Threats

Researchers uncover critical flaws impacting satellite communications

Researchers uncover critical flaws impacting satellite communications

By

Critical security issues that leave satellite communications vulnerable to being intercepted, manipulated or blocked were detailed in a white paper.

Most Heartbleed detection tools have bugs of their own, firm finds

By

London-based CNS Hut3 warns that flaws in many Heartbleed detection tools could give companies a "false sense of security."

Researchers find Android security issue in app permissions protocol

Researchers find Android security issue in app permissions protocol

By

The permissions issue could allow a malicious app to alter legitimate home screen icons.

The driving force behind new attacks

The driving force behind new attacks

By

Roel Schouwenberg, principal security researcher at Kaspersky Lab, speaks with SC Magazine on why new approaches have been employed to go after the same means.

Phishing attack targets FIFA video game players

By

A Twitter account attempting to mask itself as part of an EA Sports official support team sent video game players a malicious link that could have handed over hundreds of logins.

DHS puts critical infrastructure on 'Heartbleed Bug' alert

DHS puts critical infrastructure on 'Heartbleed Bug' alert

By

This week, critical infrastructure operators were notified of potential threats arising from the critical OpenSSL flaw.

Phishers find most success midweek, masquerading as IT, report finds

Phishers find most success midweek, masquerading as IT, report finds

By

An incident response firm found that 93 percent of phishing emails were sent out on weekdays, with the most popular day being Wednesday.

Google Chrome bug enables stealthy tapping of microphones

By

A vulnerability in Google Chrome can allow an attacker to stealthily listen in on someone, even if microphone access is blocked.

'Heartbleed bug' leads Canada Revenue Agency to suspend tax efiling

By

The Heartbleed Bug is a critical OpenSSL flaw said to leave online information, including payment card data, vulnerable to being exposed.

Trojanized Android apps steal authentication tokens, put accounts at risk

Trojanized Android apps steal authentication tokens, put accounts at risk

By

Rogue Android apps can steal authentication tokens and risk the accounts of some of the most widely used services, including Google, Facebook and Twitter.

JPMorgan Chase CEO details company's cyber threats in annual letter

By

Jamie Dimon wrote that the bank will have spent more than $250 million annually by the end of the year on cyber security and faces increasingly complex and more dangerous" attacks.

More states look into Experian co. breach exposing 200 million records

By

Efforts are now reportedly underway in Iowa and North Carolina as part of a multistate probe.

Popular ad server patches SQL injection flaw impacting platform

Popular ad server patches SQL injection flaw impacting platform

By

Orbit Open Ad Server was vulnerable to SQL injection attacks, which could result in website visitors' information being stolen via malvertising, a security firm found.

Microsoft releases final fixes for Windows XP, Office 2003

Microsoft releases final fixes for Windows XP, Office 2003

By

This month's Patch Tuesday marks the end of support for the dated, but widely used, products.

Zeus variant uses valid digital signature to avoid detection

Zeus variant uses valid digital signature to avoid detection

By

Anti-virus company Comodo has identified a variant of the infamous Zeus trojan that is avoiding detection by using a valid digital signature.

Connecticut, Illinois to investigate massive breach at Experian co.

Connecticut, Illinois to investigate massive breach at Experian co.

By

The breach struck Experian subsidiary, Court Ventures, and compromised the personal and financial data of more than 200 million Americans.

Microsoft previews last Patch Tuesday update for Windows XP

Microsoft previews last Patch Tuesday update for Windows XP

By

The company also revealed that a zero-day flaw in Word 2010 will be patched next week.

Regulator alerts banks of mounting ATM attacks, DDoS threat

By

The Federal Financial Institutions Examination Council (FFIEC) notified the industry on Wednesday.

More than 24M home routers enabling DNS amplification DDoS attacks

More than 24M home routers enabling DNS amplification DDoS attacks

By

More than 24 million home routers have open DNS proxies that enable DNS-based DDoS attacks, and 5.3 million of the devices were used to generate attack traffic in February, according to Nominum.

The zombie's bite: Avoiding a botnet

The zombie's bite: Avoiding a botnet

By

Some advice from pros for keeping your infrastructure out of the snares of a botnet. Alan Earls reports.

Know your friends: Partnering with the right allies

Know your friends: Partnering with the right allies

By

Choosing the right allies to ensure security requirements is a challenge for businesses both large and small, reports James Hale.

News briefs: Revelations at RSA Conference, zero-day fixes and more security news

News briefs: Revelations at RSA Conference, zero-day fixes and more security news

By

This month's news briefs includ revelations at the RSA Conference 2014 in San Francisco, new malware, zero-day fixes and more security news.

Tesla cars' weak password protocol could allow remote unlock, locating

Tesla cars' weak password protocol could allow remote unlock, locating

By

A researcher at Black Hat Asia highlighted security issues affecting Tesla Model S cars.

Wi-Fi Alliance contacts Philips after researchers hack smart TVs

By

After researchers showed how they could take control of and take data off recent Philips Smart TVs, the Wi-Fi Alliance has contacted the technology company over its passphrase implementation relating to Miracast.

Smartphones at risk of malicious code injection through HTML5-based apps

Smartphones at risk of malicious code injection through HTML5-based apps

By

Researchers have discovered a new attack, known as Cross-Device Scripting, that can allow an attacker to compromise most smartphones by injecting malicious code through HTML5-based apps.

Why companies still struggle with security basics

By

In this video, Rob Kraus, director of research at Solutionary, speaks with SC Magazine reporter Danielle Walker on the company's Global Threat Intelligence report, which highlights ways to master core security practices.

Fandango, Credit Karma settle FTC charges of poor app security

Fandango, Credit Karma settle FTC charges of poor app security

By

The companies were accused of failing to securely transmit credit card data, Social Security numbers, and other sensitive data collected by their mobile apps.

Pinterest accounts hacked, display weight loss spam and butt pictures

By

Hacked Pinterest accounts began posting weight loss spam, and pictures of butts too.

Google researchers shed light on state-sponsored attacks targeting news orgs

By

The security engineers presented the findings at the Black Hat conference in Singapore.

Researchers demo how Philips smart TVs do not have smart security

Researchers demo how Philips smart TVs do not have smart security

By

Researchers with security company ReVuln released a video in which they demonstrated how recent Philips smart TVs are vulnerable to numerous attacks.

Sign up to our newsletters

POLL