Businesses were hit hardest by inbox-based scams in 2015 that robbed U.S. companies of $263 million. The numbers come from the FBI’s recently released 2015 Internet Crime Report that tallies the types of cybercrimes hitting U.S. business and individuals the hardest. According to the FBI, its Internet Crime Complaint Center (IC3) received 288,012 complaints last...

The FBI’s refusal to share details about a network investigative technique it used to gather evidence against a Vancouver teacher charged with possession of child pornography has forced a federal judge’s hand to exclude the evidence from trial. The NIT used by the FBI to hack the Playpen website is believed to have de-anonymized users...

Security researcher Mariusz Mlynski is having a good month. Having cashed in earlier in May to the tune of $15,500, Mlynski pocketed another $30,000 courtesy of Google’s bug bounty program after four high-severity vulnerabilities were patched in the Chrome browser, each worth $7,500 to the white-hat hacker. On Thursday afternoon, Google pushed out Chrome version...

With the scourge of digital credential theft on the rise Microsoft is urging IT admin to button-up their networks and get serious about passwords and account security. The IT behemoth posted on Tuesday a best practices cheat sheet for administrators along with updating customers on some of the company’s latest security tools for keeping accounts...

Embedded device servers made by Moxa remain vulnerable to a trio of vulnerabilities disclosed today in an advisory published by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and a blog post by researcher Karn Ganeshen. Moxa, which is based in Taiwan, will publish a beta patch firmware before the end of the month,...

Palo Alto Networks is reporting a shift in malware tactics used by the APT group Wekby that has added a rare but effective new tool to its bag of tricks. The security firm reported on Tuesday that over the past week, Wekby attackers are turning to the technique known as DNS tunneling in lieu of...

A Microsoft Office vulnerability patched six months ago continues to be a valuable tool for APT gangs operating primarily in Southeast Asia and the Far East. Researchers at Kaspersky Lab today published a report describing how attackers continue to flourish exploiting CVE-2015-2545, a remote code execution vulnerability where an attacker crafts an EPS image file...

The obvious takeaway from last week’s LinkedIn data breach revelation where we learned hackers were selling 117 million LinkedIn usernames, email addresses and passwords from a 2012 breach is, change your passwords-and often. The not so obvious takeaways come from noted security expert Troy Hunt, creator of the cyber-breach service Have I Been Pwned? and...

A two-year-old EITest malware campaign is still going strong, fueled by the fact it has shifted its distribution technique over time. Now, researchers at the SANS Institute’s Internet Storm Center, are reporting EITest is morphing again based on analysis of the malware campaign conducted earlier this month. According to researcher Brad Duncan, the EITest malware...

Exploits for the most recent Adobe Flash Player zero-day vulnerability have been integrated into the Neutrino and Magnitude exploit kits, and are leading compromised computers to different ransomware strains and a credential-stealing Trojan. A French researcher who goes by the handle Kafeine told Threatpost that Neutrino has embedded a working exploit for CVE-2016-4117 while Magnitude...