Security firm Veracode released its "State of Software Security" report, breaking down trends by industry verticals.
An unknown number of hackers accessed, downloaded and posted at least 400 GB-worth of documents from Hacking Team, a company often seen as aiding in human rights violations.
ERPScan has identified 549 Oracle PeopleSoft systems that are accessible via the internet, and observed that 231 of those systems are vulnerable to a critical attack.
FireKeepers Casino Hotel announced that tens of thousands of payment cards may have been compromised, as well as personal information such as Social Security numbers.
Users of the video-sharing site Plex have been left vulnerable to an attack after the company revealed that members' passwords had been compromised.
The Louisiana man, Brian Johnson, was arrested Wednesday following his federal grand jury indictment last week.
On June 19, an intrusion was discovered on the Faculty of Arts and Sciences and Central Administration information technology networks.
According to an Akamai threat advisory, attackers leveraged an outdated routing protocol RIPv1 for their malicious aims.
Mobile malware jumped 6.4 percent from Q4 2015 to Q1 2015 with half of the malware being financially motivated, a G DATA study showed.
In both the OS X and iOS updates, Apple addressed CVE-2015-4000 in coreTLS, also known as Logjam.
The Federal Trade Commission banned app developers Equiliv Investments and Ryan Ramminger from creating and distributing malware after their "Prized" app commandeered consumer devices to mine digital currency.
OPM shut down one of its background investigation systems after it discovered a vulnerability, on that same day, the country's largest federal employees union filed a lawsuit against the agency.
In the survey, 50 percent of respondents said they are very concerned about the security of customer data in the public cloud.
Speaking at a Federal Reserve Bank of Kansas City conference, Jerome Powell called EMV card deployment a step forward but questioned the security of cards that use signatures, not PINs, for authentication.
ESET analysts believe the sophisticated backdoor is the work of French speaking developers.
A vulnerability found in OPM's e-QIP background check system has prompted the agency to shut it down until enhanced security measures are in place.
Yoandy Perez Llanes is charged with using information acquired in the 2014 UPMC breach to defraud the IRS and the U.S. Treasury.
The twins, Muneeb and Sohaib Akhter, face a maximum 50- and 30-year prison sentence, respectively.
Heimdal Security outlined a recent Dridex-spreading spam campaign that tries to trick users into opening a malicious macros-enabled document.
Although often considered relatively innocuous, click-fraud malware infections could be the start of serious enterprise security issues.
In the U.S., 51 percent of Facebook tech staff are white, while Black and Hispanic employees respectively account for 1 and 3 percent of tech staff.
Even as U.S. and China pledge cooperation in cybersecurity matters, U.S. DNI John Clapper says China is the lead suspect in the OPM breach.
Software updates were released for Cisco Web Security Virtual Appliance, Cisco Email Security Virtual Appliance, and Cisco Security Management Virtual Appliance.
At a SINET Innovation Summit in New York, SEC Commissioner Luis Aguilar said the agency needs to do more and called for more formalized information sharing.
Researchers with Malwarebytes observed the Tinba variant being distributed as part of an attack involving advertising and URL shortening service Adf.ly.
After analyzing information on Pastebin and similar sites, Recorded Future found login credentials for 47 agencies on the open web.
Study: 61 percent of critical infrastructure execs confident systems could detect attack in less than a day
Tripwire published findings that a majority of critical infrastructure executives believe their systems appeal to cyber criminals, but also that they could detect any attack.
In the year following Gameover Zeus takedown efforts, Dyre has steadily emerged as the financial trojan of choice among cybercriminals.
OPM Director Katherine Archuleta testified a second time for the House Oversight and Government Reform Committee and kept mum about exact victim figures.
Researchers with Websense said attackers target the financial services sector more than other industries for a simple reason: money.
Michigan's DTMB failed to establish effective security management and access controls for several departments within the state, according to the Single Audit Report.
Justices ruled Monday that an Los Angeles ordinance, legalizing warrantless demands to inspect hotel guest registries, is unconstitutional.
The Vectra Networks Post-Intrusion Report found a 580 percent increase in lateral movement detections and 270 percent uptick in reconnaissance detections over last year.
Adobe addressed the high priority vulnerability, CVE-2015-3113, on Tuesday by issuing a Flash Player patch for Windows, Macintosh and Linux.
Polish airline LOT was attacked by hackers who accessed the company's ground systems responsible for issuing flight plans.
The Obama administration said it would recommend that the president veto the act partially because of its simultaneous limitations on the Cyber Threat Intelligence Integration Center and expansion of its missions.
An analysis of the top 15 vendors across all marketplaces on the deep web showed that cannabis, pharmaceuticals and MDMA are the top three most exchanged goods, according to a recent
NIST published the guidance on Friday, following the close of a final comment period.
Montefiore Health System announced that 12,517 patients had personal information compromised by a former employee between January 2013 and June 2013.
The Federal Communications Commission (FCC) clarified wording on the Telephone Consumer Protection Act to allow financial institutions to send out automated data breach and fraud alerts.
If an attacker is able to recover the file, then they can authenticate to the HMI and modify configurations and settings.
LinkedIn's director of information security shared that the private bug bounty program was formalized in October.
In its fifth annual "Who Has Your Back" report, the Electronic Frontier Foundation found nine of 24 companies excel in protecting privacy by requiring warrants, publishing transparency reports and adhering to other best practices.
Reddit will officially switch to an HTTPS starting this month, joining companies like Netflix, Bing and others who will be transitioning to encrypted connections.
Fallout from the OPM breaches continues with legislators calling for OPM Director Katherine Archuleta's firing and President Obama backing her as a qualified leader.
The report is based on the more than one thousand command-and-control servers analyzed by Level 3 Threat Research Labs in the first quarter of 2015.
NowSecure detailed a vulnerability in Samsung's pre-installed Swift keyboard app that leaves device owners vulnerable to remote code execution.
Stegoloader has been active since 2012, but Dell SecureWorks recently found that the threat uses a clever tactic to hide its malicious code.
The weaknesses can be exploited to steal user passwords, secret tokens and sensitive documents, the researchers said.
The attackers behind the Duqu 2.0 malware that targeted Kaspersky Lab may have used stolen digital certificates from legitimate hardware manufacturers.
Startup security company Namogoo says that 15-30 percent of eCommerce site visitors are infected with client side injected malware (CSIM).
The U.S. House Committee on Oversight and Government Reform held a hearing to clarify facts on the OPM data breaches and push the agency's staffers on why their security failed so spectacularly.
According to reports, investigators believe that vengeful front-office employees with the Cardinals were responsible.
Researchers can earn thousands of dollars for identifying vulnerabilities in the latest versions of Android for the Nexus 6 and Nexus 9.
Earlier versions of the Ask.com toolbar will meet the same fate as other programs with browser search protection functionality.
LastPass announced that suspicious activity was identified on its network on Friday, and that some data was compromised.
The federal government are scrambling to answer questions about the recent OPM breaches, including how it was detected, what can be done to mitigate future risks and how to best retaliate.
Researcher Austin Epperson found that he could create more than a thousand fake entries per minute and could also redirect visitors to Lyft.com, an Uber rival.
The IRS revealed steps it plans to take to fight identity theft and to protect taxpayer information at the time of filing.
Officials believe Chinese operatives accessed information from SF-86 forms filled out by candidates applying for security clearance.
Senate Republicans and Democrats traded barbs over Defense Authorization Act vote.
The OPM data breach likely exposed the Social Security numbers and personnel records of every federal worker and prompted a clash between members of Congress over the fate of cybersecurity legislation.
The news that Kaspersky Lab was hit by a "next-generation" malware attack is an indication of both how far we have come in cyber-warfare and how much further we still have to go.
Security leaders shared steps their own organizations have taken to effectively prepare for looming incidents or compromise.
Michele Fincher, chief influencing agent with Social-Engineer, said that those conducting social engineering will attempt to exploit and manipulate hardwired human behaviors.
Dave Lewis, global security advocate at Akamai, highlighted attack trends at SC Congress Toronto.
More than 400 security pros from companies of all sizes in 61 countries completed self-assessment tests against NIST Cybersecurity Framework for RSA's Cybersecurity Poverty Index.
During the afternoon keynote at SC Congress Toronto, Lodewijkx shared IBM's guiding principles for mitigating IT security threats.
Microsoft addressed a number of vulnerabilities in eight security bulletins, with two addressing RCE flaws rated critical and two more as important.
The results of the IAPP's 2015 Privacy Professional Salary Survey showed that women and men in the privacy industry pull down roughly the same salaries and follow similar career trajectories.
Trustwave's annual security report looked at cybercrime and the return-on-investment that makes the digital criminal life attractive.
Poweliks is known to hide in the registry of Windows' computers, and may ultimately spread other malware as well as carry out click-fraud for scammers.
Researchers with Fidelis Cybersecurity have observed multiple, seemingly unrelated threat actors leveraging CVE-2014-4114 to distribute malware.
President Obama's press secretary declined to confirm China's role in the massive OPM breach, but left open the potential for retaliation if a nation state is determined to be involved.
Trend Micro researchers say MalumPOS can be configured to target any point-of-sale system, and it also takes steps to avoid detection.
Security researcher Billy Rios has verified that more Hospira infusion pumps are vulnerable to the same security issues, since they use "identical software."
A breach at the Office of Personnel Management, which may impact millions of federal workers, casts harsh light on vulnerabilities in federal IT systems.
Forty-two percent of small business owners said they were unaware of the EMV liability shift deadline.
Amnesty International and Privacy International proposed a seven-point plan on Friday to help protect human rights in the digital age.
In the survey, 27 percent of kids aged 8 to 16 said they would meet, or have met, someone in person they first interacted with online.
TrapX published a report on "medical device hijack," or MEDJACK, which allows attackers to build backdoors into healthcare providers' networks.
Treasury Inspector General Russell George criticized the IRS in front a Senate committee hearing for failing to make a number of updates recommended by his office.
IRS Commissioner John Koskinen said budget cuts are prompting the agency to expand its online services even as watchdog groups warn the expansion could increase the risk of additional breaches.
Check Point released its annual security study that looks at the state of cybersecurity in 2014.
Researchers with PhishMe have identified and assisted in disrupting a campaign in which Skype was being leveraged to distribute adware.
Symantec, which analyzed ransom payments made via Bitcoin, said that the author only made $169 from victims before closing up shop.
First profiled nearly a year ago, Dyre malware infections are surging around the world, and particularly in Europe and North America.
New research shows that organizations in the financial services industry and the education sector take 176 days, on average, to remediate vulnerabilities.
After weeks of speculation and debate, certain surveillance provisions expired on Monday, and while government officials are sounding the alarm, others online seem unfazed.
A new survey shows board members across several industries are holding more C-level execs responsible in cases of data breaches.
Kaspersky Lab researchers observed employees at SMBs primarily in Thailand, India and the U.S. being targeted with malware identified as Grabit.
Malware was deployed on some Sally Beauty point-of-sale systems at varying times between March 6 and April 17.
A new UN report says hindering encryption on devices and communications will negatively impact the right to freedom of opinion and expression.
Among 20 products found to have the most vulnerabilities, there were seven publicly disclosed zero-days, Secunia found.
Researchers have discovered a new type of of malware, dubbed 'Linux Moose,' that targets Linux based devices and uses them to create fraudulent social media accounts.
As Ross Ulbricht's Friday sentencing approaches, the mastermind behind Silk Road, as well as his family and friends wrote letters to U.S. District Judge Katherine Forrest.
In a letter, ACLU encouraged the government to follow in the footsteps of some tech companies that have introduced "security researcher-friendly policies."
An iOS 8 bug in the Messages app causes iPhones to crash and reboot after receiving a specific string of Arabic characters.
The Florida Department of State sent a notification for the inadvertent release of personal information of 13,000 people.
The Ponemon Institute and IBM released their annual cost of data breach study on Wednesday and found that data breaches continue to cost enterprises more than in previous years.
Sign up to our newsletters
SC Magazine Articles
- Women in IT Security: 10 Power Players
- Apple releases OS X 10.10.4 and iOS 8.4, numerous bugs addressed
- Harvard University announces network intrusion, possible data exposure
- More than 440K new Android malware strains found in Q1, study finds
- Former Georgia-Pacific sysadmin charged with damaging protected computers
- Samsung devices, including Galaxy S6, vulnerable to remote code execution
- Dridex banking malware spreading through new spam campaign
- More than 440K new Android malware strains found in Q1, study finds
- U.S., China agree to cybersecurity code of conduct
- Suspicious activity on LastPass network, data compromised
- Study: Only 27 percent of flaws found in gov't applications fixed
- Hacking Team hacked; leaked documents confirm sale of software to Sudan and Ethiopia
- Oracle PeopleSoft attack could enable big data breaches
- FireKeepers confirms breach, says about 85,000 cards and other info are at risk
- Plex video sharing customers left at risk after hack attack