Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.
Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.
Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.
McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.
The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.
The research presents techniques for distinguishing legit data leaks from false claims.
Cyber intelligence company IntelCrawler has identified software being offered on underground forums that automates credit card data being sent to payment gateways.
A whitepaper from the Smart Card Alliance Payments Council recommends combining the three technologies to prevent card fraud.
In a detailed report, an array of malicious tools and tactics used by a cyberespionage group, called Axiom, are divulged.
The group, referred to as APT28, is believed to have been operating since at least 2007 and is possibly sponsored by the Russian government.
A Kaspersky Lab survey found that more than a third of businesses have been hit by at least one cybersecurity incident in the last 12 months.
An Estonian man, Sergei Tsurikov, was sentenced Friday after helping to steal over $9.4 million from payment processor RBS WorldPay in 2008.
As the holiday shopping season approaches, Damballa's 2014 Q3 State of Infections Report found that malware attacks spiked.
On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.
The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.
The NIST architecture is designed to accelerate the adoption of cloud computing.
The attack used a false certificate to trick iCloud users into handing over personal data and login credentials. With an attack of this size, some experts and researchers believe the Chinese government could be to blame.
Military, governments and media from around the world are targets in a campaign identified by Trend Micro.
The malvertising campaign is serving CryptoWall 2.0, researchers at Proofpoint revealed.
The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.
Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.
The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.
Reuters reported on Wednesday that DHS is investigating roughly 24 cases of suspected vulnerabilities in medical devices and hospital equipment.
Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.
The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.
Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.
David Barnhouse was sentenced to 18 months in prison after he hacked into a neighbor's Verizon FiOS router to post a bomb threat on a Pennsylvania mall's website.
The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.
The modular malware was named "Ventir," by researchers at Kaspersky.
Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.
Lamar Taylor was sentenced in New Jersey this past week for allegedly participating in a cybercrime scheme that accounted for more than $15 million.
President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.
The coalition began as an effort to stop the spread of the Hikit trojan, previously known for targeting U.S. defense contractors.
The malware has various features, including the ability to start persistently, take screenshots and bypass user access controls.
Security pros urge operators and users to nix support for the popular, but antiquated, SSL v3.0.
Attackers are abusing SSDP to carry out reflection and amplification DDoS attacks, according to a PLXsert threat advisory released by Akamai.
Researchers at Google have discovered a flaw in SSL 3.0 that allows attackers to exploit the popular cryptography protocol and intercept communications.
NSS Labs highlighted the growth of security-as-a-service (SaaS) vendors, and issues facing the market.
Several of the vulnerabilities addressed by Oracle in its Critical Patch Update can be remotely exploitable without authentication.
For the month of October, the tech giant released eight patches, including three critical fixes.
A group of cybercriminals believed to be Russian are exploiting a zero-day vulnerability to deliver malware and gather information from various organizations around the world.
Sears revealed in a filing to the SEC that Kmart systems were infected with malware "undetectable" by current AV solutions.
FireEye researchers say that two zero-day flaws were used in separate, unrelated attacks.
Attackers used a third-party vendor's credentials to compromise systems in 395 U.S. Dairy Queen locations and one Orange Julius site.
A Tic-tac-toe game is actually a new mobile trojan being used to steal data and spy on Android devices.
Out of the nine bulletins, three will address critical RCE bugs in its products.
Researchers with Radware are referring to the new type of distributed denial-of-service attack as a Tsunami SYN Flood Attack.
National Security Letters (NSLs) tread on the First Amendment and give the FBI too much authority, EFF argued.
Retail websites were targeted in 48.1 percent of all attack campaigns, whereas 10 percent of attack campaigns targeted financial institutions.
Many of the vulnerabilities can lead to a denial-of-service condition, but others could result in a full compromise of the affected system.
Links to fake pages that often ask for credentials are typically spread via phishing emails, according to Sucuri.
The settlement marks the largest FCC enforcement action to date, and also involved the FTC and state attorneys general.
A new study from the Ponemon Institute found that the cost of cybercrime continued its upward trend this year with attackers deploying more complex attacks.
The social media giant believes the limits imposed by the DOJ on data in transparency reports for its users violates its First Amendment rights.
The malware allowed criminals, with physical access to ATMs, to steal millions, Kaspersky revealed.
The group has infected more than 500,000 unique systems with Qbot malware and has sniffed conversations, including account credentials, for roughly 800,000 online banking transactions.
The group seems to have changed up its tactics to target various enterprises this year.
As the extent of the Chase breach surfaces, experts urge financial institutions to prepare for continued attacks or face impending consequences.
The purpose is to add compromised systems to botnets that are primarily focused on launching DDoS attacks.
As the reach of a recent Chase breach grows to 76 million household and seven million business accounts, security experts call for change.
John Gordon Baden is wanted for stealing thousands of people's personal information and using it to make fraudulent purchases.
After recently helping a client rid their website of SEO spam, security company Sucuri detailed how SEO poisoning attacks are still impacting legitimate websites.
The Electronic Frontier Foundation says the spyware sports a keylogger and is widely distributed by law enforcement agencies.
Slightly more than a week after the bug's disclosure, the attacks on domains might have already peaked, according to new research.
In guidelines finalized on Wednesday, the FDA advises medical device manufacturers on managing security risks and protecting patient health and data.
Raytheon's second annual survey on the online and security behavior of Millennials shows improvement but still a long way to go.
The young men allegedly used SQL injection and stolen logins to gain access to systems at various companies and steal their intellectual property.
Despite difficulties and concerns regarding security, more than 60 percent of respondents have adopted or plan to adopt a hybrid cloud environment.
The demand for infosec-focused communications and messaging pros is growing.
The latest mergers and acquisitions and personnel moves, including Malwarebytes, Abacus Group, VMware, Bay Dynamics, vArmour, Secunia, Norse and more.
Cybercriminals are primarily after patient data as it really gets them more money.
The latest IT security news regarding Home Depot, PCI Security Standards Council, CryptoLocker, hacks of Tennessee-based Community Health Systems, JPMorgan Chase as well as at least four other financial institutions
The breaches involved different malware and both companies are investigating whether payment card information was stolen.
DDoS attacks declined in Q2 while Zeus, Storm and Heartbleed made their marks on security, an Akamai report on the state of the internet shows.
An updated report indicates that since this time last year, breaches have increased by 29.4 percent, with 568 breaches occurring this year.
CloudFlare announced on Monday that it would be supporting SSL connections to every customer, including about two million using its free service.
The update comes soon after the company released iOS 8.0.1, which caused issues for iPhone 6 and iPhone 6 Plus users.
Less than a week after the vulnerability's discovery and only a day after it was revealed, cybercriminals began exploiting the bug to create botnets and determine future attacks.
The Wall Street Journal reported that a Secret Service investigation uncovered malware customized to attack Home Depot.
Researchers with Proofpoint have analyzed a version of the Dyre banking trojan that has been updated with new features.
A researcher at Akamai uncovered a vulnerability in Bash, called ShellShock, that can execute arbitrary commands in affected systems.
A new report stresses that ad networks and the web sites that use them need to coordinate to mitigate the malvertising risk.
Akamai's PLXsert researchers analyzed the new DDoS toolkit.
The retailer's massive breach has spawned multiple lawsuits and reports of fraudulent transactions.
Mozilla announced on Tuesday that it would be phasing out certificates with SHA-1 based signature algorithms.
A new report from NSFOCUS found that DDoS attacks' traffic volume is increasing, along with a shift in targets.
Since the year's start, the number of exploits used by the kit has doubled, Trend Micro found.
Seculert researchers discovered a variant of the Tinba banker trojan that can infect more systems and better skirt detection.
Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).
A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.
A Ponemon Institute study, sponsored by Raytheon, revealed that employees increasingly use mobile devices for work but cut corners and circumvent security.
In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.
The PCI Security Standards Council's new general manager Stephen Orfei spoke at the Florida community meeting.
A new report from the U.S. Senate Armed Services Committee found that multiple successful attempts were made to access and steal information from contractors' systems, and often times, the government didn't know it happened.
As BYOD and mobile computing become more critical to business, app downloads will raise security risks.
Malware capable of avoiding detection targets a narrow audience but may see an improved success rate.
The Android app targets Chinese users, but its malicious techniques could become more widespread in the mobile arena, a security firm warns.
Researchers at SophosLabs found an uptick in VBA samples in July.
In an interesting twist, financial malware Citadel was used to infect firms outside of the finance sector via APT attacks, Trusteer found.
Yelp will pay $450,000, and TinyCo will pay $300,000 to settle charges that their mobile apps collected information from children under the age of 13.