New Attacks Target Syrian Activists

A new set of malware campaigns targeted at Syrian activists, journalists and NGOs has emerged, and security researchers say that the attackers are employing a variety of tactics, including a new OS X Trojan that could be part of a “false flag” operation. The details of the new round of attacks on...

DNS Registrar Fixes Hijack Vulnerability

UPDATE: The domain registrar and Web-hosting company Namecheap has fixed a cross-site request forgery vulnerability in its DNS setup page. According to security researcher Henry Hoggard, the bug could have given an attacker the ability to hijack domain name system servers and redirect incoming...

Adobe Warns of Phishing Attacks Likely Stemming From Breach

When hackers breached Adobe in October and spilled millions of its customers’ IDs and encrypted passwords, it was all but certain the attack would result in a wave of subsequent phishing attacks. It wasn’t exactly clear how soon the attacks would come or what form they’d come in, but after two...

Microsoft Says ZeroAccess Click-Fraud Botnet Abandoned

Microsoft is declaring the ZeroAccess botnet dead. Two weeks after obtaining a court order to disrupt the botnet’s ability to carry out click-fraud, assistant general counsel Richard Boscovich of Microsoft’s Digital Crimes Unit said late last week that the botmasters behind ZeroAccess had abandon...

Stanford Researchers Find Connecting Metadata With User Names is Simple

One of the key tenets of the argument that the National Security Agency and some lawmakers have constructed to justify the agency’s collection of phone metadata is that the information it’s collecting, such as phone numbers and length of call, can’t be tied to the callers’ names. However, some...

RSA Denies NSA Backdoor Payment Allegations, But Questions Linger

The accumulation of hundreds of leaked documents and formerly secret operational methods used by the NSA in the last six months has led to a bit of a numbing effect, with some new leaks being met with a shrug of indifference. But the latest and most explosive entry in that ledger–the report that...

AT&T, Verizon Announce Transparency Reports in 2014

One by one, the telecommunications giants at the heart of the NSA surveillance scandal are relenting to shareholder pressure and public demands for them to publish reports on government requests for user data. On Friday Verizon and AT&T announced their intent to begin producing transparency repor...

Government Requests for Google Data Continue to Rise

The volume of government requests to Google for user data is continuing to increase, something that should come as no surprise in the current climate. In its latest transparency report, the company said that it received more than 25,000 requests for user data in the first six months of 2013, an...

CryptoLocker Creators Infected Nearly 250,000 Systems, Earned $30 M Since September

UPDATE: The math in this and other reports was simply tabulated incorrectly. New American presidents often are measured by what they accomplish in their first 100 days. By that yardstick, the crew behind the CryptoLocker ransomware have been a raging success. The unknown group of attackers have...

Brian Donohue on the NSA Panel Report

Dennis Fisher talks with Brian Donohue, Threatpost’s Washington, D.C. writer, about the new report from the NSA reform panel and whether any of the recommended changes will ever be implemented...

NSA Must Reform Practices, Organization

A presidentially appointed, five member panel issued a more than 300-page report yesterday calling for nearly 50 recommendations for changes in the way that the National Security Agency conducts its increasingly public and controversial sweeping surveillance programs. The entire report hinges on...

UN Adopts Resolution Protecting Privacy Online

On the same day that a panel of experts delivered a report to the United States president recommending sweeping changes to the way that the National Security Agency collects, handles and stores intelligence, the United Nations unanimously adopted a resolution calling for the protection of users’...

Dennis Fisher and Mike Mimoso Discuss the NSA, Blackhole Exploit Kit

Dennis Fisher and Mike Mimoso discuss the happenings in the security world of late, including the latest NSA revelations, the odd DGA Changer malware and the response of attackers to the death of Blackhole...

Researchers Find Way to Extract 4096-Bit RSA Key via Sound

A trio of scientists have verified that results they first presented nearly 10 years ago are in fact valid, proving that they can extract a 4096-bit RSA key from a laptop using an acoustic side-channel attack that enables them to record the noise coming from the laptop during decryption, using a...

Target Corp. Suffers Black Friday Data Breach

UPDATE – TJX and Heartland Payment Systems may soon have company atop the list of the worst retail data breaches in U.S. history after reports surfaced that Target Corp. was breached around Black Friday and millions of credit and debit cards were stolen. Target confirmed the breach this morning a...

Cutwail Spam Botnet Feels Effect of Blackhole Takedown

The arrest of alleged hacker Paunch and the subsequent dismantling of the Blackhole Exploit Kit operation has cybercrime groups scrambling to find another automated means of delivering exploits. In the meantime, some are settling for old-school tactics that include infected email attachments and ...

Trojan.Ferret DDoS Botnet Discovered

Researchers at Arbor Networks have identified a new DDoS bot with a fancy for ferrets. Following a clue in a tweet, researcher Dennis Schwarz found Trojan.Ferret, including a command and control panel with some insight into targets. To date, a relatively small number of malware samples and comman...

DGA Changer Malware Able to Modify Domain-Generation Seed on the Fly

Malware authors have been using domain-generation algorithms for a few years now, often in botnet-related malware that needs to stay one step ahead of takedown attempts and law enforcement agencies. Now, researchers have discovered that a strain of malware that may have been part of the attack in...

Santander BillPay Security Vulnerabilities Patched

Security weaknesses on the Santander Group BillPay website and mobile banking application have been addressed by the financial services organization’s developer Headland after they were exposed less than a week ago. U.K. consultant Paul Moore of Cresona Corp., reported a number of serious...

Chewbacca Tor-Based Malware Steals Keystrokes

The Tor network may provide a lead-lined cover for Internet users seeking a measure of privacy online, but it also has proven to be an attractive shelter for attackers. A number of malware campaigns have been able to successfully maneuver on Tor, using the anonymity network as a communication...

Ron Deibert on Cyber Espionage, Surveillance and Black Code

Dennis Fisher talks with Ron Deibert of the University of Toronto and Citizen Lab about his group’s research into cyber espionage campaigns, the surveillance landscape and his recent book, Black Code...

Apple Fixes Security in WebKit, SAfari

Apple updated its Mac OS X Mavericks platform yesterday with a number of security fixes for the Safari browser and WebKit layout engine. The operating system update will move users to OS X Mavericks version 10.9.1. It appears that the broad operating system release is merely a repackaging of a...

ICS-CERT Warns of Flaw in Wind Farm Management App

The ICS-CERT is warning users about a reflected cross-site scripting vulnerability in a control interface for a wind-farm control portal manufactured by Nordex. The bug is remotely exploitable and could enable an attacker to run code on a vulnerable machine. The Nordex NC2 is a control portal for...

Debian Announces End of Security Support for IceApe

Developers at Debian today informed users still clinging to Iceape – an Internet suite modeled on old Mozilla code – that they are cutting the cord and will stop supplying the software with security updates. Iceape is more or less a Debian-branded hybrid of several community-driven entities,...

Thieves Steal 800,000 Medical Records

UPDATE: A previous version of this story inaccurately stated that Horizon Blue Cross Blue Shield of New Jersey was not providing free credit monitoring to those affected by the breach. On November 4, someone broke into the offices of Horizon Blue Cross Blue Shield of New Jersey and stole two...

DOE Breach Report Blasts Poor Patching, IT Management

The U.S. Department of Energy has thrown back the covers on a July breach that exposed the personal information of more than 104,000 individuals, painting a less than flattering portrait of IT and agency management failures around vulnerability management, access controls and a general lack of...

U.S. District Court Judge Rules NSA Metadata Collection Likely Violates Fourth Amendment

A United States District Court judge has ruled that the bulk metadata collection program maintained by the National Security Agency for years now likely is unconstitutional. The judge, ruling on a pair of law suits that claimed the NSA’s methods violated users’ privacy and civil rights, said that...

Firefox Botnet Searches for Sites Prone to SQL injection

Attackers have been automating SQL injection attacks for a number of years, but in a fairly new twist, a botnet masquerading as a Firefox browser add-on is carrying out attacks on sites visited by compromised computers. Krebs on Security reported today that the Advanced Power botnet has been...

NSA Officials Say Snowden Used Legitimate Access to Steal Data

It’s taken more than six months, but top officials at the National Security Agency are finally discussing some of the details of how former agency contractor Edward Snowden got access to all of the documents he stole and what kind of damage they believe the publication of the information they...

Gmail Image Proxy Change Has Privacy, Security Implications

Google’s decision to automatically display images in Gmail messages has security experts on edge about the privacy and security implications of the move. Of particular concern is the ability of an attacker, or marketer, to learn whether messages are being opened, as well the possibility of an...

NSA Director to Retain Cyber Command Role

Since its inception in 2009, the U.S. Cyber Command has been run by the director of the National Security Agency. The two organizations are intertwined and even share the same space in Maryland. The continuous leaks of NSA documents this year has led some politicians and critics to argue that the...

Safari Stores Previous Browsing Session Data Unencrypted

Users of Apple’s Safari browser are at risk for information loss because of a feature common to most browsers that restores previous sessions. The problem with Safari is that it stores session information including authentication credentials used in previous HTTPS sessions in a plaintext XML file...

New IETF Group to Tackle TLS Implementation in Applications

The NSA surveillance scandal has created ripples all across the Internet, and the latest one is a new effort from the IETF to change the way that encryption is used in a variety of critical application protocols, including HTTP and SMTP. The new TLS application working group was formed to help...

Google Kills Privacy Feature

UPDATE: Google has removed a pivotal privacy feature from its Android operating system that gave users the ability to deny permissions in and regulate information collection attempts by installed applications. The feature, which users could control with a tool called AppOps Launcher, first appear...

China APT Hackers Target Diplomats in Ke3chang Campaign

European diplomats and ministries of foreign affairs have been targeted during recent G20 meetings by Chinese-speaking hackers conducting espionage campaigns using malware to siphon secrets from compromised computers. The latest incidents came in August when spear phishing messages spiked with...

Bitcoin-Related Malware Continues to Flourish

One good way to measure the popularity of an emerging technology or trend is to see how much attention attackers and malware authors are paying it. Using that as a yardstick, Bitcoin is moving its way up the charts in a hurry. The latest indication is some malware that researchers at Arbor Networ...

Android 4.4.2 Update Fixes Flash SMS DoS Vulnerability

Google has patched a previously disclosed issue in its Nexus line of phones that could have opened users up to a nasty series of SMS-based denial-of-service attacks. The company pushed the fix out alongside version 4.4.2 of Android on Monday to the Nexus 4, 5, 7 and 10 devices. According to...

Flashlight App Settles with FTC

The makers of a popular Android flashlight application have settled with the Federal Trade Commission over allegations that they covertly tracked the locations of the “Brightest Flashlight Free” users and sold that information to advertising firms. The FTC’s charges stem primarily from the fact...

EFF Argues For Search Warrant Requirement to Get Cell Location Data

With each day bringing new information about the way that intelligence agencies and law enforcement are tracking the activities and movements of U.S. citizens, the issue of when these organizations can legally obtain such data has become a major one. Now, a case that seemingly has little connecti...

FreeBSD Bans Intel, Via Chips

FreeBSD, the open-source operating system, announced that it will no longer support Intel’s RdRand and Via Technology’s Padlock on-chip random number generators RNGs moving forward in new versions of the UNIX-like operating system. The move apparently follows reports from earlier this year that t...

Moxie Marlinspike on TextSecure CyanogenMod integration

Moxie Marlinspike Moxie Marlinspike has published landmark research on SSL vulnerabilities, taken on certificate authorities and even built an alternative to CAs as we know them today called Convergence. But now that government surveillance and online privacy have been elevated to mainstream...

NSA Monitors Google PREF Cookie to Spy

The National Security Agency is monitoring a certain type of cookie – deployed by the search giant Google – as yet another tool in their increasingly public surveillance apparatus. This, according to slides from an April 2013 NSA presentation acquired by the Washington Post, is the latest...

Facebook Phishing Campaign Employing Malicious Tumblr Pages

The general population may have had its fill of Facebook at this point, but attackers sure haven’t. There is a new round of Facebook-related spam that is using fake messages about recent crimes involving recipients’ friends as a lure to direct them to Tumblr pages serving exploits. The campaign...

64-Bit Zeus Banking Trojan Communicates Over Tor Network

The infamous Zeus banking Trojan has gone 64-bit. But why? Researchers at Kaspersky Lab’s Global Research and Analysis Team spotted a new version of the malware that behaves much like its 32-bit contemporaries: it too uses Web injects to steal banking credentials to drain online accounts, steal...

December 2013 Microsoft Patch Tuesday Security Updates

One zero-day down, one to go. As expected, Microsoft did today patch a zero-day in its GDI+ graphics component MS13-096 reported more than a month ago after exploits were spotted in the wild. The fix was one of 11 security bulletins—five critical—released as part of the December 2013 Patch Tuesda...

AT&T Refuses to Issue Transparency Report, Cites Privacy

Telecommunications giant AT&T has come under fire from privacy advocates after it acknowledged that it will not publicly disclose any of its dealings with the National Security Agency. The company claimed that protecting customer privacy is at the crux of its decision not to share government...

Adobe Updates Security for Flash, Shockwave Players

Adobe published two security bulletins today, resolving a pair of vulnerabilities in both Shockwave and Flash Player. The Shockwave security update applies to versions 12.0.6.147 and earlier on Windows and Mac OS X and addresses a pair of memory corruption vulnerabilities CVE-2013-5333 and...

Firefox 26 Makes Java Plugins Click-to-Play, Fixes 14 Security Flaws

Mozilla has released a major new version of Firefox, which includes fixes for more than a dozen security vulnerabilities as well as an important change that makes all Java plugins click-to-play be default. This feature prevents those plugins from running automatically on Web pages, which helps...

TextSecure Integrated into CyanogenMod SMS App for Android

With the depths of domestic government surveillance still not fully realized, secure communications capabilities are at a premium, especially for the privacy conscious. Already, we’ve seen some services such as Lavabit and Silent Circle’s Silent Mail shudder operations rather than hand over...

Microsoft Protects User Accounts with New Security Features

Microsoft announced yesterday that it will complement the two-factor authentication it enabled for account holders in April with additional security features designed to deny account hijacking and unauthorized access. Windows PC and mobile users, along with Outlook, SkyDrive, Xbox, Skype and othe...