Following a series of high-profile Twitter account hijacks, the microblogging service finally has delivered two-factor authentication.
The 100-page report mostly addresses alleged Chinese cyber espionage operations, and suggests it's time for U.S. government agencies and corporations to consider more proactive approaches, possibly including hack-backs.
The IE exploit was most recently used in watering hole attacks directed at the U.S. Department of Labor website.
Attackers who raided Google in 2010 to learn information about Chinese human rights activists were also trying to gain insight on which Chinese intelligence agents were on the radar of U.S. authorities, according to a report.
The new legislation would amend the definition of "personal information" under the state's breach notification law.
Researchers at security firm Norman on Monday, building on earlier analysis from ESET, publicized a new attack infrastructure that is conducting national security and industrial espionage on targets across the world.
Botnet operators are using a domain-generation algorithm to conceal their command-and-control center. And once they knew security researchers were on to their tricks, they got even slicker.
Security researchers are studying an apparent new strain of Mac malware that turned up on the computer of a participant at the just-concluded Oslo Freedom Forum, an annual human rights conference.
The sentences range from 20 to 32 months, with none of the defendants likely to serve the full time. There has been no formal request to extradite the U.K. men to the United States to face charges here.
Mozilla has updated its Firefox web browser to repair 13 vulnerabilities.
Their crimes include hacking and launching DDoS attacks against high-profile organizations such as the CIA, the U.K.'s Serious Organised Crime Agency, Sony and Nintendo.
While a major attack has yet to take place on the U.S. energy sector, now is the right time for these critical infrastructure providers to ready their defenses.
Security experts hope information gleaned by this probe into two affected processors could protect others in the financial industry.
Redmond also distributed a cumulative fix for the browser to prevent drive-by download attacks.
The U.S. security and privacy researcher was contacted to lend assistance to the government surveillance project. He declined the offer, and decided to expose the email exchanges he had.
According to Microsoft, the malware is affecting users in Brazil, but could spread elsewhere.
The bill would provide consumers nationwide with similar protections already enforced by a California law.
Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.
Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.
For their role in a brazen heist, eight New York-area individuals are accused of withdrawing around $2 million in one day from hacked prepaid debit card accounts. Globally, the crime ring was responsible for stealing around $45 million.
Name.com said it believed its encryption is sufficient enough to prevent the hackers from using any of the sensitive information that was stolen.
The software giant is trying to put the brakes on a serious flaw that is being leveraged as part of possible espionage campaign against U.S. energy workers.
DHS said the operation would likely culminate in "limited disruptions" and "nuisance-level attacks" against websites of government agencies and U.S. banks. And that appears to be what happened.
The proposal from two Republican and two Democratic senators requires the director of national intelligence to create a "watch list" of nations suspected of cyber spying.
One of the masterminds behind the pernicious SpyEye banking trojan has been extradited to the United States, where he will face charges for computer and wire fraud.
Once exclusively a BlackBerry shop, the U.S. Department of Defense is close to expanding its mobile device usage to Android and Apple iOS platforms as they prove their enterprise security resiliency.
PandaLabs confirms what many of us already assumed to be fact: Malware is growing at never-before-seen levels. But it's got the statistics to back it up.
Defence Minister Peter MacKay has committed $20 million to fund projects aimed at making Canada safer from cyber attacks.
Canadians are about to get their first comprehensive look at the extent of cyber crime on domestic business.
More than 2,000 USB keys were replaced after a hard drive and key went missing.
Privacy concerns are driving Canadians away from smartphone apps and online services.
Originally, researchers believed that the Labor Department site led to malware that took advantage of a known vulnerability. But that is no longer the case, and Microsoft has confirmed a fresh, unpatched vulnerability in IE 8.
Concerns over identity theft affecting senior citizens prompted the hearing.
The software maker seemed to downplay the threat posed by issue, which McAfee is calling a security vulnerability that could be used in APT-style campaigns.
According to reports, the compromised page, for the Site Exposure Matrices (SEM), has been cleaned, but it remains offline.
WhiteHat Security's annual survey of tens of thousands of websites also studied whether certain best practices are helpful in preventing such flaws as information leakage and cross-site scripting.
Sensitive information and encrypted passwords of customers were accessed, according to Reputation.com.
An intruder gained access to the U.S. Army Corps of Engineers' National Inventory of Dams (NID) in January, according to a spokesman for the military command.
This month's company news include a new CTO at Easy Solutions, ForeScout's new CFO, and the new vice president of marketing at Tufin Technologies.
This month's news briefs cover recent headlining bits on the malware that struck South Korean companies, a new law requiring federal agencies to review IT equipment sourced from China, and more.
Employees lack the training to collect and preserve email and electronic evidence.
The rule may help leaders better understand the impact of cyber risks, says PwC's David Burg and Laurie Schive.
The trojan carries out a one-time password scam. Researchers who studied the new malware strain, affecting U.K. bank customers, said they are fascinated by the attention to detail the fraudsters applied to the ruse.
That brings the total number of nations found to be housing C&C servers for the spy software, either actively or in the past, at 36.
McAfee said it considers this a security issue because the flaw could be leveraged as part of a malicious attack to gather reconnaissance about a target.
Sven Olaf Kamphuis, a man from the Netherlands with ties to Dutch web host CyberBunker, reportedly has been pegged as the suspect.
On Friday, the popular coupon site announced that hackers breached its servers.
AT&T and CenturyLink were given legal immunity to turn over threat-related data on their networks to the government.
Although attacks on the financial sector get a majority of the headlines, disruptive threats in the retail industry have more than doubled in the last year.
The Travnet botnet uploads Microsoft Office files, PDFs and text files to remote servers run by attackers.
The Anti-Phishing Working Group found that 47 percent of all phishing attacks involve shared web hosting, like one might find on WordPress or Joomla.
Arkin will report to Bryan Lamkin, senior vice president of technology and corporate development, and he will work in partnership with CIO Gerri Martin-Flickinger.
Not only are there new security concerns, but leaders must ensure disparate groups of workers can adequately collaborate.
A panel of CISOs speaking this week in London said businesses will benefit from an environment in which employees are entrusted with their own mobile devices.
Ample criticism has been lobbed toward Twitter after Tuesday's false AP tweet that President Obama was injured in an apparent attack on the White House. But could the microblogging service have prevented this?
Matthew Flannery, who is employed at a Sydney, Australia-based IT firm, faces up to 22 years in prison if convicted of the alleged offenses.
A panel of CISOs at the InfoSecurity Europe conference in London agreed that by communicating with executives in a way that they can comprehend - specifically in terms of risk and business growth - everybody wins.
In addition to the exploit, which leverages a recently patched bug, a researcher has discovered a fresh vulnerability in the newly minted version of Java SE.
Despite the arrests of Gozi ringleaders, the banking trojan still persists and is behind thousands of new infections in the United States.
The landmark annual data breach report analyzed 621 breaches from caseloads across 19 organizations throughout the world.
The average size of distributed denial-of-service (DDoS) attacks have weighed in at 20 percent higher so far this year than they did in 2012, according to statistics released Monday by security firm Arbor Networks.
Attackers wanting to compromise apps in Google's official store leveraged an advertising network to foist their malware to unsuspecting victims.
The American Civil Liberties Union has filed a complaint with the Federal Trade Commission over several major carriers' alleged sluggish patching practices, a concern for enterprises as BYOD pervades the business world.
In a bipartisan victory for a measure that would formalize threat intelligence sharing, the U.S. House passed the bill in a 288-to-127 vote, drawing more Democrats than when a version was approved last year. CISPA now moves to the Senate.
Client-side, web-based threats are beginning to overtake malware mainstays such as Conficker, according to a Microsoft report.
A trojan that uses a "magical" authentication code to communicate with its command-and-control server has compromised thousands of organizations around the globe. So far, however, it has remained largely silent.
As expected, the web's unscrupulous element is taking advantage of the attention surrounding the Boston Marathon bombings to spread malware and trick people into donating to fake causes.
An improved notification system will help protect users from running risky applications from untrusted sources.
The Obama administration said it is perturbed by the same reasons it promised a veto last year - privacy protection.
The SEA, believed to be made up of supporters of the repressive regime of Syrian President Bashir Assad, implied in a tweet that NPR should know why it was targeted.
Symantec's annual "Internet Security Threat Report 2013" concentrated on the success attackers are attaining by sabotaging legitimate websites.
The numbers corresponded to cards used by shoppers at 79 of 100 Schnucks Markets locations in the Midwest. The attacks may have persisted as long as four months, from last December through March 29.
More than 90,000 IP addresses were used to crack admin accounts on the blogging platform.
The president recommended that $4.7 billion be allocated to the Pentagon for cyber initiatives in the fiscal year beginning Oct.1. That includes earmarks for offensive missions.
The "PlaneSploit" application was three years in the making, and is able to remotely attack flight management systems, though the program was built to only work on virtual aircraft.
The software giant said applying the update could prevent machines and applications from properly restarting and loading.
The amendments to the threat intelligence sharing bill would have tightened controls around the corporate release of personally identifiable information to three-letter agencies, including the NSA.
Fortinet researchers have tracked 100,000 new ZeroAccess trojan infections per week, making the botnet very lucrative to its owners.
Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.
The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.
Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.
The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.
Several U.S. trade groups also have objected to the provision, part of a recently passed appropriations bill, which bars certain federal agencies from buying IT tech gear produced by Chinese government-related companies.
Plaintiffs' failure to have an expert verify their damages was a "fatal" flaw in the case, according to a federal judge.
The web measurement company is accused of secretly collecting data on millions and then sharing it with clients.
Law enforcement in Russian and Ukraine have dealt a major blow to a prolific banking malware operation.
The state, no stranger to pioneering data security and privacy legislation, is at it again with a proposed measure that would force companies to be transparent about with whom they are sharing customer information.
The software giant expects to distribute eight other fixes to correct vulnerabilities in Windows, Office, Server Software and Security Software.
No matter the industry, organizations are facing a flurry of sophisticated attacks, with the main goal being to hijack intellectual property, according to new findings from security firm FireEye.
The security company is urging customers to upgrade to the latest version of the appliance, which is not susceptible to the vulnerabilities reported Wednesday by researchers at SEC Consult.
New clues turned up by researchers at the University of Toronto show that an Android malware spy campaign appears to be the work of Chinese hackers, possibly with the assistance of the nation's government or a major corporation.
Fraudsters pretending to be from collections companies are seeking to recover non-existent loans. If victims don't pay up, their administrative call centers are hit by telephone denial-of-service attacks. 9-1-1 lines weren't targeted.
Despite being an age-old problem, recent DoS and DDoS attacks are driving huge growth for mitigation solutions.
The rule, part of a general appropriations bill signed by President Obama last week, comes following growing evidence of China's organized cyber espionage operations.
There is a growing demand for IT-GRC-focused data and metrics analysts, says security recruiter Jeff Combs of L.J. Kushner & Associates.
This month's company news features new additions to the dinCloud, Tripwire, and Crocus Technology, as well as Bluebox Security's new research team that will analyze mobile security threats.
Prioritization is a key part of the patching strategy of any customer, says SC Magazine's Dan Kaplan.
This month's news briefs includes recent news on Mandiant uncovering China's cyber espionage efforts, security firm Bit9's breach, and the Obama administrations latest efforts on combating the theft of trade secrets.
Espionage and fraud in cyber is not an armed conflict, says SystemExpert's Jonathan Gossels.
In a matter of weeks, an Arizona federal judge is expected to decide whether the FBI illegally caught an accused fraudster.
