Report: 75 million records compromised so far in 2014

Report: 75 million records compromised so far in 2014

An updated report indicates that since this time last year, breaches have increased by 29.4 percent, with 568 breaches occurring this year.

CloudFlare offers free SSL to its customers

CloudFlare offers free SSL to its customers

CloudFlare announced on Monday that it would be supporting SSL connections to every customer, including about two million using its free service.

Apple releases iOS 8.0.2 to quell buggy update complaints

Apple releases iOS 8.0.2 to quell buggy update complaints

The update comes soon after the company released iOS 8.0.1, which caused issues for iPhone 6 and iPhone 6 Plus users.

Attackers quick to exploit Bash bug, security industry responds quicker

Attackers quick to exploit Bash bug, security industry responds quicker

Less than a week after the vulnerability's discovery and only a day after it was revealed, cybercriminals began exploiting the bug to create botnets and determine future attacks.

'Mozart' is malware behind Home Depot, DHS report suggests

'Mozart' is malware behind Home Depot, DHS report suggests

The Wall Street Journal reported that a Secret Service investigation uncovered malware customized to attack Home Depot.

Researchers analyze Dyre sample with new features

Researchers analyze Dyre sample with new features

Researchers with Proofpoint have analyzed a version of the Dyre banking trojan that has been updated with new features.

'Bash Bug' affects Linux, OS X, may be worse than Heartbleed

'Bash Bug' affects Linux, OS X, may be worse than Heartbleed

A researcher at Akamai uncovered a vulnerability in Bash, called ShellShock, that can execute arbitrary commands in affected systems.

Report: Malvertising solutions will require coordination

Report: Malvertising solutions will require coordination

A new report stresses that ad networks and the web sites that use them need to coordinate to mitigate the malvertising risk.

'Spike' toolkit scales multi-vector DDoS with Windows, Linux hosts

'Spike' toolkit scales multi-vector DDoS with Windows, Linux hosts

Akamai's PLXsert researchers analyzed the new DDoS toolkit.

Home Depot breach leads to fraudulent transactions, class-action lawsuits

Home Depot breach leads to fraudulent transactions, class-action lawsuits

The retailer's massive breach has spawned multiple lawsuits and reports of fraudulent transactions.

Mozilla plans to phase out support of SHA-1 hash algorithm

Mozilla plans to phase out support of SHA-1 hash algorithm

Mozilla announced on Tuesday that it would be phasing out certificates with SHA-1 based signature algorithms.

DDoS attacks target enterprises and ISPs, ignore financial institutions

DDoS attacks target enterprises and ISPs, ignore financial institutions

A new report from NSFOCUS found that DDoS attacks' traffic volume is increasing, along with a shift in targets.

More exploits, including Silverlight attack, packed in Nuclear kit

More exploits, including Silverlight attack, packed in Nuclear kit

Since the year's start, the number of exploits used by the kit has doubled, Trend Micro found.

Researchers discover Tinba variant with 64-bit support, other tricks

Researchers discover Tinba variant with 64-bit support, other tricks

Seculert researchers discovered a variant of the Tinba banker trojan that can infect more systems and better skirt detection.

LEADS Act addresses gov't procedure for requesting data stored abroad

LEADS Act addresses gov't procedure for requesting data stored abroad

Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).

Report: Intrustion prevention systems made a comeback in 2013

Report: Intrustion prevention systems made a comeback in 2013

A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.

Mobile device security sacrificed for productivity, study says

Mobile device security sacrificed for productivity, study says

A Ponemon Institute study, sponsored by Raytheon, revealed that employees increasingly use mobile devices for work but cut corners and circumvent security.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS X 10.9.5

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS X 10.9.5

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

PCI Council holds North America community meeting, new GM Orfei speaks

PCI Council holds North America community meeting, new GM Orfei speaks

The PCI Security Standards Council's new general manager Stephen Orfei spoke at the Florida community meeting.

Chinese hackers breach 50 U.S. gov't contractors' systems in one year

Chinese hackers breach 50 U.S. gov't contractors' systems in one year

A new report from the U.S. Senate Armed Services Committee found that multiple successful attempts were made to access and steal information from contractors' systems, and often times, the government didn't know it happened.

Gartner: 75 percent of mobile apps will fail security tests through end of 2015

Gartner: 75 percent of mobile apps will fail security tests through end of 2015

As BYOD and mobile computing become more critical to business, app downloads will raise security risks.

Watering hole attack targets website visitors of oil and gas start-up

Watering hole attack targets website visitors of oil and gas start-up

Malware capable of avoiding detection targets a narrow audience but may see an improved success rate.

Windseeker app spies on chats using injection, hooking techniques

Windseeker app spies on chats using injection, hooking techniques

The Android app targets Chinese users, but its malicious techniques could become more widespread in the mobile arena, a security firm warns.

VBA malware on rise, templates make it easier to write code

VBA malware on rise, templates make it easier to write code

Researchers at SophosLabs found an uptick in VBA samples in July.

Citadel used in APT attacks against petrochemical firms

Citadel used in APT attacks against petrochemical firms

In an interesting twist, financial malware Citadel was used to infect firms outside of the finance sector via APT attacks, Trusteer found.

Yelp and TinyCo settle with FTC over COPPA Rule violations

Yelp and TinyCo settle with FTC over COPPA Rule violations

Yelp will pay $450,000, and TinyCo will pay $300,000 to settle charges that their mobile apps collected information from children under the age of 13.

Tinba variant aimed at U.S., international banks

Tinba variant aimed at U.S., international banks

Researchers at AVAST have unlocked a Tinba variant and discovered it has been customized to target U.S. financial institutions.

Android bug allowing SOP bypass a 'privacy disaster,' researcher warns

Android bug allowing SOP bypass a 'privacy disaster,' researcher warns

Google reportedly addressed the issue, but many users likely await the fix from providers or OEMs.

Phishing campaign targeting financial and healthcare institutions

Phishing campaign targeting financial and healthcare institutions

Several thousand phishing emails have been sent to employees at small to medium-sized financial and healthcare organizations in the U.S.

'Moafee' and 'DragonOK' APT groups leverage similar attack tools, techniques

'Moafee' and 'DragonOK' APT groups leverage similar attack tools, techniques

FireEye investigated the "production line" approach taken up by various APT groups infiltrating organizations.

Mobile app study reveals privacy concerns

Mobile app study reveals privacy concerns

Of the more than 1,200 mobile apps that were assessed in a recent study, 75 percent requested one or more permissions.

Former CTO of Liberty Reserve pleads guilty in New York

Former CTO of Liberty Reserve pleads guilty in New York

Mark Marmilev pleaded guilty on Thursday for his part in a money laundering conspiracy.

PCI Council updates skimming prevention guidance

PCI Council updates skimming prevention guidance

On Wednesday, PCI SSC updated its card skimming prevention guidance for the first time in five years.

21-year-old 'swatting' suspect arrested in Connecticut

21-year-old 'swatting' suspect arrested in Connecticut

Matthew Tollis is thought to have participated in multiple swatting Skype calls that targeted Harvard University and Boston University, among others.

Google says Gmail credential dump not result of company breach

Google says Gmail credential dump not result of company breach

Gmail credentials for nearly 5 million accounts leaked Wednesday, but many of the username-password combinations appeared to be incorrect or old.

Internet Explorer security feature blocks outdated ActiveX controls

Internet Explorer security feature blocks outdated ActiveX controls

Microsoft introduced a security feature in versions of Internet Explorer that blocks out-of-date ActiveX controls.

Microsoft held in contempt, moves closer to appeal over customer email warrant

Microsoft held in contempt, moves closer to appeal over customer email warrant

Microsoft continues to fight an order requesting it to turn over customer emails stored in a data center in Ireland.

Report: 31 percent of detected threats in 2014 attributed to Conficker

Report: 31 percent of detected threats in 2014 attributed to Conficker

F-Secure noted in its mid-year report that the Conficker worm continues to impact users and that Gameover Zeus still poses a threat.

Microsoft addresses 42 bugs in four bulletins on Patch Tuesday

Microsoft addresses 42 bugs in four bulletins on Patch Tuesday

One bulletin is deemed critical and addresses 37 vulnerabilities in Internet Explorer that enable remote code execution.

Sensys Networks releases updates to address vehicle traffic sensor vulnerabilities

Sensys Networks releases updates to address vehicle traffic sensor vulnerabilities

Sensys Networks addressed two vulnerabilities in its vehicle traffic sensors that were discovered by Cesar Cerrudo, CTO of IOActive Labs.

Target tells court its not liable in bank class-action suit

Target tells court its not liable in bank class-action suit

In a filing in U.S. District Court, Target said merchants and banks "have no direct dealings" in payment transactions.

Salesforce warns of Dyre malware possibly targeting users

Salesforce warns of Dyre malware possibly targeting users

Salesforce posted a notification that its users are possibly being targeted by Dyre malware and offered some recommendations to avoid the threat.

BlackPOS malware that struck Target also linked to Home Depot breach, report says

BlackPOS malware that struck Target also linked to Home Depot breach, report says

The same malware that reportedly struck Target also hit Home Depot's POS systems, a new report from Brian Krebs reveals.

Phishing continues to be effective, McAfee Labs report shows

Phishing continues to be effective, McAfee Labs report shows

Out of 16,000 business users who took the McAfee Phishing Quiz, 80 percent fell for at least one of seven phishing emails.

Microsoft plans four patches, one critical, for Patch Tuesday

Microsoft plans four patches, one critical, for Patch Tuesday

The sole critical patch this month will address remote code execution issues in Internet Explorer.

APT group adapts Windows backdoor to target Mac computers

APT group adapts Windows backdoor to target Mac computers

The backdoor, called "XSLCmd," was detected in earlier attacks on Windows systems, FireEye found.

DDoS attacks rally Linux servers

DDoS attacks rally Linux servers

A significant string of distributed denial-of-service (DDoS) campaigns during the second quarter of 2014 were driven by Linux web servers.

Report: China's underground activity doubled last year

Report: China's underground activity doubled last year

Trend Micro found that compromised hosts, DDoS attack services and remote access trojans were the most coveted offerings in the marketplace last year.

Goodwill announces breach, more than 800K payment cards compromised

Goodwill announces breach, more than 800K payment cards compromised

Goodwill confirmed that payment card data was accessed following a malware attack on a third-party vendor used in about 10 percent of its stores.

Google acceleration of SHA-1 deprecation draws resistance

Google acceleration of SHA-1 deprecation draws resistance

Google said Chrome 39, to be released within 12 weeks, will treat some sites as untrusted, accelerating the transition and user woes.

'KorBanker' steals SMS messages, takes authentication codes in the process

'KorBanker' steals SMS messages, takes authentication codes in the process

Android devices in Korea have primarily been impacted by the malware.

Firefox 32 includes public key pinning, fixes critical vulnerabilities

Firefox 32 includes public key pinning, fixes critical vulnerabilities

Mozilla enabled public key pinning support in Firefox 32 primarily as a way to defend against man-in-the-middle attacks.

Home Depot investigates possible payment card breach

Home Depot investigates possible payment card breach

Home Depot said on Tuesday that it is working with its banking partners and law enforcement to investigate a possible data breach.

FBI, Apple investigate celebrity photo hacking incident

FBI, Apple investigate celebrity photo hacking incident

Reports surfaced that iCloud vulnerabilities may have allowed hackers to obtain personal photos, including nude images, of over 100 celebrities.

Company news: New hires at Accuvant, ZeroFox and ThreatStream

New hires at Accuvant, ZeroFOX and ThreatStream, while a divestiture at Juniper and an acquisition for BlackBerry.

Catching up to the insider

Catching up to the insider

Have effective changes been instituted to protect organizations from other Snowdens or negligent employees?

News briefs: The latest on Sony, Android, Backoff malware and more.

News briefs: The latest on Sony, Android, Backoff malware and more.

This month's news briefs cover a preliminary settlement Sony will bear for the exposure of 77 million customers, and more.

Skills in demand: Embedded security analyst in a mobile environment

Skills in demand: Embedded security analyst in a mobile environment

Embedded security analysts are needed in a mobile environment.

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical info

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm RAT

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Malicious ads impact Java.com, TMZ and Photobucket site visitors, firm finds

Malicious ads impact Java.com, TMZ and Photobucket site visitors, firm finds

Several high-profile websites were impacted by a malvertising campaign, which Fox-IT helped dismantle.

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of 'high-risk' bugs

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system is released.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child porn charges

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.

Nearly 70 percent of IT pros target of weekly phishing attacks, HP finds

Nearly 70 percent of IT pros target of weekly phishing attacks, HP finds

On Wednesday, HP TippingPoint released its State of Network Security survey which polled hundreds of professionals.

Hackers deliver Kelihos to users sympathetic to Russian 'cause'

Hackers deliver Kelihos to users sympathetic to Russian 'cause'

Playing off the Ukraine conflict, a Kelihos campaign promises victims software to help the Russian cause but delivers malware instead.

Study shows how attackers make use of websites existing for less than 24 hours

Study shows how attackers make use of websites existing for less than 24 hours

Looking at the top 50 of parent domains that produced websites existing for less than 24 hours, researchers with Blue Coat Security Labs observed that 22 percent were malicious.

IBM projects 2014 bug disclosures may hit three-year low

IBM projects 2014 bug disclosures may hit three-year low

The number of disclosed vulnerabilities is on track to fall below 8,000 this year, a first since 2011.

New variants of POS malware 'Backoff' found as infections expand

New variants of POS malware 'Backoff' found as infections expand

The Secret Service said that over 1,000 U.S. businesses have been infected with the malware.

PlayStation Network downed by DDoS attack, other gaming networks hit too

PlayStation Network downed by DDoS attack, other gaming networks hit too

Gamers were unable to use the PlayStation Network for most of Sunday due to a DDoS attack, and other gaming networks also suffered from similar problems throughout the weekend.

Reveton packaged with password stealer impacts users in U.S.

Reveton packaged with password stealer impacts users in U.S.

Users in the U.S. have been impacted by a variant of ransomware known as Reveton, which has been upgraded to include a powerful password stealer.

JPMorgan Chase customers targeted in massive phishing campaign

JPMorgan Chase customers targeted in massive phishing campaign

Roughly 500,000 emails have been sent out so far as part of a massive multifaceted phishing campaign targeting customers of JPMorgan Chase.

Study: Organizations lack training, budget to thwart insider threats

Study: Organizations lack training, budget to thwart insider threats

Of the 355 IT and security professionals surveyed, a majority indicated that they were ill-equipped to thwart a possible insider threat.

FireEye examines popular Google Play apps, 68 percent have SSL flaws

FireEye examines popular Google Play apps, 68 percent have SSL flaws

The firm analyzed 1,000 free apps in Google Play which were most downloaded by users.

Researcher hacks network connected devices in own home

Researcher hacks network connected devices in own home

In his own home, a researcher was able to hack various network connected devices that are not computers and mobile phones.

Study: Most higher ed malware infections attributed to 'Flashback'

Study: Most higher ed malware infections attributed to 'Flashback'

Flashback caused a stir in 2012 when some 650,000 Macs were infected with the malware.

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

Community Health Systems attackers exploited Heartbleed bug for access, firm says

Community Health Systems attackers exploited Heartbleed bug for access, firm says

Sources close to the breach investigation tipped off TrustedSec CEO David Kennedy.

AP denied security docs on HealthCare.gov, a risk to private information

AP denied security docs on HealthCare.gov, a risk to private information

The Associated Press was denied a request made under the Freedom of Information Act for documents that contain security information on HealthCare.gov.

Privacy rights group files complaint over Adobe, AOL Safe Harbor compliance

Privacy rights group files complaint over Adobe, AOL Safe Harbor compliance

The Center for Digital Democracy has asked the FTC to investigate 30 U.S. firms' data collection practices, including Adobe, AOL and Datalogix.

Community Health Systems breach may impact more than four million patients

Community Health Systems breach may impact more than four million patients

More than four million patients had data compromised after attackers hacked into the computer network of Community Health Systems and installed malware, according to reports.

Chinese national indicted over Boeing, Lockheed Martin hack

Chinese national indicted over Boeing, Lockheed Martin hack

With the help of two unknown co-conspirators, Su Bin allegedly stole trade secrets related to aircraft models from the defense contractors.

Mother sues Rady Children's Hospital, claims daughter's records revealed

Mother sues Rady Children's Hospital, claims daughter's records revealed

A mother says a breach at Rady Children's Hospital revealed her daughter's sensitive medical records.

SUPERVALU, AB Acquisition announce payment card breaches at grocery chains

SUPERVALU, AB Acquisition announce payment card breaches at grocery chains

SUPERVALU and AB Acquisition LLC are working together to investigate breaches that impacted both companies over the same time frame.

Infection rate from Zeus variant grows 1,879 percent

Infection rate from Zeus variant grows 1,879 percent

Arbor Networks used data from five sinkholes to assess the threat posed by newGOZ, a Zeus variant that steals banking credentials from victims.

Volumetric DDoS activity up big-time in Q2 2014, report indicates

Volumetric DDoS activity up big-time in Q2 2014, report indicates

In the second quarter of 2014, Verisign researchers noted a spike in volumetric DDoS activity when compared to previous quarters.

NSA works to automatically detect attacks, return strikes from foreign adversaries

NSA works to automatically detect attacks, return strikes from foreign adversaries

The NSA program, called "MonsterMind," is reportedly being developed by the intelligence agency.

ACLU, NYCLU court filing backs Facebook challenge to Manhattan DA

ACLU, NYCLU court filing backs Facebook challenge to Manhattan DA

The civil liberties groups contend in a brief filed in New York Supreme Court, that warrants and a gag order issued in the case were unconstitutional.

FCC creates task force to scrutinize illegal stingray use

FCC creates task force to scrutinize illegal stingray use

The task force will examine the use of the technology by foreign intelligence agencies and criminals targeting Americans.

Malware threatens virtual machines, according to report

Malware threatens virtual machines, according to report

Malware has become a threat to virtual machines and, nowadays, should be incorporated into security strategy, according to a Symantec report.

On Patch Tuesday, Microsoft releases nine patches for 37 bugs

On Patch Tuesday, Microsoft releases nine patches for 37 bugs

The tech giant's monthly security update includes two critical patches for IE and Windows.

Researchers trace 'Epic Turla' infection vector

Researchers trace 'Epic Turla' infection vector

Ten months after German security firm G-Data SecurityLabs released its findings on , researchers at Kaspersky Lab and Symantec have detailed a massive cyber-espionage operation.

Security movement urges automakers to collaborate with researchers

Security movement urges automakers to collaborate with researchers

A group of security pros called "I am The Cavalry" introduced a five star automotive cyber safety program.

PCI council releases third-party security assurance guidance

PCI council releases third-party security assurance guidance

The guidance is meant to help merchants and third parties better understand their roles and responsibilities in the payment security ecosystem.

Two new Gameover Zeus variants in the wild

Two new Gameover Zeus variants in the wild

About two months after botnet takedown efforts, new versions of the malware have surfaced in the U.S. and abroad.

DefCon: You cannot 'cyberhijack' an airplane, but you can create mischief

DefCon: You cannot 'cyberhijack' an airplane, but you can create mischief

In a session at DefCon 22, speakers explained that it is not possible to hack a plane and take control of the aircraft, but creating some mischief is still possible.

DefCon: Panel discusses diversty in security and just being yourself

DefCon: Panel discusses diversty in security and just being yourself

Being yourself and being able to be yourself were topics discussed at a panel on diversity in information security at DefCon 22.

DefCon: Stolen data markets are as organized as legitimate online businesses

DefCon: Stolen data markets are as organized as legitimate online businesses

In order to cause disruption within the stolen data markets of the dark web, its organizational structure must be analyzed, according to one expert at DefCon 22 in Las Vegas.

DefCon: Traffic control systems vulnerable to hacking

DefCon: Traffic control systems vulnerable to hacking

Cesar Cerrudo spoke at DefCon about how traffic control systems used in the U.S. and other countries can be hacked.

Sign up to our newsletters

POLL