An updated report indicates that since this time last year, breaches have increased by 29.4 percent, with 568 breaches occurring this year.
CloudFlare announced on Monday that it would be supporting SSL connections to every customer, including about two million using its free service.
The update comes soon after the company released iOS 8.0.1, which caused issues for iPhone 6 and iPhone 6 Plus users.
Less than a week after the vulnerability's discovery and only a day after it was revealed, cybercriminals began exploiting the bug to create botnets and determine future attacks.
The Wall Street Journal reported that a Secret Service investigation uncovered malware customized to attack Home Depot.
Researchers with Proofpoint have analyzed a version of the Dyre banking trojan that has been updated with new features.
A researcher at Akamai uncovered a vulnerability in Bash, called ShellShock, that can execute arbitrary commands in affected systems.
A new report stresses that ad networks and the web sites that use them need to coordinate to mitigate the malvertising risk.
Akamai's PLXsert researchers analyzed the new DDoS toolkit.
The retailer's massive breach has spawned multiple lawsuits and reports of fraudulent transactions.
Mozilla announced on Tuesday that it would be phasing out certificates with SHA-1 based signature algorithms.
A new report from NSFOCUS found that DDoS attacks' traffic volume is increasing, along with a shift in targets.
Since the year's start, the number of exploits used by the kit has doubled, Trend Micro found.
Seculert researchers discovered a variant of the Tinba banker trojan that can infect more systems and better skirt detection.
Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).
A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.
A Ponemon Institute study, sponsored by Raytheon, revealed that employees increasingly use mobile devices for work but cut corners and circumvent security.
In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.
The PCI Security Standards Council's new general manager Stephen Orfei spoke at the Florida community meeting.
A new report from the U.S. Senate Armed Services Committee found that multiple successful attempts were made to access and steal information from contractors' systems, and often times, the government didn't know it happened.
As BYOD and mobile computing become more critical to business, app downloads will raise security risks.
Malware capable of avoiding detection targets a narrow audience but may see an improved success rate.
The Android app targets Chinese users, but its malicious techniques could become more widespread in the mobile arena, a security firm warns.
Researchers at SophosLabs found an uptick in VBA samples in July.
In an interesting twist, financial malware Citadel was used to infect firms outside of the finance sector via APT attacks, Trusteer found.
Yelp will pay $450,000, and TinyCo will pay $300,000 to settle charges that their mobile apps collected information from children under the age of 13.
Researchers at AVAST have unlocked a Tinba variant and discovered it has been customized to target U.S. financial institutions.
Google reportedly addressed the issue, but many users likely await the fix from providers or OEMs.
Several thousand phishing emails have been sent to employees at small to medium-sized financial and healthcare organizations in the U.S.
FireEye investigated the "production line" approach taken up by various APT groups infiltrating organizations.
Of the more than 1,200 mobile apps that were assessed in a recent study, 75 percent requested one or more permissions.
Mark Marmilev pleaded guilty on Thursday for his part in a money laundering conspiracy.
On Wednesday, PCI SSC updated its card skimming prevention guidance for the first time in five years.
Matthew Tollis is thought to have participated in multiple swatting Skype calls that targeted Harvard University and Boston University, among others.
Gmail credentials for nearly 5 million accounts leaked Wednesday, but many of the username-password combinations appeared to be incorrect or old.
Microsoft introduced a security feature in versions of Internet Explorer that blocks out-of-date ActiveX controls.
Microsoft continues to fight an order requesting it to turn over customer emails stored in a data center in Ireland.
F-Secure noted in its mid-year report that the Conficker worm continues to impact users and that Gameover Zeus still poses a threat.
One bulletin is deemed critical and addresses 37 vulnerabilities in Internet Explorer that enable remote code execution.
Sensys Networks addressed two vulnerabilities in its vehicle traffic sensors that were discovered by Cesar Cerrudo, CTO of IOActive Labs.
In a filing in U.S. District Court, Target said merchants and banks "have no direct dealings" in payment transactions.
Salesforce posted a notification that its users are possibly being targeted by Dyre malware and offered some recommendations to avoid the threat.
The same malware that reportedly struck Target also hit Home Depot's POS systems, a new report from Brian Krebs reveals.
Out of 16,000 business users who took the McAfee Phishing Quiz, 80 percent fell for at least one of seven phishing emails.
The sole critical patch this month will address remote code execution issues in Internet Explorer.
The backdoor, called "XSLCmd," was detected in earlier attacks on Windows systems, FireEye found.
A significant string of distributed denial-of-service (DDoS) campaigns during the second quarter of 2014 were driven by Linux web servers.
Trend Micro found that compromised hosts, DDoS attack services and remote access trojans were the most coveted offerings in the marketplace last year.
Goodwill confirmed that payment card data was accessed following a malware attack on a third-party vendor used in about 10 percent of its stores.
Google said Chrome 39, to be released within 12 weeks, will treat some sites as untrusted, accelerating the transition and user woes.
Android devices in Korea have primarily been impacted by the malware.
Mozilla enabled public key pinning support in Firefox 32 primarily as a way to defend against man-in-the-middle attacks.
Home Depot said on Tuesday that it is working with its banking partners and law enforcement to investigate a possible data breach.
Reports surfaced that iCloud vulnerabilities may have allowed hackers to obtain personal photos, including nude images, of over 100 celebrities.
New hires at Accuvant, ZeroFOX and ThreatStream, while a divestiture at Juniper and an acquisition for BlackBerry.
Have effective changes been instituted to protect organizations from other Snowdens or negligent employees?
This month's news briefs cover a preliminary settlement Sony will bear for the exposure of 77 million customers, and more.
Embedded security analysts are needed in a mobile environment.
A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.
A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.
FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.
Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.
Several high-profile websites were impacted by a malvertising campaign, which Fox-IT helped dismantle.
An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system is released.
Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.
On Wednesday, HP TippingPoint released its State of Network Security survey which polled hundreds of professionals.
Playing off the Ukraine conflict, a Kelihos campaign promises victims software to help the Russian cause but delivers malware instead.
Looking at the top 50 of parent domains that produced websites existing for less than 24 hours, researchers with Blue Coat Security Labs observed that 22 percent were malicious.
The number of disclosed vulnerabilities is on track to fall below 8,000 this year, a first since 2011.
The Secret Service said that over 1,000 U.S. businesses have been infected with the malware.
Gamers were unable to use the PlayStation Network for most of Sunday due to a DDoS attack, and other gaming networks also suffered from similar problems throughout the weekend.
Users in the U.S. have been impacted by a variant of ransomware known as Reveton, which has been upgraded to include a powerful password stealer.
Roughly 500,000 emails have been sent out so far as part of a massive multifaceted phishing campaign targeting customers of JPMorgan Chase.
Of the 355 IT and security professionals surveyed, a majority indicated that they were ill-equipped to thwart a possible insider threat.
The firm analyzed 1,000 free apps in Google Play which were most downloaded by users.
In his own home, a researcher was able to hack various network connected devices that are not computers and mobile phones.
Flashback caused a stir in 2012 when some 650,000 Macs were infected with the malware.
Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.
Sources close to the breach investigation tipped off TrustedSec CEO David Kennedy.
The Associated Press was denied a request made under the Freedom of Information Act for documents that contain security information on HealthCare.gov.
The Center for Digital Democracy has asked the FTC to investigate 30 U.S. firms' data collection practices, including Adobe, AOL and Datalogix.
More than four million patients had data compromised after attackers hacked into the computer network of Community Health Systems and installed malware, according to reports.
With the help of two unknown co-conspirators, Su Bin allegedly stole trade secrets related to aircraft models from the defense contractors.
A mother says a breach at Rady Children's Hospital revealed her daughter's sensitive medical records.
SUPERVALU and AB Acquisition LLC are working together to investigate breaches that impacted both companies over the same time frame.
Arbor Networks used data from five sinkholes to assess the threat posed by newGOZ, a Zeus variant that steals banking credentials from victims.
In the second quarter of 2014, Verisign researchers noted a spike in volumetric DDoS activity when compared to previous quarters.
The NSA program, called "MonsterMind," is reportedly being developed by the intelligence agency.
The civil liberties groups contend in a brief filed in New York Supreme Court, that warrants and a gag order issued in the case were unconstitutional.
The task force will examine the use of the technology by foreign intelligence agencies and criminals targeting Americans.
Malware has become a threat to virtual machines and, nowadays, should be incorporated into security strategy, according to a Symantec report.
The tech giant's monthly security update includes two critical patches for IE and Windows.
Ten months after German security firm G-Data SecurityLabs released its findings on , researchers at Kaspersky Lab and Symantec have detailed a massive cyber-espionage operation.
A group of security pros called "I am The Cavalry" introduced a five star automotive cyber safety program.
The guidance is meant to help merchants and third parties better understand their roles and responsibilities in the payment security ecosystem.
About two months after botnet takedown efforts, new versions of the malware have surfaced in the U.S. and abroad.
In a session at DefCon 22, speakers explained that it is not possible to hack a plane and take control of the aircraft, but creating some mischief is still possible.
Being yourself and being able to be yourself were topics discussed at a panel on diversity in information security at DefCon 22.
In order to cause disruption within the stolen data markets of the dark web, its organizational structure must be analyzed, according to one expert at DefCon 22 in Las Vegas.
Cesar Cerrudo spoke at DefCon about how traffic control systems used in the U.S. and other countries can be hacked.