With RATs at their disposal, 419 scammers target businesses

With RATs at their disposal, 419 scammers target businesses

A new report reveals how Nigeria's 419 scammers are spreading malware to pocket business funds.

InfoSec pros worried BYOD ushers in security exploits, survey says

InfoSec pros worried BYOD ushers in security exploits, survey says

A study by the Information Security Community on LinkedIn found most organizations don't have proper polices and support for BYOD.

Six charged in global StubHub scheme, company defrauded out of $1 million

Six charged in global StubHub scheme, company defrauded out of $1 million

Manhattan DA Cyrus Vance announced on Monday that six individuals are charged for their roles in a global scheme that defrauded StubHub out of $1 million.

DDoS attacks remain up, stronger in Q2, report says

DDoS attacks remain up, stronger in Q2, report says

Prolexic's second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth.

Op Emmental spoofs bank sites, uses Android malware to maintain account access

Op Emmental spoofs bank sites, uses Android malware to maintain account access

On Tuesday, Trend Micro released a report detailing Operation Emmental, which targets victims in Austria, Switzerland, Sweden and Japan.

Vice.com hacked, possibly The Wall Street Journal website too

Vice.com hacked, possibly The Wall Street Journal website too

A reported Russian hacker group known as W0rm tweeted on Monday that it had hacked Vice.com and The Wall Street Journal website.

EFF intros wireless router software to boost industry standard

EFF intros wireless router software to boost industry standard

This weekend, the digital rights group released a "hacker alpha" version of its Open Wireless Router software.

Breaches driving organizational security strategy, survey indicates

Breaches driving organizational security strategy, survey indicates

CyberArk interviewed 373 IT security executives and other senior management in North America, Europe and the Asia-Pacific as part of its eighth annual Global Advanced Threat Landscape survey.

Snowden, Ellsberg ask hackers to help obscure whistleblower activity

Snowden, Ellsberg ask hackers to help obscure whistleblower activity

At the HOPE X conference in New York, Daniel Ellsberg and Edward Snowden discussed the importance of keeping government spying in check.

Almost 40 percent of Canada's Justice Department duped by phishing

Almost one in four employees at Canada's Justice Department fell prey to internet phishing in an exercise last December.

Microsoft waivers on Canadian spam fears

Microsoft has reconsidered a move to cease security emails in Canada, following the introduction of an anti-spam law north of the border.

Underinvestment, poor communication plague Canadian cybersecurity

Canadian cybersecurity is languishing due to poor communication and disappointing security investments, according to research from the Ponemon Institute.

U.S. hosted most Q2 malware, top 10 ISPs still main sources

U.S. hosted most Q2 malware, top 10 ISPs still main sources

Solutionary's SERT research team analyzed threats for the second quarter for its Quarterly Threat Intelligence Report.

Diluting data profiles with obfuscation, a hot topic at HOPE X hacker conference

Diluting data profiles with obfuscation, a hot topic at HOPE X hacker conference

Daniel Howe spoke about obfuscation and presented a couple of tools that he helped create at hacker conference HOPE X.

Report: Old bugs in Microsoft XML still haunt users, program 'most exposed'

Report: Old bugs in Microsoft XML still haunt users, program 'most exposed'

A Secunia quarterly report found Microsoft XML Core Services 4 to be the "most exposed" of widely used programs.

Severe RCE vulnerability affects several Cisco products

Severe RCE vulnerability affects several Cisco products

An RCE vulnerability existing in several Cisco Wireless Residential Gateway products can be exploited to serve up fraudulent advertisements and deliver malware.

Russian espionage malware adapted for ransomware scams

Russian espionage malware adapted for ransomware scams

Sentinel Labs dubbed the repurposed malware "Gyges."

Report: 31 percent of IT security teams don't speak to company execs

Report: 31 percent of IT security teams don't speak to company execs

A Ponemon Institute survey found nearly a third of IT security teams don't formally speak with company executives, increasing the risk of attack.

Senate subcommittee looks to stop botnet threat

Senate subcommittee looks to stop botnet threat

In a Tuesday hearing, a Senate subcommittee heard testimony from government and private sector security experts over the botnet explosion.

Compromised Japanese porn websites distribute banking trojan

Compromised Japanese porn websites distribute banking trojan

Popular Japanese adult websites have been compromised to distribute the Aibatook banking trojan, a threat that could make its way to the U.S.

Pushdo botnet gets DGA update, over 6,000 machines host new variant

Pushdo botnet gets DGA update, over 6,000 machines host new variant

In less than a day, over 6,000 infected machines were updated with the new Pushdo variant.

Oracle releases 113 bug fixes in Critical Patch Update

Oracle releases 113 bug fixes in Critical Patch Update

The most critical flaws were in Java and Oracle Database Server.

Active Directory flaw opens enterprise services to unauthorized access

Active Directory flaw opens enterprise services to unauthorized access

Microsoft blames a "well known" design limitation in Active Directory's authentication protocol, but researchers who discovered the exploit beg to differ.

Survey: 77 percent of IT staffers have incorrectly reported the cause of a security incident

Survey: 77 percent of IT staffers have incorrectly reported the cause of a security incident

An Emulex survey revealed that 77 percent of IT staffers have incorrectly reported the root cause of a security incident to their executive team.

Chinese man charged with hack of Boeing, Lockheed Martin aircraft data

Chinese man charged with hack of Boeing, Lockheed Martin aircraft data

Stephen Su is accused of accessing U.S. firms' systems, including defense contractors Boeing and Lockheed Martin.

Fraudsters market new malware Kronos on underground

Fraudsters market new malware Kronos on underground

Trusteer warns that the financial malware was first advertised last week on a major underground forum.

Man pleads guilty to bank fraud, 48-hour global operation netted $14 million

Man pleads guilty to bank fraud, 48-hour global operation netted $14 million

A man arrested in Germany and extradited to the United States in 2012 pleaded guilty to bank fraud on Friday for his role in a global operation that netted $14 million within 48 hours.

NightHunter campaign dates back to 2009, targets credentials and other data

NightHunter campaign dates back to 2009, targets credentials and other data

Using phishing emails, attackers are targeting various industries with unique keylogger malware as part of an ongoing campaign, NightHunter, that dates back to 2009.

Study: Security not prioritized in critical infrastructure, though most admit compromise

Study: Security not prioritized in critical infrastructure, though most admit compromise

Nearly 70 percent of critical infrastructure organizations said they experienced a security compromise in the last year.

Two new Boleto malware families discovered

Two new Boleto malware families discovered

Trusteer, an IBM company, revealed details on the bolware variants, which employ new tactics to manipulate web pages used for Boletos transactions.

Police, security firms abate Shylock malware threat

Police, security firms abate Shylock malware threat

In 2013, the banking trojan was deemed one of the most active banking trojans by Dell SecureWorks.

Gmail iOS app vulnerable to MitM attack, emails and credentials at risk

Gmail iOS app vulnerable to MitM attack, emails and credentials at risk

Emails and user credentials can be stolen in a man-in-the-middle attack because the Gmail iOS app does not perform certificate pinning.

Senate Intelligence Committee approves cyber security bill

Senate Intelligence Committee approves cyber security bill

The Cybersecurity Information Sharing Act of 2014 encourages threat information sharing between government and the private sector.

Facebook disrupts cryptocurrency-mining botnet Lecpetex

Facebook disrupts cryptocurrency-mining botnet Lecpetex

Lecpetex attackers may have infected up to 250,000 computers, Facebook revealed.

Attackers brute-force POS systems utilizing RDP in global botnet operation

Attackers brute-force POS systems utilizing RDP in global botnet operation

Thousands of infected computers around the world are being used to brute-force point-of-sale systems utilizing remote desktop protocols.

Study: AV, anti-malware most used controls for APT defense

Study: AV, anti-malware most used controls for APT defense

Ninety-six percent of security pros employed AV and anti-malware solutions to protect data from APT attacks, while protections for mobile entry points fell at the bottom of the list.

Russian man arrested for POS hacks draws Russia's ire

Russian man arrested for POS hacks draws Russia's ire

Roman Seleznev, son of a Russian lawmaker, was picked up in Maldives and taken into U.S. custody in Guam, three years after being indicted.

Nude pics, other data, recovered from 'wiped' Android phones purchased on eBay

Nude pics, other data, recovered from 'wiped' Android phones purchased on eBay

After purchasing 20 "wiped" Android smartphones on eBay, AVAST researchers were able to restore photos and other personal information.

Microsoft addresses 29 bugs in IE, Windows, with six bulletins

Microsoft addresses 29 bugs in IE, Windows, with six bulletins

In its monthly Patch Tuesday update, Microsoft plugged a slew of critical bugs in Internet Explorer that could allow remote code execution.

Advanced attack group Deep Panda uses PowerShell to breach think tanks

Advanced attack group Deep Panda uses PowerShell to breach think tanks

CrowdStrike revealed that the attack group is now targeting sensitive data about political affairs in Iraq.

NCL calls on gov't, business to better protect consumer data

NCL calls on gov't, business to better protect consumer data

Noting that consumers are being asked to provide more information than ever before and are less protected, the National Consumers League has proposed reforms.

Microsoft plans six Patch Tuesday fixes, RCE bugs in 'critical' batch

Microsoft plans six Patch Tuesday fixes, RCE bugs in 'critical' batch

Remote code execution (RCE) flaws in Windows and IE will receive top priority this month.

EFF sues NSA in bid for records related to Heartbleed disclosure

EFF sues NSA in bid for records related to Heartbleed disclosure

Frustrated by the NSA dragging its heels on a FOIA request, the EFF takes the NSA to court to secure records on vulnerabilities disclosure criteria.

Sneaky Android RAT disables required anti-virus apps to steal banking info

Sneaky Android RAT disables required anti-virus apps to steal banking info

The HijackRAT for Android mobile devices is capable of numerous attacks, such as pilfering banking information and disabling anti-virus apps.

Spear phishers abuse Word programming feature to infect targets

Spear phishers abuse Word programming feature to infect targets

Hackers abused Microsoft's Visual Basic for Applications (VBA) to rig email attachments, Cisco reveals.

Report: DDoS attacks down, gov't increasingly a target

Report: DDoS attacks down, gov't increasingly a target

In its quarterly "State of the Internet" report Akamai observed 283 DDoS attacks in the first quarter of 2014.

Brazilian 'bolware' gang targeted $3.75B in transactions, RSA finds

Brazilian 'bolware' gang targeted $3.75B in transactions, RSA finds

RSA has revealed the extent of bolware attacks in the country, which have remained a pervasive issue in the financial sector.

Phishing websites up 10 percent in Q1 2014, the U.S. still hosts the majority

Phishing websites up 10 percent in Q1 2014, the U.S. still hosts the majority

The number of phishing websites observed in the first quarter of 2014 went up 10 percent over the previous quarter, and the U.S. hosts the majority.

Microsoft seizes No-IP domains in effort to stop malware infections

Microsoft seizes No-IP domains in effort to stop malware infections

The legal action was taken to disrupt the spread of remote access trojans njRAT and njw0rm.

Houston Astros hacked, trade conversations posted online

Houston Astros hacked, trade conversations posted online

The Houston Astros were hacked, and trade conversations dating back to June 2013 between the Texas ball club and several other major league teams were posted online.

Infostealer Bugat resurfaces with worm component

Infostealer Bugat resurfaces with worm component

Bugat's worm component sends phishing emails to new sets of potential victims, researchers warn.

'Lite Zeus' has fewer tricks, but updated encryption

'Lite Zeus' has fewer tricks, but updated encryption

The new Zeus variant employs AES-128 encryption as opposed to the older RC4 cipher used by other Zeus iterations.

Senate committee passes FISMA reform bill

Senate committee passes FISMA reform bill

The FISMA reform act, which eases reporting requirements and clarifies the roles of DHS and OMB, easily passes the Senate Homeland Security and Governmental Affairs Committee.

EMOTET banking malware captures data sent over secured HTTPS connections

EMOTET banking malware captures data sent over secured HTTPS connections

Banking malware identified as EMOTET is being delivered in Germany via phishing emails, but is also making its way over to the U.S.

Facebook protests Manhattan DA's request for 'nearly all data' on hundreds

Facebook protests Manhattan DA's request for 'nearly all data' on hundreds

The legal fight stems from a 2013 request by the Manhattan district attorney, seeking data from the Facebook accounts of 381 people.

Most health care vendors earn 'D' in data protection, study finds

Most health care vendors earn 'D' in data protection, study finds

A security intelligence report analyzed 150 health care vendors, both small and large.

Pony Loader 2.0 now steals cryptocurrency wallets, still spreads other malware

Pony Loader 2.0 now steals cryptocurrency wallets, still spreads other malware

A years-old information stealer trojan known as Pony Loader, or Fareit, has been updated to steal cryptocurrency wallets such as Bitcoin.

RCE vulnerability in TimThumb's WebShot feature puts WordPress users at risk

RCE vulnerability in TimThumb's WebShot feature puts WordPress users at risk

The WebShot feature of TimThumb, an image resizing utility commonly used on blogging platform WordPress, is affected by a remote code execution vulnerability.

Supreme Court's landmark ruling bars warrantless search of cell phones

Supreme Court's landmark ruling bars warrantless search of cell phones

Privacy advocates say the Wednesday ruling will have a positive impact on forthcoming cases involving data security.

Report: Organizations recognize security risks, slow to take action

Report: Organizations recognize security risks, slow to take action

A recent study has found a significant gap between perceived risk and the actual safeguarding of sensitive data.

'Havex' malware strikes industrial sector via watering hole attacks

'Havex' malware strikes industrial sector via watering hole attacks

F-Secure detected 88 variants of the malware, which infected companies in Europe, as well as a California firm.

PayPal addresses two-factor authentication bypass

PayPal addresses two-factor authentication bypass

A vulnerability exists that allows anyone with legitimate account credentials to bypass two-factor authentication on some of PayPal's mobile applications.

Malicious app BankMirage makes quick appearance in Google Play

Malicious app BankMirage makes quick appearance in Google Play

Researchers at Lookout found the malware, which masqueraded as a legitimate banking app for customers of an Israeli bank.

HackingTeam tool makes use of mobile malware targeting all major platforms

HackingTeam tool makes use of mobile malware targeting all major platforms

HackingTeam is an Italian seller of hacking software marketed to police and governments.

Caphaw trojan being served up to visitors of AskMen.com, according to Websense

Caphaw trojan being served up to visitors of AskMen.com, according to Websense

A nasty trojan known as Caphaw is being served up to anyone that visits multiple pages across AskMen.com, most likely via the Nuclear Pack exploit kit.

Asprox botnet campaign shifts tactics, evades detection

Asprox botnet campaign shifts tactics, evades detection

FireEye researchers are tracking spikes in malicious emails attributed to an ongoing Asprox campaign.

Taboola hack allows SEA to redirect Reuters site visitors

Taboola hack allows SEA to redirect Reuters site visitors

On Monday, ad network Taboola confirmed that it was hacked by the Syrian Electronic Army.

Massive phishing campaign targets hundreds of online dating websites

Massive phishing campaign targets hundreds of online dating websites

Attackers are going after online dating accounts in a massive campaign that makes use of a phishing kit featuring hundreds of fraudulent PHP scripts.

Insurers petition, retail group complaint, raise specter of who pays for breach

Insurers petition, retail group complaint, raise specter of who pays for breach

Michaels insurer petitions a federal court while a retail group asks Congress not to put the onus on retailers.

2012 RCE bug is still highly exploited in targeted attacks, Trend Micro finds

2012 RCE bug is still highly exploited in targeted attacks, Trend Micro finds

A patch was issued for CVE-2012-0158 in April 2012, but Trend Micro found that it is the most commonly exploited vulnerability related to targeted attacks in the second half of 2013.

Talk stresses IoT concerns as today's problems

Talk stresses IoT concerns as today's problems

At SC Congress Toronto, industry experts gave insight on security concerns introduced by the influx on internet-connected devices.

Code Spaces shuts down following DDoS extortion, deletion of sensitive data

Code Spaces shuts down following DDoS extortion, deletion of sensitive data

Following a DDoS attack, attackers deleted sensitive data and put code hosting and project management services provider Code Spaces out of business.

House committee says 'inaccurate' info prompted FTC's LabMD complaint

Under investigation is FTC's relationship with security firm Tiversa, which provided the agency evidence in an ongoing data security case.

LinkedIn accounts can easily be taken over if HTTPS is not always enabled by default

LinkedIn accounts can easily be taken over if HTTPS is not always enabled by default

LinkedIn users that do not have HTTPS always enabled by default are at risk of having their accounts taken over in a man-in-the-middle attack.

New Zbot malware campaign discovered by researchers

New Zbot malware campaign discovered by researchers

The campaign was first noted on Wednesday morning, where more than 40,000 malicious emails were quarantined by researchers.

Denial-of-service vulnerability addressed in Microsoft Malware Protection Engine update

Denial-of-service vulnerability addressed in Microsoft Malware Protection Engine update

Microsoft issued an update to its Malware Protection Engine in order to fix a vulnerability that could enable a denial-of-service.

FBI arrests alleged NullCrew member, faces maximum of 10 years in jail and $250K fine

FBI arrests alleged NullCrew member, faces maximum of 10 years in jail and $250K fine

Timothy French was arrested by the FBI on June 11 and charged on Monday with conspiracy to commit computer fraud and abuse.

Experts discuss the growing threat to critical infrastructure

Experts discuss the growing threat to critical infrastructure

Security personnel are busy mitigating infrastructure attacks rather than protecting their organizations, say experts at SC Congress Toronto.

Tricky new malware strain, Dyre, skirts detection and steals banking credentials

Tricky new malware strain, Dyre, skirts detection and steals banking credentials

Dyre is a new malware strain primarily targeting banking credentials, and is also capable of modifying network traffic and bypassing SSL mechanisms.

IBM CISO: Company boards need big picture threat data

IBM CISO: Company boards need big picture threat data

IBM's global CISO advised security pros on engaging boards of directors about organizational threats.

Towelroot app exploit that 'roots' Android devices could be repackaged by attackers

Towelroot app exploit that 'roots' Android devices could be repackaged by attackers

An exploit being used by an application to 'root' Android devices could be repackaged by attackers to compromise cell phones.

"Human error" contributes to nearly all cyber incidents, study finds

"Human error" contributes to nearly all cyber incidents, study finds

A new IBM report reveals that organizations experienced more than 91 million "security events" last year.

Businesses behind "cramming" scheme surrender over $10M in assets

Businesses behind "cramming" scheme surrender over $10M in assets

The defendants were allegedly behind unauthorized charges to consumers cell phone bills.

Domino's extortion breach highlights rise in ransom-based attacks

Domino's extortion breach highlights rise in ransom-based attacks

A hacker group that stole data on 650,000 French and Belgian Domino's customers is threatening to release the information if the pizza company does not pay more than $40,000.

After Romania sentencing, charges against 'Guccifer' stack up in U.S.

After Romania sentencing, charges against 'Guccifer' stack up in U.S.

On Thursday, the FBI announced new charges against the hacker, including counts of cyberstalking and unauthorized access of a protected computer.

P.F. Chang's investigates breach, shifts to manual payment card imprinting

P.F. Chang's investigates breach, shifts to manual payment card imprinting

While P.F. Chang's investigates a breach, it has shifted to manual payment card imprinting, suggesting that point-of-sale devices may have been compromised.

Android 'SMS Stealer' hides in World Cup-themed apps

Android 'SMS Stealer' hides in World Cup-themed apps

Trend Micro detected over 375 spurious apps spreading mobile malware to soccer fans.

Federal appeals court says police must get warrants for wireless location data

Federal appeals court says police must get warrants for wireless location data

A three-judge panel in the 11th Circuit Court of Appeals says a Florida man's Fourth Amendment expectation of privacy was violated.

PLXsert warns Fortune 500 companies of evolving Zeus threat

PLXsert warns Fortune 500 companies of evolving Zeus threat

An advisory published Tuesday by PLXsert warns Fortune 500 companies of an evolving Zeus crimeware kit threat.

Ransomware "Svpeng" strikes US, leaves Android devices unusable

Ransomware "Svpeng" strikes US, leaves Android devices unusable

Earlier versions of Svpeng impacted mobile users in Russia, stealing card details from customers of major banks.

Survey respondents praise, but neglect, continuous monitoring

Survey respondents praise, but neglect, continuous monitoring

Most respondents in a Ponemon Institute study scan irregularly or not at all and the bulk believe retail breaches are likely the work of crime syndicates.

Clandestine Fox attack op uses social engineering to woo new victims

Clandestine Fox attack op uses social engineering to woo new victims

The operation previously targeted victims by exploiting bugs in popular software, FireEye said.

Zeus variant 'Maple' targets financial data of Canadian users

So far, the new variant has targeted 14 major banks in the country, Trusteer found.

Small businesses running cloud-based POS software hit with unique 'POSCLOUD' malware

Small businesses running cloud-based POS software hit with unique 'POSCLOUD' malware

Researchers with IntelCrawler have identified a unique type of malware, known as POSCLOUD, which targets cloud-based point-of-sale software.

Patch Tuesday brings major IE overhaul, 66 bugs fixed in total

Patch Tuesday brings major IE overhaul, 66 bugs fixed in total

A cumulative security update for Internet Explorer, addressing 59 bugs, was pegged as the top priority patch in the bunch.

Report details China-based cyber spying on U.S. aerospace sector

Report details China-based cyber spying on U.S. aerospace sector

CrowdStrike revealed that the spy network "Putter Panda" appears to share resources with the infamous espionage group APT1.

Expensive new trojan, Pandemiya, based on 25K original lines of C code

Expensive new trojan, Pandemiya, based on 25K original lines of C code

Pandemiya, a new trojan based on 25,000 lines of C code, is being sold for as much as $2,000 on underground forums.

Online gambling site hit by five-vector DDoS attack peaking at 100Gbps

Online gambling site hit by five-vector DDoS attack peaking at 100Gbps

Incapsula has observed an uptick in multi-vector DDoS attacks, particularly after fighting off a five-vector 100Gbps DDoS attack against an online gambling website on Friday.

Cyber crime costs $445 billion globally, GDPs take hit

Cyber crime costs $445 billion globally, GDPs take hit

A report from the Center for Strategic and International Studies puts a dollar figure on cybercrime costs but shows wider economic fallout.

Notorious hacker Guccifer sentenced in Romania

Notorious hacker Guccifer sentenced in Romania

Marcel Lehel Lazar, also known as "Guccifer," could spend up to seven years in prison for his crimes.

Sign up to our newsletters

POLL