State breakdowns: Anthem breach by the numbers

State breakdowns: Anthem breach by the numbers

The Anthem breach has affected millions - here's a tally so far, broken down by state.

EPIC files complaint over Samsung Smart TV privacy policy

EPIC files complaint over Samsung Smart TV privacy policy

EPIC filed a complaint with the FTC this week after media outlets pointed out Samsung's vague policy regarding their Smart TV voice recognition feature.

Botnet of Joomla servers furthers DDoS-for-hire scheme

Botnet of Joomla servers furthers DDoS-for-hire scheme

A vulnerable Google Maps plug-in for Joomla allowed attackers to spoof the source of DDoS attacks.

Study: SMBs lack thorough understanding of state data breach notification laws

Study: SMBs lack thorough understanding of state data breach notification laws

With President Obama drawing attention to a possible federal data breach law, one study found that 14 percent of small business owners are "not at all confident" with their states' current laws.

Bug in popular WordPress plugin opens up websites to SQL injection attacks

Bug in popular WordPress plugin opens up websites to SQL injection attacks

The vulnerability exists in versions 3.9.5 and lower of the Slimstat web analytics plugin for WordPress.

Florida law enforcement docs show widespread stingray use, secrecy

Florida law enforcement docs show widespread stingray use, secrecy

The American Civil Liberties Union (ACLU) has released documents obtained from Florida police and sheriff's departments that reveal Stingray use and raise privacy concerns.

Study: Thousands more vulnerabilities reported in 2014 than previous years

Study: Thousands more vulnerabilities reported in 2014 than previous years

GFI Software wrote in a post that 7,038 vulnerabilities were added to the National Vulnerability Database in 2014.

M-Trends report: Nearly 70 percent of breached firms alerted by outside source

M-Trends report: Nearly 70 percent of breached firms alerted by outside source

In most cases, law enforcement alerted organizations that an intrusion had taken place.

New Jersey Congressmen to reintroduce privacy bill

New Jersey Congressmen to reintroduce privacy bill

Two legislators reintroduce bill aimed at protecting consumers from data breaches.

Older vulnerabilities a top enabler of breaches, according to report

Older vulnerabilities a top enabler of breaches, according to report

The HP Cyber Risk Report looks back at 2014, and notes that 44 percent of known breaches were possible due to vulnerabilities identified years ago.

After Superfish-Lenovo incident, Facebook probes larger issue of SSL-sniffing adware

After Superfish-Lenovo incident, Facebook probes larger issue of SSL-sniffing adware

Facebook found over a dozen applications that use the same third-party SSL decryption library from Komodia that Superfish leverages.

Google Cloud Security Scanner released in beta

Google Cloud Security Scanner released in beta

Google is providing developers with a multipipe approach to scanning applications for security flaws.

Disconnect yawns between CISOs, exec leadership, study says

Disconnect yawns between CISOs, exec leadership, study says

A recent survey by Ponemon Institute and Raytheon found senior executives don't fully understand the extent of security threats.

Gemalto investigates claims that gov't spies hacked SIM card encryption keys

Gemalto investigates claims that gov't spies hacked SIM card encryption keys

The SIM card maker said it will "devote all resources necessary" to investigate hacking claims revealed in Snowden leaks.

BlackShades co-creator, Alex Yucel, pleads guilty

BlackShades co-creator, Alex Yucel, pleads guilty

The 24-year-old Swedish man behind the creation of the BlackShades RAT and organization has pleaded guilty to distributing malicious software.

Average DDoS attack size at 7.39 Gbps in Q4 2014, according to report

Average DDoS attack size at 7.39 Gbps in Q4 2014, according to report

The report indicates that UDP amplification attacks leveraging Network Time Protocol are still the most common DDoS attack vector.

Lenovo PCs shipped with 'Superfish,' adware that opens users to MitM attacks

Lenovo PCs shipped with 'Superfish,' adware that opens users to MitM attacks

After facing backlash, Lenovo removed the software from its computers.

Customers cry foul in two more Anthem suits

Customers cry foul in two more Anthem suits

A set of suits filed in a Denver court accuse the insurance giant of inadequate security and false promises.

Tech companies, media join Twitter's fight to divulge NSL info

Tech companies, media join Twitter's fight to divulge NSL info

Twitter sued the government last year for violating its First Amendment rights concerning NSL disclosures.

Jamie Oliver website, RedTube distributes malware via malicious iFrames

Jamie Oliver website, RedTube distributes malware via malicious iFrames

Two very popular websites were compromised so that visitors would be infected with malware.

Malware operations targeting orgs in Israel, Egypt traced to Gaza

Malware operations targeting orgs in Israel, Egypt traced to Gaza

Both operations, though separate in their aims, were said to have ties to Gaza, Trend Micro found.

Researchers identify advanced espionage team, the 'Equation' group

Researchers identify advanced espionage team, the 'Equation' group

Governments, militaries and financial institutions in more than 30 countries around the globe are among the targets of the "Equation" group, according to Kaspersky Lab.

Carbanak APT campaign made off with $1B from banks globally

Carbanak APT campaign made off with $1B from banks globally

A cybercrime collected distributed the Carbanak malware via email to banking employees to infiltrate systems and snare over $1 billion, according to Kaspersky Lab.

CSE spies on global file uploads

One of Canada's intelligence agencies has been secretly monitoring file downloads across the world for years.

Canada losing cybersecurity war

Canada's companies are ill-prepared to meet modern cybersecurity challenges, according to a survey by the Ponemon Institute.

Obama Executive Order paves way for threat intelligence sharing

Obama Executive Order paves way for threat intelligence sharing

Speaking at the Cybersecurity and Consumer Protection Summit the president hopes to encourage industry and government to share threat information more freely.

Breach index: Mega breaches, rise in identity theft mark 2014

Breach index: Mega breaches, rise in identity theft mark 2014

Last year, more than one billion records were breached worldwide, Gemalto found.

Ransomware delivered via fake Chrome and Facebook emails, tied to PayPal phishing

Ransomware delivered via fake Chrome and Facebook emails, tied to PayPal phishing

Trend Micro researchers observed upgraded CTB-Locker ransomware being distributed via fake Google Chrome and Facebook emails.

Facebook pays researcher $12,500 for discovering photo bug

Facebook pays researcher $12,500 for discovering photo bug

A techie in India discovered a vulnerability that allowed him to delete victims' Facebook photos and albums.

Microsoft phishing emails target corporate users, deliver malware that evades sandboxes

Microsoft phishing emails target corporate users, deliver malware that evades sandboxes

Cisco researchers identified a campaign involving phishing emails that purport to come from the Microsoft Volume Licensing Service Center.

Popular dating apps tested, over 60 percent have medium to severe flaws

Popular dating apps tested, over 60 percent have medium to severe flaws

Findings from IBM serve as a reminder this Valentine's Day to boost mobile security efforts, even when dealing with apps from so-called "trusted" marketplaces.

Forbes.com attackers exploited zero-days in Flash, IE

Forbes.com attackers exploited zero-days in Flash, IE

Security researchers said the attack was likely the work of a Chinese espionage group aiming to penetrate the systems of financial services and defense contracting firms.

NIST requests final comments on ICS security guide

NIST requests final comments on ICS security guide

The updated guide will offer insight on reducing risks to industrial control systems, such as malware, equipment failures, and other threats.

NYDFS issues report, announces targeted security assessments for insurance companies

NYDFS issues report, announces targeted security assessments for insurance companies

The NYDFS conducted a survey of 43 insurance companies to gain insight into how the insurance industry is preventing cybercrime and protecting sensitive data.

U.S. IT security professionals face range of attacks from abroad, report finds

U.S. IT security professionals face range of attacks from abroad, report finds

CrowdStrike's Global Threat Intel Report details some of the attacks IT security professionals have seen in 2014 and can expect to see more of this year.

Bill C-51 widens government surveillance powers

The Canadian government has introduced Bill C-51, an 'anti-terror' bill that will broaden the surveillance powers of government agencies.

Samsung updates Smart TV privacy policy to clarify collection of user data

Samsung updates Smart TV privacy policy to clarify collection of user data

After device owners and media outlets began questioning Samsung's vague privacy policy related to its Smart TVs, the company revised the policy to further clarify.

On Patch Tuesday, Microsoft unveils fix for critical Windows flaw 'JASBUG'

On Patch Tuesday, Microsoft unveils fix for critical Windows flaw 'JASBUG'

It took Microsoft a year to patch the critical Windows bug allowing remote code execution (RCE).

Simplocker Android ransomware variant identified, tougher to decrypt files

Simplocker Android ransomware variant identified, tougher to decrypt files

This latest variant of Simplocker generates a unique key for each device that it infects, making it more difficult to decrypt the files on each device.

Twitter issues transparency report; global information requests jumped by 40 percent

Twitter issues transparency report; global information requests jumped by 40 percent

Twitter's new transparency report indicates that requests for user information have increased, both in the U.S. and abroad.

Car hacking report explores lack of real-time response capabilities

Car hacking report explores lack of real-time response capabilities

Among 16 major automakers, only two said they could diagnose or meaningfully respond to intrusions in real-time.

Researchers identify buffer overflow vulnerability in Advantech device

Researchers identify buffer overflow vulnerability in Advantech device

Core Security researchers said that the vulnerability in EKI-1221D can be exploited remotely by attackers to execute arbitrary code.

Lawsuits filed against Anthem, phishing scams abound

Lawsuits filed against Anthem, phishing scams abound

Plaintiffs in California, Georgia, Indiana and Alabama have filed suits and Anthem warned customers to brace for more phishing scams.

Community debates encryption's value in Anthem incident

Community debates encryption's value in Anthem incident

Experts argue that encryption is not the key piece in the Anthem breach if the incident involved a targeted attack on admin credentials.

A look at Anthem's PR response following the data breach

A look at Anthem's PR response following the data breach

Following its headline-grabbing data breach, Anthem's public relation's agency, Ketchum, went into action addressing the public.

Zero-day bug identified in popular FancyBox WordPress plugin

Zero-day bug identified in popular FancyBox WordPress plugin

The developers of FancyBox have issued a patch to address the bug, which was actively being exploited in the wild.

Experts weigh in on Anthem breach, speculate on how attackers broke in

Experts weigh in on Anthem breach, speculate on how attackers broke in

Experts are speculating that attackers exploited a vulnerability in Anthem's IT system, or obtained credentials via social engineering.

Exclusive: Mandiant speaks on Anthem attack, custom backdoors used

Exclusive: Mandiant speaks on Anthem attack, custom backdoors used

Mandiant was brought on site Tuesday, after Anthem started their own internal investigation.

Anthem breach: what we know so far

Anthem breach: what we know so far

Managed health care company Anthem announced on Wednesday that it was the target of a cyber attack, and that member information was compromised.

Bicameral, bipartisan seeks to modernize electronic privacy law

Bicameral, bipartisan seeks to modernize electronic privacy law

The bipartisan Electronic Communications Privacy Act Amendments Act of 2015 would offer protection from warrantless digital searches.

'Operation Pawn Storm' espionage campaign infecting iOS devices

'Operation Pawn Storm' espionage campaign infecting iOS devices

Trend Micro researchers identified two mobile apps for iOS that are being used to eavesdrop on communications among high-profile government, embassy and defense personnel.

Report compares exploit skills of APT actors, other malware groups

Report compares exploit skills of APT actors, other malware groups

A technical paper challenges the misconception that APT groups are inevitable "masters of exploitation."

AOL advertising network again used to distribute malware

AOL advertising network again used to distribute malware

Anyone who visited the websites of The Huffington Post and LA Weekly - among other websites - on Saturday or Sunday stands to be infected with a Kovter trojan used for advertising click fraud.

Act would require gov't to get warrant for electronic content, geolocation data

Act would require gov't to get warrant for electronic content, geolocation data

A bipartisan trio of legislators reintroduced the Online Communication and Geolocation Protection Act to extend Fourth Amendment rights to electronic communications.

Firm warns of Google Play apps spreading adware

Firm warns of Google Play apps spreading adware

In some instances, it took 30 days for the newly-installed apps to display "abnormal" behavior.

BMW issues security patch for bug allowing attackers physical access into vehicles

BMW issues security patch for bug allowing attackers physical access into vehicles

The German automobile maker issued a patch for a security issue that could have affected more than 2 million vehicles and allowed attackers to gain physical access to the cars.

Hackers used social engineering to glean military intel on Syrian opposition

Hackers used social engineering to glean military intel on Syrian opposition

Attackers sent malware through Skype chats promising pictures, FireEye reveals.

Apple fixes 33 security bugs with iOS 8.1.3 update

Apple fixes 33 security bugs with iOS 8.1.3 update

Apple fixed a number of flaws with its latest iOS update and improved stability and performance.

Researchers observe new Flash Player zero-day bug being exploited

Researchers observe new Flash Player zero-day bug being exploited

Adobe said it is aware of reports that a newly identified Flash Player zero-day vulnerability is being actively exploited in the wild.

Company news: New additions at ThreatStream, Arbor Networks and more

The latest personnel moves, merger and acquisition activity and other developments in the IT security field.

Tidal waves of spoofed traffic: DDoS attacks

Tidal waves of spoofed traffic: DDoS attacks

Recent takedowns of Sony and Xbox networks prove that no matter how large the entity, they can be knocked offline.

News briefs: North Korea behind the Sony breach and a landmark HIPAA settlement

News briefs: North Korea behind the Sony breach and a landmark HIPAA settlement

President Obama imposed sanctions against North Korea, a medical services provider will be forced to pay a "neglect" penalty over HIPAA violations, the House passed the Intelligence Authorization Act, and other security news.

Report: From Q3 to Q4, 90 percent increase in global DDoS attacks observed

Report: From Q3 to Q4, 90 percent increase in global DDoS attacks observed

In Q4 2014, Akamai observed an even busier season for attackers than expected.

Researchers observe databases being encrypted, websites held for ransom

Researchers observe databases being encrypted, websites held for ransom

High-Tech Bridge is referring to the threat as 'RansomWeb' because it involves encrypting databases and holding websites for ransom.

ZeroAccess botnet reactivates, click fraud activity resumes

ZeroAccess botnet reactivates, click fraud activity resumes

The Dell SecureWorks Counter Threat Unit first noticed the ZeroAccess botnet reactivating from March 21, 2014, to July 2, 2014.

Zeus variant targeting Canadian banks, U.S. banks may also be a target

Zeus variant targeting Canadian banks, U.S. banks may also be a target

A new Zeus trojan variant is targeting a number of banks in Canada, including Bank of Montreal, Royal Bank of Canada, and National Bank of Canada.

Winnti trojan may help set stage for Skeleton Key attacks, analysts say

Winnti trojan may help set stage for Skeleton Key attacks, analysts say

Security firm Symantec found a backdoor, called Winnti, on a computer also infected with Skeleton Key.

FTC settles with revenge porn site operator

FTC settles with revenge porn site operator

The Federal Trade Commission has prohibited a revenge porn site operator from sharing nude photos, using deceptive tactics and revealing personal information.

Upatre, Dyre used in Univ. of Florida attack

Upatre, Dyre used in Univ. of Florida attack

Hundreds of computers belonging to University of Florida students and faculty were infected with Upatre and Dyre in a multistage attack.

House subcommittee hears testimony on data breach law

House subcommittee hears testimony on data breach law

Testimony in House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade hearing aimed at shaping national data breach notification law.

FTC publishes security recommendations for IoT device makers

FTC publishes security recommendations for IoT device makers

A new report from the Federal Trade Commission (FTC) provides data security steps for businesses and promotes data minimization.

'GHOST' bug in Linux library enables remote takeover of victim's system

'GHOST' bug in Linux library enables remote takeover of victim's system

Qualys has identified a buffer overflow vulnerability in the Linux GNU C Library that, if exploited, could enable an attacker to remotely take complete control of a victim's system.

How organizations can prepare for 2015 data privacy legislation

How organizations can prepare for 2015 data privacy legislation

Many states have laws today that require corporations and government agencies to notify consumers in the event of a breach - but it is not enough.

Firm finds link between Regin spy tool and QWERTY keylogger

Firm finds link between Regin spy tool and QWERTY keylogger

Source code for the keylogger, called QWERTY, was published in Snowden documents.

Insider threats changing security spending, report says

Insider threats changing security spending, report says

The 2015 Vormetric Insider Threat Report found that a large majority of U.S. companies believe they are vulnerable to insider threats.

New attack uses ransomware to drop trojans and keyloggers

New attack uses ransomware to drop trojans and keyloggers

The Internet Crime Compliant Center issued a warning on Thursday about a new scam that might be rooted in an initial ransomware infection.

Size and frequency of DDoS attacks increasing, annual report shows

Size and frequency of DDoS attacks increasing, annual report shows

In the Worldwide Infrastructure Security Report by Arbor Networks, 38 percent of respondents said that they have experienced more than 21 attacks per month.

WikiLeaks requests information on staffers search warrant data requests

WikiLeaks requests information on staffers search warrant data requests

WikiLeaks penned a letter to Google CEO Eric Schmidt requesting more information about search warrants under which the company handed over WikiLeaks staffers' data.

'Sexy Girls' wallpaper app in Google Play store accessed account info

'Sexy Girls' wallpaper app in Google Play store accessed account info

The app is no longer available from the Google Play store, but prior to being removed it had been installed between 50,000 and 100,000 times.

Proposed CFAA revisions agitate IT security community

Proposed CFAA revisions agitate IT security community

The security community is voicing concern over proposed revisions to the Computer Fraud and Abuse Act (CFAA) by taking to Twitter and personal blogs.

CTB-Locker ransomware variant being distributed in spam campaign

CTB-Locker ransomware variant being distributed in spam campaign

As part of a recent spam campaign, Trend Micro researchers observed a variant of CTB-Locker ransomware asking for 3 Bitcoins within 96 hours.

Analysts detail spying tool Regin's malicious modules

Analysts detail spying tool Regin's malicious modules

Two stand-alone modules, dubbed Hopscotch and Legspin, were analyzed by Kaspersky Lab.

NAFCU asks Congress to create bipartisan data breach working group

NAFCU asks Congress to create bipartisan data breach working group

The National Association of Federal Credit Unions sent Congressional leaders a letter calling for the creation of a bipartisan working group to shape breach legislation.

Chrome 40 promoted to stable channel, includes 62 security fixes

Chrome 40 promoted to stable channel, includes 62 security fixes

Google gave out thousands of dollars in rewards to several external researchers who dug up and reported bugs, several of which were deemed high impact.

Barrett Brown sentenced to 63 months in prison

Barrett Brown sentenced to 63 months in prison

In April 2014, Brown pleaded guilty to posting an online threat aimed at a federal agent, as well as other charges.

Adobe plugs Flash zero-day, investigates separate exploit reports

Adobe plugs Flash zero-day, investigates separate exploit reports

Adobe said it is aware of reports that an exploit for the bug exists.

Study: Lack of planning and resources leads to persistence of 'shelfware'

Study: Lack of planning and resources leads to persistence of 'shelfware'

In its "Security on the Shelf" report, Osterman Research found that for every $115 a company spends per user on security-related software, $33 of the investment is "not working as well as it can" or is never used at all.

Obama talks cybersecurity legislation in State of the Union

Obama talks cybersecurity legislation in State of the Union

The President urged Congress to pass law that would better protect the nation from emerging cyber threats.

Oracle releases quarterly patches; issues 169 fixes

Oracle releases quarterly patches; issues 169 fixes

The company's January quarterly release addressed vulnerabilities across hundreds of products and patched bugs that could have been remotely exploitable without authentication.

Congressman asks Holder to review Christie's access to private E-ZPass data

Congressman asks Holder to review Christie's access to private E-ZPass data

A New Jersey congressman has asked the Justice Department to investigate whether New Jersey Governor Chris Christie and a Port Authority official violated state privacy laws when they revealed E-ZPass data.

Roughly 40 percent of orgs are patching, annual Cisco report shows

Roughly 40 percent of orgs are patching, annual Cisco report shows

The "Cisco 2015 Annual Security Report" explores what's trending with regard to attackers, users, and defenders.

Report: NSA efforts influenced U.S. stance on Sony attack

Report: NSA efforts influenced U.S. stance on Sony attack

The New York Times revealed new info on NSA's years-long surveillance efforts against North Korea.

PCI compliance not synonymous with security, panel says

PCI compliance not synonymous with security, panel says

A panel held during the annual NRF conference discussed ways that retailers could bolster security.

Affordable Care Act phishing campaign identified, US-CERT issues advisory

Affordable Care Act phishing campaign identified, US-CERT issues advisory

US-CERT issued an advisory on Thursday, warning of phishing emails referencing the Affordable Care Act.

New York AG proposes legal protections for medical data, login info

New York AG proposes legal protections for medical data, login info

The attorney general is pushing lawmakers to back legislation that would expand the definition of protected "private information."

Android malware encounters surged in 2014, up by 75 percent, report says

Android malware encounters surged in 2014, up by 75 percent, report says

Mobile security company Lookout released its annual Mobile Threat Report on Thursday, which demonstrated a major uptick in Android malware encounters.

Several vulnerabilities addressed in Firefox 35, some deemed critical

Several vulnerabilities addressed in Firefox 35, some deemed critical

Numerous Firefox vulnerabilities, some deemed critical, have been addressed by Mozilla in the latest release of its web browser.

Investment in end-user training could reduce cost by 60 percent

Investment in end-user training could reduce cost by 60 percent

The Aberdeen Group teamed up with Wombat Security Technologies to create a Monte Carlo model that would quantify how employees' online actions correlate with an enterprise's risk

On heels of Obama privacy talk, senator to reintroduce breach notification bill

On heels of Obama privacy talk, senator to reintroduce breach notification bill

A Florida senator is drafting the Data Security and Breach Notification Act of 2015, a year after similar legislation was introduced.

2015 SC Awards U.S. Finalists

2015 SC Awards U.S. Finalists

The highly anticipated SC Awards U.S. are just around the corner. Here's the full list of finalists competing to take home a trophy on the big night in San Francisco.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US