Neverquest, also known as Vawtrak, is data stealing malware that targets banking information.
Phishing emails, a phishing kit and phony browser alerts are being used by the attacker to steal credentials and deliver a variant of the Zeus trojan.
Two major telecommunications companies are under fire from the FTC and FCC for their "cramming" practices.
Sony Pictures recently canceled the "The Interview" movie release, following hacker threats.
Researchers at Trustwave SpiderLabs have released details on a new Alina variant dubbed Spark.
The First Amendment Coalition is suing the San Diego Police Department and the city of San Diego in an effort to get public records released on the force's stingray use.
The vulnerability can enable attackers to steal credentials and personal and business data, as well as infect machines with malware.
Four former Sony workers have filed two class-action suits claiming the company failed to plug security holes and protect their personal data.
An employee with PhishMe was targeted by a crafty phishing email, allowing researchers to analyze an innovative attack that results in a malware infection.
Anchorage Community Mental Health Services (ACMHS) must pay $150,000 and integrate an action plan to meet HIPAA compliance.
Back in October, the Chinese iOS trojan was discovered by Lacoon Mobile Security.
OphionLocker doesn't diverge much from previous ransomware schemes, although it does generate a unique hardware ID based on the first hard drive's serial number, the motherboard's serial number and other information.
Microsoft's early December appeal of the government's efforts to get customer email stored on a server in Ireland has garnered support of rivals and privacy groups.
Alert Logic discovered the bug, which is susceptible to exploitation due to the default installation process used by Linux.
A report from DellSecureWorks Counter Threat Unit revealed hacker training tutorials, replacement guarantees and a drop in RAT prices.
Sony Pictures's attorney David Boies is demanding that news outlets destroy "stolen information" involved in the leaks.
WordPress websites are being infected with malware through a previously disclosed vulnerability in the Slider Revolution plugin.
Kaspersky Lab summed up its year's findings and saw that U.S. users were the main targets of Mac OS X malware.
The Senate passed the Act on Wednesday after adding a controversial amendment and the House rushed to pass it with little room for debate.
Eric Omuro, who also goes by "Red," ran the site myRedBook.com.
Social media represents the next frontier of threats; 2015 will be the year for social media managers and IT security professionals to unite, one study says.
Citing progress, a state audit report details the vulnerabilities that the University of Maryland College Park (UMCP) needs to fix.
Symantec tracked the price of stolen goods and malicious services, as well as black market price fluctuations over the years.
In a class-action suit filed in federal court, a father-daughter duo accuses Comcast of using their routers to create public Wi-Fi hotspots, increasing their electricity costs and leaving them vulnerable to security issues.
Blue Coat Systems broke down its findings on the mysterious perpetrators behind 'Inception,' but in reality, nothing can really be concluded about their location or overarching goals.
Encrypted communications between a Samsung smartwatch and Android device were easily cracked by Bitdefender researchers.
A survey of IT security pros commissioned by Malwarebytes revealed that ransomware topped the list of security threats.
A security expert estimates that around 10,000 legitimate websites were impacted by the campaign.
Three bulletins were determined to be 'critical' and four were rated 'important.'
A vulnerability in Adobe's Flash Player was not included in its pre-notification security advisory Friday, and is currently being targeted by attackers.
The 2012 breach, which occurred when two unencrypted backup tapes went missing, affected 260,000 people nationwide.
Peter Smith, the husband and lawyer of plaintiff Anna Smith, argued that her Fourth Amendment rights were violated in dragnet surveillance by the NSA.
Meanwhile, an internal email between execs at Sony Pictures and Mandiant, the forensics unit tapped to investigate the breach, leaked to the press.
Information exposed in the breach reportedly ranges from thousands of Social Security numbers to sensitive HR and proprietary data.
Most businesses store and process financial data, yet 63 percent do not have a mature way to control and track sensitive data, Trustwave found.
Three of the bulletins in the Microsoft Patch Tuesday preview are deemed critical, and four are considered important.
IBM researchers discovered a vulnerability in social login identity providers and their relying websites that left legitimate accounts open to attackers' control.
New research on the data-wiping malware reveals more connections to the Sony Pictures attack.
Scams involving reduced interest rates on credit card accounts topped the list of phone scam by volume in the first nine months of 2014.
Salary information from 2005 on Deloitte employees now appears to be collateral damage in the Sony Pictures hack.
New Cloudmark research shows that bank and account phishing has become the top SMS attack in the U.S. in recent months.
Three researchers with the University of Luxembourg have generated a method to expose Bitcoin users that has the potential to work more than half of the time.
To be unveiled on Monday, December 8, our Reboot 25 section not only highlights 25 industry professionals, but takes a look at the past and future of the industry.
Researchers at Cylance have been monitoring a group out of Tehran, called Operation Cleaver, that it believes is gearing up for a massive attack on critical infrastructure.
The Monday release of Firefox 34 provides fixes for several vulnerabilities and also disables support for SSL 3.0.
The wiper threat sounds similar to attacks targeting organizations in South Korea and the Middle East.
The ACLU has filed a brief in support of a Baltimore man arrested after police spied on him and others without a warrant.
Trend Micro analyzed new point-of-sale malware detected as TSPY_POSLOGR.K, which appears to be in a beta testing phase.
FireEye researchers have uncovered a group, dubbed FIN4, that has targeted more than 100 companies to gain insider information.
The pro-Assad hacktivist group performed the hack through a DNS redirect that pointed Gigya's content delivery network to a server run by the hackers.
A survey from Digital Guardian and Enterprise Strategy Group collected IT security professionals' thoughts on endpoint security solutions and the challenges they face when implementing them.
Electronic kiosks and ticketing systems are among the targets of a new type of point-of-sale threat known as "d4re|dev1|".
A backdoor referred to as CryptoPHP is being packaged with pirated Joomla, WordPress and Drupal themes and plugins and used for illegal search engine optimization.
A trio of third quarter reports from security firms reveal changes and complexities in the threat landscape.
A California man was sentenced to 18 months in prison for remotely accessing POS machines that he sold to Subway restaurant franchises, and loading up at least $40,000 onto gift cards.
The group, APT3, is also believed to be behind Operation Clandestine Fox, which used social engineering to lure victims into installing malware.
Symantec is referring to the malware as 'groundbreaking,' particularly due to the advanced techniques it uses to conceal itself.
A newly identified ransomware takes extra precaution to hide from researchers and possibly show good faith on the attackers' part.
GFI Software and Opinion Matters found that employees used company devices for activities not related to work and had no qualms about stealing company intellectual property after they leave.
Security firm Zimperium detected attacks in the wild over the past six to eight months.
Julian Assange remains holed up in Ecuador's U.K. embassy after a court refused to rescind a warrant for Assange's arrest, which could ultimately result in his extradition to the U.S.
A critical cross-site scripting vulnerability was addressed, which could enable an anonymous user to compromise a site.
Credentials, entered through password management software and a Nexus authentication tool, are the target of this new variant.
Members of the USPS testified before a House subcommittee Wednesday, drawing criticism over the delay in its breach notification to impacted employees.
Three buffer overflow vulnerabilities identified in Hikvision digital video recorder devices can, if exploited, enable a remote attacker to gain full control of the device.
Mobile security firm Lookout detailed how the malware has grown in complexity to hide its botnet activity.
Researchers with Core Security have identified vulnerabilities in three products manufactured by Advantech, some of which can be exploited remotely.
The USA Freedom Act, aimed at NSA surveillance reform, failed to pick up enough votes to avoid a Republican filibuster.
The Internet Security Research Group (ISRG) plans to launch its Let's Encrypt software in 2015 that will let anyone receive a free trusted certificate.
The company has agreed to pay $200,000 as part of the settlement, and will be required to beef up its COPPA-related reporting activities.
Real-time security information and event management solutions help organizations detect targeted attacks and advanced persistent threats within minutes, according to a McAfee survey.
A number of Websense threat predictions point back to the vulnerable healthcare industry as a major target for cybercriminals.
The AP reported on Sunday that the State Department had its unclassified system compromised. The news follows the breach of three other government entities' systems.
The dangers of running expired security software is a key takeaway from the Microsoft Security Intelligence Report 17.
Cameron Harrison, 28, posessed more than 260 compromised credit and debit card numbers at the time of his arrest and is one of 55 people facing charges pertaining to their association with "Carder.su."
The U.S. Department of Justice is attaching small devices to airplanes that gather massive amounts of mobile phone data, including the data of innocent Americans, a Wall Street Journal report indicates.
The Alliance of Automobile Manufacturers and the Association of Global Automakers created "baseline privacy commitments" for the industry.
Two debt sellers allegedly posted the people's personal information on unencrypted, publicly accessible spreadsheets that were post online.
An Incapsula survey revealed that the average DDoS attack costs a business roughly $40,000 per hour.
Neglecting to implement the Patch Tuesday fix for both bugs could prove dangerous, researchers say.
A new Pew Research study on Americans' privacy perceptions after the Edward Snowden leaks shows that most people assume their personal data isn't kept private online.
BrowserStack experienced an attack on Sunday that resulted in partial user information being accessed and bogus emails being sent to about 5,000 users.
A Cyphort Labs report provides an in-depth analysis of Backoff, BlackPOS and FrameworkPOS, malware used in some of the biggest breaches.
Among the updates is a critical fix for a Windows OLE flaw, marking a second patch for the bug.
The anonymity software's moderators aren't entirely sure how up to 50 illicit websites were discovered and shut down this past week.
Using WireLurker malware, the attack plays off a vulnerability in third-party app stores to overwrite legitimate apps with malicious ones.
One-time passwords (OTPs) sent via SMS are increasingly the target of Android malware, the report by Javelin revealed.
The United States Postal Service (USPS) announced on Monday that an investigation is underway regarding a cyber security intrusion into some of its systems.
Seventeen suspected members of online marketplaces, including Silk Road 2.0's alleged operator, have been arrested.
Home Depot announced on Thursday that approximately 53 million email addresses were stolen in the data breach that the company confirmed in early September.
This month's bulletins include five "critical" and nine "important" fixes that address remote code execution, elevation of privilege, and denial of service bugs, among others.
After months of looking for him, Baden was nabbed in Tijuana when tips began coming in about his whereabouts.
WireLurker was first observed infecting OS X systems when a user downloaded a trojanized app from a third-party store in China, and then infecting iOS devices that connected to the infected OS X system via USB.
Trend Micro detailed the variant and attackers' delivery techniques.
Vectra's Post Breach Report analyzed data gathered from more than 100,000 hosts over five months.
Security firm Bitglass analyzed three years worth of HHS breach records for its report.
American Express Token Service is based on a technical framework developed by EMVCo.
Trend Micro researchers observed a phishing attack involving the use of a proxy program that acts as a relay to a legitimate website.
The Sandworm Team, a supposed Russian APT group, is known for spreading BlackEnergy malware by way of spear phishing.
On Oct. 27, researchers with Symantec observed that Spin.com was redirecting visitors to the Rig Exploit Kit to serve them malware.
Sign up to our newsletters
SC Magazine Articles
- Impact of Linux bug 'grinch' spans servers, workstations, Android devices and more
- More than 100K WordPress sites compromised by malware due to plugin vulnerability
- Phishing email contains Word doc, enabling macros leads to malware infection
- Critical 'Misfortune Cookie' bug puts millions of internet-connected routers at risk
- White House calls Sony hack a "serious national security matter," gov't mulls proper response
- Neverquest botnet furthers crimeware-as-a-service biz for fraudsters
- Solo attacker likely responsible for phishing campaign, delivering Zeus variant
- Telecommunications companies on the line with FTC, FCC for cramming schemes
- The 10 POS malware families this holiday season
- White House calls Sony hack a "serious national security matter," gov't mulls proper response