Twitter has shut down 125K accounts amid terrorism concerns since mid-2015

Twitter has shut down 125K accounts amid terrorism concerns since mid-2015

In an effort to help curb terrorism, Twitter has suspended 125,000 accounts since mid-2015 that it said threatened or promoted terrorist acts.

Mozilla unveils timetable for discontinuing Firefox OS

Mozilla unveils timetable for discontinuing Firefox OS

Mozilla yesterday shed new light on its plan to phase out its Firefox operating system and instead focus on Internet of Things solutions, with an emphasis on data privacy and security.

Panther Creek senior arrested for hacking school, changing grades

Panther Creek senior arrested for hacking school, changing grades

In an oft-repeated tale, a senior at Panther Creek High School was arrested on felony and misdemeanor charges for hacking into a school computer and changing grades.

Energy sector execs see successful cyberattack as likely

Energy sector execs see successful cyberattack as likely

A cyberattack on a company in the energy, utility, oil and gas sectors is fully capable of causing harm to the physical plant, according to a Tripwire survey of IT professionals working in these fields.

Private sector can't ignore threat intel

As IT security decision-makers wrestle with how to evaluate threat intelligence solutions, especially in light of the recent demise of intel provider Norse Corp., a new report highlighted the perils of ignoring threat intelligence.

Powell, Rice use of private email highlights government-wide security problem

Powell, Rice use of private email highlights government-wide security problem

The Office of the Inspector General (OIG) said Colin Powell and Condeleeza Rice both used private email for classified information and a heavily redacted email from John Kerry showed that he likewise used a private email account

DayZed and confused: users' data purloined from zombie server

DayZed and confused: users' data purloined from zombie server

Users of the DayZ zombie shoot 'em up have been informed by the developer that their passwords and messages have been stolen by hackers.

Integrating mobile: Mobile security

Integrating mobile: Mobile security

From sales staff working the floor in large stores to corporate road warriors flitting from city to city, there is no debate about the degree to which mobile devices have increased productivity.

Privacy Shield is here, now orgs., lawmakers must take action

Privacy Shield is here, now orgs., lawmakers must take action

To meet the more stringent requirements laid out in the EU-U.S. Privacy Shield pact inked Tuesday, organizations are going to have to up their data protection game and Congress must accelerate passage of the Judicial Redress Act.

Smart office buildings have more backdoors than the designers intended: IBM

Smart office buildings have more backdoors than the designers intended: IBM

Hacking into a "smart" office building was easier than one might think with the potential end result being disastrous for the facility and the people working inside, according to a recent test conducted by IBM X-Force researchers.

Student SSNs exposed in University of Central Florida breach

Student SSNs exposed in University of Central Florida breach

The University of Central Florida today publicly acknowledged a data breach in which the Social Security (SSN) numbers of 63,000 current and former students were illegally accessed.

New security tool to mask your face available on Ashley Madison

New security tool to mask your face available on Ashley Madison

For anyone wanting to remain anonymous, Ashley Madison is now allowing its users to add a mask to their profile picture with a new security tool called discreet photo.

New research reveals 71 percent of UK organisations not cyber-resilient

New research reveals 71 percent of UK organisations not cyber-resilient

Study of 450 UK IT and security professionals uncovers insufficient planning and lack of clear ownership as major inhibitors to achieving cyber resilience.

Teaming up IT and legal departments for better corporate security

Teaming up IT and legal departments for better corporate security

Companies looking to create strong security and privacy protocols have to encourage their IT and legal departments to not only work together, but each should learn a little of the others' job.

What does settlement really mean?

What does settlement really mean?

Companies are facing a predicament when charged with federal regulatory violations over alleged failures to establish cybersecurity policies and/or protect personally identifiable information (PII).

FireEye nabs automation and orchestration firm Invotas

FireEye nabs automation and orchestration firm Invotas

FireEye Inc. acquired Invotas International Corp., a cybersecurity company that focuses on security automation and orchestration.

Researchers spot trojan targeting dozens of Google Play games

Researchers spot trojan targeting dozens of Google Play games

Researchers at Dr. Web spotted the Android.Xiny.19.origin trojan incorporated into more than 60 games in the Google Play Store.

Ransomware DMA Locker's encryption may be weak, but its flaws are dangerous

Ransomware DMA Locker's encryption may be weak, but its flaws are dangerous

An amateurish ransomware known as DMA Locker could crash while encrypting files, leaving users confused as to why their machines aren't operational.

After Norse: VCs, pros eye cyber investments

After Norse: VCs, pros eye cyber investments

IT pros look at lessons that can be learned from the collapse of Norse Corp.

EC wants to crack down on virtual currency exchanges

EC wants to crack down on virtual currency exchanges

Crypto-currencies like Bitcoin may not be as anonymous as they once were as the European Commision announces its intention to regulate the virtual currency exchanges that, the Commission says, aid terrorist financing.

Information governance hard to achieve, worth effort to protect data

Information governance hard to achieve, worth effort to protect data

Information governance (IG) is nearly impossible to achieve, but is a goal worth pursuing to protect the privacy of sensitive data and ensure organizations can meet discovery requests, according to a panel at the LegalTech show in New York.

Former DOE staffer nailed for attempting spearphishing attack

Former DOE staffer nailed for attempting spearphishing attack

A former Department of Energy (DOE) employee pleaded guilty for attempting spearphishing attacks against other DOE workers.

Malwarebytes says sorry for multiple AV bugs, still unpatched

Malwarebytes says sorry for multiple AV bugs, still unpatched

Malwarebytes' CEO has apologised, and launched a bug bounty scheme, after Google Project Zero researchers exposed the latest in a long line of anti-virus product flaws.

Update: eBay 'cesspit' has 'no plans' to fix severe vulnerability

Update: eBay 'cesspit' has 'no plans' to fix severe vulnerability

Though a large vulnerability was discovered in eBay's global sales platform, the company has 'no plans' to fix the active code exploit.

Corporate legal dept. finds role shifting amid cybersecurity, privacy concerns

Corporate legal dept. finds role shifting amid cybersecurity, privacy concerns

Corporate legal departments are grappling with the changing role of corporate legal departments as they assume a greater role in security and privacy.

Researchers spot macro malware used to spread Neutrino

Researchers spot macro malware used to spread Neutrino

Researchers at Zscaler spotted attackers using macro malware as a vector to spread the Neutrino bot via spearphishing emails.

Fast and furious: breaches keep rolling in, orgs must act quickly

Fast and furious: breaches keep rolling in, orgs must act quickly

The threat landscape and nature of data breaches are constantly changing, requiring lightning fast response and throwing organizations into an nearly perpetual state of transformation, a panelist told attendees at the LegalTech Show in New York on Tuesday.

Flash is dead. Long live Flash.

Flash is dead. Long live Flash.

Flash has a reputation for security flaws, but experts say it is time to develop a strategy for "dealing" because its ubiquity means it will remain for years to come. Alan R. Earls reports.

Dumping data to mititgate risk: LegalTech panel

Dumping data to mititgate risk: LegalTech panel

The advent of free, or very inexpensive cloud storage, is presenting organizations with the dilemma of what data to save and what to ditch in order to both save money and mitigate risk.

U.S. and EU reach 'Privacy Shield' pact replacing Safe Harbor

U.S. and EU reach 'Privacy Shield' pact replacing Safe Harbor

U.S. and European officials announced a new data-transfer deal on Tuesday designed to replace the Safe Harbor agreement that was ruled invalid by a European court three months ago.

Researchers spot bugs in toys that could expose personal data

Researchers spot bugs in toys that could expose personal data

Researchers at Rapid7 discovered vulnerabilities in Fisher-Price's Smart Toy and hereO's GPS platforms that could expose user data.

Audit uncovers flaws in U.S.'s 'EINSTEIN' cybersecurity program

Audit uncovers flaws in U.S.'s 'EINSTEIN' cybersecurity program

A new report from the U.S. Government Accountability Office exposes multiple perceived flaws in the Department of Homeland Security's National Cybersecurity Protection System, otherwise known as EINSTEIN.

Protecting the corporate data 'crown jewels'

Protecting the corporate data 'crown jewels'

With the knowledge that an organization sooner or later will suffer a breach, IT security professionals have to focus on protecting their company's most important nuggets of information.

AnonSec claims credit for NASA drone hack

AnonSec claims credit for NASA drone hack

Hacking group AnonSec released 250 GB of data that it says proves it commandeered a $222.7 million NASA drone and for months pilfered information.

Intel agencies will target newer, encryption-free tech for surveillance programs: Harvard report

Intel agencies will target newer, encryption-free tech for surveillance programs: Harvard report

A report today from Harvard University's Berkman Center for Internet and Society predicts that in lieu of backdoors to encrypted messaging apps, intelligence agencies will increasingly turn to less fortified vectors to conduct digital surveillance.

Cybercrime for sale

Cybercrime for sale

William Noonan, U.S. Secret Service, says organizations must work together to prevent new threats.

Apache server default setting leaves Tor users' identities vulnerable

Apache server default setting leaves Tor users' identities vulnerable

A default configuration used by the Apache server has been discovered as vulnerable to uncovering the identity of Tor users.

TaxSlayer breached: 8,800 customers notified PII may be compromised

TaxSlayer breached: 8,800 customers notified PII may be compromised

Tax preparation software publisher TaxSlayer notified about 8,800 of its customers last week that an unauthorized third party may have gained access to the personal information contained on their tax return.

MediaTek code exposes Android KitKat devices

MediaTek code exposes Android KitKat devices

Independent security researcher Justin Case discovered a "backdoor" in a processor made by manufacturer MediaTek.

Liberty Reserve mastermind pleads guilty to money laundering

Liberty Reserve mastermind pleads guilty to money laundering

The founder of Liberty Reserve virtual currency pleaded guilty to running an enterprise that laundered more than $250 million obtained by criminals through identity theft, credit card fraud, computer hacking and other illicit activities.

GCHQ certified course to improve cyber-attack response and recovery

GCHQ certified course to improve cyber-attack response and recovery

If they are to limit damaging effects, enterprises must prepare and equip themselves with the proper skills to react to and prevent cyber-attacks.

TalkTalk loses 250,000 customers post-breach - now supplier scam too

TalkTalk loses 250,000 customers post-breach - now supplier scam too

Talk Talk has lost seven percent of its broadband customers since its data breach, and in India arrests have been made as part of an investigation into phone scams targeting TalkTalk customers.

ISIS Cyber Caliphate migrating to new communications platform

ISIS Cyber Caliphate migrating to new communications platform

Cyber Caliphate announced in a post on its Telegram account on Friday that he jihadi hacking group would migrate communications to Threema.

LG G3 vulnerability allows arbitrary JavaScript code

LG G3 vulnerability allows arbitrary JavaScript code

Researchers at BugSec and Cynet discovered a bug in the LG G3 Android smartphone that could allow an attacker to run arbitrary code.

U.S. online users more concerned with privacy than income loss

U.S. online users more concerned with privacy than income loss

American consumers are more preoccupied with data privacy than losing their main source of income with 92 percent of respondents in a new survey.

HSBC UK online banking operations disrupted by DDoS attack

HSBC UK online banking operations disrupted by DDoS attack

HSBC UK this morning was the target of a DDoS attack that flooded the financial institution's systems with manufactured traffic, much to the dismay of online banking customers who were unable to access and manage their accounts.

FireEye report identifies iOS security storm-in-a-tea-cup

FireEye report identifies iOS security storm-in-a-tea-cup

FireEye researchers have released a report which details potential security issues with software used to dynamically patch iOS apps.

IRS, FTC initiatives tackle identity theft

IRS, FTC initiatives tackle identity theft

An IRS program launched to improve fraud prevention needs improvements, the Treasury Inspector General for Tax Administration said -- as the FTC rolls out an upgraded identity theft website.

CISO salaries and demand for cyber-skills skyrockets, surprising no-one

CISO salaries and demand for cyber-skills skyrockets, surprising no-one

Two new reports from recruitment company BeecherMadden have shown demand for cyber-skills to be rising massively with few able to meet that demand while CISO salaries are also going up.

Judiciary committee adds amendment to Judicial Redress, sends to Senate for vote

Judiciary committee adds amendment to Judicial Redress, sends to Senate for vote

The Senate Judiciary Committee gave the nod to the Judicial Redress Act, which would provide citizens of major U.S. allies a course of redress regarding information shared with U.S. law enforcement, sending it on to the full Senate.

Data Privacy Day: Cybersecurity experts share advice on protecting data

Data Privacy Day: Cybersecurity experts share advice on protecting data

With Data Privacy Day now upon us, cybersecurity experts from across the industry have offered their advice on how both individuals and organizations can protect their data.

Data Privacy Day: Chip card adoption growing, but problems linger

Data Privacy Day: Chip card adoption growing, but problems linger

The roll out of the EMV cards last fall was expected to bring a new level of data security to American consumers and retailers, but depending upon whom one speaks the cards have either been a boon or a bust.

Data Privacy Day: Changes transform policy, perspective since last year

Data Privacy Day: Changes transform policy, perspective since last year

SCMagazine.com asked key thought leaders to identify key events in last year that have reshaped public policy and expectations of what happens—and what should happen—to personally identifiable information when users go online.

Netgear ProSafe gigabit switch vulnerable to password reset

Netgear ProSafe gigabit switch vulnerable to password reset

An authentication bypass in NSDP on the Netgear ProSafe GS105Ev2 gigabit switch is possible due to a password reset vulnerability.

Gemalto reporting on a global lack of payment data security

Gemalto reporting on a global lack of payment data security

New research by the Ponemon Institute commissioned by Gemalto is showing there is a critical need for organisations to improve their payment data security practices.

Samsung security update fixes critical bugs hidden in Galaxy devices, Android OS

Samsung security update fixes critical bugs hidden in Galaxy devices, Android OS

The latest maintenance release from Samsung will include security patches that address several vulnerabilities capable of triggering arbitrary code executions, causing memory corruptions, or rebooting factory reset protections and reactivation locks (FRP/RL).

Scarlet Mimic group targets minority activists, likely government supported

Scarlet Mimic group targets minority activists, likely government supported

Unit 42 researchers said Scarlet Mimic is behind attacks against minority rights activists that began more than four years, though they've shifted both their tactics and the malware used.

Scammers increasingly using rogue extensions to victimize Chrome and ChromeOS users

Scammers increasingly using rogue extensions to victimize Chrome and ChromeOS users

Despite the safety mechanisms baked into the Chrome browser and ChromeOS, Malwarebytes has found hackers are using rogue extensions to perform everything from malvertising attacks to installing adware.

PayPal's business site vulnerable to remote code execution

PayPal's business site vulnerable to remote code execution

Michael Stepankin, also known as Artsploit, has disclosed a major vulnerability in PayPal's business site, allowing remote code execution.

DDoS attacks on the rise - touching 500gbps

DDoS attacks on the rise - touching 500gbps

DDoS attacks are on the increase and getting bigger and more widespread, according to research released by Arbor Networks.

Consumers don't trust orgs to protect data, survey says

Consumers don't trust orgs to protect data, survey says

The majority of consumers surveyed by YouGov are skeptical that organizations securely handle the data they share online.

Maryland AG claims warrantless stingray use didn't violate suspect's rights

Maryland AG claims warrantless stingray use didn't violate suspect's rights

The Maryland Attorney General argued on appeal of a lower court ruling that the warrantless use of a stingray did not violate a suspect's Fourth Amendment right.

FIC 2016: Bernard Cazeneuve says 'do away with internal partitions'

FIC 2016: Bernard Cazeneuve says 'do away with internal partitions'

Bernard Cazeneuve, France's minister of the interior, has called for greater cooperation between states, businesses and citizens in the fight against online radicalisation and cyber-crime.

Industry pros concerned with AWS free cert offering

Industry pros concerned with AWS free cert offering

Amazon Web Services said it would offer free certificates to help companies automate use of TLS/SSL cryptographic protocols.

New Magic ransomware abuses open-source 'educational' code

New Magic ransomware abuses open-source 'educational' code

Malware based on open-source code, created for educational purposes only, has been spotted in the wild by Bleeping Computer's Lawrence Abrams.

30 years later, CFAA still flawed, needs reform, attorney argues

30 years later, CFAA still flawed, needs reform, attorney argues

In observance of the 30th anniversary of the Computer Fraud and Abuse Act, attorney Peter J. Toren argued that the law remains too vague.

Video: 'It's asymmetrical warfare' between the hackers and defenders

Video: 'It's asymmetrical warfare' between the hackers and defenders

Mushrooming numbers of BYOD and IOT devices is putting corporate networks at risk, says ForeScout CEO Michael DeCesare in an exclusive video interview.

Symantec detects 3,500 servers infected with a malicious script

Symantec detects 3,500 servers infected with a malicious script

Symantec reported the worldwide infection of 3,500 public servers with a malicious script that redirects its victims to other compromised websites and said it believes could be part of a recon effort for future attacks.

Social media and tech giants must combat online extremism better

In the past year, Islamic State (IS), formerly ISIS/ISIL, has used social media and encrypted online platforms to recruit terrorists and promote propaganda content.

White House hands over background checks to new agency, IT managed by DoD

White House hands over background checks to new agency, IT managed by DoD

The Obama administration is establishing a new agency tasked with conducting background checks on contractors and government employees.

FACC AG, Belgian bank fall victim to BEC

FACC AG, Belgian bank fall victim to BEC

An aircraft components designer and a Belgian bank were the latest victims of the business email compromise (BEC), prompting the IC3 to issue an alert.

E&Y: Cyberthreats the No. 2 driver of forensic data analytics deployments

E&Y: Cyberthreats the No. 2 driver of forensic data analytics deployments

Businesses are expanding their use of forensic data analytics (FDA) to investigate and combat fraud, especially as fears of cyberattacks and internal data threats spike, according to an Ernst & Young report.

U.S. Supreme Court affirms Exel exec's hacking conviction

U.S. Supreme Court affirms Exel exec's hacking conviction

The felony conviction of former Exel Transportation Services (ETS) President Michael Musacchio, who used the information he pilfered from his former employer to start a new company, still stands, the U.S. Supreme Court said Monday.

UK privacy watchdog warns consumers that shops can track them

UK privacy watchdog warns consumers that shops can track them

The UK's privacy watchdog warns that facial recognition software and handset identifiers broadcasted via Wi-Fi are allowing UK retailers to track and target their customers through their smartphones.

Magento issues fixes for 20 vulnerabilities, two rated critical

Magento issues fixes for 20 vulnerabilities, two rated critical

E-commerce content management provider Magento issued several patches to fix XSS vulnerabilities that could have injected a malicious JavaScript code into the company's online ordering form allowing the system to be taken over remotely.

Survey says: Data breaches in other industries will damage financial institutions

Survey says: Data breaches in other industries will damage financial institutions

Respondents to a new survey from FICO unanimously agreed: Data breaches this year in other industries will damage financial institutions.

Strasbourg approves unified approach to digital single market

Strasbourg approves unified approach to digital single market

The European Parliament has approved its report, Towards a Digital Single Market Act, with cyber-security a major concern. We speak to Estonian MEP Kaja Kallas.

Fortinet on SSH vulnerabilities: look, this really isn't a backdoor, honest

Fortinet on SSH vulnerabilities: look, this really isn't a backdoor, honest

Security firm goes full disclosure on mechanics of SSH issue and finds three more vulnerabilities

Microsoft and US government clash over Ireland-held cloud data

Microsoft and US government clash over Ireland-held cloud data

Microsoft has rejected a request by the US government to hand over data the software giant holds in Ireland, claiming that the data in question doesn't belong to the company and raising questions of data jurisdiction.

Ashley Madison users threatened with extortion in letters

Ashley Madison users threatened with extortion in letters

Since the Ashley Madison breach, some users of the infidelity service have received blackmail letters via the US postal system from extortionists threatening to blow their cover.

Survey: 64 percent of IT execs think achieving basic compliance will stop most breaches

Survey: 64 percent of IT execs think achieving basic compliance will stop most breaches

64 percent of more than 1,100 IT security executives believe that simply meeting cybersecurity compliance requirements, as opposed to striving for best practices, is "very" or "extremely" effective at preventing data breaches.

Cisco patches multiple critical flaws

Cisco patches multiple critical flaws

Cisco released patches for multiple vulnerabilities that would allow remote attackers to takeover infected devices.

BlackBerry: No, police did not break our encryption

BlackBerry: No, police did not break our encryption

BlackBerry would like its users to know its phones are "as safe as they have always been" after reports that Dutch police are capable of reading encrypted BlackBerry messages.

NSA chief: anti-encryption arguments 'waste of time' as new reports note 'chill' effect

NSA chief: anti-encryption arguments 'waste of time' as new reports note 'chill' effect

The NSA's director, Admiral Mike Rogers, changed his stance on encryption, calling it "foundational to the future."

Kaspersky detects surge in 'Asacub' mobile banking trojan attacks

Kaspersky detects surge in 'Asacub' mobile banking trojan attacks

What was once a low-threat, basic spyware trojan has evolved into very powerful banking malware capable of giving hackers near-total control over one's Android device, warned Kaspersky Lab yesterday.

Nivdort trojan found in new Facebook phishing attack

Nivdort trojan found in new Facebook phishing attack

The cybercriminals who targeted WhatsApp users with malware may be behind a phishing scam that is now going after Facebook users, according to a new report.

Symantec reseller caught using Norton name in tech support scam

Symantec reseller caught using Norton name in tech support scam

Malwarebytes discovered a tech support scam run by a member of Symantec's partner program that not only sells its victims unnecessary tech support services, but also legitimate Norton products.

Nest, other IoT devices, sent user info in the clear

Nest, other IoT devices, sent user info in the clear

Researchers at Princeton University's Center for Information Technology Policy (CITP) found security vulnerabilities in many of the most popular IoT devices that they looked at, including Google's Nest Thermostat.

Bot fraud will net criminals $7.2bn from advertising budgets in 2016

Bot fraud will net criminals $7.2bn from advertising budgets in 2016

Advertisers are losing billions to ad-clicking botnets that generate fake traffic, according to a study by the Association of National Advertisers and security vendor White Ops.

House of Cards' Kevin Spacey fears Sony hack repeat

House of Cards' Kevin Spacey fears Sony hack repeat

Having recently taken on the studio boss role at Relativity Studios, House of Cards star Kevin Spacey fears a hack similar to that of Sony Pictures will occur again.

DDoS attack disrupts Irish National Lottery

DDoS attack disrupts Irish National Lottery

The Irish National Lottery website and ticket machines operations have been disrupted by a cyber-attack.

New wave of attacks on Ukrainian power plants

New wave of attacks on Ukrainian power plants

Researchers at ESET detected a new wave of cyberattacks on power plants in Ukraine that use different malware than in previous attacks.

Bridging the Linux security perception gap

Bridging the Linux security perception gap

A newly-discovered privilege-escalation vulnerability in the Linux kernel has once again opened the debate around just how secure the open-source operating system really is.

States introduce flurry of privacy legislation, filling void left by Congress

States introduce flurry of privacy legislation, filling void left by Congress

Sixteen states and the District of Columbia have stepped up to fill the void in privacy protection with the introduction today of more than 30 bipartisan privacy-related bills that cover everything from safeguarding to putting parameters on the use of location data.

Social engineering scam targets SMBs with trojans, report warns

Social engineering scam targets SMBs with trojans, report warns

A crude but dangerous email-based social engineering scam has been targeting small-to-medium-size businesses in the U.S., U.K. and India since early 2015, the Symantec Security Response blog warned today.

Oracle patches 248 bugs

Oracle patches 248 bugs

Oracle released an update to patch 248 vulnerabilities found in over 50 product lines, including Oracle Database, Java SE, and Oracle E-Business Suite, and other products.

Princeton PhD candidate develops framework for measuring web privacy

Princeton PhD candidate develops framework for measuring web privacy

Steven Englehard, a PhD candidate at Princeton University, unveiled his open source web measurement platform developed to allow for online tracking measurement.

Affinity Gaming sues Trustwave over data breach

Affinity Gaming sues Trustwave over data breach

Affinity Gaming has brought a suit against Trustwave, accusing the cybersecurity company of failing to adequately investigate and remedy a data breach.

Ransomware and POS attackers to zero in on small businesses, retailers

Ransomware and POS attackers to zero in on small businesses, retailers

Small businesses and retailers should expect cybercriminals to pay extra attention to them in the coming months with ransomware and point of sale attacks becoming even more common.

Dropbear SSH daemon doesn't authenticate users

Dropbear SSH daemon doesn't authenticate users

A critical authentication bug has been discovered in Advantech's EKI series of Modbus-to-TCP/IP gateways.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US