APT gang Sofacy is targeting Mac OS X users with a Trojan that allows an attacker to execute remote commands on infected systems.
Aerospace victim hit by targeted attack that didn't even exploit a Mac vulnerability.
Brian Krebs writes about the massive DDoS attack against his site. In fact, the site is down as I post this.
Crypto company Venafi points out potential holes in Yahoo's processes and policies around cryptography and digital certificates, any of which could have been exploited in the breach to move data off the Yahoo network.
Developers behind the malicious downloader Hancitor have bolstered the malware again, this time with new delivery approaches that make it more difficult to detect.
10 ways to protect healthcare systems from ransomware and other malware infections.
More than 50% of business leaders surveyed in the Travelers Risk Index report cyber, computer, and technology risks are among their top concerns.
Researchers have identified a new ransomware strain that spoofs tracking services via spam messages and contain URLs that link to malicious files.
Sometimes security patches create bigger problems than the ones they solve. OpenSSL just made that blunder.
National Security Agency says tools left exposed by mistake - and dumping by presumably Russia-backed hackers Shadow Brokers.
OpenSSL’s most recent update introduced a critical vulnerability in the crypto library, forcing an emergency update today.
Verizon may revisit contract with Yahoo on doubts of vulnerabilities in the system after 500 accounts were found hacked.
Fancy Bear's initial release of data on four top American athletes reminds us all to reassess our risks.
Microsoft debuts a new tool to strengthen security in its Edge browser for Windows Enterprise customers.
New report from Carbon Black shows adware may be spreading ransomware, using similar tactics as Operation Aurora.
The tools may have been mistakenly left behind by the NSA following an operation.
Microsoft officials said Windows 10 has hit the 400 million 'active' device milestone, up from 300 million in early May.
Exploit kit traffic is down considerably following the demise of Nuclear and Angler, but many researchers see it only as a temporary disruption.
New ransomware family discovered by takes aim at government targets
A blunder that Apple made in iOS 10 has weakened the encryption of iPhone data when backed up to iTunes.
Google's Project Shield has come to the rescue after a devastating DDoS attack prompted Akamai's pro bono support to end.
The 20-year-old hacker leaked military data belonging to 1,300 US military and government staff in support of the Islamic extremist group.
The Australian Bureau of Statistics blames everyone but itself for the failures of the 2016 Census. That's a sign of weak and out-of-touch management.
With the official bodies that respond to information security issues mainly focused on national security, should there be an equivalent for everyone else?
Flaw could unravel whole Keychain secure credentials storage.
Blame game begins in post-survey hose down.
In the Internet of Things, even the lowliest smart device can be used for a malicious purpose. Manufacturers take heed!
"Gross negligence" alleged for leak of 500m accounts.
By shipping banking Trojans and ransomware that turn big profits fast, spammers can now afford the high overhead of high-volume spam campaigns.
Measures are designed to bolster operational security across all stakeholders in the aviation sector, Wall Street Journal says.
A Lego model of a giant space kraken destroying a Destroyer from Star Wars. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
OpenSSL patched a high-severity vulnerability in its deployment on the Online Certificate Status Protocol, and also mitigated the SWEET32 attack.
Security firm claims to have found a new weakness in Apple’s iOS 10 that makes it possible to crack password-protected local backups of data for iOS 10 devices.
The massive Yahoo breach, this week's Security of Things Forum, Mamba ransomware, and Google Allo are discussed.
Oh you don't run open-source code? Really? Christine Gadsby and Jake Kouns explain how to identify and secure all those open-source libraries and other third-party components lurking inside your applications, proprietary and otherwise.
A pair of experts from Imperva stops by the Dark Reading News Desk to chat.
It took 24 hours. Slashdot thread.
In a keynote at the Internet of Things Forum Dr. Kevin Fu said that medical devices should be subjected to rigor so patients can make clinically relevant decisions.
As enterprises continue to invest in hybrid cloud strategies, they need their fragmented security solutions to work together.
The US Federal Trade Commission video has detailed instructions on what to do if personal data of a user is stolen and exposed.
Russia trying to influence November presidential elections, say Senator Dianne Feinstein and Rep. Adam Schiff.
New research suggests that the average cost of data breaches is lower than many estimates and too low to drive greater investment in cybersecurity.
There's no rancour or bitterness, however, since Akamai hosted the security expert's blog pro bono.
New government scheme designed to help protect the UK from cyberattacks
An analysis of hijacked websites suggests Google's Safe Browsing technology is only warning users about a small proportion of them.
One of the critical vulnerabilities allows attackers to remotely execute malicious code.
The Australian Bureau of Statistics has said IBM should have been able to handle the denial-of-service attack that hit Census systems on the night of August 9.
Leveraging Palo Alto Networks' cybersecurity platform, Optus and Singtel will now provide enterprise and government customers with detection and prevention mechanisms against cyber attacks.
Akamai's Prolexic puts packet flood at 620 Gbps.
Australian Prime Minister Malcolm Turnbull has used the Census fiasco to call for new ways of talking about cybersecurity during a speech in Washington DC.
Even as financial institutions move to shore up ATM security with biometric mechanisms, cybercrooks are busy figuring out ways to beat them.
Careless operative blamed for fumble three years ago.
Could be abused for denial-of-service attacks.
But still unconfirmed is whether the newly revealed attack is related to recently dumped Yahoo user credentials in an online cybercrime forum.
Says 500m accounts stolen in 2014 attack.
Yahoo confirmed that in 2014 state-sponsored hackers stole information associated with 500 million accounts from its network.
(ISC)2 members have plenty of technical chops, but IANS research found they need to focus more on how info sec aligns with the business.
Yahoo confirmed a breach going back to 2014. A bevy of passwords and other information were stolen, but payment and bank information stayed safe.
Three vulnerabilities were patched Wednesday in the Drupal content management system’s core engine, two of which were rated critical.
The odds are excellent that your Yahoo account is now open for attack to the highest bidder.
I like this Amtrak security awareness campaign. Especially the use of my term "security theater" and the link (in the article) to my TED talk on the subject.
Cisco rolls out a bevy of patches tied to vulnerabilities found in its cloud services platform, IOS software and Prime Home products.
Oliver Stone's movie shows us that while most of us have nothing to hide, we all have information worth protecting - both technically and constitutionally.
Would-be and existing customers must understand that security isn't set-and-forget just because it resides in the cloud.
The Department of Homeland Security formally announced its plan to develop a set of strategic principles for the Internet of Things.
Yahoo is expected to confirm a data breach that exposed hundreds of millions of credentials dating back to 2012.
Experts share ideas for closing potential security holes that leave organizations open to attack.
Sharing information about cyberthreats is important for the financial services industry, even when threats turn out to be not-so-threatening.
Alain Desausoi describes threat as persistent, and says there's been progress in combating it via new SWIFT initiatives.
MGT searches for alternatives as share listing approval denied, causing deep plunge in share price.
Document-based macro malware flies under the security radar by first detecting existing documents on PC.
Hackers are taking advantage of lax security attitudes around connected devices to hijack them for malicious means, warn Symantec researchers
Google has come under fire again for the privacy choices its made for its new smart chat app, Allo.
Attacks targeting the financial messaging system are not going anywhere -- and are evolving to become even more difficult to combat.
Relentless cuts to the ABS and an uncertain funding future spelt doom for the Australian 2016 Census, the Community and Public Sector Union has said.
Telstra's efforts to blockchain IoT are being augmented by identity verification using voice, fingerprint, and facial biometrics.
Friday is the deadline to complete the Census and there's just a small group of Australians who've yet to finish the job.
Victorians warned not to plug in malware-laden devices.
NH-ISAC also to hold medical device vulnerability info sharing workshop, hosted by St. Jude Medical.
Companies in the entertainment and technology sectors are far more exposed than others, Digital Shadows analysis shows.
SWIFT's chief information security officer said Wednesday that the cooperative is still seeing cases in which its customers' environments have been compromised.
Google released its smart messaging app called Allo, but a decision to log chats indefinitely has privacy advocates worried.
Zscater identified a keylogger on steroids that targets passwords, webcam and software licenses.
The evolution of technology is changing the role of IT and security pros as more employees use cloud apps and connect personal devices to corporate networks.
Check Point report suggests organisations haven't kept up with security to meet a nine times rise in malicious software
This slightly modified model is a practical way to keep attackers out of your systems.
Move over Apple 'Walled Garden.' Windows 10's new antimalware scan interface halts scripts by signing code on the fly... but does it work? Security researcher Nikhil Mittal takes a look.
Rand taps insurance data and other sources to calculate that cyber incidents cost firms a scant 0.4% of annual revenues, on average.
New German datacenters aim to provide additional protections for customer data by giving control to an independent data trustee.
Researchers said they’ve seen an uptick in RIG Exploit Kit traffic and that attackers have begun using the kit to peddle CrypMIC ransomware.
Donald Austin allegedly stole credentials of Linux employee to hack four company servers and install rootkit and Trojan software.
Automaker fixes security risks after Tencent Holdings uncover vulnerabilities in both parking and drive mode.
A remote code execution in Firefox caused by the expiration of certificate pins was patched by Mozilla in Firefox 49 and Firefox ESR 45.4.
Survey shows 83% of respondents share concern over ID theft within 1-2 years
Impressive remote ,a href="http://www.pcw
uot;>hack of the Tesla Model S. Details. Video. The vulnerability is fixed. Remember, a modern car isn't an automo ...
New data shows ransomware rates worldwide doubling and tripling in past 12 months.
Police in Victoria have issued a warning to residents following recent reports of malicious USB drives left in letterboxes.
North Korea's top-level DNS data has leaked, showing that the Stalanist state only has 28 websites that use the .kp domain name.
InfoArmor says the tool weaponizes torrents to spread malicious code through data analysis.
Terbium Labs' software can now be used to detect when data belonging to companies is being flogged in the underground.
Researchers could brake, turn on windscreen wipers.
With the introduction of macOS Sierra 10.12, Apple has patched dozens of security vulnerabilities and also tackled a few Safari 10 bugs to boot.
Malware steals user data, license keys to popular applications.
Governors, other state officials more aware of cyber threats, but confidence gap exists between IT and business managers, new Deloitte-National State Chief Information Officers (NASCIO) study finds.
GitHub's Jamesha Fisher discusses how GitHub is bringing the power of security to the uninitiated and how a predominately white and male infosec industry can better support women and people of color in the workforce.
A new ransomware strain called Mamba opts to encrypts hard drives rather than individual files and folders stored on the local disk.
Security and policy experts make another call for additional transparency around the government's Vulnerabilities Equities Process and the zero days it has in its possession.
Both are worth reading.
Hal Lonas of Webroot drops by the Dark Reading News Desk at Black Hat.
[Black Hat Europe 2016 Sponsor Content]
Instead of hacking back and taking the fight to your adversary, what if your organization hacked forward by unearthing breach scenarios before the hackers do?
Researchers were able to remotely brake Tesla model cars as well as freeze control panels and open the rear hatch while driving.
New report shows first half breach statistics put organizations on pace to beat last year's breach numbers by a wide margin.
The first mobile banking Trojan that obtains root privileges on Android devices has been seen in the wild.
A vulnerability has been patched in a popular WordPress theme called Neosense that allows an attacker to upload code without authentication.
Sophisticated malware has been discovered, capable of tricking users into giving away admin rights to their entire system, as well as stealing their bank details.
Nokia report reveals April 2016 saw new all-time high in mobile infections with one out of every 120 smartphone affected.
Dr. Sergei Skorobogatov of Cambridge University spent $100 on a process that may have cost FBI $1 million.
The company says that there will no longer be any excuse to remain unencrypted online.
More than 970 data breaches were reported worldwide in the first half of 2016, up 15 percent from the previous six months, according to Gemalto's Breach Level Index.
This is an interesting back-and-forth: initial post by Dave Aitel and Matt Tait, a reply by Mailyn Filder, a short reply by Aitel, and a reply to the reply by Filder.
Transparency Center will allow governments to check the security of products and services -- but not alter what is delivered to customers.
A bevy of speakers at Structure Security will outline the promise and perils of security in the age of the Internet of things.