FireEye first cybersecurity firm awarded DHS SAFETY Act certification

FireEye first cybersecurity firm awarded DHS SAFETY Act certification

The Department of Homeland Security (DHS) certified FireEye technology under the SAFETY Act, effectively shielding the company's customers from any liability in the event of a cyber terrorism attack.

Linux malware 'Mumblehard' has spamming feature, backdoor component

Linux malware 'Mumblehard' has spamming feature, backdoor component

Mumblehard remained undetected for more than five years, according to a researcher at ESET.

Vulnerability enables downgrading of MySQL SSL/TLS connections

Vulnerability enables downgrading of MySQL SSL/TLS connections

A researcher with Duo Security identified the vulnerability, which exists in MySQL client libraries, as well as forks such as MariaDB and Percona.

Flaw makes Trendnet, D-Link routers vulnerable to remote attack

Flaw makes Trendnet, D-Link routers vulnerable to remote attack

A security alert issued Friday warns of an unfixed bug in D-Link and Trendnet routers.

Study: Java JRE unpatched on 77 percent of PCs

Study: Java JRE unpatched on 77 percent of PCs

Secunia issued its quarterly country report earlier this week, which looked at what programs the average PC user had installed and what percentage was patched.

Malicious docs submitted to CareerBuilder job listings distribute malware

Malicious docs submitted to CareerBuilder job listings distribute malware

Proofpoint researchers observed attackers submitting weaponized Microsoft Word documents to job postings listed on the CareerBuilder website.

Student Digital Privacy and Parental Rights Act introduced in House

Student Digital Privacy and Parental Rights Act introduced in House

The bill was introduced Wednesday with some revisions that would improve transparency regarding how student information is shared, used or sold.

Representatives question FBI and point out fallacies during default encryption hearing

Representatives question FBI and point out fallacies during default encryption hearing

The U.S. Committee on Oversight & Government Reform met on Wednesday to hear arguments on default encryption and didn't let law enforcement off easy.

Several vulnerabilities identified in TheCartPress WordPress plugin

Several vulnerabilities identified in TheCartPress WordPress plugin

High-Tech Bridge identified multiple vulnerabilities in TheCartPress eCommerce shopping cart plugin for WordPress websites.

Forrester estimates that broad EMV chip adoption is half a decade away

Forrester estimates that broad EMV chip adoption is half a decade away

EMV, despite its security features over magnetic stripe cards, cannot prevent against "wholesale breaches of large numbers of credit card numbers," report authors said.

In latest filing, LabMD claims lack of due process, prejudice taint FTC case

In latest filing, LabMD claims lack of due process, prejudice taint FTC case

The Atlanta-based medical testing lab has, again, filed to have FTC's complaint dismissed.

Macro malware makes a comeback with BARTALEX attack

Macro malware makes a comeback with BARTALEX attack

Trend Micro described a new attack as an "outbreak" of spam that's impacting mainly U.S. companies.

Tech giants, Chamber of Commerce back Judicial Redress Act

Tech giants, Chamber of Commerce back Judicial Redress Act

The legislation aims to improve trust when law enforcement information is shared between the U.S. and EU.

Report: SSDP reflection attacks spike, and other Q1 2015 DDoS trends

Report: SSDP reflection attacks spike, and other Q1 2015 DDoS trends

The largest distributed denial-of-service attack ever detected by Arbor Networks systems was observed in the first quarter of this year.

U.S. Defense Secretary Carter emphasizes culture change needed to hire fresh tech talent

U.S. Defense Secretary Carter emphasizes culture change needed to hire fresh tech talent

During a speech at Stanford University this past week, U.S. Defense Secretary Ash Carter acknowledged the government's desire to hire young talent for cybersecurity work.

Angler Exploit Kit pushed in xHamster malvertising campaign

Angler Exploit Kit pushed in xHamster malvertising campaign

The malicious advertisement was spotted on Friday and taken down by the end of Saturday, according to Malwarebytes Labs.

RSA 2015 survey: 48 percent believe NSA surveillance has increased

RSA 2015 survey: 48 percent believe NSA surveillance has increased

Nearly 94 percent of respondents believed that NSA's surveillance had increased or remained the same since Snowden began leaking classified information in June 2013.

Study: Conficker declared top threat of 2014, but N. America targeted mainly by AnglerEK

Study: Conficker declared top threat of 2014, but N. America targeted mainly by AnglerEK

F-Secure Labs released a threat report for the last half of 2014 and found that North America wasn't receiving the brunt of Conficker attacks, as opposed to other parts of the world.

RSA 2015: In the healthcare industry, security must innovate with business

RSA 2015: In the healthcare industry, security must innovate with business

Legislation, mobility and personalization are forces driving healthcare in the U.S., Frank Kim said at RSA Conference 2015.

RSA 2015: Unintended use of aircraft systems next challenge for counterterrorism community

RSA 2015: Unintended use of aircraft systems next challenge for counterterrorism community

The counterterrorism, security and aviation communities must contemplate how unintended use of aircraft systems or networks could have a downstream impact.

RSA Conference 2015: Prepare for the IoT before it's too late, Sorebo warns

RSA Conference 2015: Prepare for the IoT before it's too late, Sorebo warns

Gib Sorebo used his session at RSA to discuss the Internet of Things (IoT) and its possible repercussions.

RSA 2015: Keynote addresses online safety risks to increasingly connected youths

RSA 2015: Keynote addresses online safety risks to increasingly connected youths

Technology can't replace the value of online safety education, the key to keeping kids out of predators' paths, panelists shared.

RSA 2015: Experts talk investor interest in cybersecurity, regulatory changes on horizon

RSA 2015: Experts talk investor interest in cybersecurity, regulatory changes on horizon

An SEC commissioner's chief of staff and shareholder advocacy expert discussed complex disclosure expectations among investors.

RSA 2015: Successful phishing attacks compromise users and technology

RSA 2015: Successful phishing attacks compromise users and technology

Although users often take much of the blame when a phishing attack is successful, technology must be compromised as well.

Extend surveillance, says Sen. Mitch McConnell

Senate Majority Leader Mitch McConnell introduced a bill that would grant intelligence agencies authority under the USA PATRIOT Act to continue mass surveillance until 2020

RSA 2015: It's end of days for email forgers claim DMARC champions

RSA 2015: It's end of days for email forgers claim DMARC champions

The death of email, widely anticipated 10 years ago, has not come to pass, thanks to email authentication schemes such as SPF, DKIM and most recently DMARC.

RSA 2015: Cyber-security professionals identify cyber-criminals as biggest threat

RSA 2015: Cyber-security professionals identify cyber-criminals as biggest threat

The majority of threat actors attacking organisations are cyber-criminals, according to a landmark survey for ISACA and RSA Conference.

RSA 2015: Protecting critical infrastructure

RSA 2015: Protecting critical infrastructure

As Robert Hinden, Check Point fellow, described in his Wednesday RSA session, "Protecting Critical Infrastructure," hacking physical infrastructure is something that can affect us all, and like IT systems, there are many vulnerabilities, but the consequences are much greater, and the attacks have begun.

'Aaron's Law' returns to Congress

'Aaron's Law' returns to Congress

Proposed legislation would rein in the CFAA to avoid overzealous prosecution.

RSA 2015: Panelists debate a way forward for matters of cyber conflict

RSA 2015: Panelists debate a way forward for matters of cyber conflict

Panelists discussed cyber espionage and intellectual property theft affecting U.S. companies and steps the private and public sector must take to curb the threat.

RSA 2015: Point-of-sale system security is lacking

RSA 2015: Point-of-sale system security is lacking

The vulnerabilities exploited in most point-of-sale breaches are relatively simple, security experts discussed at RSA Conference 2015.

RSA 2015: Knowing which way the wind's blowing

RSA 2015: Knowing which way the wind's blowing

Sharing of industry and government data, collated centrally to create a cyber-threat weather map is now underway in the U.S., with threat indicators being issued.

CozyDuke APT group believed to have targeted White House and State Department

CozyDuke APT group believed to have targeted White House and State Department

Nearly six months after the State Department announced an attack on its unclassified email system, the likely attackers have been identified and their tactics detailed.

RSA 2015: IoT could compromise critical infrastructure

RSA 2015: IoT could compromise critical infrastructure

Role playing during an RSA 2015 session highlighted security issues associated with the Internet of Things.

RSA 2015: 'No iOS Zone' attack allows denial-of-service against Apple devices

RSA 2015: 'No iOS Zone' attack allows denial-of-service against Apple devices

According to the co-founders of Skycure, which presented on the attack at RSA Conference, Apple has not completely resolved the security issue.

RSA 2015: Contactless payment systems have weaknesses

RSA 2015: Contactless payment systems have weaknesses

Contactless payment systems such as EMV cards and Apple Pay are convenient, but are not without weaknesses.

House panel gives go-ahead to cyber bill

Following years of wrangling in Congress and a slew of headline-grabbing breaches, the House gave the go-ahead to a cybersecurity bill.

RSA 2015: Security in the cloud undermined by poor credential management, says Charney

RSA 2015: Security in the cloud undermined by poor credential management, says Charney

Despite the rush to the cloud, certificate authentication is still the Achilles' heel of the industry, according to Scott Charney, corporate vice president, Trustworthy Computing at Microsoft.

RSA 2015: FCC Chairman Wheeler outlines agency goals

RSA 2015: FCC Chairman Wheeler outlines agency goals

The FCC joins the FTC as a force to be reckoned with on cybersecurity and privacy issues, agency chief Wheeler indicated in an RSA Conference speech.

RSA 2015: Thousands of Android apps found to be vulnerable

RSA 2015: Thousands of Android apps found to be vulnerable

Vulnerability testing by CERT found tens of thousands of Android apps are vulnerable and no full register exists as they don't all get CVE assigned.

RSA 2015: Experts discuss six dangerous attack techniques

RSA 2015: Experts discuss six dangerous attack techniques

Data breaches, ransomware, and threats against industrial control system were were discussed during an RSA Conference 2015 session on dangerous attack techniques.

Though gov't agencies deride default device encryption, no changes expected in tech, experts say

Though gov't agencies deride default device encryption, no changes expected in tech, experts say

FBI and NSA staffers have repeatedly voiced concern over default encryption, but it doesn't seem to have hindered any tech companies' decisions to proceed with their plans.

RSA 2015: Tension continues to grow between govt, cryptographers

RSA 2015: Tension continues to grow between govt, cryptographers

Government demands for back doors cryptography are ratcheting up discord with cryptographers, according to RSA panelists.

RSA 2015: Intel SVP looks to Moneyball story to inspire offensive strategies

RSA 2015: Intel SVP looks to Moneyball story to inspire offensive strategies

At RSA Conference in San Francisco, Intel Security Group SVP and General Manager Christopher Young challenged the industry to write its own Moneyball story.

RSA 2015: Change is a mindset, not a technology problem

RSA 2015: Change is a mindset, not a technology problem

The threat landscape has changed and we have to constantly challenge the existing thinking to get ahead of our adversaries RSA President Amit Yoran told delegates on Tuesday.

RSA 2015: DHS Secretary Jeh Johnson says agency will open Silicon Valley office

RSA 2015: DHS Secretary Jeh Johnson says agency will open Silicon Valley office

Department of Homeland Security is finalizing plans to open a Silicon Valley office, DHS Secretary Jeh Johnson told an audience at the RSA Conference.

Study: Open Source Software use increasing in enterprises but without vulnerability monitoring

Study: Open Source Software use increasing in enterprises but without vulnerability monitoring

As companies increasingly integrate Open Source Software (OSS) into their business IT environments, they appear to be faltering in monitoring the software for vulnerabilities and creating official policies and procedures.

Cybersecurity bills move forward on Capitol Hill

Cybersecurity bills move forward on Capitol Hill

A flurry of legislative activity on Capitol Hill hints that Congress may be shaking off its inertia and there may be some long-awaited forward movement on key issues.

Flash EK leveraged in potentially widespread malvertising attack

Flash EK leveraged in potentially widespread malvertising attack

Researchers with Malwarebytes have identified a malvertising attack carried out through Merchenta, an advertising network that claims to reach more than 28 billion consumers per month in the U.S.

Study: Average organization has 4,000 instances of exposed credentials stored in the cloud

Study: Average organization has 4,000 instances of exposed credentials stored in the cloud

CloudLock released its "Cloud Cybersecurity Report: The Extended Perimeter" earlier this week that looked at enterprises' use of cloud applications and storage.

Member of group that hacked Farmers Insurance, DirecTV, sentenced to 3 years

Member of group that hacked Farmers Insurance, DirecTV, sentenced to 3 years

The New York resident, Mario Chuisano, was also ordered to pay nearly $2.7 million in restitution.

Banking industry security protocol falters in third-party vendor contracts

Banking industry security protocol falters in third-party vendor contracts

The New York State Department of Financial Services issued an update on cyber security in the banking sector with concern to third-party service providers.

POS threat 'Punkey' allows additional malware download for greater access

POS threat 'Punkey' allows additional malware download for greater access

Trustwave also found that the Punkey threat family and NewPosThings share the same code base.

Researchers identify new targets in 'Operation Pawn Storm' campaign

Researchers identify new targets in 'Operation Pawn Storm' campaign

The campaign was written about by Trend Micro in October 2014, and the latest findings highlight some new tactics being used by the attackers.

Cyber attacks to rise, but competent security talent scarce, study says

Cyber attacks to rise, but competent security talent scarce, study says

A whopping 82 percent of security and IT pros surveyed in an ISACA and RSA Conference study believe cyberattacks will rise in 2015 and 35 percent say they can't find qualified talent to fill security positions.

Whistleblowers' lawyer claims Ark. police dept. put malware on hard drive

Whistleblowers' lawyer claims Ark. police dept. put malware on hard drive

An Arkansas lawyer representing whistleblowers asked a court to sanction an Arkansas police department after a hard drive he had provided for discovery materials was returned with malware on it.

Hellsing APT retaliates against Naikon attackers with own phishing ploy

Hellsing APT retaliates against Naikon attackers with own phishing ploy

After analyzing a phishing attack, Kaspersky found that ensuing email correspondence could be linked to two APT groups, Naikon and Hellsing.

Oracle's patch update includes 98 security fixes

Oracle's patch update includes 98 security fixes

The Critical Patch Update released by Oracle on Tuesday includes 98 security fixes, and is the final release of public updates for Java 7.

2014 deemed the year of 'far-reaching' vulnerabilities in Symantec annual report

2014 deemed the year of 'far-reaching' vulnerabilities in Symantec annual report

Symantec's annual threat report doesn't exactly depict a rosy cyber security world.

In annual report, Verizon uses new breach cost model for estimating loss

In annual report, Verizon uses new breach cost model for estimating loss

Verizon says it has a new-and-improved model for determining breach costs.

Microsoft addresses 26 vulnerabilities, some critical, on Patch Tuesday

Microsoft addresses 26 vulnerabilities, some critical, on Patch Tuesday

Microsoft addressed 26 vulnerabilities in 11 bulletins for its monthly Patch Tuesday release, and four of the bulletins are deemed critical.

APT group detects threat monitoring and backs away in documented first

APT group detects threat monitoring and backs away in documented first

After continuously trying to regain access to a specific target's systems, Hurricane Panda willfully stepped away once it saw that the company was monitoring Indicators of Attack (IOA).

Global groups dismantle 'Simda' botnet

Global groups dismantle 'Simda' botnet

Less than a week after the 'Beebone' botnet was taken down, INTERPOL Global Complex for Innovation, along with other global companies and agencies, has dismantled the 'Simda' botnet.

FighterPOS malware strikes over 100 terminals in Brazil, captures info for 22K cards

FighterPOS malware strikes over 100 terminals in Brazil, captures info for 22K cards

Trend Micro warns that the threat could spread, as the sole perpetrator of the attacks is selling the malware.

Researchers identify attack technique, all Windows versions at risk

Researchers identify attack technique, all Windows versions at risk

Researchers with Cylance identified the "Redirect to SMB" technique, which can enable the theft of user credentials from PCs, tablets and servers running any version of Windows.

Survey: 65 percent of online tax filers do so on open access WiFi network

Survey: 65 percent of online tax filers do so on open access WiFi network

Nearly half of Americans file their taxes online, and of those who do, 65 percent file them on an open access WiFi network, according to new research from Protect Your Bubble.

Researchers identify malware campaign targeting Russian businesses, banks

Researchers identify malware campaign targeting Russian businesses, banks

The campaign is being referred to by ESET researchers as Operation Buhtrap, and is believed to have been active for longer than a year.

Banking threat Emotet expands target list, evades two-factor auth

Banking threat Emotet expands target list, evades two-factor auth

The malware, which is still spread through phishing emails, is now in its third iteration, Kaspersky Lab researchers revealed.

International effort takes down 'Beebone' botnet

International effort takes down 'Beebone' botnet

A botnet of more than 12,000 computers was taken down on Wednesday through a collaborative effort by various international law enforcement agencies and tech companies.

Compromised forums redirect to Fiesta Exploit Kit, distribute malware possibly for click fraud

Compromised forums redirect to Fiesta Exploit Kit, distribute malware possibly for click fraud

Cyphort Labs researchers observed a number of popular forum websites redirecting visitors to the Fiesta Exploit Kit.

Apple issues updates for iOS, OS X, Apple TV and Safari

Apple issues updates for iOS, OS X, Apple TV and Safari

Apple released iOS 8.3 on Wednesday along with updates to OS X Yosemite, OS X Mavericks, OS X Mountain Lion, Safari, Xcode and Apple TV.

FCC fines AT&T $25M for call center breaches

FCC fines AT&T $25M for call center breaches

The FTC imposed a $25 million fine, its largest data privacy enforcement fine to date, on AT&T for three call center breaches that exposed information on 280,000 customers.

Blend of old and new techniques help attackers dodge detection, report says

Blend of old and new techniques help attackers dodge detection, report says

The 2015 Websense Threat Report found that threat actors are employing previously used C&C URLs to launch new threats.

Malicious Google Chrome extension collected users' data for third parties

Malicious Google Chrome extension collected users' data for third parties

"Webpage Screenshot," a Google Chrome extension, was found to be malicious by two security firms earlier this week.

Cross-platform RAT 'AlienSpy' targets Mac OS X, Windows and Android users

Cross-platform RAT 'AlienSpy' targets Mac OS X, Windows and Android users

The AlienSpy remote access trojan (RAT) is being sold to attackers via subscription plans, ranging from around $20 to $220.

FBI warns of WordPress defacements as new plugin vulnerability is found

FBI warns of WordPress defacements as new plugin vulnerability is found

The FBI warned that individuals sympathetic to ISIL, or ISIS, are defacing WordPress websites by exploiting vulnerabilities in plugins.

Russian hackers eyed in attack on White House, State Dept.

Russian hackers eyed in attack on White House, State Dept.

CNN has reported that Russian hackers used their intrusion into the State Department's systems as a way to get into White House systems.

Breach readiness survey shows most stray from IRP best practices

Breach readiness survey shows most stray from IRP best practices

The responses of global practitioners were compared with Global 1000 security execs, which provided a best practices benchmark.

Drive-by-login attack identified and used in lieu of spear phishing campaigns

Drive-by-login attack identified and used in lieu of spear phishing campaigns

A new attack, drive-by-logins, allows attackers to target specific victims on sites they trust.

Nearly 75 percent of Global 2000 orgs still vulnerable to Heartbleed

Nearly 75 percent of Global 2000 orgs still vulnerable to Heartbleed

Venafi Labs researchers found that 74 percent of 1,642 Global 2000 organizations had not completed Heartbleed remediation across all public-facing servers.

New ransomware makes encrypted files appear quarantined

New ransomware makes encrypted files appear quarantined

The ransomware, detected by Trend Micro as CRYPVAULT, is being distributed as an attachment in spam emails and is targeting Russian speakers.

DHS LPR program draws sharp criticism from ACLU

DHS LPR program draws sharp criticism from ACLU

To the chagrin of the ACLU, the Department of Homeland Security (DHS) has renewed its efforts to procure license plate reader (LPR) data through a third party.

NIST calls for final comments on draft covering sensitive information protection

NIST calls for final comments on draft covering sensitive information protection

NIST and NARA collaborated to produce the final draft of "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations."

Revenge porn site operator Bollaert sentenced to 18 years

Revenge porn site operator Bollaert sentenced to 18 years

Kevin Bollaert, 28, operated the now-infamous revenge porn sites U Got Posted and Change My Reputation.

Snapchat issues first transparency report, detailing more than 300 requests

Snapchat issues first transparency report, detailing more than 300 requests

Snapchat issued its first transparency report on Thursday, which disclosed the more than 300 government requests the company received for user data over the past four months.

'NewPosThings' malware evolves, malicious traffic traced to airports

'NewPosThings' malware evolves, malicious traffic traced to airports

Trend Micro believes that point-of-sale malware attackers will increasingly target travelers.

'Do Not Track' no longer default setting for Microsoft browsers

'Do Not Track' no longer default setting for Microsoft browsers

With standards language clarified by the W3C, Microsoft says removing DNT from default settings lets users, not vendors, express tracking preference.

Google: Android PHA installs decreased by nearly 50 percent throughout 2014

Google: Android PHA installs decreased by nearly 50 percent throughout 2014

The rate of Potentially Harmful Application installs on Android devices decreased nearly 50 percent from early 2014 to later that year, according to a Google report.

Man pleads guilty to intellectual property theft conspiracy impacting Microsoft, other firms

Man pleads guilty to intellectual property theft conspiracy impacting Microsoft, other firms

Austin Alcala, 19, is the fourth member of an international hacking ring to plead guilty in the case.

Four indicted in Federal Reserve Notes counterfeiting operation

Four indicted in Federal Reserve Notes counterfeiting operation

One individual being charged allegedly set up a website on the dark web that was dedicated to manufacturing and selling the counterfeit Federal Reserve Notes.

Google says it will no longer trust digital certs issued by CNNIC

Google says it will no longer trust digital certs issued by CNNIC

Google made the decision after investigating a security incident in which digital certs were "misissued."

Obama orders new sanctions program to deter foreign cyber attackers

Obama orders new sanctions program to deter foreign cyber attackers

On Wednesday, the President declared the need to address "malicious cyber-enabled activities" orchestrated by foreign attackers a national emergency.

'Volatile Cedar' APT group spies on enterprises, focusing on Lebanese companies

'Volatile Cedar' APT group spies on enterprises, focusing on Lebanese companies

Check Point Software Technologies issued a report on the group, which has been targeting enterprises since 2012, with its customized "Explosive" malware.

Orgs need to share info, crave more board oversight, study says

Orgs need to share info, crave more board oversight, study says

A Blue Lava Consulting survey of more than 300 information security professionals shows that progress in reshaping security model, but highlights challenges ahead.

Human error cited as leading contributor to breaches, study shows

Human error cited as leading contributor to breaches, study shows

According to a new CompTIA study, human error accounts for 52 percent of the root cause of security breaches.

Skills in demand: Web application security

Skills in demand: Web application security

With so many of us visiting the web for social-networking, shopping, banking, paying bills and general surfing, it's imperative that companies ensure their web facing applications are secure and free from vulnerabilities.

An answer to ransomware?

An answer to ransomware?

In recent years we've seen increasing numbers of companies fall victim to ransomware that encrypts a compromised computer's files.

Threat of the Month: Komodia libraries

Threat of the Month: Komodia libraries

For this month's "Threat of the Month" series, we take a look at Komodia Redirector and SSL Digestor libraries.

IBM will invest $3 billion in new IoT unit

IBM will invest $3 billion in new IoT unit

IBM will investing $3 billion over the next four years to establish a new Internet of Things (IoT) business unit along with a cloud-based platform to help build IoT solutions.

Infostealer Laziok targets energy companies

Infostealer Laziok targets energy companies

Symantec researchers wrote in a Monday blog post that the malware is being used to target energy sector companies, primarily in the Middle East.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US