Adobe Flash steadily heading toward demise

Adobe Flash steadily heading toward demise

Both Amazon and Google took steps to downplay or completely rid its company's entities of Flash ads.

Symantec identifies 49 new modules associated with Regin

Symantec identifies 49 new modules associated with Regin

The Regin Trojan is alive thriving in the wild despite being uncovered by Symantec last year.

Scanner identifies thousands of malicious Android apps on Google Play, other markets

Scanner identifies thousands of malicious Android apps on Google Play, other markets

A team of researchers created an app vetting scanner referred to as "MassVet," and used it to identify 127,429 malicious apps on 33 Android markets.

ISIS hacking leader killed by drone strike

ISIS hacking leader killed by drone strike

The alleged leader of ISIS' CyberCaliphate hacking group, Junaid Hussain, is believed to have been killed in a recent drone air strike.

Ashley Madison's Noel Biderman ousted as CEO

Ashley Madison's Noel Biderman ousted as CEO

ALM CEO Noel Biderman may be the latest victim of the massive AshleyMadison.com hack with the company announcing his immediate resignation today.

Dark website Agora closes over Tor vulnerability suspicions

Dark website Agora closes over Tor vulnerability suspicions

Agora, one of the largest online black market sites, halted operations after concerns arose of vulnerabilities in Tor's hidden service.

Audit report finds sensitive data at risk for at least 73 Callif. agencies

Audit report finds sensitive data at risk for at least 73 Callif. agencies

Sensitive data of California residents including, social security numbers, health records, and income tax information vulnerable

License plate reader helps spot Virginia killer, but privacy issues remain

License plate reader helps spot Virginia killer, but privacy issues remain

Virginia killer Vester Lee Flanagan II, a.k.a., Bryce Williams was tracked down Wednesday with the help of a license plate reader Wednesday, but larger issues surrounding security and individual freedom still worry privacy advocates.

DD4BC are DDoS attack driving force, new report claims

DD4BC are DDoS attack driving force, new report claims

A new report on DDoS trends points the finger at one group as the driving force behind many attacks. So, who is DD4BC?

Researchers uncover possible Iranian-backed phishing scam

Researchers uncover possible Iranian-backed phishing scam

Canadian researchers at Citizen Lab released a report today describing a phishing campaign being conducted against Iranian dissidents and how utilizing a two-factor authentication (2FA) tool helped foil most of the attacks.

After online report, Twitter user denies involvement in Ashley Madison hack

After online report, Twitter user denies involvement in Ashley Madison hack

After independent journalist Brian Krebs reported that a Twitter user may be connected to the Ashley Madison hack, the user has denied involvement.

Pastor set free on bail following charge in global hacking ploy

Pastor set free on bail following charge in global hacking ploy

A pastor and former Morgan Stanley VP charged by federal prosecutors as "the linchpin of a sprawling financial and hacking conspiracy" is free on $2 million bail.

Report: Phishing costs average organization $3.7 million per year

Report: Phishing costs average organization $3.7 million per year

The extrapolated total annual cost of phishing for the average organization is more than $3.7 million, but $1.8 million could be saved with the right training.

5th Circuit: Online bullying prevented fair trial for NOPD officers post-Katrina

5th Circuit: Online bullying prevented fair trial for NOPD officers post-Katrina

Five police officers accused of shooting unarmed civilians post-Katrina say they did not get a fair trial in part because "adverse online comments" by prosecutors created an "air of bullying," an appeals court ruled.

Ambassador to Japan Caroline Kennedy used personal email for State Dept. work, report finds

Ambassador to Japan Caroline Kennedy used personal email for State Dept. work, report finds

The Office of the Inspector General investigated and found that staffers at the U.S. embassy in Tokyo used their personal emails for professional matters.

License plate reader data could be potential hacking target

License plate reader data could be potential hacking target

The Oakland Police Department said it will now only hold data gathered with its automatic license plate reader (ALPR) devices for six months, which could prove beneficial to the privacy of the vehicle owners who came across the device's path.

SEC will not fine Target in aftermath of 2013 breach

SEC will not fine Target in aftermath of 2013 breach

The Securities and Exchange Commission will not penalize Target Corp. for a cyberattack two years ago in which credit card and other personal information of millions of customers was exposed.

Global think tank calls for global digital privacy

Global think tank calls for global digital privacy

The Diplomatic Council is calling for more transparency regarding government surveillance across the world.

Zero-Day, Angler kit exploits help drive up malvertising by 325%

Zero-Day, Angler kit exploits help drive up malvertising by 325%

Cyphort Labs's latest study on malvertising indicates a massive uptick with this form of attack has taken place over the last few years driven, in part, by the proliferation of zero-day and Angler kit exploits.

Thomson data breach exposes hundreds of customer details

Thomson data breach exposes hundreds of customer details

Data breach by holiday company, Thomson, reveals the personal details of nearly 500 customers.

OIG investigates VA's use of unapproved social network

OIG investigates VA's use of unapproved social network

The Office of Inspector General investigated the Department of Veteran Affairs' use of Yammer, a supposedly private and closed social network. Their findings indicate serious security lapses and lack of judgment on users' parts.

Judge grants father in custody case access to ex-wife's Facebook profile

Judge grants father in custody case access to ex-wife's Facebook profile

In a first of its kind ruling in New York state, a Westchester Supreme Court justice said a man can use information from his ex-wife's Facebook page as evidence in a child custody battle.

App on Google Play store exploited critical 'Certifi-gate' Android vulnerability

App on Google Play store exploited critical 'Certifi-gate' Android vulnerability

The Recordable Activator app was available in the Google Play store and was observed exploiting the Certifi-gate vulnerability.

Symantec now protecting one billion IoT devices

Symantec now protecting one billion IoT devices

Symantec reported today that its security software is now protecting more than 1 billion Internet of Things (IoT) devices and as this number expands so will security risks associated with these products.

John McAfee points to lone woman as Ashley Madison attacker while company offers reward

John McAfee points to lone woman as Ashley Madison attacker while company offers reward

Online rumblings began pointing to a lone female as the perpetrator of the Ashley Madison data breach while class-action lawsuits were filed and reward offered.

Class action complaint filed against IRS over data breach

Class action complaint filed against IRS over data breach

McCuneWright, LLP, along with other firms, filed a class action complaint against the IRS on Thursday in the U.S. District Court for the District of Columbia.

Response to cyberespionage debated at Atlantic Council

Response to cyberespionage debated at Atlantic Council

Following a number of recent headline-grabbing breaches, a panel of foreign relations experts convened at the Atlantic Council to discuss retaliation against hackers.

WordPress sites redirect to Neutrino EK, CryptoWall pushed via Flash exploit

WordPress sites redirect to Neutrino EK, CryptoWall pushed via Flash exploit

Zscaler has been seeing attackers targeting WordPress sites running version 4.2 and lower.

Facebook updates ThreatExchange info, says gov't agencies not welcome

Facebook updates ThreatExchange info, says gov't agencies not welcome

Facebook is looking to expand its ThreatExchange while also keeping government participation at a non-existent level.

Study: Federal employees risk security to use personal mobile devices

Study: Federal employees risk security to use personal mobile devices

Sensitive government data may be at risk due to agencies failing to implement bring your own device policies.

DDoS attacks enter new frontier with Portmapper

DDoS attacks enter new frontier with Portmapper

Level 3 has pegged the Portmapper attack vector as the future of amplification DDoS attacks and is warning IT security professionals to start preparing now.

Former State Department employee charged in sextortion

Former State Department employee charged in sextortion

A former London-based State Department worker has been indicted by a federal grand jury in connection with an online hacking and sextortion scheme.

Sandbox violation in Apple's iOS affects MDM users, could enable breaches

Sandbox violation in Apple's iOS affects MDM users, could enable breaches

The vulnerability, which is being referred to by Appthority as Quicksand, was patched by Apple in iOS 8.4.1.

Unpatched 0-day threatens Apple Mac users

Unpatched 0-day threatens Apple Mac users

OS X flaw is exposed by teenage Italian security researcher without warning Apple - reigniting the debate about 'irresponsible' bug disclosure.

Outsourcing IT security continues to grow, study finds

Outsourcing IT security continues to grow, study finds

Spending on the outsourcing of IT functions is rising, according to a new report from Computer Economics.

Texas man arrested for alleged sextortion scheme

Texas man arrested for alleged sextortion scheme

Michael Martinez, 26, allegedly solicited three females, including a minor, for sexually explicit photos and then extorted them.

Microsoft patches critical remote code execution bug in Internet Explorer

Microsoft patches critical remote code execution bug in Internet Explorer

A patch released Tuesday addresses a critical memory corruption vulnerability that can be exploited by an attacker to enable remote code execution.

DARPA seeks to develop program that drastically improves DDoS defense

DARPA seeks to develop program that drastically improves DDoS defense

DARPA has started accepting applications to develop a stronger defense against DDoS attacks.

Hackers post Ashley Madison's customer details online

Hackers post Ashley Madison's customer details online

A hacker group posted 9.7 gigabytes of data in apparent retaliation for the site allegedly claiming to delete customer details for a fee, but then not doing so.

Quantity and strength of DDoS attacks increased in Q2 2015, report shows

Quantity and strength of DDoS attacks increased in Q2 2015, report shows

Researchers at Akamai reported an increase in the quantity and strengths of DDoS style attacks in Q2 of 2015 compared to last year.

Cyber threats could put lives at risk, Q2 2015 report explores

Cyber threats could put lives at risk, Q2 2015 report explores

Trend Micro's second quarter threat report hit on several security issues, including threats that pose an actual physical threat to the public.

Expanding IRS breach drags passwords into broader discussion

Expanding IRS breach drags passwords into broader discussion

While the IRS continues investigating its May data breach, the accessing of sensitive information brings up the idea of two-factor authentication and passwords.

Widespread Android vulnerability enables code execution with full privileges

Widespread Android vulnerability enables code execution with full privileges

Google has addressed the bug, CVE-2015-3842, which can be exploited via a malicious app that does not require any permissions.

Partnership between NSA and telecoms pose both security and privacy risk, experts say

Partnership between NSA and telecoms pose both security and privacy risk, experts say

Leaked Edward Snowden documents reveal that up until at least 2013, the U.S. government held intimate ties with AT&T and to a lesser extent Verizon.

GM says OnStar app flaw fixed, researcher says still exploitable

GM says OnStar app flaw fixed, researcher says still exploitable

GM's OnStar RemoteLink mobile application contains a vulnerability that can enable an attacker to identify, start a vehicle and more.

University of Virginia announces breach, says attack came from China

University of Virginia announces breach, says attack came from China

Portions of University of Virginia's information technology systems have been accessed, but no personal information appears to have been affected.

Phishing scams, malicious attachments top, threat report reveals

Phishing scams, malicious attachments top, threat report reveals

Hackers went old school during the first half of 2015, resurrecting the use of malicious email attachments and also began targeting businesses with a new stream of phishing attacks, according to Proofpoint's first half threat report.

Kaspersky Lab denies allegations it induced false positive AV detections

Kaspersky Lab denies allegations it induced false positive AV detections

A Reuters article claimed the Russian cybersecurity firm intentionally poisoned good files to throw off competitors' antivirus detection.

Hacked, shuttered online photo print centers could prove costly to consumers, retailers

Hacked, shuttered online photo print centers could prove costly to consumers, retailers

As six major retailers spanning the U.S., Canada and the U.K. enter the second month of having their online photo print operations shuttered by hackers, industry analysts say the damage to consumers and the retailers could be significant in both data and dollars.

Vulnerability identified in Google Admin app, remains unpatched

Vulnerability identified in Google Admin app, remains unpatched

The vulnerability was identified by security researchers with MWR Labs, and it impacts Google Admin version 2014101605 and lower.

Black Hat 2015 attendees concerned about endpoint risks

Black Hat 2015 attendees concerned about endpoint risks

Security professionals are most concerned about the endpoint, citing it as the greatest source of risk in a Bromium survey of more than 100 pros who attended Black Hat USA 2015 in Las Vegas last week.

Hillary Clinton's private email server turned over to the FBI

Hillary Clinton's private email server turned over to the FBI

Former Secretary of State Hillary Clinton's private email server was handed to the FBI after investigators found it contained messages that were later classified top secret.

Apple's iOS 8.4.1 update addresses dozens of security issues

Apple's iOS 8.4.1 update addresses dozens of security issues

Apple's update to iOS and iTunes included dozens of security patches along with fixes for the iCloud Music Library and Apple Music.

Windows 10 shares user data with Microsoft, even after disabling settings

Windows 10 shares user data with Microsoft, even after disabling settings

Microsoft's Windows 10 allows for certain data-sharing settings to be disabled, but in some cases, turning them off does nothing to stop the sharing.

Salesforce subdomain affected by reflected XSS vulnerability

Salesforce subdomain affected by reflected XSS vulnerability

The cross-site scripting vulnerability has been addressed, but it could have been exploited by an attacker to distribute malware and carry out phishing attacks.

Asprox botnet mostly disappeared in 2015

Asprox botnet mostly disappeared in 2015

Researchers say that campaigns leveraging the Asprox botnet have disappeared after reaching a peak last year.

Cisco warns IOS device customers on attack 'evolution'

Cisco warns IOS device customers on attack 'evolution'

Attackers have been observed substituting Cisco's IOS bootstrap with a malicious ROMMON image after first accessing the company's IOS devices.

Pentagon questions validity of data tweeted by the Islamic State Hacking Division

Pentagon questions validity of data tweeted by the Islamic State Hacking Division

The Pentagon said the names,emails and passwords uploaded to Twitter by a group calling itself the Islamic State Hacking Division appear to be not only out of date and incorrectly formatted.

Government budget agency drafts contractor cybersecurity guidelines

Government budget agency drafts contractor cybersecurity guidelines

The Office of Management and Budget (OMB) proposed new cybersecurity guidelines earlier this week to help government agencies draft contracts with third-party groups.

Firefox 40 comes with fixes for several bugs, new security features

Firefox 40 comes with fixes for several bugs, new security features

Firefox 40 comes with a safer add-on experience, expanded protection against unwanted software downloads, and several security fixes

Twitter transparency reports now account for trademark violations and email privacy practices

Twitter transparency reports now account for trademark violations and email privacy practices

The social media company integrated two new verticals into its biannual transparency report.

FTC: Morgan Stanley not at fault over released information

FTC: Morgan Stanley not at fault over released information

Morgan Stanley dodged a bullet this week when the Federal Trade Commission (FTC) ruled the firm did not violate security protocols concerning a breach earlier this year.

Microsoft issues 14 bulletins in Patch Tuesday release

Microsoft issues 14 bulletins in Patch Tuesday release

Microsoft issued its monthly Patch Tuesday update today with nearly half of its 14 security bulletins addressing vulnerabilities in its newest operating system, Windows 10.

Oracle pulls CSO's reverse engineering and bug bounty program rant

Oracle pulls CSO's reverse engineering and bug bounty program rant

Oracle CSO Mary Ann Davidson penned a blog post on Monday and warned researchers they would receive a legal letter if they continued to reverse engineer the company's code.

Security team finds additional Android vulnerablility

Security team finds additional Android vulnerablility

An IBM security research team has uncovered an additional flaw in Android that can give a malicious app the ability to fully control a device.

Darkhotel APT group phases out hotel Wi-Fi infections, brings in Hacking Team zero-day

Darkhotel APT group phases out hotel Wi-Fi infections, brings in Hacking Team zero-day

The Darkhotel APT group swapped out its previous Flash zero-days this past month for an exposed Hacking Team zero-day.

Researcher generates thousands of phone numbers, matches them to Facebook accounts

Researcher generates thousands of phone numbers, matches them to Facebook accounts

A researcher has developed an algorithm that exploits a flaw in a Facebook privacy setting to link cell phone numbers to Facebook accounts.

Mozilla updates Firefox; issues patch for 'critical' vulnerability

Mozilla updates Firefox; issues patch for 'critical' vulnerability

Mozilla updated its Firefox browser to version 39.0.3 earlier this week and patched seven bugs in the process.

DEF CON 23: DHS deputy secretary's suggestions for building trust between hackers, gov't

DEF CON 23: DHS deputy secretary's suggestions for building trust between hackers, gov't

To improve security, the DHS deputy secretary offered suggestions for building trust between the hacker community and the government.

Black Hat 2015: USA Freedom Act sparks debate

Black Hat 2015: USA Freedom Act sparks debate

The USA Freedom Act inspired a spirited debate on government surveillance at Black Hat USA 2015.

American Airlines denies hack, but reinforces security efforts

American Airlines denies hack, but reinforces security efforts

American Airlines denied involvement in an apparent security incident at its one-time subsidiary Sabre, but is redoubling its own security measures as a precaution.

Black Hat 2015: DHS deputy secretary discusses the future of information sharing

Black Hat 2015: DHS deputy secretary discusses the future of information sharing

DHS intends to create an automated information sharing platform where "cyber threat indicators" would be collected and disseminated in near real-time.

Russian hackers accessed Pentagon's unclassified email system

Russian hackers accessed Pentagon's unclassified email system

Russian hackers allegedly accessed the Pentagon's Joint Staff unclassified email system.

Appeals Court rules warrant necessary for cell phone location data

Appeals Court rules warrant necessary for cell phone location data

Law enforcement must now obtain a search warrant before seeking people's historical cell phone location information from their provider.

Dropbox, Google Drive and others vulnerable to Man-in-the-Cloud attacks

Dropbox, Google Drive and others vulnerable to Man-in-the-Cloud attacks

Imperva believes cloud storage sites like Google Drive, Dropbox, OneDrive will be the next area corporations will have to defend in their on-going battle to keep their data under wraps.

Black Hat 2015: Justice Dept. not gunning for security researchers

Black Hat 2015: Justice Dept. not gunning for security researchers

The Justice Department's Leonard Bailey discussed prosecution under the Computer Fraud and Abuse Act, assuring and cautioning researchers at Black Hat USA 2015 in Las Vegas.

DDoS attacks rage on, primarily impacting U.S. and Chinese entities

DDoS attacks rage on, primarily impacting U.S. and Chinese entities

Kaspersky Lab's new DDoS report indicates that the threat persists and will continue to affect business and people around the world.

Black Hat 2015: Honeypots gather data on gas pump monitoring system attacks

Black Hat 2015: Honeypots gather data on gas pump monitoring system attacks

Two senior researchers with Trend Micro set up several honeypots to collect data on attacks against gas pump monitoring systems.

Square: Our card reader security software prevents hacks

Square: Our card reader security software prevents hacks

Square countered the claim of three Boston University graduates that its reader can be quickly and easily converted into a credit card skimmer.

Nearly 90 percent of Android devices vulnerable to endless reboot bug

Nearly 90 percent of Android devices vulnerable to endless reboot bug

The vulnerability can be exploited by either by a malicious app installed on the affected device, or by luring a user to a specially crafted website.

VPN gone bad: APT actors enlist Chinese 'Terracotta' provider to hide criminal activity

VPN gone bad: APT actors enlist Chinese 'Terracotta' provider to hide criminal activity

APT actors are using a China-based VPN provider to hide their digital tracks and mask their identities.

Harman Kardon claims only Chrysler vehicles may have vulnerable system

Harman Kardon claims only Chrysler vehicles may have vulnerable system

Harman Kardon said it has told the National Highway Traffic Safety Administration and other car makers that it believes only Chrysler vehicles have potentially vulnerable infotainment systems.

Government 'Cybersecurity Sprint' spurs agency authentication measures

Government 'Cybersecurity Sprint' spurs agency authentication measures

Following its "Cybersecurity Sprint" launch, the government has increased authentication measures and reviewed its systems for vulnerabilities.

Hackers spread malware via Yahoo ads

Hackers spread malware via Yahoo ads

The same hackers that have exploited vulnerabilities of Adobe Flash have used advertising on Yahoo's largest websites to distribute malware to billions.

Report: News, entertainment websites serve majority of malvertisements

Report: News, entertainment websites serve majority of malvertisements

Bromium researchers observed that malicious advertisements impacted news and entertainment websites more than 50 percent of the time in the first half of 2015.

UConn School of Engineering cyberintrusion originated in China

UConn School of Engineering cyberintrusion originated in China

UConn has repaired a vulnerability exploited by hackers to gain access to servers in its School of Engineering and, while the university found no evidence of data theft, it has notified users whose information may have been compromised.

Report delves into RAT videos on YouTube

Report delves into RAT videos on YouTube

Remote Access Trojans (RATs) proliferate through YouTube tutorials and hacker forums, a new report from Digital Citizens Alliance suggested.

Tor Project, Library Freedom Project to establish Tor exit nodes in libraries

Tor Project, Library Freedom Project to establish Tor exit nodes in libraries

Tor Project and Library Freedom Project aim to help library patrons and staff protect their right to digital free expression by creating Tor exit nodes in libraries.

Cisco: Attackers innovating, evading defenses in first half of 2015

Cisco: Attackers innovating, evading defenses in first half of 2015

In the first half of 2015, Cisco found that increasingly innovative threat actors are becoming faster at attacking, quicker at adapting, and better at evading detection.

NYU conference encourages women to pursue cybersecurity

NYU conference encourages women to pursue cybersecurity

The NYU Polytechnic School of Engineering hosted a cybersecurity conference to help foster interest in the field among young women and teens.

Modular Potao malware used to spy on targets in Ukraine, Russia

Modular Potao malware used to spy on targets in Ukraine, Russia

Potao was first being used against targets in Russia, but after a lull in activity, malware activity increased against targets in Ukraine.

United reportedly hacked by same group that breached Anthem, OPM

United reportedly hacked by same group that breached Anthem, OPM

United Airlines reportedly experienced a breach by a Chinese hacker group believed to be behind breaches at OPM and Anthem.

HAMMERTOSS malware represents culmination of 'best practices' for cyber attackers

HAMMERTOSS malware represents culmination of 'best practices' for cyber attackers

Cybersecurity firm FireEye released a new report on APT29's complex malware HAMMERTOSS.

Majority of Android devices vulnerable to denial-of-service bug

Majority of Android devices vulnerable to denial-of-service bug

Trend Micro has identified a new Android denial-of-service bug that can be exploited to make devices unresponsive and practically unusable.

Researcher finds several vulnerabilities in PHP File Manager

Researcher finds several vulnerabilities in PHP File Manager

Researcher Sijmen Ruwhof uncovered several critical security vulnerabilities in PHP File Manager that leave user data unprotected.

Survey: Nearly all Americans support and want retaliation for cyberattacks

Survey: Nearly all Americans support and want retaliation for cyberattacks

A new poll indicates that Americans want the government to retaliate for cyberattacks that compromise sensitive data.

'Black Vine' group breached Anthem, leveraged zero-day bugs in various campaigns

'Black Vine' group breached Anthem, leveraged zero-day bugs in various campaigns

Symantec said it believes a threat group known as Black Vine is responsible for the Anthem breach, as well as a number of other attacks.

'GSMem' malware designed to infiltrate air-gapped computers, steal data

'GSMem' malware designed to infiltrate air-gapped computers, steal data

Israeli researchers detailed a new attack that can steal data from air-gapped computers, which are often seen as relatively safe.

Critical Android bugs can be exploited via MMS, 950M users affected

Critical Android bugs can be exploited via MMS, 950M users affected

Successfully exploiting the vulnerabilities could allow an attacker to spy on users, or even completely take over the device.

Federal appeals court rules no expectation of privacy for preventable 'butt dials'

Federal appeals court rules no expectation of privacy for preventable 'butt dials'

A federal appeals court ruled there is no expectation of privacy for "butt dials" that a caller doesn't' take reasonable steps to prevent.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US