shrouded in some mystery.
 

"Flashback" trojan targets Mac computers

April 02, 2012

A live exploit is making the rounds that takes advantage of a bug in Java, which has already been patched, but hasn't yet made its way to Mac OS X users.
 

Visa confirms processor credit card breach

March 30, 2012

Visa and MasterCard are investigating a major breach of credit card numbers at a payment processor, the size of which may exceed anything seen in at least three years.
 

Trojan targets Tibetan activist groups that use Macs

March 30, 2012

Researchers have uncovered a rare instance of so-called espionage malware for the Mac OS X platform.
 

Kelihos lives on thanks to Facebook trojan

March 29, 2012

After being "sinkholed," the Kelihos.B botnet has been reconfigured and is spreading through social networking sites.
 

Military dating website says LulzSec hack didn't happen

March 29, 2012

A military dating website, which a band of hackers claimed this week to successfully infiltrate to pillage members' personal information, was not actually hacked, according to its administrator.
 

New anti-bot code of conduct approved by FCC

March 28, 2012

The Anti-Bot Code of Conduct has been approved by the FCC, giving ISPs a blueprint on managing botnet threats.
 

New version of Kelihos botnet, with 110K nodes, cut down

March 28, 2012

A collaborative effort of security organizations announced Wednesday that they knocked offline an embodiment of the Kelihos botnet, which was believed dead, but since emerged with new capabilities.
 

RockYou to pay FTC $250K after breach of 32M passwords

March 27, 2012

The FTC seemed most upset with RockYou's failure to protect the personal information of 179,000 children who registered to use the site.
 

LulzSec redux dumps data after raiding military dating site

March 27, 2012

Hackers calling themselves "LulzSec Reborn" have claimed responsibility for two breaches that resulted in the dumping of personal information.
 

GAO calls on feds to better address supply chain risk

March 27, 2012

The GAO, which performs audits, evaluations and investigations on behalf of Congress, examined four agencies whose duties involve national security: the Energy, Homeland Security, Justice and Defense departments.
 

Microsoft zaps Zeus command centers used in bank fraud

March 26, 2012

Banking trojan Zeus and its related families, which have looted a number of small and midsize businesses to the tune of millions, may be partially crippled after the latest Microsoft botnet enforcement effort.
 

Duqu variant uncovered

March 23, 2012

The year's first variant of the notorius W32.Duqu, a trojan that seems intended for cyber war, has been discovered by Symantec researchers.
 

IBM X-Force reports that mobile threats are increasing

March 22, 2012

While progress against security threats has been made, attackers are targeting new vulnerabilities, such as those found in mobile devices, according to the annual IBM X-Force study.
 

Verizon: Hacktivists reigned supreme in 2011

March 22, 2012

Traditionally known for defacing websites and knocking them offline, so-called hacktivists stepped up their game last year and were responsible for a majority of data stolen in breaches, according to an annual study from Verizon.
 

Data breach costs drop for first time in study

March 20, 2012

Organizations now pay an average of $194 per breached record, the first time the annual Symantec-Ponemon Institute "Cost of a Data Breach Study" noted a drop since its inception in 2006.
 

Hal Tipton dies at 89; fathered the CISSP certification

March 19, 2012

Known as "Hal," Tipton co-founded (ISC)², the organization which trains and certifies information security professionals.
 

Secure access, authorization among areas still lacking at IRS

March 19, 2012

A favorite whipping boy of the Government Accountability Office, the Internal Revenue Service has yet to clean up its security act, though improvements continue, according to a new audit.
 

Malicious Android application loots bank login data

March 19, 2012

Criminals are lessening their reliance on the PC. The latest proof is a rogue Android application that seeks to steal Spanish banking credentials through a man-in-the-middle-style attack.
 

Exploit for gaping Microsoft RDP hole may have gotten help

March 16, 2012

A proof-of-concept that has emerged and takes advantage of a very serious Windows vulnerability may have been the result of a leak, said the researcher who first discovered the bug.
 

BlueCross fine over breach related to HIPAA notification rule

March 15, 2012

The BlueCross BlueShield settlement with the Office for Civil Rights is a reminder for health care organizations to bolster their data security, experts said.
 

Wormable Microsoft RDP flaw appears closer to exploit

March 15, 2012

The race appears to be on to develop a working exploit for a serious Windows vulnerability patched earlier this week by Microsoft.
 

Pinterest's popularity attracts cyber scammers

March 14, 2012

And so it begins. The all-the-rage virtual pinboard Pinterest is the latest social networking darling to draw the fancy of cyber swindlers.
 

Flaw in Microsoft tool that enables remote connect is patched

March 13, 2012

A severe vulnerability in the Remote Desktop Protocol, which was patched by Microsoft on Tuesday along with six other bugs, affects all versions of Windows and could result in a worm.
 

Dell bulks up on security with SonicWall buy

March 13, 2012

Dell has announced it will buy SonicWALL, a California-based provider of unified threat management security software.
 

New botnet working group forms out of government efforts

March 12, 2012

A new industry working group, the Industry Botnet Group, is aimed at developing a model that focuses on creating awareness, prevention and privacy concerning infected machines.
 

White House appoints new federal CTO

March 12, 2012

President Obama named Todd Park as the federal government's new chief technology officer, replacing Aneesh Chopra, who resigned last month.
 

Porn site Digital Playground hacked to expose card numbers

March 09, 2012

Online hackers have compromised two adult websites, including the very popular YouPorn, in recent weeks, apparently to highlight weak security.
 

Microsoft to patch seven security issues with six bulletins

March 08, 2012

Microsoft next week plans to release six patches, including one for a "critical" vulnerability affecting all supported versions of the software giant's operating system.
 

Russian works around sandbox to pull off Chrome exploit

March 08, 2012

One of the most prolific Chrome researchers has netted Google's top prize in its inaugural Pwnium competition. Google promptly patched the bug.
 

Lawsuits in Sutter Health breach to be rolled into one

March 08, 2012

Following the theft of a computer at Sutter Health in October that put the personal information of more than 4.2 million patients at risk, 11 class-action lawsuits were filed against the Sacramento, Calif.-based nonprofit.
 

Claims over entrapment, FBI-enabled hacks fly after arrests

March 07, 2012

As the news settles that a trusted member of Anonymous was actually an FBI informant, some are wondering whether his FBI handlers went too far when trying to gather evidence about other suspected hackers.
 

Anonymous hacker-turned-informant helps feds arrest five

March 06, 2012

Sabu, an Anonymous/LulzSec/AntiSec hacker beloved by many across the world, has spent the last nine months providing information to the FBI. What does this mean to the future of the hacktivist movement?
 

Four-month extension request approved in DNSChanger case

March 06, 2012

A federal judge has approved a request to extend the use of DNS servers, giving enterprises more time to remove the insidious DNSChanger trojan.
 

Trustwave buys M86 to bolster research, managed offerings

March 06, 2012

Trustwave, a cloud-based compliance and information security solutions provider, announced on Tuesday it will acquire M86 Security, a web security solutions and anti-malware provider.
 

Purported Iran nuke document contains trojan

March 05, 2012

The malicious file spreads thanks to a vulnerability in the popular Adobe Flash software.
 

Michael Jackson catalog among files stolen in Sony breach

March 05, 2012

Sony's big 2011 breach was followed up by another attack that siphoned the King of Pop's entire music catalog.
 

RSA Conference 2012: Risk management in the enterprise faces challenges

March 02, 2012

A panel discussion on risk management hovered around issues of balancing the scientific element of data gathering with the art of interpreting the information.
 

RSA Conference 2012: Cyber crime's biggest enemy is collaboration

March 01, 2012

While anti-malware strategies and new technology may stump cyber criminals, it's public collaboration they should fear.
 

Sponsors say new Senate cyber bill less costly for business

March 01, 2012

A group of Republican senators on Thursday introduced a competing bill to the bipartisan Cybersecurity Act of 2012, which was unveiled two weeks ago.
 

RSA Conference 2012: Embrace, don't fear, the cloud

March 01, 2012

Given the cost benefits, security pros likely can do little to stop their organization from migrating to the cloud. That's why they must do all they can to control the risk.
 

RSA Conference 2012: Swapping info on the smart grid

March 01, 2012

Standards and policy leaders are concerned about the lack of threat intelligence on smart grid.
 
Popular Topics
4G-war Advanced Persistent Threat Adware AMTSO Anonymous Botnets Cyber Attacks Cyber Crime Data Breach Data Breaches Encryption Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Phishing Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws