Home > Data Security News Archive

Data Security News Archive

Convenience Store Chain Hacked, Customer Payment Data At Risk

May 7, 2013 — MAPCO Express says the FBI is investigating a breach that exposed customer financial data in its stores … [Read more at Dark Reading]

Pentagon accuses China of cyberattacks on U.S military, business targets

May 7, 2013 — Stolen data is used to ramp up China's military and high tech industries, Defense Department says in report to Congress… [Read more at ComputerWorld]

Internet Explorer 8 Zero Day Exploit Targeted Nuclear Workers

May 6, 2013 — Security researchers discovered an exploit in Internet Explorer 8 that allowed attackers to execute malicious code on a victim's computer… [Read more at PCMag]

Systems Manager Arrested for Hacking Former Employer's Network

May 3, 2013 — He allegedly caused over US$90,000 in damages, the FBI said… [Read more at CIO]

China Tied To 3-Year Hack Of Defense Contractor

May 2, 2013 — U.S. defense contractor QinetiQ ignored persistent attack warning signs, lost terabytes of secret information, say investigators… [Read more at Dark Reading]

Printers, routers used as bots in DDoS attacks

May 1, 2013 — Network-connected devices have vulnerable protocols that allow them to be easily manipulated, Prolexic says… [Read more at ComputerWorld]

Five Habits Of Highly Successful Malware

May 1, 2013 — It's no secret that malware is dodging defenses; security experts pinpoint successful strategies, including the use of real-time communications, frequent disguises, and laying low… [Read more at Dark Reading]

U.S. Labor Dept. Website Hacked, Serves Malware

May 1, 2013 — Attack bears strong similarities to previous campaigns executed by Chinese APT attack group "DeepPanda," reports security expert… [Read more at InformationWeek]

Survey raises specter of massive enterprise software insecurity

Apri 30, 2013 — Annual Sonatype survey suggests enterprise app developers are leaving huge security holes with use of open source components… [Read more at InfoWorld]

Chinese Cyberespionage: Brazen, Prolific, And Persistent

April 30, 2013 — New research from multiple sources illustrates dominant role of China in cyberespionage… [Read more at Dark Reading]

Darkleech Apache Attacks Intensify

April 30, 2013 — Security researchers discover hard-to-detect, memory-resident Linux malware compromising Apache servers and redirecting browsers to other infected sites… [Read more at InformationWeek]

Recent Breaches More Likely To Result In Fraud

April 29, 2013 — A victim whose data is stolen in the past year will have a 1-in-4 chance of becoming a fraud victim as well, says Javelin's latest breach analysis… [Read more at Dark Reading]

Big Data Makes A Big Target

April 29, 2013 — LivingSocial.com is another in a long line of "big scores" for data attackers… [Read more at Dark Reading]

LivingSocial Password Breach Affects 50 Million Accounts

April 27, 2013 — Cyber-attackers recently breached LivingSocial's systems and illegally accessed customer information for more than 50 million users… [Read more at PCMag]

Hackers increasingly target shared Web hosting servers for use in mass phishing attacks

April 26, 2013 — Nearly half of phishing attacks seen during the second half of 2012 involved the use of hacked shared hosting servers, APWG report says… [Read more at InfoWorld]

More malware discovered from drone cyberattacks

April 24, 2013 — Despite the exposure of the cyberespionage, Operation Beebus is still active, although its infrastructure has changed… [Read more at CSO]

Cyber scammers fake out Google Play with bogus ad network

April 22, 2013 — Bad guys loaded Google Play with 32 Android apps that, once installed, pull malicious payloads from remote servers… [Read more at InfoWorld]

Chinese Cyberattacks Skyrocket in 2012, But What Does it Mean?

April 22, 2013 — This year, a large uptick in espionage attacks linked to China paints a scary, if somewhat warped, picture… [Read more at PCMag]

Symantec Internet Security Threat Report reveals spike in cyber-espionage

April 16, 2013 — Symantec Corp.’s Internet Security Threat Report on April 16 revealed a 42 percent surge during 2012 in targeted attacks… [Read more at GSN]

Symantec report finds small businesses battered by cyber crime

April 16, 2013 — Companies with 250 employees or less absorbed 18 percent of targeted cyber attacks in 2011 but 31 percent in 2012… [Read more at InfoWorld]

Control system hack at manufacturer raises red flag

April 9, 2013 — US-CERT find leads to concerns across a broad array of industries, including military and hospitals… [Read more at CSO]

Wells Fargo site hit by denial-of-service attack

March 27, 2013 — The bank's Web site was the victim of a cyberattack yesterday, though the company says its physical branches and ATMs weren't affected… [Read more at CNET]

Malware Developers Hijack Chromium Framework

March 26, 2013 — Malware developers have been using a free Web browser control framework to make their malicious code easier to create and maintain… [Read more at InformationWeek]

Think layers of security is all that? Think again

March 26, 2013 — Of 1,800 serious malware NSS Labs tested, some always managed to get through -- no matter what combination of protection was used… [Read more at CSO]

Boring Malware Sneaks By Antivirus Sandboxing

March 25, 2013 — Performing dynamic analysis of unknown software in a controlled environment—or "sandboxing"—is a powerful tool security professionals use to flush out malware. However, the bad guys are wise to the technique and have been introducing new tricks to break out of the sandbox and into your system… [Read more at PCMag]

Small Suppliers Must Beef Up Security

March 25, 2013 — Attacks on small- and midsized businesses are on the rise, particularly against those firms supplying--and thus having access to--larger companies… [Read more at Dark Reading]

Top Chinese university linked to alleged military cybercrime unit

March 23, 2013 — Reuters has turned up a research connection between Shanghai Jiaotong University and the People's Liberation Army unit suspected of participation in cyberattacks on the West… [Read more at CNET]

Hackers Eavesdrop Using Legitimate Remote Control Software

March 23, 2013 … For a decade, "TeamSpy" cyber espionage campaign has used TeamViewer software already installed on PCs to eavesdrop on communications and steal data from targets in Eastern Europe… [Read more at InformationWeek]

Chameleon botnet steals $6M per month in click fraud scam

March 19, 2013 — More than 120,000 Windows-based computers running Internet Explorer 9 are infected in the U.S., researchers say… [Read more at CNET]

Rent, Buy, or Lease? Exploit Toolkits A La Carte

March 19, 2013 — Gone are the days when cybercrime was a pastime of mischievous teenagers. Cybercrime has evolved into a complex enterprise complete with leaders, engineers, infantry, and money mules… [Read more at PCMag]

What 420,000 insecure devices reveal about Web security

March 18, 2013 — Using a simple technique, a researcher creates a benign botnet to survey the breadth of the Internet, and finds a back door flung wide open and beckoning the bad guys… [Read more at CNET]

U.S. National Vulnerability Database Hacked

March 14, 2013 — The central database of vulnerability and related security information, maintained by NIST, remains down due to malware discovered on the site and traced, ironically, to a software vulnerability… [Read more at Dark Reading]

Security appliances are riddled with serious vulnerabilities, researcher says

March 14, 2013 — Companies should not assume that security products are implicitly secure, the researcher said… [Read more at CSO]

Medical Industry Under Attack By Chinese Hackers

March 14, 2013 — Sykipot, VOHO targeted attack campaigns hit medical industry, and cyberspies also after business-process intel… [Read more at Dark Reading]

Intelligence chief offers dire warning on cyberattacks

March 12, 2013 — Director of National Intelligence James Clapper presents his yearly congressional report on security threats facing the nation. Cyberattacks appear for the first time -- and get top billing… [Read more at CNET]

White House demands China cease alleged hacking activity

March 11, 2013 — Obama's national security adviser says China must end recent cyberespionage traced to back to that country or risk impacting relations with the U.S.… [Read more at CNET]

U.S. Cybersecurity Status Weak, Reports Charge

March 7, 2013 — DOD report says the military is "not prepared" for cyber war, while a White House report says agencies fall short of federal cybersecurity goals… [Read more at InformationWeek]

Prices fall, services rise in malware-as-a-service market

March 4, 2013 — Webroot has seen starting prices for a U.S. botnet fall from $200 to $120, thanks to competition, the company says… [Read more at InfoWorld]

Anonymous Takes On State Department, More Banks

February 19, 2013 — Hacktivist group says it will release work email addresses for more than 170 U.S. State Department employees in fifth round of Operation Last Resort attacks… [Read more at InformationWeek]

Retailers a prime target for cybercriminals in 2012

February 14, 2013 — Nearly half of the attacks investigated by the company were aimed at retailers, says Trustwave… [Read more at CSO]

Your antivirus software probably won't prevent a cyberattack

January 31, 2013 — During a four-month long cyberattack by Chinese hackers on the New York Times, the company's antivirus software missed 44 of the 45 pieces of malware installed by attackers on the network… [Read more at CNNMoney]

Pentagon to boost Cyber Command fivefold, report says

January 28, 2013 — Faced with rising cyberattack numbers and heckling by the likes of Anonymous, the Pentagon has decided to increase its staffing from 900 to 4,900 workers, according to the Washington Post… [Read more at CNET]

Corporations bring a 'knife to a gun fight' amid cyberattacks

January 25, 2013 — According to a new report, denial-of-service attacks rose by a staggering 170 percent last year, and corporations need to learn how to better defend themselves… [Read more at CNET]

'Cyber 9/11' may be on horizon, Homeland Security chief warns

January 24, 2013 — With the possibility of a massive cyberattack hitting the U.S. in the near future, Homeland Security Secretary Janet Napolitano urges the government to pass cybersecurity legislation… [Read more at CNET]

U.S. is home to greatest number of botnet servers, says McAfee

January 24, 2013 — With 631 active command and control servers, the U.S. far surpasses any other country when it comes to malware-controlled zombie computers, says the antivirus vendor… [Read more at CNET]

Sony fined $395K for 2011 PlayStation Network hack

January 24, 2013 — The Information Commissioner's Office in the U.K. has fined Sony Computer Entertainment Europe for the PlayStation Network data breach in April 2011, which the agency says was preventable… [Read more at CNET]

3 charged in malware scheme targeting bank accounts

January 23, 2013 — U.S. prosecutors say three foreign nationals created and distributed a virus that infected 1 million computers worldwide, including 40,000 in the U.S… [Read more at CNET]

Beware of fake Java updates

January 23, 2013 — New malware poses as Java updater to fix recent vulnerabilities… [Read more at CNET]

New bill asks companies to notify EU of security breaches

January 18, 2013 — The European Union works on legislation that would set up local cybersecurity agencies, in an effort to regulate tech companies that have access to user data… [Read more at CNET]

U.S. general warns of Iran's growing cyber strength

January 18, 2013 — The Iranian government has enhanced its cyber capabilities since being hit by the Stuxnet virus, cautions a U.S. Air Force official… [Read more at CNET]

Big Data Will Play Key Role In Security's Future, Study Says

January 17, 2013 — 'Intelligence-driven security' will enable enterprises to deeply analyze security data and assess risk more accurately… [Read more at Dark Reading]

Zaxby's Restaurants Hit With Security Breach

January 16, 2013 — The restaurant chain is investigating a breach that may have exposed customer data at more than 100 of its locations… [Read more at Dark Reading]

Facebook Graph Search is an awesome tool for phishing attacks

January 16, 2013 — Facebook shook the tech world's foundation a bit with the announcement of Graph Search capability. Users are anxious for a chance to play with the new feature, and attackers are looking forward to this potent new weapon, er, tool as well… [Read more at PCWorld]

Another Java Zero-Day Vulnerability Hits Black Market

January 16, 2013 — Just 24 hours after Oracle patched two critical flaws in Java, online vulnerability vendor starts selling never-seen Java bug… [Read more at InformationWeek]

Red October malware discovered after years of stealing data in the wild

January 15, 2013 — A shadowy group of hackers has siphoned intelligence data worldwide from diplomatic, government, and scientific research computer networks for more than five years… [Read more at PCWorld]

Diplomatic and Government Agencies Targeted in Years-long Cyberespionage Operation

January 14, 2013 — The attackers used custom malware to target organizations from 39 countries… [Read more at CIO]

Homeland Security still advises disabling Java, even after update

January 14, 2013 — DHS says an unpatched vulnerability may still put Web browsers using the plugin at risk of remote attack… [Read more at CNET]

Oracle rushes patch to quash critical Java bugs

January 14, 2013 — Oracle on Sunday issued an emergency Java update to patch two critical vulnerabilities, including one that had been exploited in ongoing and accelerating attacks… [Read more at ComputerWorld]

Java Fallout: 4 SMB Security Resolutions

January 14, 2013 — Fixing this kind of security issue doesn't require going head-to-head with organized crime rings or hacktivist groups. It just requires some human elbow grease… [Read more at InformationWeek]

How Cybercriminals Choose Their Targets And Tactics

January 13, 2013 — Targeted attacks are becoming pervasive. Here's a look at how those targets are chosen -- and how your organization might avoid being one of them… [Read more at Dark Reading]

Java Zero-day Vulnerability Actively Exploited By Attackers

January 10, 2013 — The exploit for an unpatched Java vulnerability was added in popular attack toolkits, security researchers say… [Read more at CIO]

Botnets for Hire Likely Used in Attacks Against US Banks, Security Firm Says

January 10, 2013 — Evidence collected from a website that was recently used to flood U.S. banks with junk traffic suggests that the people behind the ongoing DDoS attack campaign against U.S. financial institutions -- thought by some to be the work of Iran -- are using botnets for hire… [Read more at CIO]

Nations prepare for cyber war

January 7, 2013 — Security analysts are predicting that 2013 is when nation-sponsored cyberwarfare goes mainstream… [Read more at CNN Money]

Website of US-based Gas Turbine Maker Also Rigged with New IE Exploit

January 3, 2013 — The website of Capstone Turbine Corporation served an exploit for a new Internet Explorer vulnerability… [Read more at CIO]

'Dementia' Wipes Out Attacker Footprints In Memory

January 3, 2013 — New tool exposes weak links in forensic tools that inspect Windows memory for attack intelligence… [Read more at Dark Reading]

Fake Turkish site certs create threat of bogus Google sites

January 3, 2013 — After a Turkish Internet certificate authority "mistakenly" issues two unauthorized e-documents used to verify Web site authenticity, another organization creates a fraudulent certificate that could let it impersonate various Google sites. Browser makers have responded… [Read more at CNET]

Security lessons from 2012

January 3, 2012 — DDoS attacks on banks, cyberwarfare should be high on security agendas… [Read more at ComputerWorld]

New IE Zero-Day Attack Bypasses Key Microsoft Security Measures

January 2, 2013 — Microsoft releases temporary browser fix for new flaw being exploited in targeted attacks… [Read moer at Dark Reading]

Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt

December 31, 2012 — The antivirus industry has a dirty little secret: its products are often not very good at stopping viruses… [Read more at The New York Times]

2012's Worst Security Exploits, Fails and Blunders

December 28, 2012 — If 2012 has proven anything, it's that even the most cautious security-minded souls need to double down on their protective practices, and think about the best ways to mitigate damage if the worst happens in our increasingly cloud-connected world… [Read more at PCWorld]

Automated Malware Analysis Under Attack

December 20, 2012 — Malware writers go low-tech in their latest attempt to escape detection, waiting for human input -- a mouse click -- before running their code… [Read more at Dark Reading]

Poor SCADA Security Will Keep Attackers and Researchers Busy in 2013

December 21, 2012 — Security researchers expect attacks against industrial control systems to increase next year… [Read more at CIO]

Stabuniq Malware Found on Servers at U.S. Financial Institutions

December 21, 2012 — Security researchers from Symantec have identified an information-stealing Trojan program that was used to infect computer servers belonging to various U.S. financial institutions… [Read more at CIO]

Making Database Security Your No. 1 2013 Resolution

December 20, 2012 — How database-centric practices would change your security strategy and risk profile in the coming year… [Read more at Dark Reading]

Cybercrime Inc.: The Business Of The Digital Black Market

December 19, 2012 — Money makes the world go 'round -- especially the world of cybercrime, where criminal groups have exploded in both number and sophistication… [Read more at Dark Reading]

World of botnet cybercrime paying pretty well these days

December 19, 2012 — The world of cybercrime is getting more specialized as an eco-sphere of helpers in running botnet operations has developed… [Read more at Network World]

Five Significant Insider Attacks Of 2012

December 17, 2012 — From the recent theft of counterterrorism data from Switzerland's intelligence agency to remotely wiretapping boardroom videoconferencing systems, a number of attacks had an inside component… [Read more at Dark Reading]

Dexter' Directly Attacks Point-of-Sale Systems

December 11, 2012 — kers employ custom malware rather than physical skimmers to steal payment card information from PoS systems in 40 countries… [Read more at Dark Reading]

Dexter Malware Infects Point-of-Sale Systems Worldwide

December 11, 2012 — Researchers from Israel-based IT security firm Seculert have uncovered a custom-made piece of malware that infected hundreds of point-of-sale (PoS) systems from businesses in 40 countries in the past few months and stole the data of tens of thousands of payment cards… [Read more at CIO]

Team Ghostshell Hackers Claim NASA, Interpol, Pentagon Breaches

December 10, 2012 — Group boasts "juicy release" of 1.6 million records and accounts drawn from defense contractors, government agencies, trade organizations and more… [Read more at InformationWeek]

'Project Mayhem' Hacks Accounting Software

December 6, 2012 — No exploit required for defrauding Microsoft and other accounting systems, researchers at Black Hat Abu Dhabi reveal… [Read more at Dark Reading]

Zeus botnet steals $47M from European bank customers

December 5, 2012 — New variant dubbed "Eurograbber" intercepts bank text messages sent to mobile phones to defeat two-factor authentication process… [Read more at CNET]

Hackers steal customer info from insurance provider Nationwide

December 5, 2012 … The insurance company reports a hack from October that compromises the personal information of 1.1 million people… [Read more at CNET]

Stepping Up SMB Security

December 5, 2012 — When your company is the third-party vendor, improved security practices, transparency, and independent reviews to prove your claims can go a long way toward winning enterprises embattled by attacks and the burden of compliance… [Read more at Dark Reading]

'Gameover Zeus' Gang Launches New Attacks

December 4, 2012 — Campaign includes rigged emails spoofing major U.S. banks and offering 'secure email' exchange with banking customers… [Read more at Dark Reading]

New 'Dockster' Malware Targets Apple Computers

December 3, 2012 — The basic trojan has been found on a website dedicated to the Dalai Lama… [Read more at CIO]

Japan Space Agency: Virus May have Stolen Space Rocket Data

November 30, 2012 — The Japan Aerospace Exploration Agency said an infected computer may have given up secrets on its long-range Epsilon rocket… [Read more at CIO]

10 Top Government Data Breaches Of 2012

November 29, 2012 — SQL injection, post-phishing privilege escalation, and poorly secured back-up information all played their part in exposing sensitive government data stores this year… [Read more at Dark Reading]

Chinese Cyberespionage Tool Updated For Traditional Cybercrime

November 27, 2012 — PlugX remote access Trojan (RAT) spotted being used to pilfer money out of enterprises… [Read more at Dark Reading]

How South Carolina Failed To Spot Hack Attack

November 26, 2012 — Attackers stole 3.3 million businesses' bank details and 1.9 million social security numbers, cost the state $14 million for cleanup… [Read more at InformationWeek]

Cybercriminals Are Increasingly Abusing .eu Domains in Attacks

November 23, 2012 — The number of malicious .eu domains seen in attacks has increased this year, several security vendors say… [Read more at CIO]

Linux users targeted by mystery drive-by rootkit

November 20, 2012 — Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack… [Read more at TechWorld]

New Linux Rootkit Discovered Injecting iFrames

November 20, 2012 — The rootkit is the next step in iFrame-injecting cybercrime operations… [Read more at Dark Reading]

Malware uses Google Docs as proxy to command and control server

November 19, 2012 — Backdoor.Makadocs variant uses Google Drive Viewer feature to receive instructions from its real command and control server… [Read more at InfoWorld]

Hackers break into two FreeBSD Project servers using stolen SSH keys

November 19, 2012 — Users who installed third-party software packages distributed by FreeBSD.org are advised to reinstall their machines… [Read more at InfoWorld]

Israel government Web sites hit by hacker blitz

November 18, 2012 — Government says its Web sites have experienced 44 million hacking attempts but only one successful breach… [Read more at CNET]

Congress Kills Cybersecurity Bill, White House Action Expected

November 15, 2012 — White House looks primed to take action on its own after Congress again fails to pass cybersecurity legislation… [Read more at InformationWeek]

Adobe suffers database leak, user forum taken offline

November 15, 2012 — The hacker says he undertook the attack to shed light on how slow Adobe is to fix security issues after being alerted to them -- and says Yahoo is next… [Read more at CNET]

Obama signs secret directive to help thwart cyberattacks

November 14, 2012 — President Obama has signed a secret directive that effectively enables the military to act more aggressively to thwart cyber­attacks on the nation’s web of government and private computer networks… [Read more at The Washington Post]

China cyber-espionage threatens U.S., advisory group warns

November 14, 2012 — In its 2012 report, the U.S.-China Economic and Security Review Commission urges Congress to fully investigate China's cyber-espionage campaigns… [Read more at CNET]

The Globalization Of Cyberespionage

November 12, 2012 — Newly revealed cyberspying campaign against Israeli and Palestinian targets demonstrates how the threat is no longer mostly a China thing… [Read more at Dark Reading]

Cyberattacks against Lockheed have 'increased dramatically'

November 12, 2012 — The company in charge of the U.S. government's cybercrime lab announces a steep surge in the pace and sophistication of cyberattacks… [Read more at CNET]

Espionage Malware Network Targets Israel, Palestine

November 12, 2012 — Botnet operators have been infecting multiple targets for more than a year using phishing attacks and Xtreme RAT… [Read more at InformationWeek]

Heist once again highlights e-banking vulnerabilities

November 8, 2012 — Commercial customers need to heed warnings from cyber thefts in Missouri, Maine… [Read more at CSO]

4 Long-Term Hacks That Rocked 2012

November 8, 2012 — News of lengthy hacker incursions into enterprise databases and networks has been plentiful over the last year… [Read more at Dark Reading]

U.S. Commission Fingers China As Biggest Cyberthreat

November 8, 2012 — Annual report, mandated by Congress, raises the question of how best to defend against such cyberattacks… [Read more at CIO]

After Stuxnet: The new rules of cyberwar

November 5, 2012 — Critical infrastructure providers face off against a rising tide of increasingly sophisticated and potentially destructive attacks emanating from hacktivists, spies and militarized malware… [Read more at ComputerWorld]

Hackers Claim Attacks Against Imageshack, Symantec, PayPal, Other Websites

November 5, 2012 — Different hacker groups claim to have breached servers belonging to ImageShack, Symantec, PayPal and other organizations… [Read more at CIO]

Apache Server Setting Mistakes Can Aid Hackers

November 5, 2012 — Numerous large companies that use free Apache server software leave internal status pages visible, which can help hackers exploit networks… [Read more at InformationWeek]

Tech Insight: Five Steps To Implementing Security Intelligence

November 4, 2012 — Building an initiative to collect and analyze threat and risk information takes some planning. Here's a look at the key steps… [Read more at Dark Reading]

Is new malware Jacksbot just starting to rear its head?

November 2, 2012 — A new Java-based malware package has been found that has the potential to affect multiple platforms… [Read more at CNET]

Fake AV, Phishing Scams Gunning for Windows 8

November 2, 2012 — ndows 8 launched to great fanfare only a week ago, but it is already under attack… [Read more at PCMag]

Cyber-Criminals Rent or Buy What They Need: It's Cheap!

November 2, 2012 — Underground forums offer cyber-criminals a diverse array of products and services to enhance their criminal enterprises. With prices falling, it's easier than ever to embark on the life of cyber-crime… [Read more at PCMag]

FBI Expands Cybercrime Division

October 30, 2012 — Federal Bureau of Investigation will hire computer scientists, build new tools and boost collaboration to help catch malicious hackers… [Read more at InformationWeek]

Insecure industrial control systems, hacker trends prompt federal warnings

October 30, 2012 — DHS warns of increasing security risk to power utilities, water treatment plants and manufacturing… [Read more at CSO]

Study: Lack of abuse detection allows cloud computing instances to be used like botnets

October 30, 2012 — Some cloud providers don't detect attacks launched from their networks, researchers say… [Read more at InfoWorld]

Shopping The Russian Cybercrime Underground

October 30, 2012 — Inside look at the wide range of hacking and related services being offered in the Russian-speaking cybercrime marketplace illustrates its maturity and popularity… [Read more at Dark Reading]

Data breach victims could get damages from careless firms

October 29, 2012 — How federal courts define the damages people suffer from data breaches is broadening dramatically, leaving unprepared companies at greater risk of big payouts in class-action lawsuits… [Read more at PCWorld]

Brute force cyber-attacks can hide more sinister strikes on networks

October 29, 2012 — As U.S. banks reeled under an unprecedented wave of Distributed Denial of Service (DDoS) attacks that crippled some of their Web capabilities in September, the electronic assault showed that what was once considered an “old school” brute force cyber weapon remains an effective and potent threat… [Read more at GSN]

Fast Flux Botnet Nets Fraudsters $78 Million

October 26, 2012 — Security report offers new details on financial hackers, warns that automated clearing house payment channels could be next target of increasingly sophisticated attacks… [Read more at InformationWeek]

Critical flaw found in software used by many industrial control systems

October 26, 2012 — CoDeSys runtime flaw allows hackers to execute commands on critical industrial control systems without authentication, researchers say… [Read more at InfoWorld]

South Carolina: State Computer System Is Hacked

October 26, 2012 — A hacker broke into the state’s computer system, exposing 3.6 million Social Security numbers and 387,000 credit and debit card numbers… [Read more at New York Times]

Monitoring To Detect The Persistent Enemies

October 26, 2012 — Subtle attackers who are after intellectual property are hard to find. Monitoring can help… [Read more at Dark Reading]

Barnes & Noble Probes PIN Keypad Hack

October 25, 2012 — Criminals hacked one PIN keypad in each of 63 stores and have already used the stolen data to commit fraud. Was it an inside job? [Read more at InformationWeek]

Antivirus Tool Fail: Blocking Success Varies By 58%

October 25, 2012 — Only two of 13 endpoint security software scanners blocked more than 80% of known exploits… [Read more at InformationWeek]

Cyber Crooks Target Healthcare For Financial Data

October 24, 2012 — Identity thieves looking for a quick buck often don't even know they are attacking healthcare organizations… [Read more at InformationWeek]

Russian Service Rents Access To Hacked Corporate PCs

October 23, 2012 — Service provides stolen remote desktop protocol credentials, letting buyers remotely log in to corporate servers and PCs, bypassing numerous security defenses… [Read more at InformationWeek]

U.S. rattles preemptive cyberattack saber

October 18, 2012 — Defense Secretary warns the government would tap new forensics abilities, and experts say the time is right to use new tech to strike first… [Read more at CSO]

Cyberthieves steal $400,000 from Bank of America

October 16, 2012 — Residents and city workers in Burlington, Wash., have been told to check their accounts after $400,000 was stolen from a city bank… [Read more at CNET]

5 signs you've been hit with an advanced persistent threat

October 16, 2012 — Do you have valuable data on your network? Noticing odd network behavior? You could be the victim of an APT attack… [Read more at InfoWorld]

Newly IDed 'MiniFlame' malware targets individuals for attack

October 15, 2012 — A new malware variant related to the state-sponsored Flame and Gauss cyber-espionage tools can work on its own or team up with its brethren to conduct targeted surveillance… [Read more at CNET]

Security Monitoring An Elixir For Intrusion Costs?

October 12, 2012 — A recent study of the costs of cybercrime finds that security intelligence, including monitoring and threat intelligence, reduces the costs of cyberattacks the most… [Read more at Dark Reading]

Future cyber attacks could rival 9/11, cripple U.S., Panetta warns

October 12, 2012 — Secretary of Defense laid out reasons why the military should be involved in defending the country's critical infrastructure… [Read more at InfoWorld]

DOD: Hackers Breached U.S. Critical Infrastructure Control Systems

October 12, 2012 — Defense secretary Leon Panetta says cyberattacks against critical infrastructure at home and abroad--some of which he called the worst to date--should spark urgent action against the hacker threat… [Read more at InformationWeek]

Florida University Breach Exposes Data On 279,000

October 11, 2012 — At least 50 Northwest Florida State College employees hit by identity theft at this point -- including the university's president… [Read more at Dark Reading]

U.S. banks warned of another attack threat

October 10, 2012 — Russian group promotes 'Project Blitzkrieg' crimeware campaign against 30 banks… [Read more at CSO]

Web API Allows Phishing Attack

October 10, 2012 — A recent addition to HTML5, the Fullscreen API, appears to be easily abused… [Read more at InformationWeek]

Microsoft: The number of reported application vulnerabilities has increased

October 9, 2012 — After a period of steady decline that started in 2009, the number of application vulnerabilities has seen a significant increase during the first half of 2012… [Read more at InfoWorld]

Windows 7 malware infection rate soars in 2012

October 9, 2012 — Windows 7's malware infection rate climbed by as much as 182% this year, Microsoft said today… [Read more at ComputerWorld]

Hackers exploit Skype API to infect Windows PCs

October 9, 2012 — New worm reinforces Skype's reputation as an app with security issues… [Read more at InfoWorld]

Cybercrime Attacks, Costs Escalating

October 8, 2012 — Successful attacks against U.S. businesses have increased by 42% since last year, with individual businesses being hit with an average of two attacks per week, says study from Ponemon Institute and HP… [Read more at InformationWeek]

Chinese telecom firms present security threat, says Congressional report

October 8, 2012 — Chinese telecommunications gear makers Huawei and ZTE pose a threat to U.S. national security and those doing business with the companies should find another vendor, said a report… [Read more at GSN]

Cyber attacks cost U.S. businesses an average $8.9 million annually, study says

October 8, 2012 — In Germany, Japan, and the U.K., cyber crime costs much less to clean up, but the U.S. experiences more expensive attacks such as malicious insiders and Web-based incidents… [Read more at InfoWorld]

Worm spreading on Skype IM installs ransomware

October 8, 2012 — Malware is downloaded onto users' machines after they click on the message "lol is this your new profile pic?"… [Read more at CNET]

Cyber-Criminals Plan Massive Trojan Attack on 30 Banks

October 5, 2012 — Banks beware: A large-scale coordinated Trojan attack to launch fraudulent wire transfers may be headed your way… [Read more at PCMag]

Botnet Spotted Silently Scanning IPv4 Address Space For Vulnerable VoIP

October 4, 2012 — A large peer-to-peer botnet known for its resilience was spotted sniffing out potential victim voice-over-IP (VoIP) servers using an advanced stealth technique… [Read more at Dark Reading]

Hackers post data from dozens of breached college servers

October 3, 2012 — Group calling itself GhostShell says it posted thousands of usernames, passwords, and phone numbers of students and faculty to call attention to the state of education… [Read more at CNET]

Bank Site Attacks Trigger Ongoing Outages, Customer Anger

October 3, 2012 — Who's really behind the recent bank DDoS attacks? They are more diverse and powerful than previously seen hacktivist campaigns… [Read more at InformationWeek]

Malnets lead the cyberattack pack

October 2, 2012 — Report predicts malicious infrastructure will generate two-thirds of cyberattacks in 2012… [Read more at CSO]

Online Criminals' Best Friends: Malnets

October 2, 2012 — The number of large malnets--server-side infrastructure used to infect PCs and sometimes to control botnets--tracked by security firm Blue Coat has tripled this year… [Read more at InformationWeek]

DHS kicks off Cyber security awareness month

October 2, 2012 — DHS secretary Janet Napolitano called on private businesses and citizens to help secure Cyber space as the department kicked off its ninth National Cyber Security Awareness Month program… [Read more at GSN]

Adobe Says Its Code Signing Infrastructure Has Been Hacked

October 1, 2012 — Compromise means that attackers could create malware that looks like legitimate Adobe software… [Read more at Dark Reading]

White House confirms 'spearphishing' intrusion

October 1, 2012 — Official confirms report by veteran Pentagon reporter Bill Gertz saying hackers linked to China's government "broke into one of the U.S. government's most sensitive computer networks…" [Read more at CNET]

Security Intelligence Starts With Detecting The Weird

September 28, 2012 — As companies try to make sense of a greater amount of information on their networks, anomaly detection becomes more difficult but more important as well… [Read more at Dark Reading]

Cyber threat level remain 'high' for U.S. financial sector

September 28, 2012 — The cyber threat level for banks and financial institutions remains high as organized denial of service attacks cripple U.S. banking Websites… [Read more at GSN]

Profiling The Cybercriminal And The Cyberspy

September 27, 2012 — Insight into key characteristics, behaviors of cybercrime versus cyberespionage attackers can help -- but the threats aren't just from China and Eastern Europe… [Read more at Dark Reading]

Maker of smart-grid software discloses hack

September 26, 2012 — Files were affected during compromise, says company that makes software used in the "smart" electric grid… [Read more at CNET]

Vast Cyberespionage Campaign 'Brazen' In Its Approach

September 25, 2012 — RSA dissects so-called 'VOHO' attack campaign, which also shares common traits with prior attacks aimed at Google, others… [Read more at Dark Reading]

Wells Fargo is latest bank to be hit by cyberattacks

September 25, 2012 — As several banks experience outages, one group claims responsibility, saying it's retaliating for the anti-Islam movie and will continue its onslaught until the film is taken off the Web… [Read more at CNET]

Oracle database flaw deemed serious, could expose data

September 22, 2012 — With brute-force attack, intruder can gain access… [Read more at CSO]

Eastern European Cybercriminals Said to Trump Asian Counterparts in Sophistication

September 21, 2012 — East European hackers use more technologically advanced malware and detection evasion techniques compared to East Asian hackers… [Read more at CIO]

Cyberspying effort drops 'Mirage' on energy firms

September 20, 2012 — Malware targets individuals at organizations in Philippines, Taiwan, Canada and elsewhere… [Read more at CNET]

U.S. banks on high alert against cyberattacks

September 20, 2012 — Hackers engaging in wire fraud by gaining access to bank networks, FS-ISAC says… [Read more at ComputerWorld]

Bank Of America Website Slows After Islamic Hacker Threats

September 19, 2012 — Bank of America's website experienced periodic outages Tuesday, possibly due to cyber attacks… [Read more at InformationWeek]

Flame analysis reveals more cyberespionage malware

September 18, 2012 — There's 'enough evidence' to show at least one Flame-related malware is still 'operating in the wild,' said one researcher… [read more at CSO]

Elusive TDL4 malware variant infected Fortune 500 companies, government agencies

September 18, 2012 — Security researchers believe a new variant of the sophisticated TDL4 bootkit affected over 250,000 victims in the past few months… [Read more at InfoWorld]

Half of Companies Surveyed Report Web Application Security Problems

September 18, 2012 — A survey of 240 companies questioned about the relation between their Web applications and security found about half experienced at least one Web application security incident since last year, sometimes with "severe negative financial consequences"… [Read more at CIO]

Two men plead guilty to hacking Subway stores

September 18, 2012 — Romanians admit to being part of ring that hacked into payment systems at sandwich shops and stole credit card data… [Read moer at CNET]

Microsoft confirms hackers exploiting critical IE bug, promises patch

September 18, 2012 — Microsoft issued a security advisory that confirmed in-the-wild attacks are exploiting an unpatched bug in Internet Explorer… [Read more at ComputerWorld]

10 Cyber Threats Small Businesses Can't Ignore

September 17, 2012 — SMBs must be serious about cybersecurity now that they're targets, too… [Read more at InformationWeek]

How Cybercriminals Choose Their Targets

September 17, 2012 — Attackers look for companies with poor defenses and a lack of security skills, so no business, not even an SMB, is immune… [Read more at InformationWeek]

FBI warns financial institutions are being highly targeted by fraudsters

September 17, 2012 — The FBI today said cybercriminals have recently stepped up efforts to steal money and gain access to banks and other financial… [Read more at NetworkWorld]

New test results highlight Windows security struggles

September 14, 2012 — The latest results are in from AV-Test.org, an independent organization that tests consumer-security suites. Except for a few bright spots, the numbers are a bloodbath of lower scores… [Read more at CNET]

ASIS 2012: Napolitano calls on industry to spend more on cyber preparedness

September 13, 2012 — “Cyber-attacks have increased significantly in the three-plus years I have served as DHS secretary,” said Napolitano. It is time to get serious… [Read more at GSN]

Blackhole exploit kit gets upgraded to evade antivirus software

September 12, 2012 — Equipped with a souped-up admin panel, Blackhole 2.0 has undergone a total code rewrite to better bypass defenses… [Read more at InfoWorld]

Cyber attacks grow increasingly "reckless", official says

September 7, 2012 — Other nations are increasingly employing cyber attacks without "any sense of restraint," a top U.S. cybersecurity official said… [Read more at Reuters]

Elite hacker gang has unlimited supply of zero-day bugs

September 7, 2012 — Group dubbed 'Elderwood' has exploited eight unpatched IE and Flash flaws in the last 20+ months… [Read more at ComputerWorld]

Enterprises Should Bring Some Security Research In-House

September 7, 2012 — Case for enterprises to dedicate resources to analyze in-the-wild malware data to prioritize vulnerability mitigation… [Read more at Dark Reading]

Insiders Implicated in Saudi Aramco Attack

September 7, 2012 — Shadowy cyber-criminals and third-party attackers generate the most headlines, but sometimes, the bad guy is sitting just a few feet away in the same office… [Read more at PCMag]

Global Cost Of Cybercrime: $110 Billion

September 6, 2012 — Cybercrime cost U.S. consumers $20.7 billion in the past 12 months… [Read more at Dark Reading]

Does a Cyber-9/11 Loom?

September 5, 2012 — The longer Congress waits to gets its act together on cybersecurity, the longer the U.S. remains at risk of an attack by spies, terrorists, hackers or companies representing themselves or an entire rogue nation… [Read more at CIO]

Fluke DSW Win Shouldn't Erase Breach Insurance Needs

September 5, 2012 — Retailer wins in its fight to claim $6.8 million breach costs on a traditional crime policy, but others might not be as lucky… [Read more at Dark Reading]

How To Handle A Data Breach: 5 Tips For SMBs

September 5, 2012 — AntiSec's' Apple UDID dump points out why small and midsize businesses should revisit their plans for handling a customer data breach… [Read more at InformationWeek]

Leaked Apple IDs expose holes in corporate information security

September 4, 2012 — Most organizations suffering data breaches don't enforce security policies, study finds… [Read more at InfoWorld]

AntiSec Hackers Post 1 Million Apple Device IDs

September 4, 2012 — Hacker group says it got data off FBI laptop and released the file to call attention to the government's alleged possession of that information… [Read more at InformationWeek]

Older News »