Study: 86 percent of websites contain at least one 'serious' vulnerability

Study: 86 percent of websites contain at least one 'serious' vulnerability

WhiteHat Security's "2015 Website Security Statistics Report" looks at vulnerabilities in websites and the amount of time it took to patch them.

Investigation ongoing in reported multimillion member Adult FriendFinder breach

Investigation ongoing in reported multimillion member Adult FriendFinder breach

Adult FriendFinder website owner FriendFinder Networks Inc. announced that it was aware of and investigating a potential data security issue.

Report: $19M breach settlement between MasterCard, Target terminated

Report: $19M breach settlement between MasterCard, Target terminated

A federal judge recently denied banks' motion to block the settlement, but now the deal has been nixed for different reasons.

FTC gives thumbs up to companies that cooperate during breach probes

FTC gives thumbs up to companies that cooperate during breach probes

In a Wednesday blog post the FTC explained the process it follows to investigate security breaches and said it looks favorably on companies that cooperate in law enforcement investigations.

Researchers publish developer guidance for medical device security

Researchers publish developer guidance for medical device security

The guidance is organized into 10 categories, and serves as "starting point for a more complete code," report authors said.

Senate gears up for Saturday USA Freedom Act vote; House breaks for recess

Senate gears up for Saturday USA Freedom Act vote; House breaks for recess

The USA Freedom Act's fate will soon be decided with Senate Majority Leader Mitch McConnell (R-Ky.) announcing on Thursday that the Senate will convene for a rare Saturday vote on the bill.

Researchers observe SVG files being used to distribute ransomware

Researchers observe SVG files being used to distribute ransomware

When downloaded and executed, the SVG files cause websites to open up that download what appears to be CryptoWall ransomware.

Federal prosecutors charge Chinese nationals with trade secret theft

Federal prosecutors charge Chinese nationals with trade secret theft

The Justice Department claims that two of the six defendants are former employees of U.S. tech firms.

Google releases Chrome 43, addresses 37 bugs

Google releases Chrome 43, addresses 37 bugs

Chrome 43 was promoted to the stable channel for Windows, Mac and Linux on Tuesday.

CareFirst BlueCross BlueShield breached, more than one million individuals notified

CareFirst BlueCross BlueShield breached, more than one million individuals notified

Information could have been accessed by attackers who gained limited, unauthorized access to a single CareFirst database in June 2014.

DDoS attacks increase and methods changed in Q1 2015, report says

DDoS attacks increase and methods changed in Q1 2015, report says

Akamai's Q1 State of the Internet Report shows an increase in frequent, longer lasting low bandwidth attacks.

Logjam attack exposes data passed over TLS connections

Logjam attack exposes data passed over TLS connections

Computer scientists have identified weaknesses in the way popular cryptographic algorithm Diffie-Hellman key exchange is deployed.

Study: Employees acknowledge risky security behavior, continue to engage in it

Study: Employees acknowledge risky security behavior, continue to engage in it

While most people acknowledge the security risks of opening an email from an unknown sender or downloading an app from an unauthorized app store, many continue to engage in this risky behavior.

Long list of devices believed to be affected by NetUSB vulnerability

Long list of devices believed to be affected by NetUSB vulnerability

Potentially millions of devices around the globe are vulnerable due to a remotely exploitable kernel stack buffer overflow in NetUSB.

Federal Reserve Bank of St. Louis resets passwords following DNS attack

Federal Reserve Bank of St. Louis resets passwords following DNS attack

Individuals with active user accounts for tools used by the Federal Reserve Bank of St. Louis are being asked to change their credentials.

Hack of airplane systems described in FBI docs raises security questions

Hack of airplane systems described in FBI docs raises security questions

Claims that researcher Chris Roberts actually, briefly, commandeered a plane in flight after hacking its entertainment systems may be up for debate; contentions that the aircraft may be vulnerable are not.

Scammers target oil companies with sneaky attack

Scammers target oil companies with sneaky attack

The attack involves stealing credentials from oil companies, accessing the networks of the companies, and attaining proof of product documentation.

FTC recommends conditions for sale of RadioShack consumer information

FTC recommends conditions for sale of RadioShack consumer information

The FTC has recommended a list of conditions that a bankruptcy court should impose on the sale of RadioShack's information assets.

Financial sector welcomes info-sharing with govt, panel says

Financial sector welcomes info-sharing with govt, panel says

A panel of financial industry experts at a conference sponsored by Columbia University's School of International and Public Affairs (SIPA) discussed security challenges facing the sector.

Website observed serving 83 executable files, more than 50 percent malware

Website observed serving 83 executable files, more than 50 percent malware

Of the 83 files, 79 were unique, and more than 50 percent were confirmed to be malware, adware, or potentially unwanted programs.

TeslaCrypt used to extort over $76K in recent months

TeslaCrypt used to extort over $76K in recent months

Between February and April, cybercriminals used the ransomware to extort $76,522 from 163 victims, FireEye found.

Cisco issues updates to address multiple TelePresence vulnerabilities

Cisco issues updates to address multiple TelePresence vulnerabilities

The vulnerabilities are in a variety of Cisco TelePresence products and users are being advised to update.

After House vote, USA Freedom Act moves to Senate

After House vote, USA Freedom Act moves to Senate

The USA Freedom Act was passed by the House Wednesday but critics call for strengthening of bill in the Senate.

DHS adds more bug disclosures to Hospira drug pump alert, FDA joins call

DHS adds more bug disclosures to Hospira drug pump alert, FDA joins call

ICS-CERT is now aware of more vulnerabilities impacting Hospira infusion pumps.

Five men charged with stealing millions in fraudulent tax returns

Five men charged with stealing millions in fraudulent tax returns

Four men were arrested for allegedly participating in a nationwide identity theft scheme that allowed them to obtain millions of dollars in fraudulent tax refunds.

Threat group leverages Microsoft's TechNet to communicate with malware

Threat group leverages Microsoft's TechNet to communicate with malware

FireEye Threat Intelligence and the Microsoft Threat Intelligence Center observed a command-and-control obfuscation tactic leveraging the TechNet website.

Academics request details on Google's 'right to be forgotten' adherence

Academics request details on Google's 'right to be forgotten' adherence

A year after Europe's "right to be forgotten" ruling, academics and a U.K. regulatory office are asking Google for further information on how it adheres to it.

Hackers exploit Starbucks auto-reload feature to steal from customers

Hackers exploit Starbucks auto-reload feature to steal from customers

Starbucks customers say auto-reload feature is being used to steal from their linked credit cards and bank accounts.

Washington state passes law requiring warrant for 'stingray' use

Washington state passes law requiring warrant for 'stingray' use

While Congress ramps up for its discussions and vote on the USA Freedom Act, Washington state has taken privacy into its own hands through legislation requiring a warrant to use the devices.

'VENOM' vulnerability enables virtual machine escapes

'VENOM' vulnerability enables virtual machine escapes

A vulnerability in virtual floppy drive code used by numerous computer virtualization platforms has been identified by a researcher with CrowdStrike.

Microsoft patches 30 bugs with 13 bulletins on Patch Tuesday

Microsoft patches 30 bugs with 13 bulletins on Patch Tuesday

Microsoft issued 13 bulletins today in possibly one of its last official Patch Tuesday releases.

Compromised Jamie Oliver website serves up malware for third time

Compromised Jamie Oliver website serves up malware for third time

The celebrity chef's website was again redirecting visitors to the Fiesta Exploit Kit and infecting their systems with malware.

Study: Average Fortune 100 firm suffers 69 social media compliance incidents

Study: Average Fortune 100 firm suffers 69 social media compliance incidents

Nexgate, a division of Proofpoint, analyzed compliance related to more than 32,000 social media accounts belonging to Fortune 100 companies.

Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign

Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign

Charles Harvey Eccleston allegedly targeted U.S Department of Energy and U.S. Nuclear Regulatory Commission employees with spear phishing emails designed to drop malware on their systems.

Judge denies banks' motion to block MasterCard, Target breach settlement

Judge denies banks' motion to block MasterCard, Target breach settlement

In the ruling, the judge shared his concerns about the fairness of the settlement terms, however.

Ad network compromised to redirect users to Nuclear EK, install Carberp

Ad network compromised to redirect users to Nuclear EK, install Carberp

Attackers targeted a server operated by New Jersey-based advertising network, Mad Ads Media, in order to redirect users to an exploit kit.

Study shows concern for data security when adopting new payments technologies

Study shows concern for data security when adopting new payments technologies

Half of respondents in a survey indicated they are at least somewhat confident in the security of emerging payment systems.

Adult websites targeted in malvertising campaign packaging Flash exploit with payload

Adult websites targeted in malvertising campaign packaging Flash exploit with payload

Malwarebytes wrote on its blog that this new campaign requires no user interaction to drop the malicious payload on unsuspecting adult website visitors.

Appeals court rules NSA collection of phone metadata illegal

Appeals court rules NSA collection of phone metadata illegal

A New York federal appeals court found the National Security Agency's bulk collection of phone records illegal, but a separate ruling this week set privacy rules back with the approval of law enforcement's collection of warrantless phone location data.

Former Tiversa investigator says firm faked LabMD breach findings

Former Tiversa investigator says firm faked LabMD breach findings

Testimony by a former Tiversa investigator calls into question the truthfulness of information sent to the FTC about a LabMD breach.

Millions of WordPress websites vulnerable to XSS bug

Millions of WordPress websites vulnerable to XSS bug

Sucuri disclosed an XSS vulnerability impacting millions of WordPress websites on the same day Fortinet disclosed a bug affecting a Joomla extension.

Study: Root cause of health care breaches shifts to criminal attacks

Study: Root cause of health care breaches shifts to criminal attacks

An annual health care study found that criminal attacks replaced device theft and loss as the leading cause of breaches.

Advisory on CyberLock vulnerabilities draws fire from attorney

Advisory on CyberLock vulnerabilities draws fire from attorney

After allegedly notifying CyberLock of security flaws in some of its products, IOActive issued an advisory warning of the issues.

Study: Nearly all SAP systems remain unpatched and vulnerable to attacks

Study: Nearly all SAP systems remain unpatched and vulnerable to attacks

Onapsis found that most SAP systems remain vulnerable to attacks that could compromise a company's business data and processes.

Mobile threats on the rise, Q1 2015 report shows

Mobile threats on the rise, Q1 2015 report shows

Kaspersky Lab saw 3.3 times as many new malicious mobile programs in Q1 2015 than it did in the final quarter of last year.

ICS-CERT issues advisory on Hospira infusion pump flaws

ICS-CERT issues advisory on Hospira infusion pump flaws

An independent researcher identified the improper authorization vulnerability and insufficient verification of data authenticity flaw.

New 'Rombertik' malware destroys master boot record if analysis function detected

New 'Rombertik' malware destroys master boot record if analysis function detected

The Rombertik malware goes to extreme measures to avoid detection and cause damage to victims' computers.

'Different looking' Fiesta Exploit Kit leveraged in SubTorrents website attack

'Different looking' Fiesta Exploit Kit leveraged in SubTorrents website attack

Visitors to torrent website SubTorrents[dot]com are being redirected to the Fiesta Exploit Kit and served malware, according to Malwarebytes.

Twin brothers indicted on computer hacking charges

Twin brothers indicted on computer hacking charges

The brothers allegedly hacked into the website of a cosmetics company and stole customer credit card data and personal information.

DOJ begins reviewing stingray uses and policies

DOJ begins reviewing stingray uses and policies

The Department of Justice confirmed that it is looking into its policies surrounding cell-site simulators and surveillance technology.

Koler ransomware variant targets Android users in Canada

Koler ransomware variant targets Android users in Canada

The threat actors set up malicious adult websites to distribute the malware, and so far infection rates are estimated to be in the thousands.

EllisLab server hacked, passwords possibly compromised

EllisLab server hacked, passwords possibly compromised

EllisLab doesn't yet know who's responsible for hacking into its servers March 24 and potentially compromising customer information.

U.S. Senate Commerce, Science and Transportation Committee chairman requests info on White House breach

U.S. Senate Commerce, Science and Transportation Committee chairman requests info on White House breach

Chairman John Thune penned a letter to President Obama this past Thursday to ask him to clarify whether any personal information was compromised in October's cyber attack on the White House.

FireEye first cybersecurity firm awarded DHS SAFETY Act certification

FireEye first cybersecurity firm awarded DHS SAFETY Act certification

The Department of Homeland Security (DHS) certified FireEye technology under the SAFETY Act, effectively shielding the company's customers from any liability in the event of a cyber terrorism attack.

Linux malware 'Mumblehard' has spamming feature, backdoor component

Linux malware 'Mumblehard' has spamming feature, backdoor component

Mumblehard remained undetected for more than five years, according to a researcher at ESET.

Vulnerability enables downgrading of MySQL SSL/TLS connections

Vulnerability enables downgrading of MySQL SSL/TLS connections

A researcher with Duo Security identified the vulnerability, which exists in MySQL client libraries, as well as forks such as MariaDB and Percona.

Flaw makes Trendnet, D-Link routers vulnerable to remote attack

Flaw makes Trendnet, D-Link routers vulnerable to remote attack

A security alert issued Friday warns of an unfixed bug in D-Link and Trendnet routers.

Study: Java JRE unpatched on 77 percent of PCs

Study: Java JRE unpatched on 77 percent of PCs

Secunia issued its quarterly country report earlier this week, which looked at what programs the average PC user had installed and what percentage was patched.

Malicious docs submitted to CareerBuilder job listings distribute malware

Malicious docs submitted to CareerBuilder job listings distribute malware

Proofpoint researchers observed attackers submitting weaponized Microsoft Word documents to job postings listed on the CareerBuilder website.

Student Digital Privacy and Parental Rights Act introduced in House

Student Digital Privacy and Parental Rights Act introduced in House

The bill was introduced Wednesday with some revisions that would improve transparency regarding how student information is shared, used or sold.

Representatives question FBI and point out fallacies during default encryption hearing

Representatives question FBI and point out fallacies during default encryption hearing

The U.S. Committee on Oversight & Government Reform met on Wednesday to hear arguments on default encryption and didn't let law enforcement off easy.

Several vulnerabilities identified in TheCartPress WordPress plugin

Several vulnerabilities identified in TheCartPress WordPress plugin

High-Tech Bridge identified multiple vulnerabilities in TheCartPress eCommerce shopping cart plugin for WordPress websites.

Forrester estimates that broad EMV chip adoption is half a decade away

Forrester estimates that broad EMV chip adoption is half a decade away

EMV, despite its security features over magnetic stripe cards, cannot prevent against "wholesale breaches of large numbers of credit card numbers," report authors said.

In latest filing, LabMD claims lack of due process, prejudice taint FTC case

In latest filing, LabMD claims lack of due process, prejudice taint FTC case

The Atlanta-based medical testing lab has, again, filed to have FTC's complaint dismissed.

Macro malware makes a comeback with BARTALEX attack

Macro malware makes a comeback with BARTALEX attack

Trend Micro described a new attack as an "outbreak" of spam that's impacting mainly U.S. companies.

Tech giants, Chamber of Commerce back Judicial Redress Act

Tech giants, Chamber of Commerce back Judicial Redress Act

The legislation aims to improve trust when law enforcement information is shared between the U.S. and EU.

Report: SSDP reflection attacks spike, and other Q1 2015 DDoS trends

Report: SSDP reflection attacks spike, and other Q1 2015 DDoS trends

The largest distributed denial-of-service attack ever detected by Arbor Networks systems was observed in the first quarter of this year.

U.S. Defense Secretary Carter emphasizes culture change needed to hire fresh tech talent

U.S. Defense Secretary Carter emphasizes culture change needed to hire fresh tech talent

During a speech at Stanford University this past week, U.S. Defense Secretary Ash Carter acknowledged the government's desire to hire young talent for cybersecurity work.

Angler Exploit Kit pushed in xHamster malvertising campaign

Angler Exploit Kit pushed in xHamster malvertising campaign

The malicious advertisement was spotted on Friday and taken down by the end of Saturday, according to Malwarebytes Labs.

RSA 2015 survey: 48 percent believe NSA surveillance has increased

RSA 2015 survey: 48 percent believe NSA surveillance has increased

Nearly 94 percent of respondents believed that NSA's surveillance had increased or remained the same since Snowden began leaking classified information in June 2013.

Study: Conficker declared top threat of 2014, but N. America targeted mainly by AnglerEK

Study: Conficker declared top threat of 2014, but N. America targeted mainly by AnglerEK

F-Secure Labs released a threat report for the last half of 2014 and found that North America wasn't receiving the brunt of Conficker attacks, as opposed to other parts of the world.

RSA 2015: In the healthcare industry, security must innovate with business

RSA 2015: In the healthcare industry, security must innovate with business

Legislation, mobility and personalization are forces driving healthcare in the U.S., Frank Kim said at RSA Conference 2015.

RSA 2015: Unintended use of aircraft systems next challenge for counterterrorism community

RSA 2015: Unintended use of aircraft systems next challenge for counterterrorism community

The counterterrorism, security and aviation communities must contemplate how unintended use of aircraft systems or networks could have a downstream impact.

RSA Conference 2015: Prepare for the IoT before it's too late, Sorebo warns

RSA Conference 2015: Prepare for the IoT before it's too late, Sorebo warns

Gib Sorebo used his session at RSA to discuss the Internet of Things (IoT) and its possible repercussions.

RSA 2015: Keynote addresses online safety risks to increasingly connected youths

RSA 2015: Keynote addresses online safety risks to increasingly connected youths

Technology can't replace the value of online safety education, the key to keeping kids out of predators' paths, panelists shared.

RSA 2015: Experts talk investor interest in cybersecurity, regulatory changes on horizon

RSA 2015: Experts talk investor interest in cybersecurity, regulatory changes on horizon

An SEC commissioner's chief of staff and shareholder advocacy expert discussed complex disclosure expectations among investors.

RSA 2015: Successful phishing attacks compromise users and technology

RSA 2015: Successful phishing attacks compromise users and technology

Although users often take much of the blame when a phishing attack is successful, technology must be compromised as well.

Extend surveillance, says Sen. Mitch McConnell

Senate Majority Leader Mitch McConnell introduced a bill that would grant intelligence agencies authority under the USA PATRIOT Act to continue mass surveillance until 2020

RSA 2015: It's end of days for email forgers claim DMARC champions

RSA 2015: It's end of days for email forgers claim DMARC champions

The death of email, widely anticipated 10 years ago, has not come to pass, thanks to email authentication schemes such as SPF, DKIM and most recently DMARC.

RSA 2015: Cyber-security professionals identify cyber-criminals as biggest threat

RSA 2015: Cyber-security professionals identify cyber-criminals as biggest threat

The majority of threat actors attacking organisations are cyber-criminals, according to a landmark survey for ISACA and RSA Conference.

RSA 2015: Protecting critical infrastructure

RSA 2015: Protecting critical infrastructure

As Robert Hinden, Check Point fellow, described in his Wednesday RSA session, "Protecting Critical Infrastructure," hacking physical infrastructure is something that can affect us all, and like IT systems, there are many vulnerabilities, but the consequences are much greater, and the attacks have begun.

'Aaron's Law' returns to Congress

'Aaron's Law' returns to Congress

Proposed legislation would rein in the CFAA to avoid overzealous prosecution.

RSA 2015: Panelists debate a way forward for matters of cyber conflict

RSA 2015: Panelists debate a way forward for matters of cyber conflict

Panelists discussed cyber espionage and intellectual property theft affecting U.S. companies and steps the private and public sector must take to curb the threat.

RSA 2015: Point-of-sale system security is lacking

RSA 2015: Point-of-sale system security is lacking

The vulnerabilities exploited in most point-of-sale breaches are relatively simple, security experts discussed at RSA Conference 2015.

RSA 2015: Knowing which way the wind's blowing

RSA 2015: Knowing which way the wind's blowing

Sharing of industry and government data, collated centrally to create a cyber-threat weather map is now underway in the U.S., with threat indicators being issued.

CozyDuke APT group believed to have targeted White House and State Department

CozyDuke APT group believed to have targeted White House and State Department

Nearly six months after the State Department announced an attack on its unclassified email system, the likely attackers have been identified and their tactics detailed.

RSA 2015: IoT could compromise critical infrastructure

RSA 2015: IoT could compromise critical infrastructure

Role playing during an RSA 2015 session highlighted security issues associated with the Internet of Things.

RSA 2015: 'No iOS Zone' attack allows denial-of-service against Apple devices

RSA 2015: 'No iOS Zone' attack allows denial-of-service against Apple devices

According to the co-founders of Skycure, which presented on the attack at RSA Conference, Apple has not completely resolved the security issue.

RSA 2015: Contactless payment systems have weaknesses

RSA 2015: Contactless payment systems have weaknesses

Contactless payment systems such as EMV cards and Apple Pay are convenient, but are not without weaknesses.

House panel gives go-ahead to cyber bill

Following years of wrangling in Congress and a slew of headline-grabbing breaches, the House gave the go-ahead to a cybersecurity bill.

RSA 2015: Security in the cloud undermined by poor credential management, says Charney

RSA 2015: Security in the cloud undermined by poor credential management, says Charney

Despite the rush to the cloud, certificate authentication is still the Achilles' heel of the industry, according to Scott Charney, corporate vice president, Trustworthy Computing at Microsoft.

RSA 2015: FCC Chairman Wheeler outlines agency goals

RSA 2015: FCC Chairman Wheeler outlines agency goals

The FCC joins the FTC as a force to be reckoned with on cybersecurity and privacy issues, agency chief Wheeler indicated in an RSA Conference speech.

RSA 2015: Thousands of Android apps found to be vulnerable

RSA 2015: Thousands of Android apps found to be vulnerable

Vulnerability testing by CERT found tens of thousands of Android apps are vulnerable and no full register exists as they don't all get CVE assigned.

RSA 2015: Experts discuss six dangerous attack techniques

RSA 2015: Experts discuss six dangerous attack techniques

Data breaches, ransomware, and threats against industrial control system were were discussed during an RSA Conference 2015 session on dangerous attack techniques.

Though gov't agencies deride default device encryption, no changes expected in tech, experts say

Though gov't agencies deride default device encryption, no changes expected in tech, experts say

FBI and NSA staffers have repeatedly voiced concern over default encryption, but it doesn't seem to have hindered any tech companies' decisions to proceed with their plans.

RSA 2015: Tension continues to grow between govt, cryptographers

RSA 2015: Tension continues to grow between govt, cryptographers

Government demands for back doors cryptography are ratcheting up discord with cryptographers, according to RSA panelists.

RSA 2015: Intel SVP looks to Moneyball story to inspire offensive strategies

RSA 2015: Intel SVP looks to Moneyball story to inspire offensive strategies

At RSA Conference in San Francisco, Intel Security Group SVP and General Manager Christopher Young challenged the industry to write its own Moneyball story.

RSA 2015: Change is a mindset, not a technology problem

RSA 2015: Change is a mindset, not a technology problem

The threat landscape has changed and we have to constantly challenge the existing thinking to get ahead of our adversaries RSA President Amit Yoran told delegates on Tuesday.

RSA 2015: DHS Secretary Jeh Johnson says agency will open Silicon Valley office

RSA 2015: DHS Secretary Jeh Johnson says agency will open Silicon Valley office

Department of Homeland Security is finalizing plans to open a Silicon Valley office, DHS Secretary Jeh Johnson told an audience at the RSA Conference.

Study: Open Source Software use increasing in enterprises but without vulnerability monitoring

Study: Open Source Software use increasing in enterprises but without vulnerability monitoring

As companies increasingly integrate Open Source Software (OSS) into their business IT environments, they appear to be faltering in monitoring the software for vulnerabilities and creating official policies and procedures.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US