Home Depot investigates possible payment card breach

Home Depot investigates possible payment card breach

Home Depot said on Tuesday that it is working with its banking partners and law enforcement to investigate a possible data breach.

FBI, Apple investigate celebrity photo hacking incident

FBI, Apple investigate celebrity photo hacking incident

Reports surfaced that iCloud vulnerabilities may have allowed hackers to obtain personal photos, including nude images, of over 100 celebrities.

Company news: New hires at Accuvant, ZeroFox and ThreatStream

New hires at Accuvant, ZeroFOX and ThreatStream, while a divestiture at Juniper and an acquisition for BlackBerry.

News briefs: The latest on Sony, Android, Backoff malware and more.

News briefs: The latest on Sony, Android, Backoff malware and more.

This month's news briefs cover a preliminary settlement Sony will bear for the exposure of 77 million customers, and more.

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical info

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm RAT

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Malicious ads impact Java.com, TMZ and Photobucket site visitors, firm finds

Malicious ads impact Java.com, TMZ and Photobucket site visitors, firm finds

Several high-profile websites were impacted by a malvertising campaign, which Fox-IT helped dismantle.

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of 'high-risk' bugs

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system is released.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child porn charges

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.

Nearly 70 percent of IT pros target of weekly phishing attacks, HP finds

Nearly 70 percent of IT pros target of weekly phishing attacks, HP finds

On Wednesday, HP TippingPoint released its State of Network Security survey which polled hundreds of professionals.

Hackers deliver Kelihos to users sympathetic to Russian 'cause'

Hackers deliver Kelihos to users sympathetic to Russian 'cause'

Playing off the Ukraine conflict, a Kelihos campaign promises victims software to help the Russian cause but delivers malware instead.

Study shows how attackers make use of websites existing for less than 24 hours

Study shows how attackers make use of websites existing for less than 24 hours

Looking at the top 50 of parent domains that produced websites existing for less than 24 hours, researchers with Blue Coat Security Labs observed that 22 percent were malicious.

IBM projects 2014 bug disclosures may hit three-year low

IBM projects 2014 bug disclosures may hit three-year low

The number of disclosed vulnerabilities is on track to fall below 8,000 this year, a first since 2011.

New variants of POS malware 'Backoff' found as infections expand

New variants of POS malware 'Backoff' found as infections expand

The Secret Service said that over 1,000 U.S. businesses have been infected with the malware.

PlayStation Network downed by DDoS attack, other gaming networks hit too

PlayStation Network downed by DDoS attack, other gaming networks hit too

Gamers were unable to use the PlayStation Network for most of Sunday due to a DDoS attack, and other gaming networks also suffered from similar problems throughout the weekend.

Reveton packaged with password stealer impacts users in U.S.

Reveton packaged with password stealer impacts users in U.S.

Users in the U.S. have been impacted by a variant of ransomware known as Reveton, which has been upgraded to include a powerful password stealer.

JPMorgan Chase customers targeted in massive phishing campaign

JPMorgan Chase customers targeted in massive phishing campaign

Roughly 500,000 emails have been sent out so far as part of a massive multifaceted phishing campaign targeting customers of JPMorgan Chase.

Study: Organizations lack training, budget to thwart insider threats

Study: Organizations lack training, budget to thwart insider threats

Of the 355 IT and security professionals surveyed, a majority indicated that they were ill-equipped to thwart a possible insider threat.

FireEye examines popular Google Play apps, 68 percent have SSL flaws

FireEye examines popular Google Play apps, 68 percent have SSL flaws

The firm analyzed 1,000 free apps in Google Play which were most downloaded by users.

Researcher hacks network connected devices in own home

Researcher hacks network connected devices in own home

In his own home, a researcher was able to hack various network connected devices that are not computers and mobile phones.

Study: Most higher ed malware infections attributed to 'Flashback'

Study: Most higher ed malware infections attributed to 'Flashback'

Flashback caused a stir in 2012 when some 650,000 Macs were infected with the malware.

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

Community Health Systems attackers exploited Heartbleed bug for access, firm says

Community Health Systems attackers exploited Heartbleed bug for access, firm says

Sources close to the breach investigation tipped off TrustedSec CEO David Kennedy.

AP denied security docs on HealthCare.gov, a risk to private information

AP denied security docs on HealthCare.gov, a risk to private information

The Associated Press was denied a request made under the Freedom of Information Act for documents that contain security information on HealthCare.gov.

Privacy rights group files complaint over Adobe, AOL Safe Harbor compliance

Privacy rights group files complaint over Adobe, AOL Safe Harbor compliance

The Center for Digital Democracy has asked the FTC to investigate 30 U.S. firms' data collection practices, including Adobe, AOL and Datalogix.

Community Health Systems breach may impact more than four million patients

Community Health Systems breach may impact more than four million patients

More than four million patients had data compromised after attackers hacked into the computer network of Community Health Systems and installed malware, according to reports.

Chinese national indicted over Boeing, Lockheed Martin hack

Chinese national indicted over Boeing, Lockheed Martin hack

With the help of two unknown co-conspirators, Su Bin allegedly stole trade secrets related to aircraft models from the defense contractors.

Mother sues Rady Children's Hospital, claims daughter's records revealed

Mother sues Rady Children's Hospital, claims daughter's records revealed

A mother says a breach at Rady Children's Hospital revealed her daughter's sensitive medical records.

SUPERVALU, AB Acquisition announce payment card breaches at grocery chains

SUPERVALU, AB Acquisition announce payment card breaches at grocery chains

SUPERVALU and AB Acquisition LLC are working together to investigate breaches that impacted both companies over the same time frame.

Infection rate from Zeus variant grows 1,879 percent

Infection rate from Zeus variant grows 1,879 percent

Arbor Networks used data from five sinkholes to assess the threat posed by newGOZ, a Zeus variant that steals banking credentials from victims.

Volumetric DDoS activity up big-time in Q2 2014, report indicates

Volumetric DDoS activity up big-time in Q2 2014, report indicates

In the second quarter of 2014, Verisign researchers noted a spike in volumetric DDoS activity when compared to previous quarters.

NSA works to automatically detect attacks, return strikes from foreign adversaries

NSA works to automatically detect attacks, return strikes from foreign adversaries

The NSA program, called "MonsterMind," is reportedly being developed by the intelligence agency.

ACLU, NYCLU court filing backs Facebook challenge to Manhattan DA

ACLU, NYCLU court filing backs Facebook challenge to Manhattan DA

The civil liberties groups contend in a brief filed in New York Supreme Court, that warrants and a gag order issued in the case were unconstitutional.

FCC creates task force to scrutinize illegal stingray use

FCC creates task force to scrutinize illegal stingray use

The task force will examine the use of the technology by foreign intelligence agencies and criminals targeting Americans.

Malware threatens virtual machines, according to report

Malware threatens virtual machines, according to report

Malware has become a threat to virtual machines and, nowadays, should be incorporated into security strategy, according to a Symantec report.

On Patch Tuesday, Microsoft releases nine patches for 37 bugs

On Patch Tuesday, Microsoft releases nine patches for 37 bugs

The tech giant's monthly security update includes two critical patches for IE and Windows.

Researchers trace 'Epic Turla' infection vector

Researchers trace 'Epic Turla' infection vector

Ten months after German security firm G-Data SecurityLabs released its findings on , researchers at Kaspersky Lab and Symantec have detailed a massive cyber-espionage operation.

Security movement urges automakers to collaborate with researchers

Security movement urges automakers to collaborate with researchers

A group of security pros called "I am The Cavalry" introduced a five star automotive cyber safety program.

PCI council releases third-party security assurance guidance

PCI council releases third-party security assurance guidance

The guidance is meant to help merchants and third parties better understand their roles and responsibilities in the payment security ecosystem.

Two new Gameover Zeus variants in the wild

Two new Gameover Zeus variants in the wild

About two months after botnet takedown efforts, new versions of the malware have surfaced in the U.S. and abroad.

DefCon: You cannot 'cyberhijack' an airplane, but you can create mischief

DefCon: You cannot 'cyberhijack' an airplane, but you can create mischief

In a session at DefCon 22, speakers explained that it is not possible to hack a plane and take control of the aircraft, but creating some mischief is still possible.

DefCon: Panel discusses diversty in security and just being yourself

DefCon: Panel discusses diversty in security and just being yourself

Being yourself and being able to be yourself were topics discussed at a panel on diversity in information security at DefCon 22.

DefCon: Stolen data markets are as organized as legitimate online businesses

DefCon: Stolen data markets are as organized as legitimate online businesses

In order to cause disruption within the stolen data markets of the dark web, its organizational structure must be analyzed, according to one expert at DefCon 22 in Las Vegas.

DefCon: Traffic control systems vulnerable to hacking

DefCon: Traffic control systems vulnerable to hacking

Cesar Cerrudo spoke at DefCon about how traffic control systems used in the U.S. and other countries can be hacked.

Black Hat 2014: Experts demo badUSB proof-of-concept tools

Black Hat 2014: Experts demo badUSB proof-of-concept tools

A wide host of devices rely on USB to make them usable but USB contains vulnerabilities that attackers can exploit.

Microsoft previews nine bulletins, critical fixes for Windows, IE ahead

Microsoft previews nine bulletins, critical fixes for Windows, IE ahead

Two critical fixes from the tech giant will plug RCE bugs impacting Windows and IE users.

Black Hat: Hackers execute code on mobile POS devices, play their version of Flappy Bird

Black Hat: Hackers execute code on mobile POS devices, play their version of Flappy Bird

Two hackers demonstrated how device vulnerabilities could allow attackers to access sensitive card data using multiple attack vectors.

Black Hat: Researchers hack into Cisco EnergyWise

Black Hat: Researchers hack into Cisco EnergyWise

Vulnerabilities in EnergyWise could let attackers cause huge blackouts if abused.

Black Hat: Bruce Schneier talks incident response, trends

Black Hat: Bruce Schneier talks incident response, trends

Bruce Schneier spoke on the state of incident response at Black Hat 2014, emphasizing that hackers will invariably breach networks.

Black Hat:"Saving cyberspace" requires next-level defense focus

Black Hat:"Saving cyberspace" requires next-level defense focus

Speaker Jason Healey warned that the internet can only endure so much abuse before it's irreversibly damaged.

Black Hat: Expert sheds light on government sponsored malware creation

Black Hat: Expert sheds light on government sponsored malware creation

F-Secure Chief Research Officer and acclaimed security expert Mikko Hypponen discussed the evolution of government-sponsored malware at Black Hat 2014.

Black Hat: Airport security equipment at risk

Black Hat: Airport security equipment at risk

Bugs in trace detection scanners, x-ray machines and time and attendance clocks could make them vulnerable to attack, according to experts at this year's Black Hat conference.

Black Hat: Hidden controls open 2 billion mobile devices to exploitation

Black Hat: Hidden controls open 2 billion mobile devices to exploitation

A pair of researchers from Accuvant at the 2014 Black Hat conference showed how the OMA-DM protocol can be leveraged to gain access to mobile devices.

Black Hat: Researcher demonstrates how he controlled room devices in luxury hotel

Black Hat: Researcher demonstrates how he controlled room devices in luxury hotel

An insecure home automation protocol allowed the hacker to control room amenities, like lights, TVs and temperature settings.

Black Hat keynote talks cyber policies for field's future

Black Hat keynote talks cyber policies for field's future

On Wednesday, Dan Geer delivered his keynote called "Cybersecurity as Realpolitik" at Black Hat.

More than a billion unique credentials pilfered by Russian hackers

More than a billion unique credentials pilfered by Russian hackers

Hold Security identified a Russian hacker group, dubbed "CyberVor," that is in possession of more than a billion unique credentials.

NIST drafts updated guidance for agencies assessing security, privacy

NIST drafts updated guidance for agencies assessing security, privacy

The guidance gives federal agencies improved assessment procedures for securing their information systems and networks.

PayPal addressing another two-factor authentication bypass

PayPal addressing another two-factor authentication bypass

An Australian researcher has discovered and posted a method for getting past PayPal's two-factor authentication, but it requires primary credentials.

NTP DrDoS down in Q2, multi-vector attacks up, study finds

NTP DrDoS down in Q2, multi-vector attacks up, study finds

Black Lotus's second quarter threat report attributed the decline in amplified attacks to successful patching and systems upgrades.

Android malware SandroRAT disguised as mobile security app

Users were lured by phishing emails, which supposedly contained a free Kaspersky mobile security app.

Script fails, thousands of Mozilla developer emails, passwords possibly exposed

Script fails, thousands of Mozilla developer emails, passwords possibly exposed

The script for a data sanitization process on the Mozilla Developer Network failed and the email addresses and passwords of thousands of users was publicly accessible.

About 2,800 victims of worldwide info-stealing campaign targeting various sectors

About 2,800 victims of worldwide info-stealing campaign targeting various sectors

Unknown attackers have claimed about 2,800 victims in an ongoing information-stealing campaign identified by Kaspersky Lab as "Crouching Yeti."

Study: CISO leadership capacity undervalued by most C-level execs

Study: CISO leadership capacity undervalued by most C-level execs

According to a ThreatTrack Security study, 74 percent of execs believed that CISOs didn't belong on organization's senior leadership teams.

PittyTiger spearphishing campaign speaks multiple languages

PittyTiger spearphishing campaign speaks multiple languages

A threat group operating out of China continues its damage using older exploits, FireEye researchers said.

Latest Citadel trick allows RDP access after malware's removal

Latest Citadel trick allows RDP access after malware's removal

Trusteer, an IBM company, said the new Citadel configuration was detected this month.

Nearly 600 U.S. businesses compromised by 'Backoff' POS malware

Nearly 600 U.S. businesses compromised by 'Backoff' POS malware

Attackers are brute-forcing remote desktop software to infect point-of-sale devices with relatively new malware known as Backoff.

SC Magazine brings home national and regional honors

SC Magazine brings home national and regional honors

SC Magazine earned distinction from two trade associations for its editorial content, art direction, use of social media and website.

Apple hit with privacy class-action over iPhone location service

Apple hit with privacy class-action over iPhone location service

A woman claims she did not realize the company was using location services to track her and accuses the company of giving the data to third parties.

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce reforms

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

OTI report exposes economic costs of NSA spying

OTI report exposes economic costs of NSA spying

A report from New America OTI found that the NSA surveillance program has had a chilling effect on U.S. commerce and foreign policy.

Symantec Endpoint Protection vulnerabilities enable privilege escalation

Symantec Endpoint Protection vulnerabilities enable privilege escalation

Vulnerabilities existing in Symantec Endpoint Protection can be exploited to escalate privileges, perhaps resulting in a complete Windows domain takeover.

Breach index: Encryption used in 4 percent of Q2 incidents

Breach index: Encryption used in 4 percent of Q2 incidents

Out of the 237 disclosed data breaches last quarter, encryption was used in only 10 instances.

IG scolds NOAA on security deficiencies, recommends fixes

IG scolds NOAA on security deficiencies, recommends fixes

An audit of NOAA by the inspector general found security shortcomings, including the link between information systems and satellite systems.

HP tests 10 popular IoT devices, most raise privacy concerns

HP tests 10 popular IoT devices, most raise privacy concerns

In a study, HP Fortify tested 10 popular Internet of Things (IoT) devices, including TVs, webcams and device control hubs.

Vulnerability impacting multiple versions of Android could enable device takeover

Vulnerability impacting multiple versions of Android could enable device takeover

Researchers with Bluebox, who uncovered the vulnerability, dubbed it "Fake ID" because it enables the identity of trusted applications to be copied.

EFF asks court to find NSA internet spying a violation of Fourth Amendment

EFF asks court to find NSA internet spying a violation of Fourth Amendment

Complete with a colorful graphic, the EFF showed a federal court how the NSA essentially runs a digital dragnet that can pick up innocent Americans.

Companies accused of peddling bogus AV ordered to pay $5.1M

Companies accused of peddling bogus AV ordered to pay $5.1M

A federal court in New York issued default judgments against 14 companies and individuals who allegedly operated the scams.

Bug in MailPoet plugin exploited to compromise thousands of WordPress sites

Bug in MailPoet plugin exploited to compromise thousands of WordPress sites

Attackers are taking advantage of a vulnerability in the popular MailPoet plugin, which has nearly two million users, to compromise thousands of WordPress sites.

Survey: 53 percent change privileged logins quarterly

A Lieberman Software survey highlights the issue or poor password management, even among security pros.

Andromeda bot spreads Tor-using CTB-Locker ransomware

Andromeda bot spreads Tor-using CTB-Locker ransomware

Kaspersky Lab has observed Andromeda bot being used to deliver CTB-Locker, a new ransomware that hides its command-and-control server on the Tor network.

Text message spammer settles charges filed by FTC

Text message spammer settles charges filed by FTC

Rishab Verma and his company agreed to settle charges filed by the FTC that Verma sent millions of spam text messages that deceitfully promised free merchandise.

Sony to shell out $15M in PSN breach settlement

Sony to shell out $15M in PSN breach settlement

The 2011 hack exposed the personal information of roughly 77 million users registered with PlayStation Network and Qriocity.

eBay faces class-action suit over breach

eBay faces class-action suit over breach

A suit filed in a federal court in Louisiana charges the company with failing to protect personal information and seeks damages on multiple counts.

With RATs at their disposal, 419 scammers target businesses

With RATs at their disposal, 419 scammers target businesses

A new report reveals how Nigeria's 419 scammers are spreading malware to pocket business funds.

InfoSec pros worried BYOD ushers in security exploits, survey says

InfoSec pros worried BYOD ushers in security exploits, survey says

A study by the Information Security Community on LinkedIn found most organizations don't have proper polices and support for BYOD.

Six charged in global StubHub scheme, company defrauded out of $1 million

Six charged in global StubHub scheme, company defrauded out of $1 million

Manhattan DA Cyrus Vance announced on Monday that six individuals are charged for their roles in a global scheme that defrauded StubHub out of $1 million.

DDoS attacks remain up, stronger in Q2, report says

DDoS attacks remain up, stronger in Q2, report says

Prolexic's second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth.

Op Emmental spoofs bank sites, uses Android malware to maintain account access

Op Emmental spoofs bank sites, uses Android malware to maintain account access

On Tuesday, Trend Micro released a report detailing Operation Emmental, which targets victims in Austria, Switzerland, Sweden and Japan.

Vice.com hacked, possibly The Wall Street Journal website too

Vice.com hacked, possibly The Wall Street Journal website too

A reported Russian hacker group known as W0rm tweeted on Monday that it had hacked Vice.com and The Wall Street Journal website.

EFF intros wireless router software to boost industry standard

EFF intros wireless router software to boost industry standard

This weekend, the digital rights group released a "hacker alpha" version of its Open Wireless Router software.

Breaches driving organizational security strategy, survey indicates

Breaches driving organizational security strategy, survey indicates

CyberArk interviewed 373 IT security executives and other senior management in North America, Europe and the Asia-Pacific as part of its eighth annual Global Advanced Threat Landscape survey.

Snowden, Ellsberg ask hackers to help obscure whistleblower activity

Snowden, Ellsberg ask hackers to help obscure whistleblower activity

At the HOPE X conference in New York, Daniel Ellsberg and Edward Snowden discussed the importance of keeping government spying in check.

U.S. hosted most Q2 malware, top 10 ISPs still main sources

U.S. hosted most Q2 malware, top 10 ISPs still main sources

Solutionary's SERT research team analyzed threats for the second quarter for its Quarterly Threat Intelligence Report.

Diluting data profiles with obfuscation, a hot topic at HOPE X hacker conference

Diluting data profiles with obfuscation, a hot topic at HOPE X hacker conference

Daniel Howe spoke about obfuscation and presented a couple of tools that he helped create at hacker conference HOPE X.

Report: Old bugs in Microsoft XML still haunt users, program 'most exposed'

Report: Old bugs in Microsoft XML still haunt users, program 'most exposed'

A Secunia quarterly report found Microsoft XML Core Services 4 to be the "most exposed" of widely used programs.

Severe RCE vulnerability affects several Cisco products

Severe RCE vulnerability affects several Cisco products

An RCE vulnerability existing in several Cisco Wireless Residential Gateway products can be exploited to serve up fraudulent advertisements and deliver malware.

Russian espionage malware adapted for ransomware scams

Russian espionage malware adapted for ransomware scams

Sentinel Labs dubbed the repurposed malware "Gyges."

Report: 31 percent of IT security teams don't speak to company execs

Report: 31 percent of IT security teams don't speak to company execs

A Ponemon Institute survey found nearly a third of IT security teams don't formally speak with company executives, increasing the risk of attack.

Sign up to our newsletters

POLL