Threats

AOL Mail hack furthers spam campaign using spoofed accounts

By

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.

Phishing for the "wildcard"

By

Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, speaks with reporter Danielle Walker on social engineering ruses targeting wildcard certificates.

Attack exercise reveals threat-sharing roadblock within health orgs

Attack exercise reveals threat-sharing roadblock within health orgs

By

In the "CyberRx" exercise, many organizations expressed concerns about communicating threat information to integral team members outside IT.

Heartbleed bug exploited to bypass multifactor auth, hack VPN

By

Security firm Mandiant detailed the heartbleed exploit, which was used on one of its clients.

U.S. and Russia both look to extradite hacker

By

A Dutch minister of justice will decide where Vladimir Drinkman will land to face charges related to his involvement in the cyber crime collective responsible for the Heartland Payment breach.

Mysterious iOS malware campaign has Chinese origins

By

The threat, dubbed "Unflod Baby Panda," was discovered by Reddit users and analyzed by researchers at the German-based security firm, SektionEins.

Federal watchdog says SEC security issues put financial data at risk

Federal watchdog says SEC security issues put financial data at risk

By

According to the U.S. Government Accountability Office (GAO), SEC, among other lapses, failed to adequately oversee a contractor, which migrated its financial system to a new data center.

Researchers uncover critical flaws impacting satellite communications

Researchers uncover critical flaws impacting satellite communications

By

Critical security issues that leave satellite communications vulnerable to being intercepted, manipulated or blocked were detailed in a white paper.

Most Heartbleed detection tools have bugs of their own, firm finds

By

London-based CNS Hut3 warns that flaws in many Heartbleed detection tools could give companies a "false sense of security."

Researchers find Android security issue in app permissions protocol

Researchers find Android security issue in app permissions protocol

By

The permissions issue could allow a malicious app to alter legitimate home screen icons.

The driving force behind new attacks

The driving force behind new attacks

By

Roel Schouwenberg, principal security researcher at Kaspersky Lab, speaks with SC Magazine on why new approaches have been employed to go after the same means.

Phishing attack targets FIFA video game players

By

A Twitter account attempting to mask itself as part of an EA Sports official support team sent video game players a malicious link that could have handed over hundreds of logins.

DHS puts critical infrastructure on 'Heartbleed Bug' alert

DHS puts critical infrastructure on 'Heartbleed Bug' alert

By

This week, critical infrastructure operators were notified of potential threats arising from the critical OpenSSL flaw.

Phishers find most success midweek, masquerading as IT, report finds

Phishers find most success midweek, masquerading as IT, report finds

By

An incident response firm found that 93 percent of phishing emails were sent out on weekdays, with the most popular day being Wednesday.

Google Chrome bug enables stealthy tapping of microphones

By

A vulnerability in Google Chrome can allow an attacker to stealthily listen in on someone, even if microphone access is blocked.

'Heartbleed bug' leads Canada Revenue Agency to suspend tax efiling

By

The Heartbleed Bug is a critical OpenSSL flaw said to leave online information, including payment card data, vulnerable to being exposed.

Trojanized Android apps steal authentication tokens, put accounts at risk

Trojanized Android apps steal authentication tokens, put accounts at risk

By

Rogue Android apps can steal authentication tokens and risk the accounts of some of the most widely used services, including Google, Facebook and Twitter.

JPMorgan Chase CEO details company's cyber threats in annual letter

By

Jamie Dimon wrote that the bank will have spent more than $250 million annually by the end of the year on cyber security and faces increasingly complex and more dangerous" attacks.

More states look into Experian co. breach exposing 200 million records

By

Efforts are now reportedly underway in Iowa and North Carolina as part of a multistate probe.

Popular ad server patches SQL injection flaw impacting platform

Popular ad server patches SQL injection flaw impacting platform

By

Orbit Open Ad Server was vulnerable to SQL injection attacks, which could result in website visitors' information being stolen via malvertising, a security firm found.

Microsoft releases final fixes for Windows XP, Office 2003

Microsoft releases final fixes for Windows XP, Office 2003

By

This month's Patch Tuesday marks the end of support for the dated, but widely used, products.

Zeus variant uses valid digital signature to avoid detection

Zeus variant uses valid digital signature to avoid detection

By

Anti-virus company Comodo has identified a variant of the infamous Zeus trojan that is avoiding detection by using a valid digital signature.

Connecticut, Illinois to investigate massive breach at Experian co.

Connecticut, Illinois to investigate massive breach at Experian co.

By

The breach struck Experian subsidiary, Court Ventures, and compromised the personal and financial data of more than 200 million Americans.

Microsoft previews last Patch Tuesday update for Windows XP

Microsoft previews last Patch Tuesday update for Windows XP

By

The company also revealed that a zero-day flaw in Word 2010 will be patched next week.

Regulator alerts banks of mounting ATM attacks, DDoS threat

By

The Federal Financial Institutions Examination Council (FFIEC) notified the industry on Wednesday.

More than 24M home routers enabling DNS amplification DDoS attacks

More than 24M home routers enabling DNS amplification DDoS attacks

By

More than 24 million home routers have open DNS proxies that enable DNS-based DDoS attacks, and 5.3 million of the devices were used to generate attack traffic in February, according to Nominum.

The zombie's bite: Avoiding a botnet

The zombie's bite: Avoiding a botnet

By

Some advice from pros for keeping your infrastructure out of the snares of a botnet. Alan Earls reports.

Know your friends: Partnering with the right allies

Know your friends: Partnering with the right allies

By

Choosing the right allies to ensure security requirements is a challenge for businesses both large and small, reports James Hale.

News briefs: Revelations at RSA Conference, zero-day fixes and more security news

News briefs: Revelations at RSA Conference, zero-day fixes and more security news

By

This month's news briefs includ revelations at the RSA Conference 2014 in San Francisco, new malware, zero-day fixes and more security news.

Tesla cars' weak password protocol could allow remote unlock, locating

Tesla cars' weak password protocol could allow remote unlock, locating

By

A researcher at Black Hat Asia highlighted security issues affecting Tesla Model S cars.

Sign up to our newsletters

POLL