In a series of attacks, University of Michigan researchers hacked into Samsung SmartThing connected home systems and remotely unlocked doors.
The FBI recently pressed for a 29-year-old Los Angeles woman to provide her fingerprint to open her phone after she was sentenced in an identity theft case.
A Michigan school district network engineer discovered a security vulnerability affecting the pwnedlist.com service that exposed 866 million account credentials.
Mobile attacks can workaround two-factor authentication on Android phones and inject malware onto iOS phones.
After an investigation confirmed that data was exported during a December breach of the DNC voter file system but cleared the Sanders campaign of wrongdoing, the presidential hopeful withdrew a lawsuit it had filed against the DNC.
Claiming that Wendy's didn't properly protect data, First Choice Credit Union filed a class action lawsuit against the retailer over a breach experienced last year.
Minutes before the NFL Draft commenced on Thursday night, an apparent hacker accessed the Twitter account of top prospect Laremy Tunsil and posted an old video of the Ole Miss player smoking from a bong, damaging his value.
Zscaler researchers spotted an Android infostealer disguised as a Google Chrome update that is capable of terminating antivirus applications and even ending calls.
IBM security researchers have spotted an uptick in mobile malware competition in pricing, features and quality on the black market.
High Court judge Mr. Justice Mann has ruled the go ahead for claims against The Sun newspaper for phone hacking.
The day after security researchers discovered the website for toy maker Maisto was not only selling radio-controlled cars and planes, but was also pushing CryptXXX ransomware, the site was down for maintenance.
Malware embedded on a USB drive was delivered to members of the American Dental Association (ADA).
Marcher Madness continues with a new, stealthier iteration of the Marcher banking malware targeting Android users in Australia.
Belgium's minister of defence, Steven Vandeput has stated the importance of investing in technology for national security.
Qatar National bank has had 1.4 GB of internal files published online including the names of intelligence agents, government departments and the Qatari royal family. A turkish fascist group has claimed responsibility.
To say that a day does not pass without a ransomware attack being perpetrated upon an organization somewhere the United States is no hyperbolic statement, but there is a glimmer of hope as several defective ransomware variants have been found.
Hackers reportedly posted employee data and private documents belonging to a publicly listed gold-mining company on a paste site.
The PCI Data Security Standard version 3.2 released Thursday not only includes new requirements to safeguard payment data, including multifactor authentication.
Richard Nichols, RSA's head of EMEA strategy compared playing the violin to conducting an effective security strategy, to encourage businesses to harmonise security strategy and promote greater visibility of threats on the business.
U.S. Chief Information Officer Tony Scott Tuesday hinted his office may be working to help guide federal agencies to adopt "bimodal IT."
It appears that the developer mode of MS Windows, otherwise known as 'God Mode', is being leveraged by attackers to hide malware.
In a letter to the OMB, Senate Homeland Security Committee Chairman Ron Johnson and ranking member Tom Carper asked the agency's director Shaun Donovan to complete changes to a privacy and cyber policy framework.
Singapore Telecommunications (Singtel) has opened a new facility to help enterprises enhance cyber-security skills and test their networks in dealing with cyber-threats.
The director of CERT UK laid out some of the problems facing UK cyber-space and outlined what cyber-security could do to help fix them.
Over 10 percent of the UK population has pretended to be someone else online by snooping or sending messages through someone else's social media or email accounts without their permission.
A Manhattan federal court judge sentenced Estonian Vladimir Tsastsin to 87 months in prison for his role in perpetrating an internet fraud scheme that infected more than four million computers in more than 100 countries.
Pro-ISIS hacking groups joining forces behind a super-hacker team, the United Cyber Caliphate, are sharpening their skills and showing a willingness to coordinate and amp up cyberattacks, a new report revealed.
A new site was discovered on the dark web that allows hackers to upload stolen data and sell the data to criminals or criminal groups.
Automakers, Uber, Google form Self-Driving Coalition for Safer Streets as GAO releases vehicle cybersecurity report
Automakers form join forces in the Self-Driving Coalition for Safer Streets coalition one day after the GAO released auto cybersecurity report.
Researchers from the University of California, Santa Barbara have uncovered a hacking technique that could allow bad actors to sabotage location-based mobile apps by simulating large number of devices that don't actually exist.
The House Wednesday passed the Email Privacy Act (EPA) 419-0, a reformation of the aging Electronics Privacy Act (ECPA) and drew immediate praise from rights groups.
The PLATINUM team has "gone to great lengths" over many years "to develop covert techniques" so their cyber-espionage campaigns will evade detection, even using Windows's support for "hotpatching" against it.
The Federal Bureau of Investigation won't share the method that was used to unlock an iPhone 5c used by one of the San Bernardino shooters because the mechanism belongs to the third party who cracked the phone.
Verizon's 2016 Data Breach Investigative Report (DBIR) discovered something the late, great steel driving man John Henry learned the hard way; humans don't stand a chance when it comes to battling soulless machinery
Lifeboat Network, which runs servers for Minecraft Pocket Edition — the smartphone version of the immensely popular video game Minecraft — was hacked in January 2016, resulting in a data breach compromising 7 million-plus gamers.
Malware discovered at a nuclear power plant in Germany prompted RWE AG to shut down the power plant as a precaution.
Though deeply unpopular in some circles, a new YouGov poll has shown broad approval for the enumeration of government surveillance powers in the Investigatory Powers Bill.
The financial messaging organization SWIFT has issued a warning to its customers stating its system has undergone repeated attacks similar to those that lead to $81 million from a Bangladesh bank.
A team from Gibraltar won the final round of the CyberCenturion 2016 competition held at Bletchley Park's National Museum of Computing today.
With the bombardment of DDoS attacks fairly consistent worldwide throughout 2015, it's no longer a matter of if or when attacks might happen, but how often and how long the attack will last.
Retailers believe they can detect a data breach in a week or less, a new survey commissioned by Tripwire revealed, while another report by Arbor Network showed it takes them on average 197 days to spot advanced threats.
The personal information of 1.2 million members of the "exclusive" dating site BeautifulPeople.com is being sold on the dark web.
A new malware type has been spotted that utilizes a couple of original moves not seen yet by researchers; it is self installing and the cybercriminals require that the ransom be paid in iTunes gift cards.
In order to better improve and ensure cyber-security of government websites, Philippine senator Ralph Recto plans to recruit "bored" Filipino hackers to serve as "cyber-commandos".
The root of the problem with malicious smart city hacking lies in the fact that sensors typically collect 'raw' data and then merely pass it on.
James Clapper, director of national intelligence has blamed the NSA whistleblower Edward Snowden for making it harder for the US to monitor and arrest terrorists by advancing the development of more advanced and widely available encryption.
Poor endpoint security practices are propelling the great ransomware epidemic of 2016 — and if allowed to fester, the threat will spread to new endpoints including IoT devices, cars and ICS and SCADA systems, a new report said.
The U.S. government is mulling ways it might disclose the number of Americans who have been caught up in government surveillance under the Prism program, set to expire in 2017.
Spotify may have experienced a security breach based on a list of customer account credentials discovered on Pastebin.
IBM's X-Force reported today the actors behind the hybrid GozNym banking trojan that stole $4 million from U.S. banks in March have released a new configuration that is targeting European banks.
A recent SecureAuth study found one in three Americans resort to risky behaviors to remember passwords.
The Justice Department told a federal court that it was dropping its case against the tech giant after it received a passcode for the device from an unnamed source.
A Taiwan-based security researcher, known as "Orange Tsai, who was awarded a $10,000 bug bounty in February, published a report detailing the exploits that led to his discovery of illicit code on a Facebook server.
Rep. James Langevin wrote an open letter to the Food and Drug Administration's (FDA) praising draft guidance that would strengthen the cybersecurity of medical devices.
Germany, the United States and Australia were not shy when it came to asking Apple for customer information filing thousands of requests in the second half of 2015.
Pro-democracy activists in Hong Kong are being targeted by a new variant of Poison Ivy, a malware package that previously hadn't seen an update in six or seven years.
Filipino voting records which were breached earlier this month have now been made public and searchable.
The two men responsible for the SpyEye banking trojan, used to steal user information from financial institutions, were sentenced to a combined 24-1/2 years in prison.
MacKeeper Security Researcher Chris Vickery claimed to have discovered 93.4 million Mexican voter registration records.
Report examines the shifting direction of cyberattacks noted attackers turning their attention away from financial services, in favor of attacks against manufacturing and healthcare companies.
Researchers at DB Networks and Osterman Research find many orgs lack the proper tools to monitor their data bases.
A new report from FireEye Threat Intelligence said that one case investigated by Mandiant indicated that a victim computer "was originally compromised with GRABNEW malware by a separate threat actor."
Over half (51 percent) of senior decision-makers in large businesses are kept awake at night due to the threat of a data breach caused by a cyber-attack.
Researchers have discovered a new trick for concealing the installation of RATs, after identifying malware samples that never touch the hard drive throughout execution, remaining in memory until the malware is fully enabled.
According to a new report by Imperva, South Korea serves as the most prolific point of origin for global DDoS attacks.
A coalition of industry groups representing some of the largest tech companies in Silicon Valley penned an open letter to Sen. Richard Burr (R-NC) and Sen. Dianne Feinstein (D-Calif.).
A federal district court judge has ruled that an Eastern Virginia magistrate overstepped her authority when granting the FBI a warrant to collect data from the user of a child pornography site, because the data resided on a computer in Massachusetts, outside her jurisdiction.
Attacks are getting fiercer and attackers more sophisticated and organized, according to the "2016 Trustwave Global Security Report," released this week.
Trend Micro has dissected malware used in the Operation C-Major attack officers of the Indian army and tracked it back to malware that originated from Pakistan.
Despite the many efforts Google undertakes to protect its customers from malicious applications, many Android users may remain vulnerable to attack because they're using outdated software.
The best way to encourage the U.S, government to take quick action on a cyber security issue is to anger a congressman.
Cisco Talos researchers took a deep dive in the Nuclear EK and found that it was well organized and successful.
In a declassified ruling, a federal judge of the Foreign Intelligence Surveillance Court (FISC) ruled that the FBI's search of Americans' emails without a warrant during criminal investigations is not contradictory to the Constitution or the FISA Amendments Act.
Less than two months after cybersecurity experts identified KeRanger as the first fully functioning ransomware targeting OS X, an enterprising researcher has chronicled his own attempt at creating a behavior-based ransomware detection tool for Macs.
Microsoft is rolling out new certifications provided through the company's data portal.
Oracle's quarterly Critical Patch Update was overshadowed this month by the company shifting away from using Common Vulnerability Scoring System (CVSS) version 2.0 to version 3.0.
Researchers have uncovered a vulnerability in the way non-Bluetooth dongle devices interact with wireless mice and keypads, which could enable a nearby hacker to take over a victim's computer using radio frequency signals.
A panel convened at SC Congress Amsterdam's session on preventing cyber-crime. They agreed that we need to consider the threat, our response and how we might become equally and better organised than our opponents.
When Jamie Randall, CTO of the IASME Consortium, was asked to speak at yesterday's SC Congress Amsterdam on upcoming EU data protection regulation, he says that he, like many people, "promptly fell asleep".
Some 26 nations and more than 550 computer experts are engaged in the worlds biggest 'live fire' international cyber-defence exercise - Locked Shields.
Recent changes in Washington have led to CCOs fearing that they may be held personally responsible for the misconduct of their employers.
A variant of the POS malware family known as NewPosThings, called Multigrain, has introduced a twist into its repertoire—exfiltrating stolen payment card data from POS systems via the Domain Name System (DNS).
Google researchers partnered with a research team from the University of California, Berkeley to analyze the infection and potential remediation of more than 760,000 websites during an 11-month period.
Apple and the FBI squared off Tuesday before the Subcommittee on Oversight and Investigation of the House Committee on Energy and Commerce.
DōTERRA International notified the State of California's Attorney General's office that personal information of its customers and wholesale members, or "Wellness Advocates," was breached.
Web hosting provider Invision Power Services (IPS) was saved from a software compromise that could have potentially damaged its clients after researchers gathered intelligence on a cybercriminal operation taking place on the dark web.
Proofpoint researchers spotted a previously undocumented ransomware, dubbed CryptXXX, that has been spreading through Bedep after the Angler EK was used to infect computers and is the work of the same group behind Reveton ransomware.
When two malware worlds collide: Thanatos malware attacks malware, then attacks your network.
SC Congress Amsterdam 2016 opens it's doors today to some of Europe's finest information security practitioners. Check the sessions below and make sure to tweet @scmagazineuk using the #SCAMST hashtag if you have any questions for the speakers!
A strain of malicious code written entirely in Python, dubbed PWOBot, has been discovered infecting a number of organisations based in Europe, specifically in Poland.
Phineas Fisher, the hacker who claimed responsibility for breaching Hacking Team last year, published a how-to guide detailing his process in executing the attack.
An Equifax study found millennials were more likely to store sensitive data on their personal devices.
U.S. and Russian officials will meet this week in Geneva to discuss cybersecurity issues though not as a restart of the Bilateral Presidential Commission, a State Department official told SCMagazine.com.
The security flaws in the Windows version of Apple's media player, Quicktime will be left open as Apple announces its intention to stop patching it.
The iPhone used by Syed Rizwan Farook, one of the shooters in the San Bernardino terror attack that left 14 people dead, was not found to contain any useful information, according to reports.
A U.S. federal appeals court ruled on Wednesday that the FBI did not violate the Constitution when it collected cell site location information without a probable cause warrant, in order to track the movements of multiple robbery suspects.
'Celebgate' forum breach leads to flood of ransomware, phishing attacks and malvertising malware on mobile site
During a House committee hearing on Thursday, legislators questioned Internal Revenue Service Commissioner John Koskinen about measures taken to improve the agency's cybersecurity methods.
Stealing $100 million from a major U.S. corporation should be hard than setting up a fake email account, but for one cybercriminal enterprise this is all it took.
SC Magazine Articles
- Was Spotify breached? Account info shows up on Pastebin
- Report: Ransomware feeds off poor endpoint security
- PCI DSS version 3.2 release extends multifactor authentication requirement
- Over 7M Minecraft mobile credentials exposed after Lifeboat data breach
- New site on dark web offering one-stop ransom services
- DōTERRA breach exposes customer info; including SS, DOB, and addresses
- Federal court bucks trend, rules general liability insurance covers data breach
- The anatomy of a spearphishing scam, or how to steal $100M with a fake email
- Pros examine Mossack Fonseca breach: WordPress plugin, Drupal likely suspects
- PCI DSS version 3.2 release extends multifactor authentication requirement
- UMICH researchers remotely pick locks of Samsung SmartThing connected home systems
- Judge compels woman to provide fingerprint to open Apple iPhone
- 1,206 Solano Community College employees victimized in W-2 data breach
- Pwnedlist vulnerability exposed 866M accounts
- Mobile devices still vulnerable to attack, report