Cyber criminals have stolen $50,000 from an Australian real estate agency after one of its employees was duped through social engineering.
As expected, the web's unscrupulous element is taking advantage of the attention surrounding the Boston Marathon bombings to spread malware and trick people into donating to fake causes.
Twitter's director of information security is helping other users not suffer the same fate as Burger King and Jeep.
We need to consider all of the traditional facets of information security when we consider protecting information on the internet.
A Windows vulnerability that Microsoft patched back in April continues to be used in targeted attacks against political, industrial and defense organizations.
Thousands of U.S. Environmental Protection Agency employees had their personal information exposed through a database breach.
Many of today's applications are designed to work over any port, which increases chances they won't be blocked by firewalls.
Social engineering isn't necessarily a bad thing if security professionals use it to their advantage, according to a speaker at SC Congress Canada.
A new development in the criminal underground is to peddle trojans that steal credit card data from hotels.
Cyber criminals have cloaked spam to resemble US Airways check-in emails in phishing attempts that lead to Zeus trojan infections.
Multilayered protection starts with knowing what assets are most critical to your organization and implementing an in-depth security strategy.
David Kernell, who hacked into Sarah Palin's email account, has lost an appeal against his obstruction of justice charge.
Criminals are finding social media websites like Facebook, which contain a vast array of personal assets, to be a treasure trove of information that they can use to launch further attacks.
Phishers are spoofing email addresses belonging to US-CERT, an arm of the Department of Homeland Security that coordinates information sharing related to cyber threats, to trick users into installing malware.
Hackers operating out of China are believed responsible for a major attack on the U.S. Chamber of Commerce in 2009 and 2010, but which was only revealed recently.
A message purportedly sent from the FBI Anti-Terrorist and Monetary Crimes Division is making its way to inboxes, threatening recipients that they will be arrested if they do not reply back.
A piece of malware that has drawn comparisons to the notorious Stuxnet worm is using an unknown Windows kernel vulnerability to infect its targets.
Consistent communication about the risk of social engineering is the first step in preventing network breaches, says Chris Harget, senior product marketing manager, ActivIdentity, part of HID Global.
Spam that seemingly emanates from Apple is making the rounds with the aim of tricking users into handing over their IDs and passwords, researchers at anti-virus firm Trend Micro said in a blog post Monday.
Researchers have discovered a way to evade Facebook security controls to deliver a message that could come outfitted with a malicious attachment.
eBay, Motorola, IBM, McAfee and VMware were reportedly affected by same type of attack orchestrated against RSA.
Hackers over the weekend accessed Microsoft's YouTube channel to swap out videos with their own. It is unclear what the intruders' motive was, but they may have been able to access the account by stealing its login credentials from a Microsoft employee, Graham Cluley, senior technology consultant at anti-virus firm Sophos, said in a blog post Sunday. One of the unauthorized videos posted was titled "Bingo" and featured an animated video game character shooting another character. By Monday morning, the channel was operating normally. The incident followed hackers last week taking over the Sesame Street YouTube channel to display pornographic videos.
The process of delivering targeted attacks to end-users has gotten easier for attackers thanks to automated social engineering, in which adversaries can write tools that scour the web for personal data to include in their emails to increase their believability. The goal, of course, is to design messages that people are more likely to click on and, as a result, install malware on their machines or divulge personal information. In this podcast, Matias Brutti, a security consultant at security services firm IOActive, explains what the automation of social engineering means for organizations and how they can fight back.
Malware writers are borrowing a page from the Windows attack handbook with the latest Mac OS X threat.
Before seeking out help from vendors in dealing with the advanced persistent threat, security professionals must understand exactly what defines such an attack.
Researchers have discovered that the email containing the malicious file used to breach RSA contained just two sentences: "I forward this file to you for review. Please open and view it."
It's a cold, cold-calling world: an old scam with some new wrinkles.
A Los Angeles man has earned considerable time behind bars after serving as the U.S. head of a phishing operation that stole more than $1 million from the customers of two banks.
Small and midsize organizations may want to take note: There is a particularly large Zeus spam campaign making the rounds.
Scareware has taken on a human face. Criminals posing as computer security engineers are having success in calling victims at home and stealing their money, according to a survey issued Thursday by Microsoft. Fifteen percent of 7,000 computer users polled in the United States, Canada, U.K. and Ireland said they have been been contacted by a phone scammer, and 22 percent of those were tricked into following the fraudsters' directions, which included giving them remote access to a computer or providing credit card information. Seventy-nine percent of those suffered a financial loss as a result. Victims were out an average $875 in the United States, the survey found.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Website observed serving 83 executable files, more than 50 percent malware
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- TeslaCrypt used to extort over $76K in recent months
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes