Organizations in the finance, telecommunications, defense, and transportation industries have been targeted by attackers that may be looking to steal valuable information.
Researchers with BAE Systems Applied Intelligence have determined that a possibly Russian-fueled malware campaign known as Snake, or Uroburos, may actually date back as far as 2006.
Microsoft will be delivering five updates on upcoming Patch Tuesday, two of which are deemed critical, which means the vulnerabilities can be exploited to allow for code execution without any user interaction.
Brown, a writer and activist who is known as one of the online faces of Anonymous, faced charges related to sharing a link to a dump of credit card numbers connected to the Stratfor breach.
A new HTTPS remote administration tool for Android-based mobile devices has been discovered for sale on underground marketplaces, according to Symantec security researchers.
The North Dakota University System is notifying more than 290,000 former and current students and roughly 780 faculty and staff that their personal information may be at risk after an unauthorized party gained access a server.
Researchers from North Carolina State University have created a tool that uses anomaly detection to distinguish authentic Android applications from those containing root exploit malware.
The producer of fruit spreads and beverages notified customers of its Online Store that their personal information, including credit and debit card numbers and expiration dates and verification codes, may have been compromised.
An attempted intrusion is still being investigated, but Texas-based Sally Beauty has no evidence to suggest that 282,000 payment cards found in an online underground crime market were pilfered from the worldwide retailer.
Attackers have remotely altered DNS configurations for more than 300,000 small office/home office routers, subsequently opening up victims to a host of compromises.
On the same day that an attacker stole 896 bitcoins from Bitcoin bank Flexcoin, an individual allegedly posted the Mt. Gox code on Pastebin.
As the April 8 support cut-off date looms, Microsoft has decided to nudge users to migrate via reminders that will pop-up every month starting this Saturday.
A Russian agency could be behind a sophisticated piece of malware known as Uroburos that has potentially been stealing confidential data from governments and other high profile targets since as far back as 2011.
Hackers stole credit and debit card information and Social Security numbers from Las Vegas Sands employees and customers from the casino's Bethlehem, Pa. website.
Officials are notifying about 1,700 current and former Detroit fire and emergency medical services employees that their personal information may have been compromised by malware that locked City files.
Travelers that recently charged a Chicago cab fare to a payment card may want to be on the lookout for fraudulent charges, according to Illinois-based First American Bank.
Social networking portal Meetup has been hit with a prolonged distributed denial-of-service (DDoS) attack that has caused intermittent outages for days.
Recent breaches have highlighted the need for talented technologists with the ability to assess vulnerabilities long before they are under attack.
This month's company news includes new hires at Rapid7 and Vaultive, as well as Palo Alto Networks acquiring security firm in Silicon Valley.
After breaches of major retailers, the discussion regarding a potential federal breach notification law was brought back to the forefront among government leaders.
Privacy experts held a candid talk on government methods for obtaining citizen information, and on how the industry can help buffer unfettered data collection.
Although industry pros are anticipating security incidents at their organizations, a recent report indicates that their computer incident response teams aren't fit to address them.
Hold Security has located more than 20 data files on the Deep Web that together contain roughly 360 million email addresses with passwords, and about 1.25 billion email addresses alone.
In light of the RSA-NSA controversy, a number of speakers, who originally planned to speak at RSA Conference 2014, pulled out and formed a lineup for TrustyCon.
Jeff Forristal demonstrated the hack during a session on "predatory hacking of mobile devices."
Speakers at this week's RSA Conference in San Francisco stressed that the bring-your-own-device (BYOD) trend is changing - not ending.
Two senior security researchers have detailed how hackers can use "touchlogging" attack techniques to take control of iOS and Android devices.
Collaborative sharing of security data across enterprises, countries and industry sectors in a single big data store will be the future of protecting against advanced persistent threats, RSA delegates were told today.
Cyber security guru Richard Clarke and General Michael Hayden discussed the much-maligned NSA spying program during the RSA Conference.
The masses won't ditch passwords until authentication alternatives become more practical in the everyday lives of users, experts said.
Twitter returned a coveted username - @N - to Naoki Hiroshima on Tuesday, roughly one month after an attacker stole it through extortion.
In an age of advanced attacks and insider threats, traditional perimeter-based security just doesn't cut it, argue two leading InfoSec experts.
An interesting discussion at the RSA conference revealed that vendors often face a "double-edged sword" when tasked with disclosing software vulnerabilities.
Experts discuss the most dangerous new attack techniques, which include point-of-sale malware, mobile and wireless threats, and compromise of industrial control systems.
If you have broken no law, nor failed to comply with any agreed industry standard, are you liable for the consequential loss incurred by your clients if you suffer a data breach that causes them loss?
The 2014 SC Awards U.S. have finally come to a close. Here's a look at those who took home a big prize!
Cryptography expert Bruce Schneier, now CTO of Co3 Systems, continued his criticism of the National Security Agency's surveillance during his well-attended talk at the RSA Conference in San Francisco today.
In his keynote address at the RSA Conference in San Francisco, Art Coviello discussed the NSA allegations and also outlined four principles that would serve as a set of standards when it comes to cyber warfare.
Security researcher - and white hat hacker - Raven Alder addressed sexism in the InfoSec world at the B-Sides San Francisco event on Monday, and said - perhaps surprisingly - that it can help and hinder attackers and defenders in equal measure.
Nawaf Bitar, a senior exec at Juniper Networks, told attendees that the next world war could very well take place on a cyber battle field.
"You suck at your job" was the Michael Roytman's controversial opening line to the audience of white hat hackers at the B-Sides event run prior to RSA San Francisco.
Hord Tipton, Ernest McDuffie and Michael Murray sit down to discuss the state of security education for young people and adults.
Christopher Soghoian, of the ACLU (American Civil Liberties Union), concluded his speech at BSides San Francisco with the observation that developers building encryption models need to consider the US government a threat.
Hackers and InfoSec experts need to stand up and become part of a wider plan to influence and reform government legislation on information security, so says Rapid 7 global security strategist Trey Ford.
Baltimore-based RedOwl Analytics was named "Most Innovative Company" at the RSA Conference 2014 Innovation Sandbox event.
Verizon Risk researchers Kevin Thompson and Suzanne Widup have been crunching some numbers of data breaches...and they reckon that the number may be higher than you think.
YouTube's ad network was compromised to host the Styx exploit kit, researchers found.
Richard Clarke kicked off the CSA Summit 2014 by discussing his observations about the NSA surveillance controversy.
iBanking mobile malware was first introduced to the underground market late last year, according to RSA.
The malware is based on the leaked code of Zeus and RAM-scraping malware.
A RiskIQ report found the number of malicious apps in the Google Play store rose while the number of apps that Google removed dropped precipitously, between 2011 and 2013.
According to FireEye, the flaw was being actively exploited to target foreign policy and defense organizations.
On Wednesday, the tech giant provided the "Fix it" solution, or temporary workaround, for the remote code execution bug.
Nearly all of the applications tested by Cenzic in 2013 contain at least one security vulnerability.
Researchers hope the recently published exploit will spur service providers to provide an update for users.
Dutch telecommunications company KPN announced on Wednesday that it has entered into a partnership with encrypted communications firm Silent Circle and will be offering customers encrypted phone call and messaging services.
A new variant of the nefarious Zeus banking trojan is concealed in JPG image files, according to the collaborative findings of two researchers.
In the wake of a data breach announced on Saturday, popular crowdfunding platform Kickstarter is urging all users to change their passwords, even though the company uses encryption.
Casey Meyering, 28, was arrested in Tulsa, Okla., last Thursday.
Researchers at IOActive discovered the vulnerabilities in Belkin's WeMo home automation devices.
Researchers at FireEye found that the U.S. Veterans of Foreign Wars site was booby trapped to spread a backdoor.
Arbor Networks announced on Friday that it observed several large NTP-based distributed denial-of-service attacks this week, including one on Monday that peaked at 325 gigabytes per second.
On Wednesday, Neiman Marcus filed a motion to dismiss a class-action complaint filed in January by a customer impacted in a recent payment card breach.
In a recent study, the Ponemon Institute found 86 percent of companies feel incident response is hampered by lengthy detection process and lack of prioritization.
Attackers are looking to capitalize on the demise of Flappy Bird by offering up premium SMS-sending doppelgangers for Android devices.
On Wednesday, NIST published the 41-page guidance after months of feedback from the community.
CERT Polska researchers have observed attackers using DNS redirection attacks - made possible due to vulnerabilities in home routers - to effectively access online banking accounts in Poland.
Kaspersky Lab's released a detailed report on Absolute Computrace, anti-theft software built into the firmware of laptops and desktops.
The most active banking trojan of 2013 was the Gameover variant Zeus, according to the latest research by the experts with the Dell SecureWorks Counter Threat Unit.
On Wednesday, Trustwave published a global survey on pressures faced by security decision makers.
Dangerous file sharing practices put sensitive corporate data at risk - that is the focus of the latest report from Globalscape, a software company that surveyed more than 500 corporate employees.
Between Microsoft's Patch Tuesday preview and today, two critical patches for IE and Windows were added to the lineup.
CloudFlare spent the last few days battling a massive NTP reflection distributed denial-of-service attack that the company said is larger than the Spamhaus attack.
SecureMac, a website focused on Mac security concerns, discovered the malware dubbed "CoinThief."
An advanced persistent threat known as Careto, or "The Mask," has been identified by Kaspersky Lab researchers, who also believe that the cyber-espionage operation dating back to 2007 could be a state-sponsored campaign.
The hack is achieved by exploiting the service's method of creating security tokens, a researcher found.
At least 4,500 payment cards have been compromised in the United States and Canada by a new point-of-sale malware, JackPOS, that is based on Alina, according to researchers with cyber intelligence company IntelCrawler.
Following the new rules regarding transparency reports by Department of Justice, the social media giant believes further information should be shared, and may seek legal options to protect its First Amendment rights.
Microsoft's upcoming Patch Tuesday will bring five fixes, two of them deemed critical, and also an update that will restrict the use of certificates with MD5 hash.
The 22-year-old man was sentenced to 36 months of probation, 60 hours of community service, and is ordered to pay $110,932.71 for his part in the 2011 cyber attack.
Google has expanded its vulnerability reward program to include Chrome apps and extensions that were developed directly by the internet and technology company, as well as upped bounties offered for its Patch Reward Program.
Target announced last week that hackers compromised its systems using credentials stolen from a third party vendor and, on Thursday, Fazio Mechanical confirmed that it was the victim of an attack.
An NBC News reporter set up two laptops and a smartphone in Russia to demonstrate Olympics cyber threats.
U.S. intelligence agencies were concerned that developers, with ties to Belarus, helped "produce the website," The Washington Free Beacon reported.
Mozilla released Firefox 27 on Tuesday, including 13 patches, four of which address critical vulnerabilities that could allow an attacker to take over a targeted computer.
The security update resolves an integer underflow vulnerability, which could allow an attacker to remotely take over systems on Windows, Mac and Linux platforms.
Executives with Target and Neiman Marcus were among the individuals who testified before the Senate Judiciary Committee on Tuesday.
The Gameover variant of the nefarious Zeus banking trojan has recently been observed sneaking past defenses as an encrypted EXE file, according to researchers with Malcovery.
In a Tuesday report, Sen. Tom Coburn noted numerous government oversights pertaining to securing sensitive data and critical infrastructure operations.
More than 180,000 Google Chrome users have installed at least one of a dozen ad-injecting extensions that are serving up spam on 44 different websites, according to Barracuda Labs.
A security firm highlighted the ways that U.S. defense contractors have reassessed their security programs to stave off insider threats.
White Lodging Services Corporation is investigating a suspected breach of its point-of-sale systems, the Indiana-based hotel management company announced on Monday.
On Sunday, Bell Canada announced that the usernames and passwords of 22,421 small business accounts were posted online.
After winning a battle against the U.S. Department of Justice, some of the biggest technology and internet corporations began releasing updated transparency reports on Monday.
HP's Cyber Risk Report 2013 delved into encryption issues affecting data on mobile devices.
As has been the trend, 2014 will usher in new U.S. government regulations, particularly surrounding compliance.
Our company news features Co3 Systems' new CTO, McAfee phasing out its brand name, and Blue Coat Systems acquiring Norman Shark.
IT pros tend not to spend much time pondering whether physical access to a computer system is locked down.
Reuters reveals that RSA collaborated with the NSA, plus breaches at Target, Affinity Gaming and Snapchat, and other industry news.
Eleven students, who attended a California high school, were expelled on Wednesday as a result of the incident.