Former Georgia-Pacific sysadmin charged with damaging protected computers

Former Georgia-Pacific sysadmin charged with damaging protected computers

The Louisiana man, Brian Johnson, was arrested Wednesday following his federal grand jury indictment last week.

Harvard University announces network intrusion, possible data exposure

Harvard University announces network intrusion, possible data exposure

On June 19, an intrusion was discovered on the Faculty of Arts and Sciences and Central Administration information technology networks.

Saboteurs leverage RIPv1 for DDoS reflection attacks

Saboteurs leverage RIPv1 for DDoS reflection attacks

According to an Akamai threat advisory, attackers leveraged an outdated routing protocol RIPv1 for their malicious aims.

More than 440K new Android malware strains found in Q1, study finds

More than 440K new Android malware strains found in Q1, study finds

Mobile malware jumped 6.4 percent from Q4 2015 to Q1 2015 with half of the malware being financially motivated, a G DATA study showed.

Apple releases OS X 10.10.4 and iOS 8.4, numerous bugs addressed

Apple releases OS X 10.10.4 and iOS 8.4, numerous bugs addressed

In both the OS X and iOS updates, Apple addressed CVE-2015-4000 in coreTLS, also known as Logjam.

'Prized' app developers banned from distributing malware in FTC settlement

'Prized' app developers banned from distributing malware in FTC settlement

The Federal Trade Commission banned app developers Equiliv Investments and Ryan Ramminger from creating and distributing malware after their "Prized" app commandeered consumer devices to mine digital currency.

OPM shuts down background investigation system, faces lawsuit

OPM shuts down background investigation system, faces lawsuit

OPM shut down one of its background investigation systems after it discovered a vulnerability, on that same day, the country's largest federal employees union filed a lawsuit against the agency.

Survey: Security concerns holding back orgs from adopting cloud infrastructure

Survey: Security concerns holding back orgs from adopting cloud infrastructure

In the survey, 50 percent of respondents said they are very concerned about the security of customer data in the public cloud.

Federal Reserve's Powell concerned about security of chip and signature

Federal Reserve's Powell concerned about security of chip and signature

Speaking at a Federal Reserve Bank of Kansas City conference, Jerome Powell called EMV card deployment a step forward but questioned the security of cards that use signatures, not PINs, for authentication.

Researchers analyze backdoor 'Dino' linked to Animal Farm spy group

Researchers analyze backdoor 'Dino' linked to Animal Farm spy group

ESET analysts believe the sophisticated backdoor is the work of French speaking developers.

NEWS ALERT: OPM shuts down eQip system

A vulnerability found in OPM's e-QIP background check system has prompted the agency to shut it down until enhanced security measures are in place.

Indictment returned in UPMC identity theft, tax fraud operation

Indictment returned in UPMC identity theft, tax fraud operation

Yoandy Perez Llanes is charged with using information acquired in the 2014 UPMC breach to defraud the IRS and the U.S. Treasury.

Akhter twins plead guilty to State Dept. hack, other crimes

Akhter twins plead guilty to State Dept. hack, other crimes

The twins, Muneeb and Sohaib Akhter, face a maximum 50- and 30-year prison sentence, respectively.

Dridex banking malware spreading through new spam campaign

Dridex banking malware spreading through new spam campaign

Heimdal Security outlined a recent Dridex-spreading spam campaign that tries to trick users into opening a malicious macros-enabled document.

Study: Click-fraud malware often leads to more dire infections

Study: Click-fraud malware often leads to more dire infections

Although often considered relatively innocuous, click-fraud malware infections could be the start of serious enterprise security issues.

Facebook diversity report offers glimpse into tech workforce gaps

Facebook diversity report offers glimpse into tech workforce gaps

In the U.S., 51 percent of Facebook tech staff are white, while Black and Hispanic employees respectively account for 1 and 3 percent of tech staff.

U.S., China agree to cybersecurity code of conduct

U.S., China agree to cybersecurity code of conduct

Even as U.S. and China pledge cooperation in cybersecurity matters, U.S. DNI John Clapper says China is the lead suspect in the OPM breach.

Cisco addresses default SSH keys in multiple products

Cisco addresses default SSH keys in multiple products

Software updates were released for Cisco Web Security Virtual Appliance, Cisco Email Security Virtual Appliance, and Cisco Security Management Virtual Appliance.

SEC commissioner urges info sharing, quick action at SINET summit

SEC commissioner urges info sharing, quick action at SINET summit

At a SINET Innovation Summit in New York, SEC Commissioner Luis Aguilar said the agency needs to do more and called for more formalized information sharing.

New Tinba variant delivered via HanJuan Exploit Kit in malvertising attack

New Tinba variant delivered via HanJuan Exploit Kit in malvertising attack

Researchers with Malwarebytes observed the Tinba variant being distributed as part of an attack involving advertising and URL shortening service Adf.ly.

Study: Leaked credentials on Pastebin, similar sites, linked to 47 gov't agencies

Study: Leaked credentials on Pastebin, similar sites, linked to 47 gov't agencies

After analyzing information on Pastebin and similar sites, Recorded Future found login credentials for 47 agencies on the open web.

Europol takes down high profile Ukraine-based cybergang

Europol takes down high profile Ukraine-based cybergang

Europol announced that it has taken down a Ukrain-based cybergang that has caused more than 2 million euro worth estimated damages.

Study: 61 percent of critical infrastructure execs confident systems could detect attack in less than a day

Study: 61 percent of critical infrastructure execs confident systems could detect attack in less than a day

Tripwire published findings that a majority of critical infrastructure executives believe their systems appeal to cyber criminals, but also that they could detect any attack.

Firms track Dyre's rise to top financial malware threat

Firms track Dyre's rise to top financial malware threat

In the year following Gameover Zeus takedown efforts, Dyre has steadily emerged as the financial trojan of choice among cybercriminals.

OPM breach possibly compromises more than 32 million current and former employees' PII

OPM breach possibly compromises more than 32 million current and former employees' PII

OPM Director Katherine Archuleta testified a second time for the House Oversight and Government Reform Committee and kept mum about exact victim figures.

Report: Security incidents in finance sector 300 percent more frequent than other industries

Report: Security incidents in finance sector 300 percent more frequent than other industries

Researchers with Websense said attackers target the financial services sector more than other industries for a simple reason: money.

Michigan State Audit finds several department systems vulnerable

Michigan State Audit finds several department systems vulnerable

Michigan's DTMB failed to establish effective security management and access controls for several departments within the state, according to the Single Audit Report.

Privacy advocates applaud Supreme Court ruling on hotel registry searches

Privacy advocates applaud Supreme Court ruling on hotel registry searches

Justices ruled Monday that an Los Angeles ordinance, legalizing warrantless demands to inspect hotel guest registries, is unconstitutional.

Targeted attacks rise, cyber attackers spreading through networks, report says

Targeted attacks rise, cyber attackers spreading through networks, report says

The Vectra Networks Post-Intrusion Report found a 580 percent increase in lateral movement detections and 270 percent uptick in reconnaissance detections over last year.

APT group exploits Adobe Flash Player zero-day in phishing operation

APT group exploits Adobe Flash Player zero-day in phishing operation

Adobe addressed the high priority vulnerability, CVE-2015-3113, on Tuesday by issuing a Flash Player patch for Windows, Macintosh and Linux.

Hack grounds handful of Polish airline's flights

Hack grounds handful of Polish airline's flights

Polish airline LOT was attacked by hackers who accessed the company's ground systems responsible for issuing flight plans.

White House criticizes bill clarifying Cyber Threat Intelligence Integration Center missions

White House criticizes bill clarifying Cyber Threat Intelligence Integration Center missions

The Obama administration said it would recommend that the president veto the act partially because of its simultaneous limitations on the Cyber Threat Intelligence Integration Center and expansion of its missions.

Study: cannabis, pharmaceuticals, MDMA most exchanged goods on deep web

Study: cannabis, pharmaceuticals, MDMA most exchanged goods on deep web

An analysis of the top 15 vendors across all marketplaces on the deep web showed that cannabis, pharmaceuticals and MDMA are the top three most exchanged goods, according to a recent

NIST guidance helps ensure protection of gov't data stored by contractors

NIST guidance helps ensure protection of gov't data stored by contractors

NIST published the guidance on Friday, following the close of a final comment period.

Thousands of Montefiore patients notified of breach, eight suspects indicted

Thousands of Montefiore patients notified of breach, eight suspects indicted

Montefiore Health System announced that 12,517 patients had personal information compromised by a former employee between January 2013 and June 2013.

FCC allows for automated calls and text messages for data breach notifications

FCC allows for automated calls and text messages for data breach notifications

The Federal Communications Commission (FCC) clarified wording on the Telephone Consumer Protection Act to allow financial institutions to send out automated data breach and fraud alerts.

RLE Nova-Wind Turbine HMI stores credentials in a plaintext file

RLE Nova-Wind Turbine HMI stores credentials in a plaintext file

If an attacker is able to recover the file, then they can authenticate to the HMI and modify configurations and settings.

LinkedIn opts for 'invitation-only' bug bounty program, pays out $65K in recent months

LinkedIn opts for 'invitation-only' bug bounty program, pays out $65K in recent months

LinkedIn's director of information security shared that the private bug bounty program was formalized in October.

Nine Silicon Valley firms get highest marks for best practices around consumer privacy

Nine Silicon Valley firms get highest marks for best practices around consumer privacy

In its fifth annual "Who Has Your Back" report, the Electronic Frontier Foundation found nine of 24 companies excel in protecting privacy by requiring warrants, publishing transparency reports and adhering to other best practices.

Reddit to switch to default HTTPS encryption

Reddit to switch to default HTTPS encryption

Reddit will officially switch to an HTTPS starting this month, joining companies like Netflix, Bing and others who will be transitioning to encrypted connections.

Obama backs OPM director as agency sends questionable email notifications

Obama backs OPM director as agency sends questionable email notifications

Fallout from the OPM breaches continues with legislators calling for OPM Director Katherine Archuleta's firing and President Obama backing her as a qualified leader.

Report: Average botnet in Q1 2015 made up of 1,700 infected hosts per C&C server

Report: Average botnet in Q1 2015 made up of 1,700 infected hosts per C&C server

The report is based on the more than one thousand command-and-control servers analyzed by Level 3 Threat Research Labs in the first quarter of 2015.

Samsung devices, including Galaxy S6, vulnerable to remote code execution

Samsung devices, including Galaxy S6, vulnerable to remote code execution

NowSecure detailed a vulnerability in Samsung's pre-installed Swift keyboard app that leaves device owners vulnerable to remote code execution.

Data-stealing component of 'Stegoloader' hides in PNG images

Data-stealing component of 'Stegoloader' hides in PNG images

Stegoloader has been active since 2012, but Dell SecureWorks recently found that the threat uses a clever tactic to hide its malicious code.

Researchers identify weaknesses in Apple's OS X and iOS

Researchers identify weaknesses in Apple's OS X and iOS

The weaknesses can be exploited to steal user passwords, secret tokens and sensitive documents, the researchers said.

Kaspersky points to stolen digital ceritficates in Duqu 2.0 attack

Kaspersky points to stolen digital ceritficates in Duqu 2.0 attack

The attackers behind the Duqu 2.0 malware that targeted Kaspersky Lab may have used stolen digital certificates from legitimate hardware manufacturers.

Study: 15-30 percent of eCommerce site visitors infected with CSIM

Study: 15-30 percent of eCommerce site visitors infected with CSIM

Startup security company Namogoo says that 15-30 percent of eCommerce site visitors are infected with client side injected malware (CSIM).

OPM breaches more serious to national security than 9/11, Congresswoman argues during hearing

OPM breaches more serious to national security than 9/11, Congresswoman argues during hearing

The U.S. House Committee on Oversight and Government Reform held a hearing to clarify facts on the OPM data breaches and push the agency's staffers on why their security failed so spectacularly.

FBI, Justice Department investigate Cardinals in Astros hack

FBI, Justice Department investigate Cardinals in Astros hack

According to reports, investigators believe that vengeful front-office employees with the Cardinals were responsible.

Google launches Android Security Rewards program

Google launches Android Security Rewards program

Researchers can earn thousands of dollars for identifying vulnerabilities in the latest versions of Android for the Nexus 6 and Nexus 9.

Microsoft deems Ask.com toolbar malware, will automatically remove

Microsoft deems Ask.com toolbar malware, will automatically remove

Earlier versions of the Ask.com toolbar will meet the same fate as other programs with browser search protection functionality.

Suspicious activity on LastPass network, data compromised

Suspicious activity on LastPass network, data compromised

LastPass announced that suspicious activity was identified on its network on Friday, and that some data was compromised.

OPM breach diverges into finger-pointing and dispute over initial detection

OPM breach diverges into finger-pointing and dispute over initial detection

The federal government are scrambling to answer questions about the recent OPM breaches, including how it was detected, what can be done to mitigate future risks and how to best retaliate.

Researcher identifies vulnerabilities in Uber petition website

Researcher identifies vulnerabilities in Uber petition website

Researcher Austin Epperson found that he could create more than a thousand fake entries per minute and could also redirect visitors to Lyft.com, an Uber rival.

IRS Security Summit yields recommendations to fight fraud

IRS Security Summit yields recommendations to fight fraud

The IRS revealed steps it plans to take to fight identity theft and to protect taxpayer information at the time of filing.

Private security clearance info accessed in second OPM breach

Private security clearance info accessed in second OPM breach

Officials believe Chinese operatives accessed information from SF-86 forms filled out by candidates applying for security clearance.

Senate vote falls short of approving defense act with CISA amendment

Senate vote falls short of approving defense act with CISA amendment

Senate Republicans and Democrats traded barbs over Defense Authorization Act vote.

OPM breach exposed SSNs, personnel records of all fed workers

OPM breach exposed SSNs, personnel records of all fed workers

The OPM data breach likely exposed the Social Security numbers and personnel records of every federal worker and prompted a clash between members of Congress over the fate of cybersecurity legislation.

Duqu2.0 knocks Kaspersky and security peers

The news that Kaspersky Lab was hit by a "next-generation" malware attack is an indication of both how far we have come in cyber-warfare and how much further we still have to go.

Eugene Kaspersky responds to hack by 'next generation' threat actor

Eugene Kaspersky responds to hack by 'next generation' threat actor

Eugene Kaspersky, boss of Kaspersky Lab, spoke to SC Magazine UK in London today after announcing that his company's servers had been hacked by a malware package which has been dubbed Duqu 2.0.

SC Congress Toronto: Experts discuss incident response in a breach era

SC Congress Toronto: Experts discuss incident response in a breach era

Security leaders shared steps their own organizations have taken to effectively prepare for looming incidents or compromise.

SC Congress Toronto: Social engineering exploits 'hardwired' human behaviors

SC Congress Toronto: Social engineering exploits 'hardwired' human behaviors

Michele Fincher, chief influencing agent with Social-Engineer, said that those conducting social engineering will attempt to exploit and manipulate hardwired human behaviors.

SC Congress Toronto: DDoS trends show SaaS apps, home routers increasingly targeted

SC Congress Toronto: DDoS trends show SaaS apps, home routers increasingly targeted

Dave Lewis, global security advocate at Akamai, highlighted attack trends at SC Congress Toronto.

Survey: 75 percent of companies have significant risk exposure

Survey: 75 percent of companies have significant risk exposure

More than 400 security pros from companies of all sizes in 61 countries completed self-assessment tests against NIST Cybersecurity Framework for RSA's Cybersecurity Poverty Index.

SC Congress Toronto: IBM's Lodewijkx shares company's guiding security principles

SC Congress Toronto: IBM's Lodewijkx shares company's guiding security principles

During the afternoon keynote at SC Congress Toronto, Lodewijkx shared IBM's guiding principles for mitigating IT security threats.

Microsoft issues eight bulletins, two critical, in Patch Tuesday release

Microsoft issues eight bulletins, two critical, in Patch Tuesday release

Microsoft addressed a number of vulnerabilities in eight security bulletins, with two addressing RCE flaws rated critical and two more as important.

IAPP salary survey shows women in privacy on par with men

IAPP salary survey shows women in privacy on par with men

The results of the IAPP's 2015 Privacy Professional Salary Survey showed that women and men in the privacy industry pull down roughly the same salaries and follow similar career trajectories.

Study: Cyber criminals' ROI exceeds 1000 percent

Study: Cyber criminals' ROI exceeds 1000 percent

Trustwave's annual security report looked at cybercrime and the return-on-investment that makes the digital criminal life attractive.

Poweliks continues click-fraud tactics, linked to CryptoWall infections

Poweliks continues click-fraud tactics, linked to CryptoWall infections

Poweliks is known to hide in the registry of Windows' computers, and may ultimately spread other malware as well as carry out click-fraud for scammers.

Windows OLE bug targeted in multiple phishing campaigns

Windows OLE bug targeted in multiple phishing campaigns

Researchers with Fidelis Cybersecurity have observed multiple, seemingly unrelated threat actors leveraging CVE-2014-4114 to distribute malware.

Motives for OPM hack unclear, U.S. could retaliate

Motives for OPM hack unclear, U.S. could retaliate

President Obama's press secretary declined to confirm China's role in the massive OPM breach, but left open the potential for retaliation if a nation state is determined to be involved.

MalumPOS malware that can be configured to target any POS system

MalumPOS malware that can be configured to target any POS system

Trend Micro researchers say MalumPOS can be configured to target any point-of-sale system, and it also takes steps to avoid detection.

Researcher who found Hospira drug pump flaws says more models are vulnerable

Researcher who found Hospira drug pump flaws says more models are vulnerable

Security researcher Billy Rios has verified that more Hospira infusion pumps are vulnerable to the same security issues, since they use "identical software."

NYDFS head announces 'BitLicense' in virtual currency regulation

NYDFS head announces 'BitLicense' in virtual currency regulation

Benjamin Lawsky, head of New York State Department of Finances, announced the final update for a set of state regulations concerning virtual currencies, including Bitcoin.

OPM breach has widespread implications, may be work of China

OPM breach has widespread implications, may be work of China

A breach at the Office of Personnel Management, which may impact millions of federal workers, casts harsh light on vulnerabilities in federal IT systems.

Small businesses surveyed on EMV awareness, many still unclear on liability shift

Small businesses surveyed on EMV awareness, many still unclear on liability shift

Forty-two percent of small business owners said they were unaware of the EMV liability shift deadline.

Amnesty International issues plan to protect human rights in digital age

Amnesty International issues plan to protect human rights in digital age

Amnesty International and Privacy International proposed a seven-point plan on Friday to help protect human rights in the digital age.

Study shows kids' willingness to meet people they interact with online, other security habits

Study shows kids' willingness to meet people they interact with online, other security habits

In the survey, 27 percent of kids aged 8 to 16 said they would meet, or have met, someone in person they first interacted with online.

'MEDJACK' tactic allows cyber criminals to enter healthcare networks undetected

'MEDJACK' tactic allows cyber criminals to enter healthcare networks undetected

TrapX published a report on "medical device hijack," or MEDJACK, which allows attackers to build backdoors into healthcare providers' networks.

Treasury IG says recommended updates would have made breaching IRS harder

Treasury IG says recommended updates would have made breaching IRS harder

Treasury Inspector General Russell George criticized the IRS in front a Senate committee hearing for failing to make a number of updates recommended by his office.

IRS commissioner appears before Senate, attributes breach, in part, to budget cuts

IRS commissioner appears before Senate, attributes breach, in part, to budget cuts

IRS Commissioner John Koskinen said budget cuts are prompting the agency to expand its online services even as watchdog groups warn the expansion could increase the risk of additional breaches.

Study: New malware strains up in 2014, along with DDoS attacks

Study: New malware strains up in 2014, along with DDoS attacks

Check Point released its annual security study that looks at the state of cybersecurity in 2014.

Skype leveraged to distribute adware

Skype leveraged to distribute adware

Researchers with PhishMe have identified and assisted in disrupting a campaign in which Skype was being leveraged to distribute adware.

Locker ransomware author quickly apologizes, decrypts victims' files

Locker ransomware author quickly apologizes, decrypts victims' files

Symantec, which analyzed ransom payments made via Bitcoin, said that the author only made $169 from victims before closing up shop.

Dyre malware infections surge in 2015

Dyre malware infections surge in 2015

First profiled nearly a year ago, Dyre malware infections are surging around the world, and particularly in Europe and North America.

Study: Organizations taking months to remediate vulnerabilities

Study: Organizations taking months to remediate vulnerabilities

New research shows that organizations in the financial services industry and the education sector take 176 days, on average, to remediate vulnerabilities.

Section 215 expired today, and the internet isn't worried

Section 215 expired today, and the internet isn't worried

After weeks of speculation and debate, certain surveillance provisions expired on Monday, and while government officials are sounding the alarm, others online seem unfazed.

Survey: Boards hold CEO most accountable when breaches occur

Survey: Boards hold CEO most accountable when breaches occur

A new survey shows board members across several industries are holding more C-level execs responsible in cases of data breaches.

Threat group targets employees at SMBs with Grabit malware

Threat group targets employees at SMBs with Grabit malware

Kaspersky Lab researchers observed employees at SMBs primarily in Thailand, India and the U.S. being targeted with malware identified as Grabit.

Sally Beauty confirms malware on POS systems

Sally Beauty confirms malware on POS systems

Malware was deployed on some Sally Beauty point-of-sale systems at varying times between March 6 and April 17.

UN report says encryption protects people's liberties and expression

UN report says encryption protects people's liberties and expression

A new UN report says hindering encryption on devices and communications will negatively impact the right to freedom of opinion and expression.

Report: Disclosed zero-days in early part of 2015 point to another yearly uptick

Report: Disclosed zero-days in early part of 2015 point to another yearly uptick

Among 20 products found to have the most vulnerabilities, there were seven publicly disclosed zero-days, Secunia found.

'Linux Moose' turns Linux devices into proxy servers to build social media followings

'Linux Moose' turns Linux devices into proxy servers to build social media followings

Researchers have discovered a new type of of malware, dubbed 'Linux Moose,' that targets Linux based devices and uses them to create fraudulent social media accounts.

Silk Road sentencing approaches, prompting letters from both defense and prosecution

Silk Road sentencing approaches, prompting letters from both defense and prosecution

As Ross Ulbricht's Friday sentencing approaches, the mastermind behind Silk Road, as well as his family and friends wrote letters to U.S. District Judge Katherine Forrest.

ACLU urges gov't to establish bug bounty programs, disclosure policies

ACLU urges gov't to establish bug bounty programs, disclosure policies

In a letter, ACLU encouraged the government to follow in the footsteps of some tech companies that have introduced "security researcher-friendly policies."

iOS text message bug a nuisance, could have broader security implications

iOS text message bug a nuisance, could have broader security implications

An iOS 8 bug in the Messages app causes iPhones to crash and reboot after receiving a specific string of Arabic characters.

Florida issues notification for 'inadvertent release of information' to 13K

Florida issues notification for 'inadvertent release of information' to 13K

The Florida Department of State sent a notification for the inadvertent release of personal information of 13,000 people.

Study: Average cost of data breach is $6.5M

Study: Average cost of data breach is $6.5M

The Ponemon Institute and IBM released their annual cost of data breach study on Wednesday and found that data breaches continue to cost enterprises more than in previous years.

Data acquired from non-IRS sources enabled access to 100K taxpayer accounts

Data acquired from non-IRS sources enabled access to 100K taxpayer accounts

The IRS announced on Wednesday that attackers used taxpayer-specific data acquired from non-IRS sources to gain access to information on more than 100,000 tax accounts.

Ransomware threat 'Locker' has sleeper component

Ransomware threat 'Locker' has sleeper component

KnowBe4 is alerting IT managers to be vigilant of a new ransomware threat that leverages a sleeper function.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US