SecurityWeek

A Ukrainian national has pleaded guilty to charges of hacking into databases holding unpublished company press releases to gain insider information that led to $30 million in illicit gains, officials said.

Nobody likes to admit to a breach - but when the breach involves ransomware it cannot be denied for long. Visitors cannot access public-facing systems and they they start to ask questions. This is what happened at DeKalb Health, an Auburn, Indiana-based hospital.

Starting on June 16, 2016, the old SSLv3 and RC4 security protocols will no longer be supported on Google’s SMTP servers and on Gmail’s web servers.

Updates released on Monday by Apple for OS X, iOS, iTunes, Safari, tvOS and watchOS patch tens of vulnerabilities discovered by external researchers and the company’s own security team.

Symantec has updated its Antivirus Engine (AVE) to address a critical memory corruption vulnerability discovered by Google Project Zero researcher Tavis Ormandy.

The full cache of secret documents from former US intelligence contractor Edward Snowden is being opened to journalists and organizations willing to work with the news organization holding the archive.

FireEye has shared some technical details on the Flash Player zero-day that was patched last week by Adobe and revealed that attackers have been exploiting the vulnerability via specially crafted Microsoft Office documents.

Hanoi-based Tien Phong Bank (TPBank) released a statement late on Sunday saying that it had interrupted the attempted theft of approximately $1.1 million via fraudulent SWIFT messages. It would appear that the statement was in response to inquiries from Reuters, following clues in BAE System's Cyber Heist Attribution report published late last week.

Petya, a piece of malware observed in late March to encrypt the entire hard drive o infected computers, has received an update and is now dropping a second ransomware, researchers warn.

A clickfraud botnet that has ensnared a large number of devices around the world hijacks search results to help cybercriminals make a profit through Google’s AdSense program.

Google is planning to block Adobe Flash and implement an 'HTML5 by Default' policy on Chrome by the end of 2016. The intention is to use HTML5 automatically, and force users to explicitly accept the use of Flash only where there is no other choice.

GCHQ, Britain's secret eavesdropping agency, joined Twitter on Monday, emerging from the shadows with a simple message of "Hello, world." The cyber-intelligence listening post became the first of the country's spy agencies to join the online social networking service.

Over the weekend, Apple removed from the App Store “System and Security Info,” a newly published utility designed to provide users with information on the security of their devices.

Researchers at endpoint security firm Cybereason have identified several new domain generation algorithm (DGA) variants currently used by malware and exploit kits.

The popular hacker forum Nulled.io has been breached and its members’ details have been made public, Risk Based Security reported last week.Nulled.io is a forum where roughly 500,000 users have discussed leaks, monetization methods, cracks, and coding. The website is also a place where people buy and sell services, products and compromised credentials.

The attacks against the global banking system via SWIFT, which appear to be via a state-sponsored group, poses an important question: is such an act actually an act of cyberwar?

Generally speaking, cyber security’s focus has been on detect-and-respond approaches. In the 2016 DBIR published by Verizon, the reported time for adversaries to get in and out of your network is measured in minutes (or seconds), whereas the time to even identify that you’ve been compromised is measured in days.

Meteocontrol, a Germany-based company that specializes in solar performance monitoring solutions, has released an update for one of its data logging products to address several remotely exploitable vulnerabilities.

An Android banking Trojan discovered two years ago has become a global threat in the past months, after being updated with new ransomware capabilities, Doctor Web security researchers warn.

The Electronic Frontier Foundation (EFF) on Thursday announced Certbot, a Let's Encrypt client designed to help websites encrypt their traffic.