VBA malware on rise, templates make it easier to write code

VBA malware on rise, templates make it easier to write code

Researchers at SophosLabs found an uptick in VBA samples in July.

Citadel used in APT attacks against petrochemical firms

Citadel used in APT attacks against petrochemical firms

In an interesting twist, financial malware Citadel was used to infect firms outside of the finance sector via APT attacks, Trusteer found.

Yelp and TinyCo settle with FTC over COPPA Rule violations

Yelp and TinyCo settle with FTC over COPPA Rule violations

Yelp will pay $450,000, and TinyCo will pay $300,000 to settle charges that their mobile apps collected information from children under the age of 13.

Tinba variant aimed at U.S., international banks

Tinba variant aimed at U.S., international banks

Researchers at AVAST have unlocked a Tinba variant and discovered it has been customized to target U.S. financial institutions.

Android bug allowing SOP bypass a 'privacy disaster,' researcher warns

Android bug allowing SOP bypass a 'privacy disaster,' researcher warns

Google reportedly addressed the issue, but many users likely await the fix from providers or OEMs.

Phishing campaign targeting financial and healthcare institutions

Phishing campaign targeting financial and healthcare institutions

Several thousand phishing emails have been sent to employees at small to medium-sized financial and healthcare organizations in the U.S.

'Moafee' and 'DragonOK' APT groups leverage similar attack tools, techniques

'Moafee' and 'DragonOK' APT groups leverage similar attack tools, techniques

FireEye investigated the "production line" approach taken up by various APT groups infiltrating organizations.

Mobile app study reveals privacy concerns

Mobile app study reveals privacy concerns

Of the more than 1,200 mobile apps that were assessed in a recent study, 75 percent requested one or more permissions.

Former CTO of Liberty Reserve pleads guilty in New York

Former CTO of Liberty Reserve pleads guilty in New York

Mark Marmilev pleaded guilty on Thursday for his part in a money laundering conspiracy.

PCI Council updates skimming prevention guidance

PCI Council updates skimming prevention guidance

On Wednesday, PCI SSC updated its card skimming prevention guidance for the first time in five years.

21-year-old 'swatting' suspect arrested in Connecticut

21-year-old 'swatting' suspect arrested in Connecticut

Matthew Tollis is thought to have participated in multiple swatting Skype calls that targeted Harvard University and Boston University, among others.

Google says Gmail credential dump not result of company breach

Google says Gmail credential dump not result of company breach

Gmail credentials for nearly 5 million accounts leaked Wednesday, but many of the username-password combinations appeared to be incorrect or old.

Internet Explorer security feature blocks outdated ActiveX controls

Internet Explorer security feature blocks outdated ActiveX controls

Microsoft introduced a security feature in versions of Internet Explorer that blocks out-of-date ActiveX controls.

Microsoft held in contempt, moves closer to appeal over customer email warrant

Microsoft held in contempt, moves closer to appeal over customer email warrant

Microsoft continues to fight an order requesting it to turn over customer emails stored in a data center in Ireland.

Report: 31 percent of detected threats in 2014 attributed to Conficker

Report: 31 percent of detected threats in 2014 attributed to Conficker

F-Secure noted in its mid-year report that the Conficker worm continues to impact users and that Gameover Zeus still poses a threat.

Microsoft addresses 42 bugs in four bulletins on Patch Tuesday

Microsoft addresses 42 bugs in four bulletins on Patch Tuesday

One bulletin is deemed critical and addresses 37 vulnerabilities in Internet Explorer that enable remote code execution.

Sensys Networks releases updates to address vehicle traffic sensor vulnerabilities

Sensys Networks releases updates to address vehicle traffic sensor vulnerabilities

Sensys Networks addressed two vulnerabilities in its vehicle traffic sensors that were discovered by Cesar Cerrudo, CTO of IOActive Labs.

Target tells court its not liable in bank class-action suit

Target tells court its not liable in bank class-action suit

In a filing in U.S. District Court, Target said merchants and banks "have no direct dealings" in payment transactions.

Salesforce warns of Dyre malware possibly targeting users

Salesforce warns of Dyre malware possibly targeting users

Salesforce posted a notification that its users are possibly being targeted by Dyre malware and offered some recommendations to avoid the threat.

BlackPOS malware that struck Target also linked to Home Depot breach, report says

BlackPOS malware that struck Target also linked to Home Depot breach, report says

The same malware that reportedly struck Target also hit Home Depot's POS systems, a new report from Brian Krebs reveals.

Phishing continues to be effective, McAfee Labs report shows

Phishing continues to be effective, McAfee Labs report shows

Out of 16,000 business users who took the McAfee Phishing Quiz, 80 percent fell for at least one of seven phishing emails.

Microsoft plans four patches, one critical, for Patch Tuesday

Microsoft plans four patches, one critical, for Patch Tuesday

The sole critical patch this month will address remote code execution issues in Internet Explorer.

APT group adapts Windows backdoor to target Mac computers

APT group adapts Windows backdoor to target Mac computers

The backdoor, called "XSLCmd," was detected in earlier attacks on Windows systems, FireEye found.

DDoS attacks rally Linux servers

DDoS attacks rally Linux servers

A significant string of distributed denial-of-service (DDoS) campaigns during the second quarter of 2014 were driven by Linux web servers.

Report: China's underground activity doubled last year

Report: China's underground activity doubled last year

Trend Micro found that compromised hosts, DDoS attack services and remote access trojans were the most coveted offerings in the marketplace last year.

Goodwill announces breach, more than 800K payment cards compromised

Goodwill announces breach, more than 800K payment cards compromised

Goodwill confirmed that payment card data was accessed following a malware attack on a third-party vendor used in about 10 percent of its stores.

Google acceleration of SHA-1 deprecation draws resistance

Google acceleration of SHA-1 deprecation draws resistance

Google said Chrome 39, to be released within 12 weeks, will treat some sites as untrusted, accelerating the transition and user woes.

'KorBanker' steals SMS messages, takes authentication codes in the process

'KorBanker' steals SMS messages, takes authentication codes in the process

Android devices in Korea have primarily been impacted by the malware.

Firefox 32 includes public key pinning, fixes critical vulnerabilities

Firefox 32 includes public key pinning, fixes critical vulnerabilities

Mozilla enabled public key pinning support in Firefox 32 primarily as a way to defend against man-in-the-middle attacks.

Home Depot investigates possible payment card breach

Home Depot investigates possible payment card breach

Home Depot said on Tuesday that it is working with its banking partners and law enforcement to investigate a possible data breach.

FBI, Apple investigate celebrity photo hacking incident

FBI, Apple investigate celebrity photo hacking incident

Reports surfaced that iCloud vulnerabilities may have allowed hackers to obtain personal photos, including nude images, of over 100 celebrities.

Company news: New hires at Accuvant, ZeroFox and ThreatStream

New hires at Accuvant, ZeroFOX and ThreatStream, while a divestiture at Juniper and an acquisition for BlackBerry.

News briefs: The latest on Sony, Android, Backoff malware and more.

News briefs: The latest on Sony, Android, Backoff malware and more.

This month's news briefs cover a preliminary settlement Sony will bear for the exposure of 77 million customers, and more.

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical info

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm RAT

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Malicious ads impact Java.com, TMZ and Photobucket site visitors, firm finds

Malicious ads impact Java.com, TMZ and Photobucket site visitors, firm finds

Several high-profile websites were impacted by a malvertising campaign, which Fox-IT helped dismantle.

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of 'high-risk' bugs

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system is released.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child porn charges

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.

Nearly 70 percent of IT pros target of weekly phishing attacks, HP finds

Nearly 70 percent of IT pros target of weekly phishing attacks, HP finds

On Wednesday, HP TippingPoint released its State of Network Security survey which polled hundreds of professionals.

Hackers deliver Kelihos to users sympathetic to Russian 'cause'

Hackers deliver Kelihos to users sympathetic to Russian 'cause'

Playing off the Ukraine conflict, a Kelihos campaign promises victims software to help the Russian cause but delivers malware instead.

Study shows how attackers make use of websites existing for less than 24 hours

Study shows how attackers make use of websites existing for less than 24 hours

Looking at the top 50 of parent domains that produced websites existing for less than 24 hours, researchers with Blue Coat Security Labs observed that 22 percent were malicious.

IBM projects 2014 bug disclosures may hit three-year low

IBM projects 2014 bug disclosures may hit three-year low

The number of disclosed vulnerabilities is on track to fall below 8,000 this year, a first since 2011.

New variants of POS malware 'Backoff' found as infections expand

New variants of POS malware 'Backoff' found as infections expand

The Secret Service said that over 1,000 U.S. businesses have been infected with the malware.

PlayStation Network downed by DDoS attack, other gaming networks hit too

PlayStation Network downed by DDoS attack, other gaming networks hit too

Gamers were unable to use the PlayStation Network for most of Sunday due to a DDoS attack, and other gaming networks also suffered from similar problems throughout the weekend.

Reveton packaged with password stealer impacts users in U.S.

Reveton packaged with password stealer impacts users in U.S.

Users in the U.S. have been impacted by a variant of ransomware known as Reveton, which has been upgraded to include a powerful password stealer.

JPMorgan Chase customers targeted in massive phishing campaign

JPMorgan Chase customers targeted in massive phishing campaign

Roughly 500,000 emails have been sent out so far as part of a massive multifaceted phishing campaign targeting customers of JPMorgan Chase.

Study: Organizations lack training, budget to thwart insider threats

Study: Organizations lack training, budget to thwart insider threats

Of the 355 IT and security professionals surveyed, a majority indicated that they were ill-equipped to thwart a possible insider threat.

FireEye examines popular Google Play apps, 68 percent have SSL flaws

FireEye examines popular Google Play apps, 68 percent have SSL flaws

The firm analyzed 1,000 free apps in Google Play which were most downloaded by users.

Researcher hacks network connected devices in own home

Researcher hacks network connected devices in own home

In his own home, a researcher was able to hack various network connected devices that are not computers and mobile phones.

Study: Most higher ed malware infections attributed to 'Flashback'

Study: Most higher ed malware infections attributed to 'Flashback'

Flashback caused a stir in 2012 when some 650,000 Macs were infected with the malware.

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

Community Health Systems attackers exploited Heartbleed bug for access, firm says

Community Health Systems attackers exploited Heartbleed bug for access, firm says

Sources close to the breach investigation tipped off TrustedSec CEO David Kennedy.

AP denied security docs on HealthCare.gov, a risk to private information

AP denied security docs on HealthCare.gov, a risk to private information

The Associated Press was denied a request made under the Freedom of Information Act for documents that contain security information on HealthCare.gov.

Privacy rights group files complaint over Adobe, AOL Safe Harbor compliance

Privacy rights group files complaint over Adobe, AOL Safe Harbor compliance

The Center for Digital Democracy has asked the FTC to investigate 30 U.S. firms' data collection practices, including Adobe, AOL and Datalogix.

Community Health Systems breach may impact more than four million patients

Community Health Systems breach may impact more than four million patients

More than four million patients had data compromised after attackers hacked into the computer network of Community Health Systems and installed malware, according to reports.

Chinese national indicted over Boeing, Lockheed Martin hack

Chinese national indicted over Boeing, Lockheed Martin hack

With the help of two unknown co-conspirators, Su Bin allegedly stole trade secrets related to aircraft models from the defense contractors.

Mother sues Rady Children's Hospital, claims daughter's records revealed

Mother sues Rady Children's Hospital, claims daughter's records revealed

A mother says a breach at Rady Children's Hospital revealed her daughter's sensitive medical records.

SUPERVALU, AB Acquisition announce payment card breaches at grocery chains

SUPERVALU, AB Acquisition announce payment card breaches at grocery chains

SUPERVALU and AB Acquisition LLC are working together to investigate breaches that impacted both companies over the same time frame.

Infection rate from Zeus variant grows 1,879 percent

Infection rate from Zeus variant grows 1,879 percent

Arbor Networks used data from five sinkholes to assess the threat posed by newGOZ, a Zeus variant that steals banking credentials from victims.

Volumetric DDoS activity up big-time in Q2 2014, report indicates

Volumetric DDoS activity up big-time in Q2 2014, report indicates

In the second quarter of 2014, Verisign researchers noted a spike in volumetric DDoS activity when compared to previous quarters.

NSA works to automatically detect attacks, return strikes from foreign adversaries

NSA works to automatically detect attacks, return strikes from foreign adversaries

The NSA program, called "MonsterMind," is reportedly being developed by the intelligence agency.

ACLU, NYCLU court filing backs Facebook challenge to Manhattan DA

ACLU, NYCLU court filing backs Facebook challenge to Manhattan DA

The civil liberties groups contend in a brief filed in New York Supreme Court, that warrants and a gag order issued in the case were unconstitutional.

FCC creates task force to scrutinize illegal stingray use

FCC creates task force to scrutinize illegal stingray use

The task force will examine the use of the technology by foreign intelligence agencies and criminals targeting Americans.

Malware threatens virtual machines, according to report

Malware threatens virtual machines, according to report

Malware has become a threat to virtual machines and, nowadays, should be incorporated into security strategy, according to a Symantec report.

On Patch Tuesday, Microsoft releases nine patches for 37 bugs

On Patch Tuesday, Microsoft releases nine patches for 37 bugs

The tech giant's monthly security update includes two critical patches for IE and Windows.

Researchers trace 'Epic Turla' infection vector

Researchers trace 'Epic Turla' infection vector

Ten months after German security firm G-Data SecurityLabs released its findings on , researchers at Kaspersky Lab and Symantec have detailed a massive cyber-espionage operation.

Security movement urges automakers to collaborate with researchers

Security movement urges automakers to collaborate with researchers

A group of security pros called "I am The Cavalry" introduced a five star automotive cyber safety program.

PCI council releases third-party security assurance guidance

PCI council releases third-party security assurance guidance

The guidance is meant to help merchants and third parties better understand their roles and responsibilities in the payment security ecosystem.

Two new Gameover Zeus variants in the wild

Two new Gameover Zeus variants in the wild

About two months after botnet takedown efforts, new versions of the malware have surfaced in the U.S. and abroad.

DefCon: You cannot 'cyberhijack' an airplane, but you can create mischief

DefCon: You cannot 'cyberhijack' an airplane, but you can create mischief

In a session at DefCon 22, speakers explained that it is not possible to hack a plane and take control of the aircraft, but creating some mischief is still possible.

DefCon: Panel discusses diversty in security and just being yourself

DefCon: Panel discusses diversty in security and just being yourself

Being yourself and being able to be yourself were topics discussed at a panel on diversity in information security at DefCon 22.

DefCon: Stolen data markets are as organized as legitimate online businesses

DefCon: Stolen data markets are as organized as legitimate online businesses

In order to cause disruption within the stolen data markets of the dark web, its organizational structure must be analyzed, according to one expert at DefCon 22 in Las Vegas.

DefCon: Traffic control systems vulnerable to hacking

DefCon: Traffic control systems vulnerable to hacking

Cesar Cerrudo spoke at DefCon about how traffic control systems used in the U.S. and other countries can be hacked.

Black Hat 2014: Experts demo badUSB proof-of-concept tools

Black Hat 2014: Experts demo badUSB proof-of-concept tools

A wide host of devices rely on USB to make them usable but USB contains vulnerabilities that attackers can exploit.

Microsoft previews nine bulletins, critical fixes for Windows, IE ahead

Microsoft previews nine bulletins, critical fixes for Windows, IE ahead

Two critical fixes from the tech giant will plug RCE bugs impacting Windows and IE users.

Black Hat: Hackers execute code on mobile POS devices, play their version of Flappy Bird

Black Hat: Hackers execute code on mobile POS devices, play their version of Flappy Bird

Two hackers demonstrated how device vulnerabilities could allow attackers to access sensitive card data using multiple attack vectors.

Black Hat: Researchers hack into Cisco EnergyWise

Black Hat: Researchers hack into Cisco EnergyWise

Vulnerabilities in EnergyWise could let attackers cause huge blackouts if abused.

Black Hat: Bruce Schneier talks incident response, trends

Black Hat: Bruce Schneier talks incident response, trends

Bruce Schneier spoke on the state of incident response at Black Hat 2014, emphasizing that hackers will invariably breach networks.

Black Hat:"Saving cyberspace" requires next-level defense focus

Black Hat:"Saving cyberspace" requires next-level defense focus

Speaker Jason Healey warned that the internet can only endure so much abuse before it's irreversibly damaged.

Black Hat: Expert sheds light on government sponsored malware creation

Black Hat: Expert sheds light on government sponsored malware creation

F-Secure Chief Research Officer and acclaimed security expert Mikko Hypponen discussed the evolution of government-sponsored malware at Black Hat 2014.

Black Hat: Airport security equipment at risk

Black Hat: Airport security equipment at risk

Bugs in trace detection scanners, x-ray machines and time and attendance clocks could make them vulnerable to attack, according to experts at this year's Black Hat conference.

Black Hat: Hidden controls open 2 billion mobile devices to exploitation

Black Hat: Hidden controls open 2 billion mobile devices to exploitation

A pair of researchers from Accuvant at the 2014 Black Hat conference showed how the OMA-DM protocol can be leveraged to gain access to mobile devices.

Black Hat: Researcher demonstrates how he controlled room devices in luxury hotel

Black Hat: Researcher demonstrates how he controlled room devices in luxury hotel

An insecure home automation protocol allowed the hacker to control room amenities, like lights, TVs and temperature settings.

Black Hat keynote talks cyber policies for field's future

Black Hat keynote talks cyber policies for field's future

On Wednesday, Dan Geer delivered his keynote called "Cybersecurity as Realpolitik" at Black Hat.

More than a billion unique credentials pilfered by Russian hackers

More than a billion unique credentials pilfered by Russian hackers

Hold Security identified a Russian hacker group, dubbed "CyberVor," that is in possession of more than a billion unique credentials.

NIST drafts updated guidance for agencies assessing security, privacy

NIST drafts updated guidance for agencies assessing security, privacy

The guidance gives federal agencies improved assessment procedures for securing their information systems and networks.

PayPal addressing another two-factor authentication bypass

PayPal addressing another two-factor authentication bypass

An Australian researcher has discovered and posted a method for getting past PayPal's two-factor authentication, but it requires primary credentials.

NTP DrDoS down in Q2, multi-vector attacks up, study finds

NTP DrDoS down in Q2, multi-vector attacks up, study finds

Black Lotus's second quarter threat report attributed the decline in amplified attacks to successful patching and systems upgrades.

Android malware SandroRAT disguised as mobile security app

Users were lured by phishing emails, which supposedly contained a free Kaspersky mobile security app.

Script fails, thousands of Mozilla developer emails, passwords possibly exposed

Script fails, thousands of Mozilla developer emails, passwords possibly exposed

The script for a data sanitization process on the Mozilla Developer Network failed and the email addresses and passwords of thousands of users was publicly accessible.

About 2,800 victims of worldwide info-stealing campaign targeting various sectors

About 2,800 victims of worldwide info-stealing campaign targeting various sectors

Unknown attackers have claimed about 2,800 victims in an ongoing information-stealing campaign identified by Kaspersky Lab as "Crouching Yeti."

Study: CISO leadership capacity undervalued by most C-level execs

Study: CISO leadership capacity undervalued by most C-level execs

According to a ThreatTrack Security study, 74 percent of execs believed that CISOs didn't belong on organization's senior leadership teams.

PittyTiger spearphishing campaign speaks multiple languages

PittyTiger spearphishing campaign speaks multiple languages

A threat group operating out of China continues its damage using older exploits, FireEye researchers said.

Latest Citadel trick allows RDP access after malware's removal

Latest Citadel trick allows RDP access after malware's removal

Trusteer, an IBM company, said the new Citadel configuration was detected this month.

Nearly 600 U.S. businesses compromised by 'Backoff' POS malware

Nearly 600 U.S. businesses compromised by 'Backoff' POS malware

Attackers are brute-forcing remote desktop software to infect point-of-sale devices with relatively new malware known as Backoff.

SC Magazine brings home national and regional honors

SC Magazine brings home national and regional honors

SC Magazine earned distinction from two trade associations for its editorial content, art direction, use of social media and website.

Apple hit with privacy class-action over iPhone location service

Apple hit with privacy class-action over iPhone location service

A woman claims she did not realize the company was using location services to track her and accuses the company of giving the data to third parties.

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce reforms

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

Sign up to our newsletters

POLL