OTI report exposes economic costs of NSA spying

OTI report exposes economic costs of NSA spying

A report from New America OTI found that the NSA surveillance program has had a chilling effect on U.S. commerce and foreign policy.

Breach index: Encryption used in 23 percent of Q2 incidents

Breach index: Encryption used in 23 percent of Q2 incidents

Out of the 237 disclosed data breaches last quarter, encryption was used in only 10 instances.

IG scolds NOAA on security deficiencies, recommends fixes

IG scolds NOAA on security deficiencies, recommends fixes

An audit of NOAA by the inspector general found security shortcomings, including the link between information systems and satellite systems.

HP tests 10 popular IoT devices, most raise privacy concerns

HP tests 10 popular IoT devices, most raise privacy concerns

In a study, HP Fortify tested 10 popular Internet of Things (IoT) devices, including TVs, webcams and device control hubs.

Vulnerability impacting multiple versions of Android could enable device takeover

Vulnerability impacting multiple versions of Android could enable device takeover

Researchers with Bluebox, who uncovered the vulnerability, dubbed it "Fake ID" because it enables the identity of trusted applications to be copied.

EFF asks court to find NSA internet spying a violation of Fourth Amendment

EFF asks court to find NSA internet spying a violation of Fourth Amendment

Complete with a colorful graphic, the EFF showed a federal court how the NSA essentially runs a digital dragnet that can pick up innocent Americans.

Companies accused of peddling bogus AV ordered to pay $5.1M

Companies accused of peddling bogus AV ordered to pay $5.1M

A federal court in New York issued default judgments against 14 companies and individuals who allegedly operated the scams.

Bug in MailPoet plugin exploited to compromise thousands of WordPress sites

Bug in MailPoet plugin exploited to compromise thousands of WordPress sites

Attackers are taking advantage of a vulnerability in the popular MailPoet plugin, which has nearly two million users, to compromise thousands of WordPress sites.

Survey: 53 percent change privileged logins quarterly

A Lieberman Software survey highlights the issue or poor password management, even among security pros.

Andromeda bot spreads Tor-using CTB-Locker ransomware

Andromeda bot spreads Tor-using CTB-Locker ransomware

Kaspersky Lab has observed Andromeda bot being used to deliver CTB-Locker, a new ransomware that hides its command-and-control server on the Tor network.

Text message spammer settles charges filed by FTC

Text message spammer settles charges filed by FTC

Rishab Verma and his company agreed to settle charges filed by the FTC that Verma sent millions of spam text messages that deceitfully promised free merchandise.

Sony to shell out $15M in PSN breach settlement

Sony to shell out $15M in PSN breach settlement

The 2011 hack exposed the personal information of roughly 77 million users registered with PlayStation Network and Qriocity.

eBay faces class-action suit over breach

eBay faces class-action suit over breach

A suit filed in a federal court in Louisiana charges the company with failing to protect personal information and seeks damages on multiple counts.

With RATs at their disposal, 419 scammers target businesses

With RATs at their disposal, 419 scammers target businesses

A new report reveals how Nigeria's 419 scammers are spreading malware to pocket business funds.

InfoSec pros worried BYOD ushers in security exploits, survey says

InfoSec pros worried BYOD ushers in security exploits, survey says

A study by the Information Security Community on LinkedIn found most organizations don't have proper polices and support for BYOD.

Six charged in global StubHub scheme, company defrauded out of $1 million

Six charged in global StubHub scheme, company defrauded out of $1 million

Manhattan DA Cyrus Vance announced on Monday that six individuals are charged for their roles in a global scheme that defrauded StubHub out of $1 million.

DDoS attacks remain up, stronger in Q2, report says

DDoS attacks remain up, stronger in Q2, report says

Prolexic's second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth.

Op Emmental spoofs bank sites, uses Android malware to maintain account access

Op Emmental spoofs bank sites, uses Android malware to maintain account access

On Tuesday, Trend Micro released a report detailing Operation Emmental, which targets victims in Austria, Switzerland, Sweden and Japan.

Vice.com hacked, possibly The Wall Street Journal website too

Vice.com hacked, possibly The Wall Street Journal website too

A reported Russian hacker group known as W0rm tweeted on Monday that it had hacked Vice.com and The Wall Street Journal website.

EFF intros wireless router software to boost industry standard

EFF intros wireless router software to boost industry standard

This weekend, the digital rights group released a "hacker alpha" version of its Open Wireless Router software.

Breaches driving organizational security strategy, survey indicates

Breaches driving organizational security strategy, survey indicates

CyberArk interviewed 373 IT security executives and other senior management in North America, Europe and the Asia-Pacific as part of its eighth annual Global Advanced Threat Landscape survey.

Snowden, Ellsberg ask hackers to help obscure whistleblower activity

Snowden, Ellsberg ask hackers to help obscure whistleblower activity

At the HOPE X conference in New York, Daniel Ellsberg and Edward Snowden discussed the importance of keeping government spying in check.

U.S. hosted most Q2 malware, top 10 ISPs still main sources

U.S. hosted most Q2 malware, top 10 ISPs still main sources

Solutionary's SERT research team analyzed threats for the second quarter for its Quarterly Threat Intelligence Report.

Diluting data profiles with obfuscation, a hot topic at HOPE X hacker conference

Diluting data profiles with obfuscation, a hot topic at HOPE X hacker conference

Daniel Howe spoke about obfuscation and presented a couple of tools that he helped create at hacker conference HOPE X.

Report: Old bugs in Microsoft XML still haunt users, program 'most exposed'

Report: Old bugs in Microsoft XML still haunt users, program 'most exposed'

A Secunia quarterly report found Microsoft XML Core Services 4 to be the "most exposed" of widely used programs.

Severe RCE vulnerability affects several Cisco products

Severe RCE vulnerability affects several Cisco products

An RCE vulnerability existing in several Cisco Wireless Residential Gateway products can be exploited to serve up fraudulent advertisements and deliver malware.

Russian espionage malware adapted for ransomware scams

Russian espionage malware adapted for ransomware scams

Sentinel Labs dubbed the repurposed malware "Gyges."

Report: 31 percent of IT security teams don't speak to company execs

Report: 31 percent of IT security teams don't speak to company execs

A Ponemon Institute survey found nearly a third of IT security teams don't formally speak with company executives, increasing the risk of attack.

Senate subcommittee looks to stop botnet threat

Senate subcommittee looks to stop botnet threat

In a Tuesday hearing, a Senate subcommittee heard testimony from government and private sector security experts over the botnet explosion.

Compromised Japanese porn websites distribute banking trojan

Compromised Japanese porn websites distribute banking trojan

Popular Japanese adult websites have been compromised to distribute the Aibatook banking trojan, a threat that could make its way to the U.S.

Pushdo botnet gets DGA update, over 6,000 machines host new variant

Pushdo botnet gets DGA update, over 6,000 machines host new variant

In less than a day, over 6,000 infected machines were updated with the new Pushdo variant.

Oracle releases 113 bug fixes in Critical Patch Update

Oracle releases 113 bug fixes in Critical Patch Update

The most critical flaws were in Java and Oracle Database Server.

Active Directory flaw opens enterprise services to unauthorized access

Active Directory flaw opens enterprise services to unauthorized access

Microsoft blames a "well known" design limitation in Active Directory's authentication protocol, but researchers who discovered the exploit beg to differ.

Survey: 77 percent of IT staffers have incorrectly reported the cause of a security incident

Survey: 77 percent of IT staffers have incorrectly reported the cause of a security incident

An Emulex survey revealed that 77 percent of IT staffers have incorrectly reported the root cause of a security incident to their executive team.

Chinese man charged with hack of Boeing, Lockheed Martin aircraft data

Chinese man charged with hack of Boeing, Lockheed Martin aircraft data

Stephen Su is accused of accessing U.S. firms' systems, including defense contractors Boeing and Lockheed Martin.

Fraudsters market new malware Kronos on underground

Fraudsters market new malware Kronos on underground

Trusteer warns that the financial malware was first advertised last week on a major underground forum.

Man pleads guilty to bank fraud, 48-hour global operation netted $14 million

Man pleads guilty to bank fraud, 48-hour global operation netted $14 million

A man arrested in Germany and extradited to the United States in 2012 pleaded guilty to bank fraud on Friday for his role in a global operation that netted $14 million within 48 hours.

NightHunter campaign dates back to 2009, targets credentials and other data

NightHunter campaign dates back to 2009, targets credentials and other data

Using phishing emails, attackers are targeting various industries with unique keylogger malware as part of an ongoing campaign, NightHunter, that dates back to 2009.

Study: Security not prioritized in critical infrastructure, though most admit compromise

Study: Security not prioritized in critical infrastructure, though most admit compromise

Nearly 70 percent of critical infrastructure organizations said they experienced a security compromise in the last year.

Two new Boleto malware families discovered

Two new Boleto malware families discovered

Trusteer, an IBM company, revealed details on the bolware variants, which employ new tactics to manipulate web pages used for Boletos transactions.

Police, security firms abate Shylock malware threat

Police, security firms abate Shylock malware threat

In 2013, the banking trojan was deemed one of the most active banking trojans by Dell SecureWorks.

Gmail iOS app vulnerable to MitM attack, emails and credentials at risk

Gmail iOS app vulnerable to MitM attack, emails and credentials at risk

Emails and user credentials can be stolen in a man-in-the-middle attack because the Gmail iOS app does not perform certificate pinning.

Senate Intelligence Committee approves cyber security bill

Senate Intelligence Committee approves cyber security bill

The Cybersecurity Information Sharing Act of 2014 encourages threat information sharing between government and the private sector.

Facebook disrupts cryptocurrency-mining botnet Lecpetex

Facebook disrupts cryptocurrency-mining botnet Lecpetex

Lecpetex attackers may have infected up to 250,000 computers, Facebook revealed.

Attackers brute-force POS systems utilizing RDP in global botnet operation

Attackers brute-force POS systems utilizing RDP in global botnet operation

Thousands of infected computers around the world are being used to brute-force point-of-sale systems utilizing remote desktop protocols.

Study: AV, anti-malware most used controls for APT defense

Study: AV, anti-malware most used controls for APT defense

Ninety-six percent of security pros employed AV and anti-malware solutions to protect data from APT attacks, while protections for mobile entry points fell at the bottom of the list.

Russian man arrested for POS hacks draws Russia's ire

Russian man arrested for POS hacks draws Russia's ire

Roman Seleznev, son of a Russian lawmaker, was picked up in Maldives and taken into U.S. custody in Guam, three years after being indicted.

Nude pics, other data, recovered from 'wiped' Android phones purchased on eBay

Nude pics, other data, recovered from 'wiped' Android phones purchased on eBay

After purchasing 20 "wiped" Android smartphones on eBay, AVAST researchers were able to restore photos and other personal information.

Microsoft addresses 29 bugs in IE, Windows, with six bulletins

Microsoft addresses 29 bugs in IE, Windows, with six bulletins

In its monthly Patch Tuesday update, Microsoft plugged a slew of critical bugs in Internet Explorer that could allow remote code execution.

Advanced attack group Deep Panda uses PowerShell to breach think tanks

Advanced attack group Deep Panda uses PowerShell to breach think tanks

CrowdStrike revealed that the attack group is now targeting sensitive data about political affairs in Iraq.

NCL calls on gov't, business to better protect consumer data

NCL calls on gov't, business to better protect consumer data

Noting that consumers are being asked to provide more information than ever before and are less protected, the National Consumers League has proposed reforms.

Microsoft plans six Patch Tuesday fixes, RCE bugs in 'critical' batch

Microsoft plans six Patch Tuesday fixes, RCE bugs in 'critical' batch

Remote code execution (RCE) flaws in Windows and IE will receive top priority this month.

EFF sues NSA in bid for records related to Heartbleed disclosure

EFF sues NSA in bid for records related to Heartbleed disclosure

Frustrated by the NSA dragging its heels on a FOIA request, the EFF takes the NSA to court to secure records on vulnerabilities disclosure criteria.

Sneaky Android RAT disables required anti-virus apps to steal banking info

Sneaky Android RAT disables required anti-virus apps to steal banking info

The HijackRAT for Android mobile devices is capable of numerous attacks, such as pilfering banking information and disabling anti-virus apps.

Spear phishers abuse Word programming feature to infect targets

Spear phishers abuse Word programming feature to infect targets

Hackers abused Microsoft's Visual Basic for Applications (VBA) to rig email attachments, Cisco reveals.

Report: DDoS attacks down, gov't increasingly a target

Report: DDoS attacks down, gov't increasingly a target

In its quarterly "State of the Internet" report Akamai observed 283 DDoS attacks in the first quarter of 2014.

Brazilian 'bolware' gang targeted $3.75B in transactions, RSA finds

Brazilian 'bolware' gang targeted $3.75B in transactions, RSA finds

RSA has revealed the extent of bolware attacks in the country, which have remained a pervasive issue in the financial sector.

Phishing websites up 10 percent in Q1 2014, the U.S. still hosts the majority

Phishing websites up 10 percent in Q1 2014, the U.S. still hosts the majority

The number of phishing websites observed in the first quarter of 2014 went up 10 percent over the previous quarter, and the U.S. hosts the majority.

Microsoft seizes No-IP domains in effort to stop malware infections

Microsoft seizes No-IP domains in effort to stop malware infections

The legal action was taken to disrupt the spread of remote access trojans njRAT and njw0rm.

Houston Astros hacked, trade conversations posted online

Houston Astros hacked, trade conversations posted online

The Houston Astros were hacked, and trade conversations dating back to June 2013 between the Texas ball club and several other major league teams were posted online.

Infostealer Bugat resurfaces with worm component

Infostealer Bugat resurfaces with worm component

Bugat's worm component sends phishing emails to new sets of potential victims, researchers warn.

'Lite Zeus' has fewer tricks, but updated encryption

'Lite Zeus' has fewer tricks, but updated encryption

The new Zeus variant employs AES-128 encryption as opposed to the older RC4 cipher used by other Zeus iterations.

Senate committee passes FISMA reform bill

Senate committee passes FISMA reform bill

The FISMA reform act, which eases reporting requirements and clarifies the roles of DHS and OMB, easily passes the Senate Homeland Security and Governmental Affairs Committee.

EMOTET banking malware captures data sent over secured HTTPS connections

EMOTET banking malware captures data sent over secured HTTPS connections

Banking malware identified as EMOTET is being delivered in Germany via phishing emails, but is also making its way over to the U.S.

Facebook protests Manhattan DA's request for 'nearly all data' on hundreds

Facebook protests Manhattan DA's request for 'nearly all data' on hundreds

The legal fight stems from a 2013 request by the Manhattan district attorney, seeking data from the Facebook accounts of 381 people.

Most health care vendors earn 'D' in data protection, study finds

Most health care vendors earn 'D' in data protection, study finds

A security intelligence report analyzed 150 health care vendors, both small and large.

Pony Loader 2.0 now steals cryptocurrency wallets, still spreads other malware

Pony Loader 2.0 now steals cryptocurrency wallets, still spreads other malware

A years-old information stealer trojan known as Pony Loader, or Fareit, has been updated to steal cryptocurrency wallets such as Bitcoin.

RCE vulnerability in TimThumb's WebShot feature puts WordPress users at risk

RCE vulnerability in TimThumb's WebShot feature puts WordPress users at risk

The WebShot feature of TimThumb, an image resizing utility commonly used on blogging platform WordPress, is affected by a remote code execution vulnerability.

Supreme Court's landmark ruling bars warrantless search of cell phones

Supreme Court's landmark ruling bars warrantless search of cell phones

Privacy advocates say the Wednesday ruling will have a positive impact on forthcoming cases involving data security.

Report: Organizations recognize security risks, slow to take action

Report: Organizations recognize security risks, slow to take action

A recent study has found a significant gap between perceived risk and the actual safeguarding of sensitive data.

'Havex' malware strikes industrial sector via watering hole attacks

'Havex' malware strikes industrial sector via watering hole attacks

F-Secure detected 88 variants of the malware, which infected companies in Europe, as well as a California firm.

PayPal addresses two-factor authentication bypass

PayPal addresses two-factor authentication bypass

A vulnerability exists that allows anyone with legitimate account credentials to bypass two-factor authentication on some of PayPal's mobile applications.

Malicious app BankMirage makes quick appearance in Google Play

Malicious app BankMirage makes quick appearance in Google Play

Researchers at Lookout found the malware, which masqueraded as a legitimate banking app for customers of an Israeli bank.

HackingTeam tool makes use of mobile malware targeting all major platforms

HackingTeam tool makes use of mobile malware targeting all major platforms

HackingTeam is an Italian seller of hacking software marketed to police and governments.

Caphaw trojan being served up to visitors of AskMen.com, according to Websense

Caphaw trojan being served up to visitors of AskMen.com, according to Websense

A nasty trojan known as Caphaw is being served up to anyone that visits multiple pages across AskMen.com, most likely via the Nuclear Pack exploit kit.

Asprox botnet campaign shifts tactics, evades detection

Asprox botnet campaign shifts tactics, evades detection

FireEye researchers are tracking spikes in malicious emails attributed to an ongoing Asprox campaign.

Taboola hack allows SEA to redirect Reuters site visitors

Taboola hack allows SEA to redirect Reuters site visitors

On Monday, ad network Taboola confirmed that it was hacked by the Syrian Electronic Army.

Massive phishing campaign targets hundreds of online dating websites

Massive phishing campaign targets hundreds of online dating websites

Attackers are going after online dating accounts in a massive campaign that makes use of a phishing kit featuring hundreds of fraudulent PHP scripts.

Insurers petition, retail group complaint, raise specter of who pays for breach

Insurers petition, retail group complaint, raise specter of who pays for breach

Michaels insurer petitions a federal court while a retail group asks Congress not to put the onus on retailers.

2012 RCE bug is still highly exploited in targeted attacks, Trend Micro finds

2012 RCE bug is still highly exploited in targeted attacks, Trend Micro finds

A patch was issued for CVE-2012-0158 in April 2012, but Trend Micro found that it is the most commonly exploited vulnerability related to targeted attacks in the second half of 2013.

Talk stresses IoT concerns as today's problems

Talk stresses IoT concerns as today's problems

At SC Congress Toronto, industry experts gave insight on security concerns introduced by the influx on internet-connected devices.

Code Spaces shuts down following DDoS extortion, deletion of sensitive data

Code Spaces shuts down following DDoS extortion, deletion of sensitive data

Following a DDoS attack, attackers deleted sensitive data and put code hosting and project management services provider Code Spaces out of business.

House committee says 'inaccurate' info prompted FTC's LabMD complaint

Under investigation is FTC's relationship with security firm Tiversa, which provided the agency evidence in an ongoing data security case.

LinkedIn accounts can easily be taken over if HTTPS is not always enabled by default

LinkedIn accounts can easily be taken over if HTTPS is not always enabled by default

LinkedIn users that do not have HTTPS always enabled by default are at risk of having their accounts taken over in a man-in-the-middle attack.

New Zbot malware campaign discovered by researchers

New Zbot malware campaign discovered by researchers

The campaign was first noted on Wednesday morning, where more than 40,000 malicious emails were quarantined by researchers.

Denial-of-service vulnerability addressed in Microsoft Malware Protection Engine update

Denial-of-service vulnerability addressed in Microsoft Malware Protection Engine update

Microsoft issued an update to its Malware Protection Engine in order to fix a vulnerability that could enable a denial-of-service.

FBI arrests alleged NullCrew member, faces maximum of 10 years in jail and $250K fine

FBI arrests alleged NullCrew member, faces maximum of 10 years in jail and $250K fine

Timothy French was arrested by the FBI on June 11 and charged on Monday with conspiracy to commit computer fraud and abuse.

Experts discuss the growing threat to critical infrastructure

Experts discuss the growing threat to critical infrastructure

Security personnel are busy mitigating infrastructure attacks rather than protecting their organizations, say experts at SC Congress Toronto.

Tricky new malware strain, Dyre, skirts detection and steals banking credentials

Tricky new malware strain, Dyre, skirts detection and steals banking credentials

Dyre is a new malware strain primarily targeting banking credentials, and is also capable of modifying network traffic and bypassing SSL mechanisms.

IBM CISO: Company boards need big picture threat data

IBM CISO: Company boards need big picture threat data

IBM's global CISO advised security pros on engaging boards of directors about organizational threats.

Towelroot app exploit that 'roots' Android devices could be repackaged by attackers

Towelroot app exploit that 'roots' Android devices could be repackaged by attackers

An exploit being used by an application to 'root' Android devices could be repackaged by attackers to compromise cell phones.

"Human error" contributes to nearly all cyber incidents, study finds

"Human error" contributes to nearly all cyber incidents, study finds

A new IBM report reveals that organizations experienced more than 91 million "security events" last year.

Businesses behind "cramming" scheme surrender over $10M in assets

Businesses behind "cramming" scheme surrender over $10M in assets

The defendants were allegedly behind unauthorized charges to consumers cell phone bills.

Domino's extortion breach highlights rise in ransom-based attacks

Domino's extortion breach highlights rise in ransom-based attacks

A hacker group that stole data on 650,000 French and Belgian Domino's customers is threatening to release the information if the pizza company does not pay more than $40,000.

After Romania sentencing, charges against 'Guccifer' stack up in U.S.

After Romania sentencing, charges against 'Guccifer' stack up in U.S.

On Thursday, the FBI announced new charges against the hacker, including counts of cyberstalking and unauthorized access of a protected computer.

P.F. Chang's investigates breach, shifts to manual payment card imprinting

P.F. Chang's investigates breach, shifts to manual payment card imprinting

While P.F. Chang's investigates a breach, it has shifted to manual payment card imprinting, suggesting that point-of-sale devices may have been compromised.

Android 'SMS Stealer' hides in World Cup-themed apps

Android 'SMS Stealer' hides in World Cup-themed apps

Trend Micro detected over 375 spurious apps spreading mobile malware to soccer fans.

Federal appeals court says police must get warrants for wireless location data

Federal appeals court says police must get warrants for wireless location data

A three-judge panel in the 11th Circuit Court of Appeals says a Florida man's Fourth Amendment expectation of privacy was violated.

PLXsert warns Fortune 500 companies of evolving Zeus threat

PLXsert warns Fortune 500 companies of evolving Zeus threat

An advisory published Tuesday by PLXsert warns Fortune 500 companies of an evolving Zeus crimeware kit threat.

Ransomware "Svpeng" strikes US, leaves Android devices unusable

Ransomware "Svpeng" strikes US, leaves Android devices unusable

Earlier versions of Svpeng impacted mobile users in Russia, stealing card details from customers of major banks.

Sign up to our newsletters

POLL