Neverquest botnet furthers crimeware-as-a-service biz for fraudsters

Neverquest botnet furthers crimeware-as-a-service biz for fraudsters

Neverquest, also known as Vawtrak, is data stealing malware that targets banking information.

Solo attacker likely responsible for phishing campaign, delivering Zeus variant

Solo attacker likely responsible for phishing campaign, delivering Zeus variant

Phishing emails, a phishing kit and phony browser alerts are being used by the attacker to steal credentials and deliver a variant of the Zeus trojan.

Telecommunications companies on the line with FTC, FCC for cramming schemes

Telecommunications companies on the line with FTC, FCC for cramming schemes

Two major telecommunications companies are under fire from the FTC and FCC for their "cramming" practices.

White House calls Sony hack a "serious national security matter," gov't mulls proper response

White House calls Sony hack a "serious national security matter," gov't mulls proper response

Sony Pictures recently canceled the "The Interview" movie release, following hacker threats.

'Spark' shares traits with Alina, JackPOS, uses AutoIt differently

'Spark' shares traits with Alina, JackPOS, uses AutoIt differently

Researchers at Trustwave SpiderLabs have released details on a new Alina variant dubbed Spark.

California nonprofit sues San Diego Police Department over stingray documents

California nonprofit sues San Diego Police Department over stingray documents

The First Amendment Coalition is suing the San Diego Police Department and the city of San Diego in an effort to get public records released on the force's stingray use.

Critical 'Misfortune Cookie' bug puts millions of internet-connected routers at risk

Critical 'Misfortune Cookie' bug puts millions of internet-connected routers at risk

The vulnerability can enable attackers to steal credentials and personal and business data, as well as infect machines with malware.

Former employees sue Sony, theaters drop 'The Interview'

Former employees sue Sony, theaters drop 'The Interview'

Four former Sony workers have filed two class-action suits claiming the company failed to plug security holes and protect their personal data.

Phishing email contains Word doc, enabling macros leads to malware infection

Phishing email contains Word doc, enabling macros leads to malware infection

An employee with PhishMe was targeted by a crafty phishing email, allowing researchers to analyze an innovative attack that results in a malware infection.

Landmark HIPAA settlement confirms push to firm up patching schedules

Landmark HIPAA settlement confirms push to firm up patching schedules

Anchorage Community Mental Health Services (ACMHS) must pay $150,000 and integrate an action plan to meet HIPAA compliance.

Mobile RAT Xsser continues to threaten Android, iOS device security

Mobile RAT Xsser continues to threaten Android, iOS device security

Back in October, the Chinese iOS trojan was discovered by Lacoon Mobile Security.

Researchers warn of new OphionLocker ransomware

Researchers warn of new OphionLocker ransomware

OphionLocker doesn't diverge much from previous ransomware schemes, although it does generate a unique hardware ID based on the first hard drive's serial number, the motherboard's serial number and other information.

Microsoft appeal over customer email warrant draws support

Microsoft appeal over customer email warrant draws support

Microsoft's early December appeal of the government's efforts to get customer email stored on a server in Ireland has garnered support of rivals and privacy groups.

Impact of Linux bug 'grinch' spans servers, workstations, Android devices and more

Impact of Linux bug 'grinch' spans servers, workstations, Android devices and more

Alert Logic discovered the bug, which is susceptible to exploitation due to the default installation process used by Linux.

Black market tactics mirror those of legit business

Black market tactics mirror those of legit business

A report from DellSecureWorks Counter Threat Unit revealed hacker training tutorials, replacement guarantees and a drop in RAT prices.

As leaks continue, Sony's legal team tells media to destroy 'stolen info'

As leaks continue, Sony's legal team tells media to destroy 'stolen info'

Sony Pictures's attorney David Boies is demanding that news outlets destroy "stolen information" involved in the leaks.

More than 100K WordPress sites compromised by malware due to plugin vulnerability

More than 100K WordPress sites compromised by malware due to plugin vulnerability

WordPress websites are being infected with malware through a previously disclosed vulnerability in the Slider Revolution plugin.

U.S. accounts for most Mac OS X attacks and websites seeded with malware

U.S. accounts for most Mac OS X attacks and websites seeded with malware

Kaspersky Lab summed up its year's findings and saw that U.S. users were the main targets of Mac OS X malware.

House, in rush vote, passes Intelligence Authorization Act

House, in rush vote, passes Intelligence Authorization Act

The Senate passed the Act on Wednesday after adding a controversial amendment and the House rushed to pass it with little room for debate.

Site operator pleads guilty to facilitating prostitution, a first in federal convictions

Site operator pleads guilty to facilitating prostitution, a first in federal convictions

Eric Omuro, who also goes by "Red," ran the site myRedBook.com.

Study: Malicious social media attacks on the upswing

Study: Malicious social media attacks on the upswing

Social media represents the next frontier of threats; 2015 will be the year for social media managers and IT security professionals to unite, one study says.

Audit shows University of Maryland security flaws remain

Audit shows University of Maryland security flaws remain

Citing progress, a state audit report details the vulnerabilities that the University of Maryland College Park (UMCP) needs to fix.

Research examines cost of stolen data, underground services

Research examines cost of stolen data, underground services

Symantec tracked the price of stolen goods and malicious services, as well as black market price fluctuations over the years.

Suit: Comcast public WiFi hotspot network uses home modems, drives up customer costs

Suit: Comcast public WiFi hotspot network uses home modems, drives up customer costs

In a class-action suit filed in federal court, a father-daughter duo accuses Comcast of using their routers to create public Wi-Fi hotspots, increasing their electricity costs and leaving them vulnerable to security issues.

Stealthy 'Inception' attack framework detailed; possible return of 'Red October' group

Stealthy 'Inception' attack framework detailed; possible return of 'Red October' group

Blue Coat Systems broke down its findings on the mysterious perpetrators behind 'Inception,' but in reality, nothing can really be concluded about their location or overarching goals.

Hack decodes Android phone, Samsung smartwatch data exchange

Hack decodes Android phone, Samsung smartwatch data exchange

Encrypted communications between a Samsung smartwatch and Android device were easily cracked by Bitdefender researchers.

Study reveals industry pros troubled most by ransomware threat, damage

Study reveals industry pros troubled most by ransomware threat, damage

A survey of IT security pros commissioned by Malwarebytes revealed that ransomware topped the list of security threats.

SEO poisoning campaign ensares several thousand websites, security expert finds

SEO poisoning campaign ensares several thousand websites, security expert finds

A security expert estimates that around 10,000 legitimate websites were impacted by the campaign.

Microsoft issues seven bulletins, three critical, and fixes 24 bugs in Patch Tuesday release

Microsoft issues seven bulletins, three critical, and fixes 24 bugs in Patch Tuesday release

Three bulletins were determined to be 'critical' and four were rated 'important.'

Adobe release addresses Flash Player bug being actively targeted, includes other critical fixes

Adobe release addresses Flash Player bug being actively targeted, includes other critical fixes

A vulnerability in Adobe's Flash Player was not included in its pre-notification security advisory Friday, and is currently being targeted by attackers.

TD Bank agrees to $625K breach settlement in Mass.

TD Bank agrees to $625K breach settlement in Mass.

The 2012 breach, which occurred when two unencrypted backup tapes went missing, affected 260,000 people nationwide.

Court hears oral arguments for appeal in Smith v. Obama

Court hears oral arguments for appeal in Smith v. Obama

Peter Smith, the husband and lawyer of plaintiff Anna Smith, argued that her Fourth Amendment rights were violated in dragnet surveillance by the NSA.

North Korea: Sony Pictures hack may be work of gov't supporters

North Korea: Sony Pictures hack may be work of gov't supporters

Meanwhile, an internal email between execs at Sony Pictures and Mandiant, the forensics unit tapped to investigate the breach, leaked to the press.

The proliferation of mandates

The proliferation of mandates

The reality of ubiquitous reliance on ICT has given rise to the criticality of cyber security, says Cisco CSO Edna Conway.

Experts take inventory of Sony Pictures data leak, potential costs

Experts take inventory of Sony Pictures data leak, potential costs

Information exposed in the breach reportedly ranges from thousands of Social Security numbers to sensitive HR and proprietary data.

Study: 58 percent of businesses do not have complete patch management strategy

Study: 58 percent of businesses do not have complete patch management strategy

Most businesses store and process financial data, yet 63 percent do not have a mature way to control and track sensitive data, Trustwave found.

Seven bulletins in Patch Tuesday preview, three deemed critical

Seven bulletins in Patch Tuesday preview, three deemed critical

Three of the bulletins in the Microsoft Patch Tuesday preview are deemed critical, and four are considered important.

SpoofedMe attacks compromise legitimate Nasdaq.com, Spiceworks accounts, among others

SpoofedMe attacks compromise legitimate Nasdaq.com, Spiceworks accounts, among others

IBM researchers discovered a vulnerability in social login identity providers and their relying websites that left legitimate accounts open to attackers' control.

Analysis of wiper malware, implicated in Sony breach, exposes Shamoon-style attacks

Analysis of wiper malware, implicated in Sony breach, exposes Shamoon-style attacks

New research on the data-wiping malware reveals more connections to the Sony Pictures attack.

Credit cards a top target of phone scams, report says

Credit cards a top target of phone scams, report says

Scams involving reduced interest rates on credit card accounts topped the list of phone scam by volume in the first nine months of 2014.

Sony Pictures breach exposes Deloitte salary info, report reveals

Sony Pictures breach exposes Deloitte salary info, report reveals

Salary information from 2005 on Deloitte employees now appears to be collateral damage in the Sony Pictures hack.

Bank and account phishing tops list of U.S. SMS attacks

Bank and account phishing tops list of U.S. SMS attacks

New Cloudmark research shows that bank and account phishing has become the top SMS attack in the U.S. in recent months.

Researchers present method to 'deanonymize' Bitcoin users

Researchers present method to 'deanonymize' Bitcoin users

Three researchers with the University of Luxembourg have generated a method to expose Bitcoin users that has the potential to work more than half of the time.

Reboot 25 takes a look at the past, present, and future of security

Reboot 25 takes a look at the past, present, and future of security

To be unveiled on Monday, December 8, our Reboot 25 section not only highlights 25 industry professionals, but takes a look at the past and future of the industry.

Iranian hackers targeting critical infrastructure

Iranian hackers targeting critical infrastructure

Researchers at Cylance have been monitoring a group out of Tehran, called Operation Cleaver, that it believes is gearing up for a massive attack on critical infrastructure.

Critical bugs fixed in Firefox 34, SSL 3.0 support disabled

Critical bugs fixed in Firefox 34, SSL 3.0 support disabled

The Monday release of Firefox 34 provides fixes for several vulnerabilities and also disables support for SSL 3.0.

FBI warns U.S. firms of data-wiping malware following Sony attack

FBI warns U.S. firms of data-wiping malware following Sony attack

The wiper threat sounds similar to attacks targeting organizations in South Korea and the Middle East.

ACLU: Stingray use violated man's Fourth Amendment rights

ACLU: Stingray use violated man's Fourth Amendment rights

The ACLU has filed a brief in support of a Baltimore man arrested after police spied on him and others without a warrant.

New POS malware appears to be in beta testing phase

New POS malware appears to be in beta testing phase

Trend Micro analyzed new point-of-sale malware detected as TSPY_POSLOGR.K, which appears to be in a beta testing phase.

FIN4 group infiltrates email, to game stock market, report says

FIN4 group infiltrates email, to game stock market, report says

FireEye researchers have uncovered a group, dubbed FIN4, that has targeted more than 100 companies to gain insider information.

Syrian Electronic Army redirects Gigya, briefly compromises media sites on Thanksgiving Day

Syrian Electronic Army redirects Gigya, briefly compromises media sites on Thanksgiving Day

The pro-Assad hacktivist group performed the hack through a DNS redirect that pointed Gigya's content delivery network to a server run by the hackers.

Study: 'High priority' issues hamper endpoint security solution implementation

Study: 'High priority' issues hamper endpoint security solution implementation

A survey from Digital Guardian and Enterprise Strategy Group collected IT security professionals' thoughts on endpoint security solutions and the challenges they face when implementing them.

Researchers identify POS malware targeting ticket machines, electronic kiosks

Researchers identify POS malware targeting ticket machines, electronic kiosks

Electronic kiosks and ticketing systems are among the targets of a new type of point-of-sale threat known as "d4re|dev1|".

Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor

Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor

A backdoor referred to as CryptoPHP is being packaged with pirated Joomla, WordPress and Drupal themes and plugins and used for illegal search engine optimization.

DDoS attacks grew in size, threats became more complex, Q3 reports say

DDoS attacks grew in size, threats became more complex, Q3 reports say

A trio of third quarter reports from security firms reveal changes and complexities in the threat landscape.

Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards

Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards

A California man was sentenced to 18 months in prison for remotely accessing POS machines that he sold to Subway restaurant franchises, and loading up at least $40,000 onto gift cards.

APT operation 'Double Tap' exploits serious Windows OLE bug

APT operation 'Double Tap' exploits serious Windows OLE bug

The group, APT3, is also believed to be behind Operation Clandestine Fox, which used social engineering to lure victims into installing malware.

Regin: nation-state possibly behind the stealthy modular spying malware

Regin: nation-state possibly behind the stealthy modular spying malware

Symantec is referring to the malware as 'groundbreaking,' particularly due to the advanced techniques it uses to conceal itself.

CoinVault changes up traditional ransomware techniques

CoinVault changes up traditional ransomware techniques

A newly identified ransomware takes extra precaution to hide from researchers and possibly show good faith on the attackers' part.

Study: Third of employees use company devices for social media and online shopping

Study: Third of employees use company devices for social media and online shopping

GFI Software and Opinion Matters found that employees used company devices for activities not related to work and had no qualms about stealing company intellectual property after they leave.

'DoubleDirect' MitM attack affects iOS, Android and OS X users

'DoubleDirect' MitM attack affects iOS, Android and OS X users

Security firm Zimperium detected attacks in the wild over the past six to eight months.

Swedish appeals court nixes Assange's plea

Swedish appeals court nixes Assange's plea

Julian Assange remains holed up in Ecuador's U.K. embassy after a court refused to rescind a warrant for Assange's arrest, which could ultimately result in his extradition to the U.S.

Critical XSS vulnerability addressed in WordPress

Critical XSS vulnerability addressed in WordPress

A critical cross-site scripting vulnerability was addressed, which could enable an anonymous user to compromise a site.

Citadel variant targets master passwords, authentication solutions

Citadel variant targets master passwords, authentication solutions

Credentials, entered through password management software and a Nexus authentication tool, are the target of this new variant.

USPS draws ire of Congress over data breach response

USPS draws ire of Congress over data breach response

Members of the USPS testified before a House subcommittee Wednesday, drawing criticism over the delay in its breach notification to impacted employees.

Buffer overflow vulnerabilities identified in Hikvision DVR devices

Buffer overflow vulnerabilities identified in Hikvision DVR devices

Three buffer overflow vulnerabilities identified in Hikvision digital video recorder devices can, if exploited, enable a remote attacker to gain full control of the device.

Android malware 'NotCompatible' evolves, spawns resilient botnet

Android malware 'NotCompatible' evolves, spawns resilient botnet

Mobile security firm Lookout detailed how the malware has grown in complexity to hide its botnet activity.

Vulnerabilities identified in three Advantech products

Vulnerabilities identified in three Advantech products

Researchers with Core Security have identified vulnerabilities in three products manufactured by Advantech, some of which can be exploited remotely.

USA Freedom Act foiled by Senate Republicans

USA Freedom Act foiled by Senate Republicans

The USA Freedom Act, aimed at NSA surveillance reform, failed to pick up enough votes to avoid a Republican filibuster.

Mozilla, Cisco and others sponsor certificate provider Let's Encrypt

Mozilla, Cisco and others sponsor certificate provider Let's Encrypt

The Internet Security Research Group (ISRG) plans to launch its Let's Encrypt software in 2015 that will let anyone receive a free trusted certificate.

TRUSTe settles FTC charges over its 'certified' privacy seals

TRUSTe settles FTC charges over its 'certified' privacy seals

The company has agreed to pay $200,000 as part of the settlement, and will be required to beef up its COPPA-related reporting activities.

Survey: real-time SIEM solutions help orgs detect attacks within minutes

Survey: real-time SIEM solutions help orgs detect attacks within minutes

Real-time security information and event management solutions help organizations detect targeted attacks and advanced persistent threats within minutes, according to a McAfee survey.

Healthcare sector's broad data sets will attract increased attacks in 2015

Healthcare sector's broad data sets will attract increased attacks in 2015

A number of Websense threat predictions point back to the vulnerable healthcare industry as a major target for cybercriminals.

State Department hack may be tied to White House network breach

State Department hack may be tied to White House network breach

The AP reported on Sunday that the State Department had its unclassified system compromised. The news follows the breach of three other government entities' systems.

Microsoft report explores dangers of running expired security software

Microsoft report explores dangers of running expired security software

The dangers of running expired security software is a key takeaway from the Microsoft Security Intelligence Report 17.

'Carder.su' crime ring participant sentenced to 115 months in prison

'Carder.su' crime ring participant sentenced to 115 months in prison

Cameron Harrison, 28, posessed more than 260 compromised credit and debit card numbers at the time of his arrest and is one of 55 people facing charges pertaining to their association with "Carder.su."

U.S. spy program targeting Americans' mobile phones, report says

U.S. spy program targeting Americans' mobile phones, report says

The U.S. Department of Justice is attaching small devices to airplanes that gather massive amounts of mobile phone data, including the data of innocent Americans, a Wall Street Journal report indicates.

Automakers pen 'privacy principles' for in-car technology

Automakers pen 'privacy principles' for in-car technology

The Alliance of Automobile Manufacturers and the Association of Global Automakers created "baseline privacy commitments" for the industry.

Debt sellers exposed personal info of 70K consumers, draws FTC action

Debt sellers exposed personal info of 70K consumers, draws FTC action

Two debt sellers allegedly posted the people's personal information on unencrypted, publicly accessible spreadsheets that were post online.

DDoS attacks cost organizations $40,000 per hour, survey finds

DDoS attacks cost organizations $40,000 per hour, survey finds

An Incapsula survey revealed that the average DDoS attack costs a business roughly $40,000 per hour.

Waste no time patching Windows Schannel, OLE bugs, experts warn

Waste no time patching Windows Schannel, OLE bugs, experts warn

Neglecting to implement the Patch Tuesday fix for both bugs could prove dangerous, researchers say.

Study: 9 in 10 Americans agree control over personal information is lost

Study: 9 in 10 Americans agree control over personal information is lost

A new Pew Research study on Americans' privacy perceptions after the Edward Snowden leaks shows that most people assume their personal data isn't kept private online.

Shellshock used in BrowserStack attack

Shellshock used in BrowserStack attack

BrowserStack experienced an attack on Sunday that resulted in partial user information being accessed and bogus emails being sent to about 5,000 users.

Report provides in-depth look at POS malware used in some of the biggest breaches

Report provides in-depth look at POS malware used in some of the biggest breaches

A Cyphort Labs report provides an in-depth analysis of Backoff, BlackPOS and FrameworkPOS, malware used in some of the biggest breaches.

Patch Tuesday brings 14 security bulletins, fixes 33 bugs

Patch Tuesday brings 14 security bulletins, fixes 33 bugs

Among the updates is a critical fix for a Windows OLE flaw, marking a second patch for the bug.

Tor network moderators unsure how feds discovered and shut down Silk Road 2.0

Tor network moderators unsure how feds discovered and shut down Silk Road 2.0

The anonymity software's moderators aren't entirely sure how up to 50 illicit websites were discovered and shut down this past week.

Federal data breach legislation advances as provincial lapse nears

A Canadian federal bill that would force companies to notify individuals of breaches moved a step closer to being law in October.

Wildfire breach affects 15,000

British Columbia's provincial government is notifying 15,000 individuals after a privacy breach in its Wildfire Management Branch.

RCMP record keeping needs work, says Privacy Commissioner

Canada's RCMP cannot tell whether it complies with federal privacy law when gathering information about citizens without a warrant, according to a report.

'Masque Attack' writes over genuine apps; steals personal and financial data

'Masque Attack' writes over genuine apps; steals personal and financial data

Using WireLurker malware, the attack plays off a vulnerability in third-party app stores to overwrite legitimate apps with malicious ones.

Mobile fraud report notes reliance on OTPs as top concern

Mobile fraud report notes reliance on OTPs as top concern

One-time passwords (OTPs) sent via SMS are increasingly the target of Android malware, the report by Javelin revealed.

USPS investigates breach, more than 800K employees possibly affected

USPS investigates breach, more than 800K employees possibly affected

The United States Postal Service (USPS) announced on Monday that an investigation is underway regarding a cyber security intrusion into some of its systems.

Slew of black marketplaces, including Silk Road 2.0, go dark in Fed sweep

Slew of black marketplaces, including Silk Road 2.0, go dark in Fed sweep

Seventeen suspected members of online marketplaces, including Silk Road 2.0's alleged operator, have been arrested.

Home Depot announces 53M email addresses stolen in breach

Home Depot announces 53M email addresses stolen in breach

Home Depot announced on Thursday that approximately 53 million email addresses were stolen in the data breach that the company confirmed in early September.

Microsoft schedules massive Patch Tuesday release with 16 bulletins, five 'critical'

Microsoft schedules massive Patch Tuesday release with 16 bulletins, five 'critical'

This month's bulletins include five "critical" and nine "important" fixes that address remote code execution, elevation of privilege, and denial of service bugs, among others.

John Gordon Baden arrested in Tijuana

John Gordon Baden arrested in Tijuana

After months of looking for him, Baden was nabbed in Tijuana when tips began coming in about his whereabouts.

Apple addresses OS X, iOS WireLurker malware threat, C&C goes offline

Apple addresses OS X, iOS WireLurker malware threat, C&C goes offline

WireLurker was first observed infecting OS X systems when a user downloaded a trojanized app from a third-party store in China, and then infecting iOS devices that connected to the infected OS X system via USB.

Cousin of Bugat trojan, 'Dridex,' spreads using macros

Cousin of Bugat trojan, 'Dridex,' spreads using macros

Trend Micro detailed the variant and attackers' delivery techniques.

Study: Organizations assailed by cyber attacks, 15 percent are targeted

Study: Organizations assailed by cyber attacks, 15 percent are targeted

Vectra's Post Breach Report analyzed data gathered from more than 100,000 hosts over five months.

Study: 68 percent of healthcare breaches caused by loss or theft of devices, files

Study: 68 percent of healthcare breaches caused by loss or theft of devices, files

Security firm Bitglass analyzed three years worth of HHS breach records for its report.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US