Trojan appears that leverages patched Microsoft Office flaw

February 09, 2012

The exploit, which is being used in targeted attacks, arrives as an email that contains a Microsoft Word file and a separate DLL file, a rare combination considering DLL files are not typically sent over email.
 

Microsoft issues patch plans, includes Internet Explorer fix

February 09, 2012

Tuesday's monthly patch batch from Microsoft will be relatively light, with the software giant planning nine fixes -- four rated "critical" -- to address 21 vulnerabilities.
 

Standards body to certify PCI end-user experts

February 09, 2012

The PCI Security Standards Council is planning to soon launch a program where one can certify their expertise in preparing their organizations for PCI assessments.
 

Breaches aided by weak passwords, poor AV detection

February 09, 2012

Trustwave's annual review of its data breach response investigations concluded that franchises are now the prime target for hackers seeking customer data, such as credit card numbers.
 

Hacktivist-led DDoS is now the most common type, study finds

February 08, 2012

DDoS attackers motivated by social or political purposes are more common than conventional criminals out for financial gain, concluded a new report from Arbor Networks.
 

Anonymous renders Canadian Nazis not-so-anonymous

February 08, 2012

Hacktivist online community Anonymous exposed prominent Canadian neo-Nazis last month after hacking into a fascist website.
 

Cavoukian slams Supreme Court

February 08, 2012

Ann Cavoukian, Ontario's information and privacy commissioner, slammed the Canadian legal system in her opening speech at a symposium on surveillance and privacy late last month.
 

SDA, McAfee mark Canada's card

February 08, 2012

Canada received a mediocre ranking in cyber security, according to a new report ranking countries on their security stance.
 

Symantec code posted despite attempt to trap suspect

February 07, 2012

Email correspondence between a hacker and undercover agent may provide a glimpse into the type of blackmail that takes place when intellectual property is stolen.
 

MasterCard announces product future around EMV

February 07, 2012

The EMV standard, widely considered an effective way to curb counterfeit card fraud because it requires a microchip to be embedded in a credit or debit card or on a mobile device, is gradually picking up steam in the U.S.
 

Deadline looms to remove click-fraud malware

February 06, 2012

Many major businesses and government agencies still have systems infected with the DNSChanger malware, which reroutes the victim machine to websites and online advertisements of the attackers' choosing. That may mean they could lose web connectivity.
 

Anonymous raids law firm over its defense of Marine

February 03, 2012

Anonymous stayed busy on Friday with the dump of 300 GB of emails and other communications, lifted from the law firm representing a U.S. Marine who recently escaped jail time for his role in a 2005 massacre.
 

FBI call gives clues into Anonymous, LulzSec probes

February 03, 2012

Security experts believe a member of Anonymous hacked into the email account of a law enforcement official, which provided them the credentials necessary to eavesdrop on an FBI-led conference call.
 

Attacks could steal HTC Wi-Fi codes with malicious app

February 02, 2012

Some HTC mobile devices, running on the Android operating system, contain a software bug that could allow attackers to steal a user's Wi-Fi credentials and SSID.
 

Google using custom malware scanner for Android apps

February 02, 2012

Google appears to be on a mission to dispel the public perception that its Android Market has become a prime vector for malicious activity.
 

Security breaches impacting VeriSign emerge in filing

February 02, 2012

The company responsible for ensuring that users reach the website they intend to reach admitted in an SEC filing that its network was breached numerous times in 2010.
 

Palin hacker appeal rejected

February 02, 2012

David Kernell, who hacked into Sarah Palin's email account, has lost an appeal against his obstruction of justice charge.
 

WordPress attacks try to infect users with dangerous rootkit

February 01, 2012

Automated attackers are trawling the web for vulnerable WordPress blogs so they can silently redirect users to dangerous exploits. So far, however, the number of victims is in the hundreds.
 

Google won't pull Android apps deemed malicious

January 31, 2012

Symantec is trying to call attention to 13 applications that have showed up in the official Android Market over concerns that they contain software development tools that enable the theft of data.
 

Accused Kelihos spam botmaster: It wasn't me, Microsoft

January 30, 2012

A Russian computer programmer has denied allegations by Microsoft that he was responsible for manning a prolific spam botnet.
 

Facebook sues Adscend Media for malware and spam

January 30, 2012

Facebook and the state of Washington have filed separate lawsuits against Adscend Media, alleging the company was responsible for spreading malware and for stealing personal information from Facebook users.
 

FINRA advises brokers to bulk up security

January 27, 2012

The self-regulating authority of Wall Street is warning securities firms about a rise in customers' email accounts being hacked to deliver bogus funds transfer requests.
 

Univ. of Hawaii settles with 98,000 over five breaches

January 27, 2012

The largest class-action settlement in Hawaii's history is related to data breaches at University of Hawaii campuses.
 

Podcast: Security awareness training and rewarding good behavior

January 26, 2012

Awareness training is finally becoming more about security and less about compliance, as SANS instructor Lance Spitzner discusses in this SC Magazine Podcast episode.
 

Study: BlackHole appears, Conficker remains

January 26, 2012

Eighty-five percent of all malware is web-based, and some 30,000 websites are newly infected with malicious code each day, according to Sophos' "Security Threat Report 2012."
 

Google privacy policy changes raise concerns

January 26, 2012

A new blueprint by which Google will share user information across its offerings, similar to how Facebook does, is geared to enhance the experience, but critics fear the move is a privacy quagmire.
 

Symantec admits stolen source code impacts pcAnywhere

January 25, 2012

Big Yellow has done an about-face in light of new analysis that confirms users of its pcAnywhere software may be at risk to attack due to the disclosure of source code.
 

Twitter acquires web malware fighter Dasient

January 24, 2012

Twitter, a hotbed of malware due to its extreme popularity, has made one of its first-ever security acquisitions with the purchase of Dasient.
 

Microsoft names Russian man in Kelihos botnet suit

January 24, 2012

Microsoft believes it has found the person responsible for the spam-pushing Kelihos botnet, according to a new lawsuit.
 

Anonymous shutters government, music industry sites

January 20, 2012

In a reprisal for the government's takedown of MegaUpload.com, the hacker group Anonymous has apparently shuttered recording and movie industry websites, as well as the U.S. Department of Justice.
 

More source code stolen, says Symantec

January 19, 2012

Symantec acknowledged this week that in addition to theft of source code for past versions of some if its security software, its own servers were breached in 2006.
 

Senators change sides on SOPA/PIPA issue

January 18, 2012

Several senators today abandoned their support of two highly controversial anti-web piracy bills making their way through Congress.
 

DoD ID cards under attack

January 18, 2012

The ID cards that every DoD employee uses to access networks across the entire bureau have fallen victim to malware.
 

Collection of information key to thwarting APT attacks

January 17, 2012

Intelligence-driven information security is the future of battling advanced persistent threats, according to a new report.
 

Hacktivists expose personal info of T-Mobile staff

January 17, 2012

T-Mobile was hit on Saturday with a hacktivist attack, which resulted in the publication of personal information of some 80 of the wireless communications provider's employees.
 

Visa advises on more secure credit card transactions

January 16, 2012

Visa has issued best practices that detail how retailers, card issuers and processors can upgrade their credit card transaction technology to a chip-based model, so to avoid burdensome complexity, cost and time to market.
 

Zappos breach affects 24M, opens door for more attacks

January 16, 2012

Hackers breached a server belonging to online retailer Zappos and made off with the personal information of 24 million customers, though no credit card numbers were involved.
 

Symantec accused of selling "scareware"

January 13, 2012

In a lawsuit filed on Tuesday, a resident of Washington state sued the company over allegations that it scares customers into purchasing its products, even when unnecessary.
 

Microsoft to scale up its threat intelligence sharing

January 13, 2012

Microsoft plans to make available a real-time feed containing data on cyber attacks to help other organizations protect its customers.
 

Stratfor returns as Anonymous readies 5M stolen emails

January 12, 2012

An Anonymous representative said some 5.2 million emails stolen from Stratfor, a Texas-based global intelligence firm, will go live within the coming days.
 

Spam with QR code targets mobile users

January 11, 2012

Researchers have revealed a new type of spam campaign that appears to be a test run to find out how mobile users will respond to social engineering attempts on their smartphones and tablets.
 

Adobe patches Reader bugs, releases new JavaScript feature

January 10, 2012

Adobe joined Microsoft with software updates on Tuesday for Reader and Acrobat. In addition, the PDF software company released a new capability that allows JavaScript to run based on document trust.
 

Microsoft issues seven security patches, BEAST fix included

January 10, 2012

While Tuesday's security update only contains one fix for a "critical" issue, it addresses a number of issues that could lead to malware infestations.
 

Canadian government officials downloading illegal content

January 10, 2012

Representatives from the Pirate Party of Canada highlighted the irony of Canadian government officials using file-sharing sites to infringe on copyright.
 

Canadian privacy challenge exposes double standard

January 10, 2012

Canadian lawyers may have opened a legal can of worms by requesting the public release of heavily censored photographs.
 

FTC settles with rewards company over security infractions

January 09, 2012

Upromise, which helps students save for college, failed to live up to its oath to protect users' security and privacy, and offer encryption.
 

Energy Department to analyze power grid cyber threats

January 09, 2012

The proposal is helpful, but still doesn't answer the question: who to call when an attack happens.
 

Secret Service charges Romanian man with ATM fraud

January 09, 2012

A Romanian citizen, with an expired U.S. visa, has been arrested on charges of serving as the "installer" of skimming devices on some 40 ATMs in the New York City area.
 

Symantec: Hackers did steal code, but it's old

January 06, 2012

Symantec confirmed late Thursday that hackers did in fact compromise a portion of its source code, but the stolen code is related to two enterprise security products that have been discontinued.
 

Stratfor subscribers receive phony emails

January 06, 2012

Some Stratfor subscribers received an email on Friday that claimed to come from the breached company's CEO, but actually was designed to publicize the hack and have some fun at the expense of the recipients.
 

Hackers say they have Symantec's Norton AV source code

January 05, 2012

A Symantec spokesman said the company isn't sure if the hackers claims are true, but said no source code -- only a document from 1999 -- has so far been publicly posted.
 

New Ramnit variant steals Facebook logins

January 05, 2012

A new variant of the Ramnit virus harvested the login credentials of more than 45,000 Facebook users worldwide, according to researchers.
 

Microsoft preps seven security patches

January 05, 2012

The security update, which plans to address eight vulnerabilities, will include one "critical" fix.
 

At 10 years old, Internet Explorer 6 is almost an artifact

January 04, 2012

Internet Explorer 6 (IE 6) usage has dropped below one percent in the United States, Microsoft announced Tuesday. Security is a big reason being used to encourage users to update.
 

California union latest Anonymous police victim

January 03, 2012

Anonymous hackers affiliated with the group's "AntiSec" initiative stuck again over the New Year's weekend, this time dumping private data they stole by breaking into the website belonging to the California Statewide Law Enforcement Association (CSLEA) union.
 

Anonymous publishes Stratfor customer data

December 30, 2011

The Anonymous collective on Thursday posted 200 GB of information on customers of security think tank Stratfor.
 

Microsoft delivers rare out-of-band patch for ASP.NET issue

December 29, 2011

Some Microsoft engineers likely spent the holidays prepping a patch for a dangerous denial-of-service vulnerability affecting the .NET Framework.
 

Email from The New York Times meant for 300, sent to 8M

December 28, 2011

An email, originally believed to be spam, that asked people to reconsider their decision to cancel home delivery of The New York Times, was intended to reach roughly eight million fewer people than it actually did.
 

Vulnerability allows brute force hacking of wireleless routers

December 28, 2011

A computing standard than enables users to easily stand up an encrypted wireless network suffers from a design weakness that could enable attackers to gain router access, according to US-CERT.
 

Microsoft scrambles to address widespread ASP.NET bug

December 28, 2011

There is no holiday lull for Microsoft, as the software giant is working to address a potentially dangerous denial-of-service vulnerability impacting its entire .NET Framework. Other vendors may be impacted too.
 

Anonymous shreds intelligence firm Stratfor in latest hack

December 25, 2011

In what may be its most devastating attack since HBGary, the Anonymous hacking collective "rooted" the database of security intelligence firm Stratfor to plunder a claimed 200 gigabytes worth of data.
 

Mozilla fixes crash issue after new Firefox version issued

December 22, 2011

One day after releasing version 9 of its Firefox web browser, Mozilla on Wednesday issued Firefox 9.0.1 to address an issue that caused Windows, Mac and Linux users' browsers to crash.
 

Podcast: Connecting user behavior with cyber crime

December 22, 2011

An associate professor of reliability engineering and an associate professor of criminology have teamed up to study how the social makeup of a computer network correlates with the attacks used against it.
 

U.S. Chamber of Commerce targeted in data heist

December 21, 2011

Hackers operating out of China are believed responsible for a major attack on the U.S. Chamber of Commerce in 2009 and 2010, but which was only revealed recently.
 

Spam drop, but targeted attack rise, is key 2011 takeaway

December 20, 2011

Spam volume dropped dramatically from 379 billion messages daily in August 2010 to 124 billion this November, according to Cisco, as crooks opted for more pinpointed attacks that could fly under the radar.
 

Researcher finds Microsoft Windows 7 security bug

December 20, 2011

The vulnerability is present on a Windows driver file and is exploited via the Apple Safari browser.
 

NYC authorities charge 55 in cyber fraud, ID theft ring

December 19, 2011

The defendants were part of a coordinated operation that resulted in the theft of more than $2 million from JP Morgan Chase Bank, TD Bank, Citibank, Discover and American Express.
 

SOPA could harm security on the internet

December 16, 2011

Experts warn the controversial anti-copyright bill, SOPA, would undermine efforts to bolster internet security through the implementation of DNSSEC.
 

GlobalSign says web server, not CA systems, hit by breach

December 16, 2011

GlobalSign, which briefly halted operations in September out of concern that it was the latest SSL certificate authority hacked, has determined that its CA infrastructure was never compromised.
 

Industry group creates guidelines for issuing SSL certs

December 15, 2011

New standards, set to go into effect July 1, 2012, are based on best practices across the SSL/TLS sector. But some researchers, who have called for an overhaul of a system they say is antiquated, don't think standards will help.
 

Microsoft to begin silently updating IE in 2012

December 15, 2011

Borrowing a page from other web browser manufacturers, Microsoft soon will automatically upgrade Windows customers to the latest version of IE.
 

"Critical" Microsoft security bugs at lowest level since 2005

December 14, 2011

Microsoft officials credit more robust software security design with a diminished number of bugs garnering the tech giant's most severe rating.
 

Thirteen patches from Microsoft, including Duqu fix

December 13, 2011

Tuesday's baker's dozen of security patches from Microsoft includes a fix for a vulnerability that helped spread the dangerous information-stealing Duqu trojan, which targets industrial control systems.
 

Oracle updates Java, Adobe patches ColdFusion

December 13, 2011

An update from Oracle clears up, among other vulnerabilities, an issue that caused Java 6 Update 29 to break SSL connectivity. Meanwhile, Adobe offered a fix for its ColdFusion development platform.
 

Court tosses claims against Heartland Payment over breach

December 13, 2011

After more than two years of litigation, a U.S. District judge has dismissed nine of the 10 causes of action brought forth as part of a class-action lawsuit by nine banks.
 

Yahoo wins $610M spam judgment

December 12, 2011

Digital media company Yahoo has ended a three-year legal battle against a team of spammers, winning a default judgment of $610 million.
 

Malicious apps discovered in Android Market

December 12, 2011

Rogue developers uploaded malicious versions of at least a dozen popular games to the Android Market.
 

Blue Coat acquired by equity firm for $1.3 billion

December 09, 2011

Thoma Bravo snared its fifth IT security company since 2009 in a high-priced deal to buy Blue Coat Systems, a company that recently found itself immersed in controversy.
 

Four charged with hacking Subway, other retailers

December 09, 2011

The defendants allegedly compromised the credit card data of 80,000 customers and made millions of dollars in unauthorized purchases.
 

Anonymous claims new Monsanto-related hack

December 08, 2011

The Anonymous hacktivist group claims it is responsible for putting a Washington, D.C. public relations firm, which formerly worked with the oft-criticized biotech giant Monsanto, out of business.
 

Three "critical" patches to be in Microsoft security update

December 08, 2011

Microsoft on Tuesday is scheduled to release 14 patches to fix 20 vulnerabilities across its product line.
 

Lockheed Martin hit, but not breached, with Adobe zero-day

December 08, 2011

Defense contractors appear to be the prime target of sophisticated malware that attempts to take advantage of an unpatched flaw in Adobe Reader and Acrobat software.
 

Vandals hack checkout terminals at California supermarkets

December 08, 2011

As of Monday, at least 80 people were victimized by credit and debit card readers being tampered with.
 

Group brings lawsuit against HP over printer "fire" bug

December 06, 2011

A New York man who owns two Hewlett-Packard printers has brought a class-action lawsuit against the technology giant over a vulnerability that opens the device up to a hacker attack.
 

MIT researchers suggest power grid security oversight

December 06, 2011

While a number of entities have a stake in maintaining the cyber security of the U.S. electric grid, no single organization is currently responsible for overseeing protection across all aspects of grid operations.
 

Adobe to issue emergency fix for Reader security bug

December 06, 2011

Adobe warned Tuesday of an unpatched vulnerability in its Reader and Acrobat software after catching wind of active exploits by cybercriminals.
 

Cyberattacks up 50 percent in 2011

December 06, 2011

Publicly traded Canadian companies experienced 50 percent more cyberattacks in 2011 than in the previous year, study
 

Chinese-based hacker attack wanted corporate data

December 06, 2011

A massive Chinese-based hacker attack on Canadian federal government agencies late in 2010 was aimed at uncovering information about the takeover bid for Potash Corp. of Saskatchewan.
 

Reintroduced law would give wide surveillance power over ISPs

December 06, 2011

The Harper government has announced plans to reintroduce the "lawful internet access" law, which could shutter Canada's small internet service providers.
 

Copyright issues at stake in court

December 06, 2011

The Supreme Court of Canada has heard arguments seeking to overturn a lower court ruling on so-called fair dealing of copyrighted material.
 

Amazon users targeted with new phishing attack

December 05, 2011

Attackers have been widely spamming messages - purportedly sent from Amazon - claiming users' accounts are about to be deactivated.
 

New mass SQL injection attack could be forming

December 02, 2011

Based on a Google search of a malicious SQL string being used, more than 4,000 websites have been infected in less than 24 hours.
 

"Significant" security threats found in Android devices

December 02, 2011

Android phones from leading manufacturers -- including HTC, Motorola and Samsung -- contain pre-loaded applications that do not properly enforce the platform's permission-based security model.
 

Bill to foster threat data sharing draws mixed reactions

December 01, 2011

The Cyber Intelligence Sharing and Protection Act of 2011 would give the federal government authority to share classified cyber threat information with the private sector.
 

New Java exploit one of many impacting firms

December 01, 2011

A new exploit, which has made its way into the Metasploit framework, underscores the danger posed by Java vulnerabilities, which are responsible for many of today's enterprise malware threats.
 

Duqu perpetrators wipe command servers of evidence

December 01, 2011

On Oct 20, just two days after researchers released details about the Duqu malware, its creators scrubbed all the files from their command-and-control servers in an effort to conceal their identity.
 

HP says security flaw is real, but flames are unlikely

November 30, 2011

Hewlett-Packard has shot down claims that a vulnerability in some of its printers could be used to set the devices on fire.
 

Crooks using Zeus in new Facebook attacks

November 30, 2011

Variants of the Zeus trojan are being used in new Facebook and banking heists, security researchers and law enforcement are warning.
 

Podcast: Fixing the SSL certificate chain

November 30, 2011

In this podcast, Access' Gustaf Bjorksten discusses why the SSL system has failed and what is necessary to improve its existing design and implementation. He helped author a call-to-action paper, and believes the future trust and privacy of the internet relies on finding a solution.
 

Bug allows HP printers to be remotely hacked, set on fire

November 29, 2011

HP LaserJet printers do not validate the origin of remote firmware updates before applying them, meaning anyone could potentially reprogram them to access a corporate network -- or even light them on fire.
 
Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Patch Management PCI Compliance SC Awards 2012 Trojans Vulnerabilities & Flaws