Cyber Security in the News

USB drives are a concern, since they are an easy way for employees to steal information, as well as bring in potential vulnerabilities such as viruses and Trojans. How serious is the problem? Read about the hard lesson learned by employees at one credit union...

Citibank says it sent 600,000 people envelopes with the Social Security numbers printed on the outside...

A simulation of a widespread cyberattack against the nation's critical infrastructure on Tuesday demonstrated the cascading effects an attack can have on networks and the difficulty the government would have in quickly responding, including dealing with civil liberties and how to work with corporations...

Pictured below is what is known as a skimmer, or a device made to be affixed to the mouth of an ATM and secretly swipe credit and debit card information...

Criminals are spamming the Zeus banking Trojan in a convincing e-mail that spoofs the National Security Agency. Initial reports indicate that a large number of government systems may have been compromised by the attack...

Internet security experts say China has legions of hackers, and that they are behind an escalating number of global attacks to steal credit card numbers, commit corporate espionage and even wage online warfare on other nations, which in some cases have been traced back to China...

Unlike the previous generation of cell phones, modern Internet-tethered cellphones are today susceptible to being probed, fingerprinted, and surreptitiously exploited by hackers from anywhere on the internet.

As an example, a victim holding an iPhone in Australia can be hacked from another iPhone located in Hungary, and forced to exfiltrate its user's private data to a Lithuania server, which may then upload new instructions to steal financial data from the Australian user's online bank account...

It was the decade of the mega-heist - a list of the most ingenious, destructive or groundbreaking cybercrimes of the first 10 years of the new millennium...

A list of the cyber threats that are likely to be keeping you awake nights throughout the coming year, including cloud computing, social networking, and media platforms...

Facebook is cleaning up after a clickjacking attack that infiltrated the social networking site this week -- and security experts say this won't be the last such attack.

Clickjacking is an attack in which an attacker slips a malicious link or malware onto a legitimate Web page that appears to contain normal content...

The Federal Bureau of Investigation is probing a computer-security breach targeting Citigroup Inc. that resulted in a theft of tens of millions of dollars by computer hackers who appear linked to a Russian cyber gang. Security officials worry that, beyond stealing money, hackers could try to manipulate or destroy data, wreaking havoc on the banking system...

The past 12 months have been a banner year for cyber crime, and that could be bad news for the future of e-commerce. 87 percent of e-mail traffic in the past year was spam, more than 40 trillion spam messages were sent, and 2 percent of spam contained malware, a 900 percent increase from the previous year...

The issue of how to protect corporate systems against the very people who manage and administer them remains as thorny as ever. Contributing to the problem is the continuing failure by many companies to adequately manage the numerous user accounts and passwords that control privileged access to critical corporate networks and systems...

A large-scale SQL injection attack has hit 132,000 Websites, injecting malicious iFrames that install a backdoor Trojan.

First noticed on Nov. 21, 2009. the attack loads malware from 318x[dot]com, which then installs a rootkit-enabled version of the Buzuz backdoor Trojan -- best known for credit card and other financial data theft...

Security experts have warned Skype users that new malware similar to the infamous Koobface worm that caused havoc on Facebook is now targeting the popular IP telephony service. The Koobface-like variant has been detected as TROJ_VILSEL.EA, a piece of malware designed to steal contact lists, phone numbers, locations and other information that forms part of a Skype profile...

Researchers have detected a new phishing attack that promises to enhance the security of the user's emailbox -- and then downloads a malicious Trojan instead. The email requests that recipients click on a link in the body of the email to update the "security mode" of their emailboxes...

Criminals today can hijack active online banking sessions, and new Trojan horses can fake the account balance to prevent victims from seeing that they're being defrauded...

The FBI reports that "people who are ignorant completely and others who have their head in the sand" are fueling the growing incidence of cyber breaches, most of which go unreported...

Symantec is warning about a new Trojan horse that encrypts files on compromised computers but offers no ransom note like other software designed to hold data hostage for a fee...

An estimated 5.8 million pages belonging to 640,000 websites areinfected with code designed to launch malware attacks on visitors...

The U.S. Computer Emergency Readiness Team has warned BlackBerry users about a new program called PhoneSnoop that allows someone to remotely eavesdrop on phone conversations...

A new variant of the Bredolab Trojan horse is attached to a fake "Facebook Password Reset Confirmation" e-mail...

Cyber criminals have stolen at least $40 million from small to mid-sized companies across America in a sophisticated but increasingly common form of online banking fraud...

The new playground for hackers is "the cloud," the term for computer applications and services hosted on the Internet. Some of the devices making the cloud more popular these days are BlackBerries and other smartphones...

A number of games and other applications built to be used on Facebook.com have been hacked so that users are quietly sent to sites that try to install malicious programs, a security researcher has found...

Here's the scenario: Attackers compromise a major brand's Web site. But instead of stealing customer records, the attacker installs malware that infects the computers of thousands of visitors to the site. The issue goes unnoticed until it's exposed publicly...

The United States and Egypt have charged 100 people with illegally obtaining personal bank account information from Bank of America Corp. and Wells Fargo & Co. customers and stealing money from their accounts. The operation, dubbed Phish Phry, was the biggest US cybercrime investigation to date...

The 2010 Census is nearly under way, but don't expect an e-mail from the U.S. Census Bureau asking you personal questions in its head count of America. If you do get one, it's a scam...

77 percent of Web sites with malicious code are legitimate sites that have been compromised - a 233 percent growth in the number of malicious sites in the last six months and a 671 percent growth during the last year, including several recent examples of high-profile Web sites being compromised [including the New York Times and PBS.org]...

There may be a new type of Trojan Horse attack to worry about. The FBI is trying to figure out who is sending laptop computers to state governors across the U.S. - laptops that may contain malicious software...

The latest version of Koobface, a worm that spreads on Facebook, Twitter and other Web 2.0 sites, turns infected systems into bots that can be used for a variety of improper and possibly criminal purposes. Researchers from the University of Alabama at Birmingham have found a link being posted on Facebook.com that redirects anyone who clicks it to a constantly refreshed list of 100 infected Web pages...

A ferocious piece of malware that's infected up to a million PCs is stealing a "tremendous" amount of financial information from consumers and businesses that log on to their bank, stock broker, credit card, insurance, job hunting and favorite e-shopping sites...

As smartphones become more popular, they're going to get some unwanted attention from criminals...

Why spend millions of dollars campaigning when you can hack an election for less than 100 grand? That's a question raised by university researchers...

Fraudsters are taking advantage of the widely used but obscure Automated Clearing House (ACH) Network in order to pull off their attacks. The criminals knew what they were doing when they hit the Western Beaver County School District in December, siphoning $704,610.35 out of two of the school district's bank accounts...

Hackers broke into more than a dozen Web sites for members of the U.S. House of Representatives in the past week, replacing portions of their home pages with digital graffiti, according House officials...

Cyber criminals based in Ukraine stole $415,000 from the coffers of Bullitt County, Kentucky this week. The thieves were aided by more than two dozen co-conspirators in the USA, as well as a strain of malicious software capable of defeating online security measures put in place by many banks...

Manchester (UK) City Council was prevented from issuing hundreds of motoring penalty notices in time after the infamous Conficker worm knocked out parts of its IT systems. The total cost of the infection exceeded £1.5m ($2.5m) and has resulted in a ban on USB memory sticks in Council computers...

A project entitled the Month of Twitter Bugs is scheduled to begin on July 1, 2009. The project will reportedly focus on ways to utilize Twitter to distribute malicious code.

An ATM vendor has succeeded in getting a security talk pulled from an upcoming conference after a researcher announced he would demonstrate a vulnerability in the system...

Members of online social networks may be more vulnerable to financial loss, identity theft, and malware infection than they realize. Users of Facebook, LinkedIn, Twitter leave themselves -- and their wallets -- open to attack...

Why does spam continue to grow? Because there's still a lot of money in it. Spam campaigns have become appallingly cheap to launch - for about $10, you can send a million emails...

For IT security researchers, anything that is connected to a network is a potential target for research -- even the lowly parking meter...

Attacks on computer systems will be an integral element of future conflict, and the United States is more dependent on computer networks than any other nation...