The pro-Assad hacktivist group performed the hack through a DNS redirect that pointed Gigya's content delivery network to a server run by the hackers.
A survey from Digital Guardian and Enterprise Strategy Group collected IT security professionals' thoughts on endpoint security solutions and the challenges they face when implementing them.
Electronic kiosks and ticketing systems are among the targets of a new type of point-of-sale threat known as "d4re|dev1|".
A backdoor referred to as CryptoPHP is being packaged with pirated Joomla, WordPress and Drupal themes and plugins and used for illegal search engine optimization.
A trio of third quarter reports from security firms reveal changes and complexities in the threat landscape.
A California man was sentenced to 18 months in prison for remotely accessing POS machines that he sold to Subway restaurant franchises, and loading up at least $40,000 onto gift cards.
The group, APT3, is also believed to be behind Operation Clandestine Fox, which used social engineering to lure victims into installing malware.
Symantec is referring to the malware as 'groundbreaking,' particularly due to the advanced techniques it uses to conceal itself.
A newly identified ransomware takes extra precaution to hide from researchers and possibly show good faith on the attackers' part.
GFI Software and Opinion Matters found that employees used company devices for activities not related to work and had no qualms about stealing company intellectual property after they leave.
Security firm Zimperium detected attacks in the wild over the past six to eight months.
Julian Assange remains holed up in Ecuador's U.K. embassy after a court refused to rescind a warrant for Assange's arrest, which could ultimately result in his extradition to the U.S.
A critical cross-site scripting vulnerability was addressed, which could enable an anonymous user to compromise a site.
Credentials, entered through password management software and a Nexus authentication tool, are the target of this new variant.
Members of the USPS testified before a House subcommittee Wednesday, drawing criticism over the delay in its breach notification to impacted employees.
Three buffer overflow vulnerabilities identified in Hikvision digital video recorder devices can, if exploited, enable a remote attacker to gain full control of the device.
Mobile security firm Lookout detailed how the malware has grown in complexity to hide its botnet activity.
Researchers with Core Security have identified vulnerabilities in three products manufactured by Advantech, some of which can be exploited remotely.
The USA Freedom Act, aimed at NSA surveillance reform, failed to pick up enough votes to avoid a Republican filibuster.
The Internet Security Research Group (ISRG) plans to launch its Let's Encrypt software in 2015 that will let anyone receive a free trusted certificate.
The company has agreed to pay $200,000 as part of the settlement, and will be required to beef up its COPPA-related reporting activities.
Real-time security information and event management solutions help organizations detect targeted attacks and advanced persistent threats within minutes, according to a McAfee survey.
A number of Websense threat predictions point back to the vulnerable healthcare industry as a major target for cybercriminals.
The AP reported on Sunday that the State Department had its unclassified system compromised. The news follows the breach of three other government entities' systems.
The dangers of running expired security software is a key takeaway from the Microsoft Security Intelligence Report 17.
Cameron Harrison, 28, posessed more than 260 compromised credit and debit card numbers at the time of his arrest and is one of 55 people facing charges pertaining to their association with "Carder.su."
The U.S. Department of Justice is attaching small devices to airplanes that gather massive amounts of mobile phone data, including the data of innocent Americans, a Wall Street Journal report indicates.
The Alliance of Automobile Manufacturers and the Association of Global Automakers created "baseline privacy commitments" for the industry.
Two debt sellers allegedly posted the people's personal information on unencrypted, publicly accessible spreadsheets that were post online.
An Incapsula survey revealed that the average DDoS attack costs a business roughly $40,000 per hour.
Neglecting to implement the Patch Tuesday fix for both bugs could prove dangerous, researchers say.
A new Pew Research study on Americans' privacy perceptions after the Edward Snowden leaks shows that most people assume their personal data isn't kept private online.
BrowserStack experienced an attack on Sunday that resulted in partial user information being accessed and bogus emails being sent to about 5,000 users.
A Cyphort Labs report provides an in-depth analysis of Backoff, BlackPOS and FrameworkPOS, malware used in some of the biggest breaches.
Among the updates is a critical fix for a Windows OLE flaw, marking a second patch for the bug.
The anonymity software's moderators aren't entirely sure how up to 50 illicit websites were discovered and shut down this past week.
Using WireLurker malware, the attack plays off a vulnerability in third-party app stores to overwrite legitimate apps with malicious ones.
One-time passwords (OTPs) sent via SMS are increasingly the target of Android malware, the report by Javelin revealed.
The United States Postal Service (USPS) announced on Monday that an investigation is underway regarding a cyber security intrusion into some of its systems.
Seventeen suspected members of online marketplaces, including Silk Road 2.0's alleged operator, have been arrested.
Home Depot announced on Thursday that approximately 53 million email addresses were stolen in the data breach that the company confirmed in early September.
This month's bulletins include five "critical" and nine "important" fixes that address remote code execution, elevation of privilege, and denial of service bugs, among others.
After months of looking for him, Baden was nabbed in Tijuana when tips began coming in about his whereabouts.
WireLurker was first observed infecting OS X systems when a user downloaded a trojanized app from a third-party store in China, and then infecting iOS devices that connected to the infected OS X system via USB.
Trend Micro detailed the variant and attackers' delivery techniques.
Vectra's Post Breach Report analyzed data gathered from more than 100,000 hosts over five months.
Security firm Bitglass analyzed three years worth of HHS breach records for its report.
American Express Token Service is based on a technical framework developed by EMVCo.
Trend Micro researchers observed a phishing attack involving the use of a proxy program that acts as a relay to a legitimate website.
The Sandworm Team, a supposed Russian APT group, is known for spreading BlackEnergy malware by way of spear phishing.
On Oct. 27, researchers with Symantec observed that Spin.com was redirecting visitors to the Rig Exploit Kit to serve them malware.
A new study found that consumers are becoming more aware of security procedures at retailers after breaches have dominated this year's news cycle.
Researchers at Fortinet detailed the new variant on Monday, and urged businesses to keep their AV up to date.
Researchers at Sophos provided additional details on the malware used in the attacks.
Mac users were getting infected by iWorm when going to The Pirate Bay and downloading infected pirated applications, such as Photoshop.
The latest news in the security field, including personnel moves and mergers and acquisitions.
The latest security news, including JPMorgan Chase, Bash bug, new POS malware Mozart and more.
Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.
Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.
Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.
McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.
The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.
The research presents techniques for distinguishing legit data leaks from false claims.
Cyber intelligence company IntelCrawler has identified software being offered on underground forums that automates credit card data being sent to payment gateways.
A whitepaper from the Smart Card Alliance Payments Council recommends combining the three technologies to prevent card fraud.
In a detailed report, an array of malicious tools and tactics used by a cyberespionage group, called Axiom, are divulged.
The group, referred to as APT28, is believed to have been operating since at least 2007 and is possibly sponsored by the Russian government.
A Kaspersky Lab survey found that more than a third of businesses have been hit by at least one cybersecurity incident in the last 12 months.
An Estonian man, Sergei Tsurikov, was sentenced Friday after helping to steal over $9.4 million from payment processor RBS WorldPay in 2008.
As the holiday shopping season approaches, Damballa's 2014 Q3 State of Infections Report found that malware attacks spiked.
On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.
The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.
The NIST architecture is designed to accelerate the adoption of cloud computing.
The attack used a false certificate to trick iCloud users into handing over personal data and login credentials. With an attack of this size, some experts and researchers believe the Chinese government could be to blame.
Military, governments and media from around the world are targets in a campaign identified by Trend Micro.
The malvertising campaign is serving CryptoWall 2.0, researchers at Proofpoint revealed.
The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.
Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.
The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.
Reuters reported on Wednesday that DHS is investigating roughly 24 cases of suspected vulnerabilities in medical devices and hospital equipment.
Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.
The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.
Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.
David Barnhouse was sentenced to 18 months in prison after he hacked into a neighbor's Verizon FiOS router to post a bomb threat on a Pennsylvania mall's website.
The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.
The modular malware was named "Ventir," by researchers at Kaspersky.
Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.
Lamar Taylor was sentenced in New Jersey this past week for allegedly participating in a cybercrime scheme that accounted for more than $15 million.
President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.
The coalition began as an effort to stop the spread of the Hikit trojan, previously known for targeting U.S. defense contractors.
The malware has various features, including the ability to start persistently, take screenshots and bypass user access controls.
Security pros urge operators and users to nix support for the popular, but antiquated, SSL v3.0.
Attackers are abusing SSDP to carry out reflection and amplification DDoS attacks, according to a PLXsert threat advisory released by Akamai.
Researchers at Google have discovered a flaw in SSL 3.0 that allows attackers to exploit the popular cryptography protocol and intercept communications.
NSS Labs highlighted the growth of security-as-a-service (SaaS) vendors, and issues facing the market.
Several of the vulnerabilities addressed by Oracle in its Critical Patch Update can be remotely exploitable without authentication.
For the month of October, the tech giant released eight patches, including three critical fixes.
A group of cybercriminals believed to be Russian are exploiting a zero-day vulnerability to deliver malware and gather information from various organizations around the world.
Sears revealed in a filing to the SEC that Kmart systems were infected with malware "undetectable" by current AV solutions.
FireEye researchers say that two zero-day flaws were used in separate, unrelated attacks.
Sign up to our newsletters
SC Magazine Articles
- APT operation 'Double Tap' exploits serious Windows OLE bug
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards
- The Internet of Things (IoT) will fail if security has no context
- Regin: nation-state possibly behind the stealthy modular spying malware
- Operators disable firewall features to increase network performance, survey finds
- DDoS attacks cost organizations $40,000 per hour, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Syrian Electronic Army redirects Gigya, briefly compromises media sites on Thanksgiving Day
- Study: 'High priority' issues hamper endpoint security solution implementation
- Researchers identify POS malware targeting ticket machines, electronic kiosks
- Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor
- DDoS attacks grew in size, threats became more complex, Q3 reports say