The Department of Homeland Security (DHS) certified FireEye technology under the SAFETY Act, effectively shielding the company's customers from any liability in the event of a cyber terrorism attack.
Mumblehard remained undetected for more than five years, according to a researcher at ESET.
A researcher with Duo Security identified the vulnerability, which exists in MySQL client libraries, as well as forks such as MariaDB and Percona.
A security alert issued Friday warns of an unfixed bug in D-Link and Trendnet routers.
Secunia issued its quarterly country report earlier this week, which looked at what programs the average PC user had installed and what percentage was patched.
Proofpoint researchers observed attackers submitting weaponized Microsoft Word documents to job postings listed on the CareerBuilder website.
The bill was introduced Wednesday with some revisions that would improve transparency regarding how student information is shared, used or sold.
The U.S. Committee on Oversight & Government Reform met on Wednesday to hear arguments on default encryption and didn't let law enforcement off easy.
High-Tech Bridge identified multiple vulnerabilities in TheCartPress eCommerce shopping cart plugin for WordPress websites.
EMV, despite its security features over magnetic stripe cards, cannot prevent against "wholesale breaches of large numbers of credit card numbers," report authors said.
The Atlanta-based medical testing lab has, again, filed to have FTC's complaint dismissed.
Trend Micro described a new attack as an "outbreak" of spam that's impacting mainly U.S. companies.
The legislation aims to improve trust when law enforcement information is shared between the U.S. and EU.
The largest distributed denial-of-service attack ever detected by Arbor Networks systems was observed in the first quarter of this year.
During a speech at Stanford University this past week, U.S. Defense Secretary Ash Carter acknowledged the government's desire to hire young talent for cybersecurity work.
The malicious advertisement was spotted on Friday and taken down by the end of Saturday, according to Malwarebytes Labs.
Nearly 94 percent of respondents believed that NSA's surveillance had increased or remained the same since Snowden began leaking classified information in June 2013.
F-Secure Labs released a threat report for the last half of 2014 and found that North America wasn't receiving the brunt of Conficker attacks, as opposed to other parts of the world.
Legislation, mobility and personalization are forces driving healthcare in the U.S., Frank Kim said at RSA Conference 2015.
The counterterrorism, security and aviation communities must contemplate how unintended use of aircraft systems or networks could have a downstream impact.
Gib Sorebo used his session at RSA to discuss the Internet of Things (IoT) and its possible repercussions.
Technology can't replace the value of online safety education, the key to keeping kids out of predators' paths, panelists shared.
An SEC commissioner's chief of staff and shareholder advocacy expert discussed complex disclosure expectations among investors.
Although users often take much of the blame when a phishing attack is successful, technology must be compromised as well.
Senate Majority Leader Mitch McConnell introduced a bill that would grant intelligence agencies authority under the USA PATRIOT Act to continue mass surveillance until 2020
The death of email, widely anticipated 10 years ago, has not come to pass, thanks to email authentication schemes such as SPF, DKIM and most recently DMARC.
The majority of threat actors attacking organisations are cyber-criminals, according to a landmark survey for ISACA and RSA Conference.
As Robert Hinden, Check Point fellow, described in his Wednesday RSA session, "Protecting Critical Infrastructure," hacking physical infrastructure is something that can affect us all, and like IT systems, there are many vulnerabilities, but the consequences are much greater, and the attacks have begun.
Proposed legislation would rein in the CFAA to avoid overzealous prosecution.
Panelists discussed cyber espionage and intellectual property theft affecting U.S. companies and steps the private and public sector must take to curb the threat.
The vulnerabilities exploited in most point-of-sale breaches are relatively simple, security experts discussed at RSA Conference 2015.
Sharing of industry and government data, collated centrally to create a cyber-threat weather map is now underway in the U.S., with threat indicators being issued.
Nearly six months after the State Department announced an attack on its unclassified email system, the likely attackers have been identified and their tactics detailed.
Role playing during an RSA 2015 session highlighted security issues associated with the Internet of Things.
According to the co-founders of Skycure, which presented on the attack at RSA Conference, Apple has not completely resolved the security issue.
Contactless payment systems such as EMV cards and Apple Pay are convenient, but are not without weaknesses.
Following years of wrangling in Congress and a slew of headline-grabbing breaches, the House gave the go-ahead to a cybersecurity bill.
Despite the rush to the cloud, certificate authentication is still the Achilles' heel of the industry, according to Scott Charney, corporate vice president, Trustworthy Computing at Microsoft.
The FCC joins the FTC as a force to be reckoned with on cybersecurity and privacy issues, agency chief Wheeler indicated in an RSA Conference speech.
Vulnerability testing by CERT found tens of thousands of Android apps are vulnerable and no full register exists as they don't all get CVE assigned.
Data breaches, ransomware, and threats against industrial control system were were discussed during an RSA Conference 2015 session on dangerous attack techniques.
FBI and NSA staffers have repeatedly voiced concern over default encryption, but it doesn't seem to have hindered any tech companies' decisions to proceed with their plans.
Government demands for back doors cryptography are ratcheting up discord with cryptographers, according to RSA panelists.
At RSA Conference in San Francisco, Intel Security Group SVP and General Manager Christopher Young challenged the industry to write its own Moneyball story.
The threat landscape has changed and we have to constantly challenge the existing thinking to get ahead of our adversaries RSA President Amit Yoran told delegates on Tuesday.
Department of Homeland Security is finalizing plans to open a Silicon Valley office, DHS Secretary Jeh Johnson told an audience at the RSA Conference.
As companies increasingly integrate Open Source Software (OSS) into their business IT environments, they appear to be faltering in monitoring the software for vulnerabilities and creating official policies and procedures.
A flurry of legislative activity on Capitol Hill hints that Congress may be shaking off its inertia and there may be some long-awaited forward movement on key issues.
Researchers with Malwarebytes have identified a malvertising attack carried out through Merchenta, an advertising network that claims to reach more than 28 billion consumers per month in the U.S.
CloudLock released its "Cloud Cybersecurity Report: The Extended Perimeter" earlier this week that looked at enterprises' use of cloud applications and storage.
The New York resident, Mario Chuisano, was also ordered to pay nearly $2.7 million in restitution.
The New York State Department of Financial Services issued an update on cyber security in the banking sector with concern to third-party service providers.
Trustwave also found that the Punkey threat family and NewPosThings share the same code base.
The campaign was written about by Trend Micro in October 2014, and the latest findings highlight some new tactics being used by the attackers.
A whopping 82 percent of security and IT pros surveyed in an ISACA and RSA Conference study believe cyberattacks will rise in 2015 and 35 percent say they can't find qualified talent to fill security positions.
An Arkansas lawyer representing whistleblowers asked a court to sanction an Arkansas police department after a hard drive he had provided for discovery materials was returned with malware on it.
After analyzing a phishing attack, Kaspersky found that ensuing email correspondence could be linked to two APT groups, Naikon and Hellsing.
The Critical Patch Update released by Oracle on Tuesday includes 98 security fixes, and is the final release of public updates for Java 7.
Symantec's annual threat report doesn't exactly depict a rosy cyber security world.
Verizon says it has a new-and-improved model for determining breach costs.
Microsoft addressed 26 vulnerabilities in 11 bulletins for its monthly Patch Tuesday release, and four of the bulletins are deemed critical.
After continuously trying to regain access to a specific target's systems, Hurricane Panda willfully stepped away once it saw that the company was monitoring Indicators of Attack (IOA).
Less than a week after the 'Beebone' botnet was taken down, INTERPOL Global Complex for Innovation, along with other global companies and agencies, has dismantled the 'Simda' botnet.
Trend Micro warns that the threat could spread, as the sole perpetrator of the attacks is selling the malware.
Researchers with Cylance identified the "Redirect to SMB" technique, which can enable the theft of user credentials from PCs, tablets and servers running any version of Windows.
Nearly half of Americans file their taxes online, and of those who do, 65 percent file them on an open access WiFi network, according to new research from Protect Your Bubble.
The campaign is being referred to by ESET researchers as Operation Buhtrap, and is believed to have been active for longer than a year.
The malware, which is still spread through phishing emails, is now in its third iteration, Kaspersky Lab researchers revealed.
A botnet of more than 12,000 computers was taken down on Wednesday through a collaborative effort by various international law enforcement agencies and tech companies.
Cyphort Labs researchers observed a number of popular forum websites redirecting visitors to the Fiesta Exploit Kit.
Apple released iOS 8.3 on Wednesday along with updates to OS X Yosemite, OS X Mavericks, OS X Mountain Lion, Safari, Xcode and Apple TV.
The FTC imposed a $25 million fine, its largest data privacy enforcement fine to date, on AT&T for three call center breaches that exposed information on 280,000 customers.
The 2015 Websense Threat Report found that threat actors are employing previously used C&C URLs to launch new threats.
"Webpage Screenshot," a Google Chrome extension, was found to be malicious by two security firms earlier this week.
The AlienSpy remote access trojan (RAT) is being sold to attackers via subscription plans, ranging from around $20 to $220.
The FBI warned that individuals sympathetic to ISIL, or ISIS, are defacing WordPress websites by exploiting vulnerabilities in plugins.
CNN has reported that Russian hackers used their intrusion into the State Department's systems as a way to get into White House systems.
The responses of global practitioners were compared with Global 1000 security execs, which provided a best practices benchmark.
A new attack, drive-by-logins, allows attackers to target specific victims on sites they trust.
Venafi Labs researchers found that 74 percent of 1,642 Global 2000 organizations had not completed Heartbleed remediation across all public-facing servers.
The ransomware, detected by Trend Micro as CRYPVAULT, is being distributed as an attachment in spam emails and is targeting Russian speakers.
To the chagrin of the ACLU, the Department of Homeland Security (DHS) has renewed its efforts to procure license plate reader (LPR) data through a third party.
NIST and NARA collaborated to produce the final draft of "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations."
Kevin Bollaert, 28, operated the now-infamous revenge porn sites U Got Posted and Change My Reputation.
Snapchat issued its first transparency report on Thursday, which disclosed the more than 300 government requests the company received for user data over the past four months.
Trend Micro believes that point-of-sale malware attackers will increasingly target travelers.
With standards language clarified by the W3C, Microsoft says removing DNT from default settings lets users, not vendors, express tracking preference.
The rate of Potentially Harmful Application installs on Android devices decreased nearly 50 percent from early 2014 to later that year, according to a Google report.
Austin Alcala, 19, is the fourth member of an international hacking ring to plead guilty in the case.
One individual being charged allegedly set up a website on the dark web that was dedicated to manufacturing and selling the counterfeit Federal Reserve Notes.
Google made the decision after investigating a security incident in which digital certs were "misissued."
On Wednesday, the President declared the need to address "malicious cyber-enabled activities" orchestrated by foreign attackers a national emergency.
Check Point Software Technologies issued a report on the group, which has been targeting enterprises since 2012, with its customized "Explosive" malware.
A Blue Lava Consulting survey of more than 300 information security professionals shows that progress in reshaping security model, but highlights challenges ahead.
According to a new CompTIA study, human error accounts for 52 percent of the root cause of security breaches.
With so many of us visiting the web for social-networking, shopping, banking, paying bills and general surfing, it's imperative that companies ensure their web facing applications are secure and free from vulnerabilities.
In recent years we've seen increasing numbers of companies fall victim to ransomware that encrypts a compromised computer's files.
For this month's "Threat of the Month" series, we take a look at Komodia Redirector and SSL Digestor libraries.
IBM will investing $3 billion over the next four years to establish a new Internet of Things (IoT) business unit along with a cloud-based platform to help build IoT solutions.
Symantec researchers wrote in a Monday blog post that the malware is being used to target energy sector companies, primarily in the Middle East.
Sign up to our newsletters
SC Magazine Articles
- Angler Exploit Kit pushed in xHamster malvertising campaign
- Flaw makes Trendnet, D-Link routers vulnerable to remote attack
- Macro malware makes a comeback with BARTALEX attack
- Representatives question FBI and point out fallacies during default encryption hearing
- Malicious docs submitted to CareerBuilder job listings distribute malware
- Cyber attacks to rise, but competent security talent scarce, study says
- Cybersecurity bills move forward on Capitol Hill
- Data possibly exposed for more than 364K Auburn University students
- Banking industry security protocol falters in third-party vendor contracts
- Malicious docs submitted to CareerBuilder job listings distribute malware
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Linux malware 'Mumblehard' has spamming feature, backdoor component
- Vulnerability enables downgrading of MySQL SSL/TLS connections
- Oregon's Health CO-OP laptop stolen, about 15K members notified
- UC Berkeley announces breach, unauthorized access to web server