VTech: You acknowledge that PII "may not be secure"

VTech: You acknowledge that PII "may not be secure"

VTech representatives are struggling to defend new terms and conditions that the electronic toy manufacturer company posted on its corporate website following a massive hack that exposed over 6.3 million accounts.

SC Congress: Cooperation and preparation in the face of cyber-criminality.

SC Congress: Cooperation and preparation in the face of cyber-criminality.

Troels Oeting, CISO of Barclays bank, Tim Lansdale, head of payment security at WorldPay and Bob Tarzey, analyst for QuoCirca tell the SC Congress London what lies ahead.

SC Congress: "flakey kettles and dolls that swear at you"

SC Congress: "flakey kettles and dolls that swear at you"

Ken Munro, managing director of Pen Test Partners, showed the SC Congress just how easy it is to crack a whole range of IoT nonsense

SC Congress London: Are we on the verge of an Armageddon?

SC Congress London: Are we on the verge of an Armageddon?

As a panel of experts debates whether a security Armageddon is on the horizon - SC Congress London learnt that we're "not quite there yet, but we're close."

Concerns remain over Investigatory Powers Bill

Concerns remain over Investigatory Powers Bill

Fundamental concerns remain over what is described as a lack of clarity in the Draft Investigatory Powers Bill, with calls from industry bodies for earlier recommendations to be implemented.

Senate, House OK Judicial Redress Act, send to Obama to sign

Senate, House OK Judicial Redress Act, send to Obama to sign

The Judicial Redress Act was given the thumbs up by the Senate and the House Wednesday and is now headed for President Obama's desk to be signed into law.

Hearthstone gamers who download cheats may be cursed with malware

Hearthstone gamers who download cheats may be cursed with malware

Symantec yesterday warned online gamers of new Windows-based malware schemes victimizing fans of the strategy card game Hearthstone: Heroes of Warcraft.

Cryptowall has been a cash bonanza for criminals, failure for cops

Cryptowall has been a cash bonanza for criminals, failure for cops

Though dubbed the most successful malware in history Cryptowall can be stopped

IRS hackers try to use stolen SSNs to generate E-file PINs

IRS hackers try to use stolen SSNs to generate E-file PINs

The Internal Revenue Service pinned a recent attempt to infiltrate its systems on malfeasants using a bot and Social Security numbers stolen from other sources but said the attackers didn't compromise or expose personal information of taxpayers.

Report: Pros urged to roll out IT projects before they are security-ready

Report: Pros urged to roll out IT projects before they are security-ready

IT security professionals report that they are regularly pressured to roll out new technologies and devices regardless of whether they are secure, according to a new survey.

Security issues plague web dating software

Security issues plague web dating software

High-Tech Bridge released several security advisories over the last week that cover issues found within ITIL ITSM open source software and several popular web applications.

Obama goes hard on cybersecurity, new CNAP commits funds, resources

Obama goes hard on cybersecurity, new CNAP commits funds, resources

President Obama's Cybersecurity National Action Plan (CNAP) includes a significant dollar commitment in the fiscal 2017 budget and the creation of a Cybersecurity Commission and a Privacy Council established under two Executive Orders

NSA reorg could strengthen defense ops

NSA reorg could strengthen defense ops

The National Security Agency unveiled an ambitious reorganization that pulls together the agency's offensive and defensive operations.

Pro-Palestine hacktivist makes good on threat, posts data on FBI and DHS personnel

Pro-Palestine hacktivist makes good on threat, posts data on FBI and DHS personnel

The hacker responsible for breaching the Department of Justice's web portal has publicly posted stolen data corresponding to roughly 20,000 employees of the FBI and 9,000 from the Department of Homeland Security.

Microsoft's February Patch Tuesday: 13 bulletins addressing 36 vulnerabilities

Microsoft's February Patch Tuesday: 13 bulletins addressing 36 vulnerabilities

Microsoft's February Patch Tuesday contains 13 bulletins, six rated critical and all of which can allow remote code execution if exploited.

Draft Investigatory Powers Bill draws fire from Parliamentary committee

Draft Investigatory Powers Bill draws fire from Parliamentary committee

Myriad flaws in the draft Investigatory Powers Bill were highlighted by the Intelligence and Security Committee of Parliament, calling into question government's commitment to privacy

Corcow Trojan manipulates currency rates

Corcow Trojan manipulates currency rates

A Russian-language banking Trojan has been found manipulating the ruble-dollar exchange rate

Kaspersky confirms return of Carbanak and two more banking APT groups

Kaspersky confirms return of Carbanak and two more banking APT groups

Kaspersky has confirmed the return of Carbanak as Carbanak 2.0 and uncovered two more groups working in the same style: Metel and GCMAN.

Dyre Trojan almost dead after 'takedown' by the Russians

Dyre Trojan almost dead after 'takedown' by the Russians

The feared Dyre banking Trojan has been almost killed off, following a reported raid by the Russian authorities on a Moscow film distribution company last November.

Hacker threatens to expose info on DHS, FBI employees

Hacker threatens to expose info on DHS, FBI employees

A hacker threatened to release information on 20,000 FBI employees and 9,000 who work for the Department of Homeland Security (DHS).

Avast patches its web browser after Google finds flaw in Chromium-inspired product

Avast patches its web browser after Google finds flaw in Chromium-inspired product

Czech security software firm Avast Software has patched a severe vulnerability in its SafeZone web browser that if exploited could have granted hackers sweeping access to compromised computers.

Draft bill seeks to improve U.S. military cyber warfare capabilities

Draft bill seeks to improve U.S. military cyber warfare capabilities

Draft legislation seeks to improve the Pentagon's ability to quickly develop and acquire process cyber warfare technologies.

Skype targeted by T9000 backdoor trojan

Skype targeted by T9000 backdoor trojan

Palo Alto Networks researchers have spotted a new, more complex backdoor trojan that is targeting Skype users and which can identify and evade the security software found on the victim's computer.

Clean house to keep WordPress infection from coming back again and again

Clean house to keep WordPress infection from coming back again and again

Malware keeps re-infecting sites and installing multiple backdoors in WordPress websites, according to a researcher from Sucuri Security.

Robin Who? Dridex botnet replaced with antivirus software

Robin Who? Dridex botnet replaced with antivirus software

A mysterious Good Samaritan has replaced the code on certain parts of the villanous Dridex botnet with Avira Anti-virus installers.

Alums file class action against UCF for PII exposure during breach

Alums file class action against UCF for PII exposure during breach

The University of Central Florida (UCF) is the target of a consumer class action lawsuit against the school by two alumni following a data breach that exposed personal information.

Oracle patches Java SE vulnerability

Oracle patches Java SE vulnerability

Oracle issued a security alert and patches for CVE-2016-0603 that can affect Java SE 6, 7 or 8 being run on the Windows.

Mutiny on the bug bounty

Mutiny on the bug bounty

Researcher Wesley Wineberg said he's been censured due to his participation in the Facebook bug bounty program.

Twitter has shut down 125K accounts amid terrorism concerns since mid-2015

Twitter has shut down 125K accounts amid terrorism concerns since mid-2015

In an effort to help curb terrorism, Twitter has suspended 125,000 accounts since mid-2015 that it said threatened or promoted terrorist acts.

Mozilla unveils timetable for discontinuing Firefox OS

Mozilla unveils timetable for discontinuing Firefox OS

Mozilla yesterday shed new light on its plan to phase out its Firefox operating system and instead focus on Internet of Things solutions, with an emphasis on data privacy and security.

Panther Creek senior arrested for hacking school, changing grades

Panther Creek senior arrested for hacking school, changing grades

In an oft-repeated tale, a senior at Panther Creek High School was arrested on felony and misdemeanor charges for hacking into a school computer and changing grades.

Energy sector execs see successful cyberattack as likely

Energy sector execs see successful cyberattack as likely

A cyberattack on a company in the energy, utility, oil and gas sectors is fully capable of causing harm to the physical plant, according to a Tripwire survey of IT professionals working in these fields.

Private sector can't ignore threat intel

Private sector can't ignore threat intel

As IT security decision-makers wrestle with how to evaluate threat intelligence solutions, especially in light of the recent demise of intel provider Norse Corp., a new report highlighted the perils of ignoring threat intelligence.

Powell, Rice use of private email highlights government-wide security problem

Powell, Rice use of private email highlights government-wide security problem

The Office of the Inspector General (OIG) said Colin Powell and Condeleeza Rice both used private email for classified information and a heavily redacted email from John Kerry showed that he likewise used a private email account

DayZed and confused: users' data purloined from zombie server

DayZed and confused: users' data purloined from zombie server

Users of the DayZ zombie shoot 'em up have been informed by the developer that their passwords and messages have been stolen by hackers.

Integrating mobile: Mobile security

Integrating mobile: Mobile security

From sales staff working the floor in large stores to corporate road warriors flitting from city to city, there is no debate about the degree to which mobile devices have increased productivity.

Privacy Shield is here, now orgs., lawmakers must take action

Privacy Shield is here, now orgs., lawmakers must take action

To meet the more stringent requirements laid out in the EU-U.S. Privacy Shield pact inked Tuesday, organizations are going to have to up their data protection game and Congress must accelerate passage of the Judicial Redress Act.

Smart office buildings have more backdoors than the designers intended: IBM

Smart office buildings have more backdoors than the designers intended: IBM

Hacking into a "smart" office building was easier than one might think with the potential end result being disastrous for the facility and the people working inside, according to a recent test conducted by IBM X-Force researchers.

Student SSNs exposed in University of Central Florida breach

Student SSNs exposed in University of Central Florida breach

The University of Central Florida today publicly acknowledged a data breach in which the Social Security (SSN) numbers of 63,000 current and former students were illegally accessed.

Russia to spend $250m strengthening cyber-offensive capabilities

Russia to spend $250m strengthening cyber-offensive capabilities

Russia fires a warning shot across the U.S. bows in response to the 'US offensive cyber-threat,' saying that it does not lag behind the U.S. when it comes to cyber-technology, noting that its hackers are among the best.

New security tool to mask your face available on Ashley Madison

New security tool to mask your face available on Ashley Madison

For anyone wanting to remain anonymous, Ashley Madison is now allowing its users to add a mask to their profile picture with a new security tool called discreet photo.

New research reveals 71 percent of UK organisations not cyber-resilient

New research reveals 71 percent of UK organisations not cyber-resilient

Study of 450 UK IT and security professionals uncovers insufficient planning and lack of clear ownership as major inhibitors to achieving cyber resilience.

Teaming up IT and legal departments for better corporate security

Teaming up IT and legal departments for better corporate security

Companies looking to create strong security and privacy protocols have to encourage their IT and legal departments to not only work together, but each should learn a little of the others' job.

What does settlement really mean?

What does settlement really mean?

Companies are facing a predicament when charged with federal regulatory violations over alleged failures to establish cybersecurity policies and/or protect personally identifiable information (PII).

FireEye nabs automation and orchestration firm Invotas

FireEye nabs automation and orchestration firm Invotas

FireEye Inc. acquired Invotas International Corp., a cybersecurity company that focuses on security automation and orchestration.

Researchers spot trojan targeting dozens of Google Play games

Researchers spot trojan targeting dozens of Google Play games

Researchers at Dr. Web spotted the Android.Xiny.19.origin trojan incorporated into more than 60 games in the Google Play Store.

Ransomware DMA Locker's encryption may be weak, but its flaws are dangerous

Ransomware DMA Locker's encryption may be weak, but its flaws are dangerous

An amateurish ransomware known as DMA Locker could crash while encrypting files, leaving users confused as to why their machines aren't operational.

After Norse: VCs, pros eye cyber investments

After Norse: VCs, pros eye cyber investments

IT pros look at lessons that can be learned from the collapse of Norse Corp.

EC wants to crack down on virtual currency exchanges

EC wants to crack down on virtual currency exchanges

Crypto-currencies like Bitcoin may not be as anonymous as they once were as the European Commision announces its intention to regulate the virtual currency exchanges that, the Commission says, aid terrorist financing.

Information governance hard to achieve, worth effort to protect data

Information governance hard to achieve, worth effort to protect data

Information governance (IG) is nearly impossible to achieve, but is a goal worth pursuing to protect the privacy of sensitive data and ensure organizations can meet discovery requests, according to a panel at the LegalTech show in New York.

Former DOE staffer nailed for attempting spearphishing attack

Former DOE staffer nailed for attempting spearphishing attack

A former Department of Energy (DOE) employee pleaded guilty for attempting spearphishing attacks against other DOE workers.

Malwarebytes says sorry for multiple AV bugs, still unpatched

Malwarebytes says sorry for multiple AV bugs, still unpatched

Malwarebytes' CEO has apologised, and launched a bug bounty scheme, after Google Project Zero researchers exposed the latest in a long line of anti-virus product flaws.

Update: eBay 'cesspit' has 'no plans' to fix severe vulnerability

Update: eBay 'cesspit' has 'no plans' to fix severe vulnerability

Though a large vulnerability was discovered in eBay's global sales platform, the company has 'no plans' to fix the active code exploit.

Corporate legal dept. finds role shifting amid cybersecurity, privacy concerns

Corporate legal dept. finds role shifting amid cybersecurity, privacy concerns

Corporate legal departments are grappling with the changing role of corporate legal departments as they assume a greater role in security and privacy.

Researchers spot macro malware used to spread Neutrino

Researchers spot macro malware used to spread Neutrino

Researchers at Zscaler spotted attackers using macro malware as a vector to spread the Neutrino bot via spearphishing emails.

Fast and furious: breaches keep rolling in, orgs must act quickly

Fast and furious: breaches keep rolling in, orgs must act quickly

The threat landscape and nature of data breaches are constantly changing, requiring lightning fast response and throwing organizations into an nearly perpetual state of transformation, a panelist told attendees at the LegalTech Show in New York on Tuesday.

Flash is dead. Long live Flash.

Flash is dead. Long live Flash.

Flash has a reputation for security flaws, but experts say it is time to develop a strategy for "dealing" because its ubiquity means it will remain for years to come. Alan R. Earls reports.

Dumping data to mititgate risk: LegalTech panel

Dumping data to mititgate risk: LegalTech panel

The advent of free, or very inexpensive cloud storage, is presenting organizations with the dilemma of what data to save and what to ditch in order to both save money and mitigate risk.

U.S. and EU reach 'Privacy Shield' pact replacing Safe Harbor

U.S. and EU reach 'Privacy Shield' pact replacing Safe Harbor

U.S. and European officials announced a new data-transfer deal on Tuesday designed to replace the Safe Harbor agreement that was ruled invalid by a European court three months ago.

Researchers spot bugs in toys that could expose personal data

Researchers spot bugs in toys that could expose personal data

Researchers at Rapid7 discovered vulnerabilities in Fisher-Price's Smart Toy and hereO's GPS platforms that could expose user data.

Audit uncovers flaws in U.S.'s 'EINSTEIN' cybersecurity program

Audit uncovers flaws in U.S.'s 'EINSTEIN' cybersecurity program

A new report from the U.S. Government Accountability Office exposes multiple perceived flaws in the Department of Homeland Security's National Cybersecurity Protection System, otherwise known as EINSTEIN.

Protecting the corporate data 'crown jewels'

Protecting the corporate data 'crown jewels'

With the knowledge that an organization sooner or later will suffer a breach, IT security professionals have to focus on protecting their company's most important nuggets of information.

AnonSec claims credit for NASA drone hack

AnonSec claims credit for NASA drone hack

Hacking group AnonSec released 250 GB of data that it says proves it commandeered a $222.7 million NASA drone and for months pilfered information.

Intel agencies will target newer, encryption-free tech for surveillance programs: Harvard report

Intel agencies will target newer, encryption-free tech for surveillance programs: Harvard report

A report today from Harvard University's Berkman Center for Internet and Society predicts that in lieu of backdoors to encrypted messaging apps, intelligence agencies will increasingly turn to less fortified vectors to conduct digital surveillance.

Cybercrime for sale

Cybercrime for sale

William Noonan, U.S. Secret Service, says organizations must work together to prevent new threats.

Apache server default setting leaves Tor users' identities vulnerable

Apache server default setting leaves Tor users' identities vulnerable

A default configuration used by the Apache server has been discovered as vulnerable to uncovering the identity of Tor users.

TaxSlayer breached: 8,800 customers notified PII may be compromised

TaxSlayer breached: 8,800 customers notified PII may be compromised

Tax preparation software publisher TaxSlayer notified about 8,800 of its customers last week that an unauthorized third party may have gained access to the personal information contained on their tax return.

MediaTek code exposes Android KitKat devices

MediaTek code exposes Android KitKat devices

Independent security researcher Justin Case discovered a "backdoor" in a processor made by manufacturer MediaTek.

Liberty Reserve mastermind pleads guilty to money laundering

Liberty Reserve mastermind pleads guilty to money laundering

The founder of Liberty Reserve virtual currency pleaded guilty to running an enterprise that laundered more than $250 million obtained by criminals through identity theft, credit card fraud, computer hacking and other illicit activities.

GCHQ certified course to improve cyber-attack response and recovery

GCHQ certified course to improve cyber-attack response and recovery

If they are to limit damaging effects, enterprises must prepare and equip themselves with the proper skills to react to and prevent cyber-attacks.

Lincolnshire county council resolves ransomware restlessness

Lincolnshire county council resolves ransomware restlessness

Lincolnshire county council is back up and running after having been infected with ransomware last week.

TalkTalk loses 250,000 customers post-breach - now supplier scam too

TalkTalk loses 250,000 customers post-breach - now supplier scam too

Talk Talk has lost seven percent of its broadband customers since its data breach, and in India arrests have been made as part of an investigation into phone scams targeting TalkTalk customers.

ISIS Cyber Caliphate migrating to new communications platform

ISIS Cyber Caliphate migrating to new communications platform

Cyber Caliphate announced in a post on its Telegram account on Friday that he jihadi hacking group would migrate communications to Threema.

LG G3 vulnerability allows arbitrary JavaScript code

LG G3 vulnerability allows arbitrary JavaScript code

Researchers at BugSec and Cynet discovered a bug in the LG G3 Android smartphone that could allow an attacker to run arbitrary code.

U.S. online users more concerned with privacy than income loss

U.S. online users more concerned with privacy than income loss

American consumers are more preoccupied with data privacy than losing their main source of income with 92 percent of respondents in a new survey.

HSBC UK online banking operations disrupted by DDoS attack

HSBC UK online banking operations disrupted by DDoS attack

HSBC UK this morning was the target of a DDoS attack that flooded the financial institution's systems with manufactured traffic, much to the dismay of online banking customers who were unable to access and manage their accounts.

FireEye report identifies iOS security storm-in-a-tea-cup

FireEye report identifies iOS security storm-in-a-tea-cup

FireEye researchers have released a report which details potential security issues with software used to dynamically patch iOS apps.

IRS, FTC initiatives tackle identity theft

IRS, FTC initiatives tackle identity theft

An IRS program launched to improve fraud prevention needs improvements, the Treasury Inspector General for Tax Administration said -- as the FTC rolls out an upgraded identity theft website.

CISO salaries and demand for cyber-skills skyrockets, surprising no-one

CISO salaries and demand for cyber-skills skyrockets, surprising no-one

Two new reports from recruitment company BeecherMadden have shown demand for cyber-skills to be rising massively with few able to meet that demand while CISO salaries are also going up.

Judiciary committee adds amendment to Judicial Redress, sends to Senate for vote

Judiciary committee adds amendment to Judicial Redress, sends to Senate for vote

The Senate Judiciary Committee gave the nod to the Judicial Redress Act, which would provide citizens of major U.S. allies a course of redress regarding information shared with U.S. law enforcement, sending it on to the full Senate.

Data Privacy Day: Cybersecurity experts share advice on protecting data

Data Privacy Day: Cybersecurity experts share advice on protecting data

With Data Privacy Day now upon us, cybersecurity experts from across the industry have offered their advice on how both individuals and organizations can protect their data.

Data Privacy Day: Chip card adoption growing, but problems linger

Data Privacy Day: Chip card adoption growing, but problems linger

The roll out of the EMV cards last fall was expected to bring a new level of data security to American consumers and retailers, but depending upon whom one speaks the cards have either been a boon or a bust.

Data Privacy Day: Changes transform policy, perspective since last year

Data Privacy Day: Changes transform policy, perspective since last year

SCMagazine.com asked key thought leaders to identify key events in last year that have reshaped public policy and expectations of what happens—and what should happen—to personally identifiable information when users go online.

Netgear ProSafe gigabit switch vulnerable to password reset

Netgear ProSafe gigabit switch vulnerable to password reset

An authentication bypass in NSDP on the Netgear ProSafe GS105Ev2 gigabit switch is possible due to a password reset vulnerability.

Gemalto reporting on a global lack of payment data security

Gemalto reporting on a global lack of payment data security

New research by the Ponemon Institute commissioned by Gemalto is showing there is a critical need for organisations to improve their payment data security practices.

Samsung security update fixes critical bugs hidden in Galaxy devices, Android OS

Samsung security update fixes critical bugs hidden in Galaxy devices, Android OS

The latest maintenance release from Samsung will include security patches that address several vulnerabilities capable of triggering arbitrary code executions, causing memory corruptions, or rebooting factory reset protections and reactivation locks (FRP/RL).

Scarlet Mimic group targets minority activists, likely government supported

Scarlet Mimic group targets minority activists, likely government supported

Unit 42 researchers said Scarlet Mimic is behind attacks against minority rights activists that began more than four years, though they've shifted both their tactics and the malware used.

Scammers increasingly using rogue extensions to victimize Chrome and ChromeOS users

Scammers increasingly using rogue extensions to victimize Chrome and ChromeOS users

Despite the safety mechanisms baked into the Chrome browser and ChromeOS, Malwarebytes has found hackers are using rogue extensions to perform everything from malvertising attacks to installing adware.

PayPal's business site vulnerable to remote code execution

PayPal's business site vulnerable to remote code execution

Michael Stepankin, also known as Artsploit, has disclosed a major vulnerability in PayPal's business site, allowing remote code execution.

DDoS attacks on the rise - touching 500gbps

DDoS attacks on the rise - touching 500gbps

DDoS attacks are on the increase and getting bigger and more widespread, according to research released by Arbor Networks.

Consumers don't trust orgs to protect data, survey says

Consumers don't trust orgs to protect data, survey says

The majority of consumers surveyed by YouGov are skeptical that organizations securely handle the data they share online.

Maryland AG claims warrantless stingray use didn't violate suspect's rights

Maryland AG claims warrantless stingray use didn't violate suspect's rights

The Maryland Attorney General argued on appeal of a lower court ruling that the warrantless use of a stingray did not violate a suspect's Fourth Amendment right.

FIC 2016: Bernard Cazeneuve says 'do away with internal partitions'

FIC 2016: Bernard Cazeneuve says 'do away with internal partitions'

Bernard Cazeneuve, France's minister of the interior, has called for greater cooperation between states, businesses and citizens in the fight against online radicalisation and cyber-crime.

Industry pros concerned with AWS free cert offering

Industry pros concerned with AWS free cert offering

Amazon Web Services said it would offer free certificates to help companies automate use of TLS/SSL cryptographic protocols.

New Magic ransomware abuses open-source 'educational' code

New Magic ransomware abuses open-source 'educational' code

Malware based on open-source code, created for educational purposes only, has been spotted in the wild by Bleeping Computer's Lawrence Abrams.

30 years later, CFAA still flawed, needs reform, attorney argues

30 years later, CFAA still flawed, needs reform, attorney argues

In observance of the 30th anniversary of the Computer Fraud and Abuse Act, attorney Peter J. Toren argued that the law remains too vague.

Video: 'It's asymmetrical warfare' between the hackers and defenders

Video: 'It's asymmetrical warfare' between the hackers and defenders

Mushrooming numbers of BYOD and IOT devices is putting corporate networks at risk, says ForeScout CEO Michael DeCesare in an exclusive video interview.

Symantec detects 3,500 servers infected with a malicious script

Symantec detects 3,500 servers infected with a malicious script

Symantec reported the worldwide infection of 3,500 public servers with a malicious script that redirects its victims to other compromised websites and said it believes could be part of a recon effort for future attacks.

White House hands over background checks to new agency, IT managed by DoD

White House hands over background checks to new agency, IT managed by DoD

The Obama administration is establishing a new agency tasked with conducting background checks on contractors and government employees.

FACC AG, Belgian bank fall victim to BEC

FACC AG, Belgian bank fall victim to BEC

An aircraft components designer and a Belgian bank were the latest victims of the business email compromise (BEC), prompting the IC3 to issue an alert.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US