Trusting the good intentions of an agency shouldn't carry an automatic assumption that what they do or say, or where they say it, is always good for you.
After being "sinkholed," the Kelihos.B botnet has been reconfigured and is spreading through social networking sites.
Stephen Cobb, security evangelist at ESET, discusses the hot topics at this year's RSA Conference 2012, including BYOD, attacks on social networks, and resource challenges in today's economy.
Twitter, a hotbed of malware due to its extreme popularity, has made one of its first-ever security acquisitions with the purchase of Dasient.
A new variant of the Ramnit virus harvested the login credentials of more than 45,000 Facebook users worldwide, according to researchers.
Twitter has acquired a start-up that makes security and management solutions for Android devices.
Anonymity and pseudonymity: A once and future thing.
The social media giant is "pursuing the appropriate action" against those behind a wave of pornographic content that showed up on users' news feeds this week.
Hackers over the weekend accessed Microsoft's YouTube channel to swap out videos with their own. It is unclear what the intruders' motive was, but they may have been able to access the account by stealing its login credentials from a Microsoft employee, Graham Cluley, senior technology consultant at anti-virus firm Sophos, said in a blog post Sunday. One of the unauthorized videos posted was titled "Bingo" and featured an animated video game character shooting another character. By Monday morning, the channel was operating normally. The incident followed hackers last week taking over the Sesame Street YouTube channel to display pornographic videos.
The process of delivering targeted attacks to end-users has gotten easier for attackers thanks to automated social engineering, in which adversaries can write tools that scour the web for personal data to include in their emails to increase their believability. The goal, of course, is to design messages that people are more likely to click on and, as a result, install malware on their machines or divulge personal information. In this podcast, Matias Brutti, a security consultant at security services firm IOActive, explains what the automation of social engineering means for organizations and how they can fight back.
The Twitter account belonging to the USA Today was hacked over the weekend by a group called The Script Kiddies. In tweets posted from the compromised account, the hacktivist group bragged about past hacking feats, and urged users to "like" them on Facebook and vote on who they should infiltrate next. It is unclear how the hackers were able commandeer control of the account. The same group also claimed responsibility earlier this month for hacking the NBC News Twitter account and sending a series of erroneous tweets. In that case, a trojan permitted the takeover.
Facebook should use its recently announced vulnerability bounty program to push for more security in third-party applications that run on the site.
One of the more prominent members of the Anonymous hacking movement has shot down reports that the group is planning to take down Facebook on Nov. 5. "Sabu" tweeted Wednesday that the so-called OpFacebook is a hoax. His claim was backed up by AnonOps, considered the most reliable Anonymous news source on Twitter. It is possible splinter members are planning the attack, which is being launched over allegations that Facebook provides information about its users to government agencies and security firms, according to a YouTube video posted in mid-July. The Nov. 5 date is known as Guy Fawkes Day to commemorate the capture of the British revolutionary who plotted to blow up the House of Lords.
The Federal Trade Commission late last week finalized a proposed settlement with Twitter, resolving charges that the social networking site failed to failed to properly safeguard the data and privacy of its users. As part of the settlement, announced in June, Twitter must create and maintain a comprehensive information security program and succumb to a third-party audit biennially for 10 years. Twitter was also barred for 20 years from misleading consumers about its security and privacy protections. Each subsequent violation may result in a penalty of up to $16,000. - AM
What cyberwar psychological operations are now being conducted by women? How can information businesses be adaptable for changes which may be trending in a new Middle East? Part four of a series.
#OpEgypt and #Jan25 lead in this cyberwarfare analysis on psychological operations using social media. The old-school mobile phone is now the instrument of real-time sitreps. Will cellular network technology be the next risk for state-sanctioned cyberwarfare? Part three of a series.
Five steps any size business can employ today to crush phishing risks.
Were cybersecurity and Stuxnet involved with Iranian Prof. Shahriari's recent assassination? What are the game-changing physical security considerations for chief information officers?
Some low level criminal networks have profiles in everyday social networks. Would researching these profiles during cyber intrusion research risk tipping off the bad guys?
Social networking sites and search engines are expected to be hit hard as cybercriminals try to wrangle in unsuspecting holiday shoppers.
A large wave of malicious emails claiming to come from Facebook began hitting inboxes this morning, according to researchers at messaging security firm AppRiver. The emails contain the subject line "Facebook Support" and purport to be from "Facebook office." Recipients are told their Facebook accounts have been blocked due to spam activity and they must use a new password, which is included in an attachment. However, the attachment actually contains a variant of the Oficla downloader, which has been known to install rogue anti-virus programs and the Zeus trojan. AppRiver has detected more than 100,000 of the messages. - DK
A computer researcher has released a plug-in for the Firefox web browser that lets anyone scan open Wi-Fi networks and hijack, for example, Twitter and Facebook accounts.
Twitter is cleaning up from another fast-spreading worm that forced users to tweet out a graphic message.
Cybercriminals this week took advantage of a cross-site scripting vulnerability on Twitter that since has been fixed, according to security researchers
Facebook on Thursday announced the launch of a new security feature that allows members to log out of any active sessions from a central control. The function is aimed at users who may have accidentally remained logged in when using a computer or mobile device that wasn't their own. However, according to a Facebook Security blog post, the feature also can be used to sign off individuals who may have gained unauthorized access to an account. The new tool complements a feature announced in May that allows users to approve the devices that can access their accounts. — DK
Apple's new social media service Ping already is being abused by spammers, security experts are warning.
Attackers took to Twitter on Monday to spread malware via links pointing to what they claimed was an update to the popular microblogging client TweetDeck.
The latest scam to hit Facebook is trying to trick users into spreading spam with the offer of a "dislike" button, Graham Cluley, senior technology consultant at anti-virus firm Sophos, said in a blog post Monday. Many users have been clamoring for such a capability, as they could use the button to give a thumbs-down to other posts, links or uploads of which they are not fond. A "like" button already exists. The scam entices users to click on a link and install a rogue Facebook application, Cluley said. If the app is given permission to run, it posts spam messages from the user's account and prompts them to complete an online survey that makes money for the perpetrators. — AM
Facebook this week fixed a privacy glitch on its website that could have been abused to obtain a user's full name and photo by entering an incorrect password, a researcher said Wednesday.
SC Magazine Articles
- Was Spotify breached? Account info shows up on Pastebin
- Report: Ransomware feeds off poor endpoint security
- Over 7M Minecraft mobile credentials exposed after Lifeboat data breach
- PCI DSS version 3.2 release extends multifactor authentication requirement
- New site on dark web offering one-stop ransom services
- DōTERRA breach exposes customer info; including SS, DOB, and addresses
- Federal court bucks trend, rules general liability insurance covers data breach
- The anatomy of a spearphishing scam, or how to steal $100M with a fake email
- Pros examine Mossack Fonseca breach: WordPress plugin, Drupal likely suspects
- PCI DSS version 3.2 release extends multifactor authentication requirement
- First Choice Credit Union files class-action suit against Wendy's over breach
- Top NFL prospect Tunsil free falls in draft after apparent hacker posts damaging video, texts
- Researchers spot Android Infostealer disguised as Chrome update
- Researchers spot mobile malware competition on the black market
- Judge ruled go ahead for claims of phone hacking against UK tabloid