(9/23/2014) Google shut down malicious Web attacks coming from a compromised advertising network on Friday. The move follows a security firm's analysis that found the ad platform, Zedo, serving up advertisements that attempted to infect the computers of visitors to major websites.
(9/23/2014) The discussion on cybersecurity has shifted as CIOs and CTOs come to the realization that no system is immune to attacks and breaches. The conversation is now about “cyber resiliency.”
(9/22/2014) Two online advertising networks, Google’s DoubleClick and Zedo, have been delivering malicious advertisements that could install malware on a person’s computer, according to the security vendor Malwarebytes.
(9/22/2014) The malicious software that unknown thieves used to steal credit and debit card numbers in the data breach at Home Depot this year was installed mainly on payment systems in the self-checkout lanes at retail stores, according to sources close to the investigation. The finding could mean thieves stole far fewer cards during the almost five-month breach than they might have otherwise.
(9/22/2014) A reminder to iPhone owners cheering Apple’s latest privacy win: Just because Apple will no longer help police to turn your smartphone inside out doesn’t mean it can prevent the cops from vivisecting the device on their own.
(9/16/2014) Hackers purportedly representing Anonymous hit Boston Children's Hospital with phishing and DDoS attacks this spring. The hospital fought back with vigilance, internal transparency and some old-fashioned sneakernet. That – and a little bit of luck – kept patient data safe.
(9/15/2014) Comcast is giving users a very good reason to demand an HTTPS connection on every site they visit. The Internet service provider has started injecting ads for its services on websites where you wouldn't normally see them when you're using an Xfinity public Wi-Fi hotspot.
(9/15/2014) After Gmail usernames and passwords for nearly five million accounts were leaked online, Google quickly moved to calm user concerns and confirmed that the majority of the credentials wouldn't be very useful to those aiming to hijack accounts with the information.
(9/5/2014) Did Apple have a system-wide data breach? No. Was it complicit through an appalling security lapse by not defending against brute force attacks? You're darn tootin'!
(9/5/2014) In a letter to customers dated Tuesday, Jim Gibbons, president and CEO of Goodwill Industries International (GII), announced that payment card data was accessed following a malware attack on a third-party vendor used in about 10 percent of stores.
(9/5/2014) Multiple banks say they are seeing evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards that went on sale this morning in the cybercrime underground.
(9/3/2014) Users of the Mozilla Developer Network and Bugzilla testing system are advised to update their passwords after a pair of data disclosures were reported in August.
(9/3/2014) Summary: Apple has patched an exploit with its Find My iPhone online service that may have been used by hackers to gain access to personal photos stored on iCloud accounts belonging to some 100 celebrities.
(9/2/2014) Investigation into attack on JPMorgan Chase may have expanded to seven of the world's top banks, amid a report that hackers altered records.
(8/22/2014) More than 50 of The UPS Store's U.S. locations were found to have malware on their computer systems, and in some cases, it's been present since mid-January.
(8/19/2014) Microsoft on Friday quietly recommended that customers uninstall one of last week's security updates after users reported that it crippled their computers with the infamous "Blue Screen of Death" (BSOD).
(8/19/2014) Publicly traded healthcare organization's stock goes up as breach notifications go out.
(8/19/2014) Escaping identity thieves is hard enough. Don't make it any easier on them.
(8/15/2014) On Patch Tuesday, Microsoft shipped nine fixes for 37 bugs in its software, bringing a cumulative update for Internet Explorer and addressing security issues in Windows, Office, SharePoint Server, SQL Server software, and the .NET Framework.
(8/15/2014) Adobe Systems has released security patches for its Flash Player, Reader and Acrobat products, addressing a total of eight vulnerabilities, including one that is being exploited by attackers.
(8/12/2014) Until today, Microsoft Windows users who’ve been unfortunate enough to have the personal files on their computer encrypted and held for ransom by a nasty strain of malware called CryptoLocker have been faced with a tough choice: Pay cybercrooks a ransom of a few hundred to several thousand dollars to unlock the files, or kiss those files goodbye forever. That changed this morning, when two security firms teamed up to launch a free new online service that can help victims unlock and recover files scrambled by the malware.
(8/12/2014) An update to IE 8 through IE 11 next week will introduce a new warning when users try to run an outmoded Java ActiveX control
(8/12/2014) Hundreds of thousands of websites running a popular WordPress plugin are at risk of hacks that give attackers full administrative control, a security firm warned Thursday.
(8/6/2014) Sources at a growing number of financial institutions in the United States say they are tracking a pattern of fraud that indicates nationwide sandwich chain Jimmy John’s may be the latest retailer dealing with a breach involving customer credit card data. The company says it is working with authorities on an investigation.
(8/6/2014) P.F. Chang's named on Monday 33 specific restaurants where customer data might have been compromised after news last month that thousands of credit and debit cards might have been hacked at the chain.
(8/6/2014) A critical vulnerability in all recent versions of Samba could put users on the receiving end of attacks that allow hackers on the same local network to run programs with nearly unfettered administrative privileges.
(8/6/2014) According to researchers at Trend Micro, a threat dubbed “TROJ.POWELIKS.A.” can open users to additional malware downloads and steal system data, like universally unique identifiers (UUIDs), to deliver the information to attackers.
(7/30/2014) All mobile devices running Android version 2.1 to 4.3 contain a vulnerability – dubbed “Fake ID” – that enables the identity of trusted applications to be copied; consequently opening the doors to a whole list of malicious things, including, in some cases, taking control over the device.
(7/28/2014) As many as 50,000 websites have been remotely commandeered by attackers exploiting a recently patched vulnerability in a popular plugin for the WordPress content management system, security researchers said Wednesday.
(7/22/2014) A quarterly report revealing the “most exposed” programs on users' systems, found that old vulnerabilities in Microsoft XML Core Services continued to plague users.
(7/22/2014) HP researcher's findings highlight ongoing problems with POS software and hardware
(7/22/2014) More than three months after the disclosure of the catastrophic Heartbleed vulnerability in the OpenSSL library, critical industrial control systems sold by Siemens remain susceptible to hijacking or crashes that can be triggered by the bug, federal officials have warned.
(7/21/2014) Cybercriminals don't just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft.
(7/16/2014) The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests.
(7/16/2014) In a study, most IT execs at critical infrastructure companies revealed that their organization was compromised in the last year, but only 28 percent of them said that security was a top priority across their enterprise.
(7/11/2014) Facebook has teamed with law enforcement to disrupt malicious operations linked to "Lecpetex," a cryptocurrency-mining botnet composed of up to 250,000 infected computers worldwide.
(7/11/2014) Microsoft has issued an emergency update for most supported versions of Windows to prevent attacks that abuse recently issued digital certificates impersonating Google and Yahoo.
(7/3/2014) A new remote access tool has emerged for the Android platform, combining three of the most popular utilities performed by malware on Google’s mobile operating system: data leakage, banking credential theft, and – of course – remote access.
(7/2/2014) The United States continued to host the majority of phishing websites in the first quarter of 2014, but did not even crack the top 36 when it came to global computer infection rates, according to research from the Anti-Phishing Working Group (APWG).
(7/2/2014) The new Selfmite Android malware spreads by sending text messages with a malicious link to the device owner's contacts
(7/2/2014) Spam emails making the rounds in Germany are delivering banking malware identified as EMOTET, a financial threat that is beginning to make its way over to the U.S., according to researchers from Trend Micro.
(6/27/2014) Governments are increasingly using spyware for mobile devices to monitor targets, raising questions over the possible misuse of such tools, a new study suggests.
(6/27/2014) A zero-day remote code execution (RCE) vulnerability has been discovered in the “WebShot” feature of TimThumb, an image resizing utility commonly used on blogging platform WordPress, according to security company Sucuri.
(6/24/2014) Two months after the infamous bug was discovered, more than half of vulnerable servers remain unpatched.
(6/20/2014) A malware app called “Google Play Stoy,” which intercepts banking credentials, certificates and text messages from Android devices, has been removed from the Google Play Store, according to a Wednesday blog post from FireEye, which worked with Google to remove it.
(6/18/2014) Microsoft has quietly stopped serving security updates to Internet Explorer 11 (IE11) on consumer and small business Windows 7 PCs unless the customer has successfully applied an April update for the browser.
(6/16/2014) Target has hired a chief information security officer (CISO), a move that's noteworthy mainly because it is the first time the company has ever had anyone in this role, even though it is one of the largest retailers in the U.S.
(6/16/2014) Nationwide chain P.F. Chang’s China Bistro said today that it is investigating claims of a data breach involving credit and debit card data reportedly stolen from restaurant locations nationwide.
(6/16/2014) A mobile trojan called “Svpeng,” has now been updated to extort Android users in the U.S., researchers warn
(6/11/2014) Security researchers have documented another first in the annals of Android malware: a trojan that encrypts photos, videos, and documents stored on a device and demands a ransom for them to be restored.
(6/11/2014) Attackers may have infected nearly 350,000 systems with ransomware and earned more than $70,000 in Bitcoins as part of an ongoing Dropbox phishing scheme, according to researchers with PhishMe.
(6/9/2014) ESET researchers have shed some light on what could be the first file-encrypting ransomware for Android devices – and it just so happens to have a command-and-control hosted on Tor, as well.
(5/28/2014) Reports of iPhones and iPads being digitally locked up and held for up to a $100 ransom have been coming in from Apple users in Australia, as well as in other parts of the world.
(5/27/2014) Attorneys general in three states in the US are looking into the hack, and an official in the UK is considering a formal probe.
(5/23/2014) eBay officials are taking flak for burying news of the password reset issued in response to a hack on the company's corporate network that exposed sensitive data for millions of users.
(5/21/2014) NEW YORK (AP) — E-commerce site eBay is asking users to change their password after a cyberattack compromised a database containing encrypted passwords.
(5/13/2014) Heartbleed has forced many to revoke and reissue TLS/SSL certificates, but more than seven percent have been reissued with the same keys.
(5/13/2014) Ransomware, such as the now-infamous CryptoLocker, has been successfully compromising computers and laptops for years, so it comes as no surprise that the pesky malware is now making its way to mobile devices running the Android operating system.
(5/13/2014) New York Presbyterian and Columbia University Medical Center settle with HHS to end probe into 2010 patient data leak
(5/13/2014) Microsoft has released their advance notification for the May 2014 Patch Tuesday updates. There will be a total of eight updates issued next Tuesday, May 13, two of them rated critical.
(5/5/2014) Cybercriminals stole debit card information from customers of dozens of financial institutions in a phishing campaign that combined rogue text messages and with VoIP calls.
(5/5/2014) Mozilla rolled out Firefox 29 on Tuesday, a huge overhaul that addresses 15 security vulnerabilities, six of which are deemed critical, meaning the bug could be used to run attack code and install software with no user interaction aside from normal browsing.
(5/5/2014) Microsoft has patched a critical Internet Explorer flaw being leveraged in zero-day attacks – and those running no-longer-supported Windows XP will also benefit from the unscheduled update.
(5/5/2014) Target slates rollout of chip and pin for its payment cards for next year
(4/29/2014) The U.S. government's top cyber-security agency is telling Internet Explorer (IE) users they should consider running a different browser until Microsoft fixes a critical vulnerability.
(4/29/2014) The FBI has sent a private industry notification (PIN) to health care providers warning them that the security systems they have in place are behind those of other sectors, making them prime targets for cyber attacks.
(4/28/2014) Researchers scouring the official Google Play market have unearthed more Android apps that surreptitiously abuse end-user devices to carry out the computationally intensive process of mining Bitcoins.
(4/28/2014) The "Heartbleed" bug in a widely used software system rocked the Internet earlier this month, and major tech companies are teaming up to try to avoid a repeat.
(4/22/2014) Attackers were able to breach a walled-off virtual private network by exploiting the Heartbleed vulnerability, security company Mandiant said on Friday.
(4/22/2014) Health care participants in an industry wide attack exercise expressed concerns about effectively communicating threat intelligence within their organization.
(4/18/2014) Computerworld - Just days before Microsoft retired Windows XP from public support, the company drastically reduced the price of custom support agreements that give large companies and government agencies another year of XP patches, experts reported today.
(4/18/2014) On Tuesday, Stephen Solis-Reyes, a 19-year-old man that authorities believe leveraged the now infamous bug to steal sensitive information from the Canada Revenue Agency, was arrested by the Royal Canadian Mounted Police (RCMP), without incident, at his home in London, Ontario, according to a Wednesday RCMP release.
(4/15/2014) Canada's tax-collection agency on Monday said the private information of about 900 people had been compromised as hackers exploited the "Heartbleed" bug, and security experts warned that more attacks are likely to follow.
(4/15/2014) A Bloomberg report says the agency knew about the Heartbleed security flaw that's sent sites like Google scrambling to patch their systems -- but it kept it secret and used it to spy. The agency, however, says that's not so.
(4/15/2014) "Trivial" coding error in open source project wasn't intentional, report says.
(4/14/2014) The Web infrastructure company's patch was supposed to have handled the problem. Turns out it protects only three of six critical encryption values.
(4/14/2014) A flaw in the most popular web encryption system could leave people vulnerable to data theft according to security researchers.
(4/10/2014) We compiled a list of the top 100 sites across the Web, and checked to see if the Heartbleed bug was patched.
(4/10/2014) LastPass has released a new tool to show you which of your supposedly secure online accounts are at risk of being compromised, as the Heartbleed fallout continues with numerous major sites admitting to being hit by the devastating bug.
(4/9/2014) A new security bug means that people all across the Web are vulnerable to having their passwords and other sensitive data stolen. Here's what consumers can do to protect themselves.
(4/4/2014) Computerworld - Microsoft today said it will ship four security updates to customers next week that will include the final public fixes for flaws in Windows XP and Office 2003, both slated for retirement from security support on Tuesday.
(4/1/2014) Fortunately, the simultaneous blizzard and cyberattack were not real. They were created by the organizers of a collegiate competition held at the Johns Hopkins University Applied Physics Laboratory last week intended to test the wits and reflexes of what they hope will be the next generation of government and corporate cybersecurity professionals.
(3/27/2014) The University of Maryland, College Park suffered a second cyberattack on the heels of the recent theft of personal data for hundreds of thousands of students, staff and alumni, university officials announced Thursday.
(3/19/2014) Nationwide cosmetics and beauty retailer Sally Beauty today confirmed that hackers had broken into its networks and stolen credit card data from stores.
(3/14/2014) Developers working on Replicant, an open-source OS based on Android, claim to find a flaw that provides access "to read, write, and delete files" stored on some Samsung devices.
(3/12/2014) As many as 1,300 current and former Johns Hopkins University biomedical engineering students' personal information was posted online by an attacker claiming to be affiliated with hacktivist collective Anonymous.
(3/12/2014) A new remote access tool (RAT) that trojanizes Android apps made its way into Google's official app store.
(3/12/2014) (CNN) -- Apple released its latest mobile operating system update on Monday, iOS 7.1. The major upgrade packs in an assortment of bug fixes, improvements, new features and some subtle changes to the overall interface.
(3/7/2014) Samsung spokeswoman Jessica Baker said in an email that "if there is a fake Netflix app on the devices, it is something that was not preloaded by Samsung or U.S. carrier partners." Netflix spokesman Joris Evers said the company did not have a comment.
(3/7/2014) Jam and jelly maker Smucker’s last week shuttered its online store, notifying visitors that the site was being retooled because of a security breach that jeopardized customers’ credit card data.
(3/4/2014) Reacting to criticism from customers that upgrading from Windows XP was "impossible," Microsoft today announced it would give away a limited migration tool to help people move to a newer operating system.
(2/27/2014) University warns students and recent grads of possible data exposure
(2/27/2014) Malicious apps contained in the Google Play store have grown 388 percent between 2011 and 2013, according to a report from RiskIQ, an Internet security services company.
(2/21/2014) The widespread security breach reportedly compromised 40 million credit and debit cards, which are costing banks a pretty penny to reissue.
(2/21/2014) Microsoft on Wednesday issued a stopgap defense that protects Internet Explorer 9 (IE9) and IE10 against ongoing attacks until the company issues a patch, probably in three weeks.
(2/21/2014) For the second time this month, Adobe has addressed a zero-day vulnerability in its popular Flash Player.
(2/20/2014) More than 300,000 personal records for faculty, staff and students who have received identification cards at the University of Maryland were compromised in a computer security breach this week, school officials said.
(2/18/2014) Self-replicating worm program infects Linksys routers by exploiting an authentication bypass vulnerability
(2/17/2014) FireEye uncovers attacks emanating from a U.S. website just two days after Microsoft issued huge IE patch collection
(2/17/2014) Adobe and Microsoft today each issued patches to fix critical security flaws in their software.
(1/31/2014) Target said Wednesday that the hackers who attacked the company employed access credentials that were hardcoded into a product used by the retailer.
(1/31/2014) Yahoo suspects usernames and passwords were stolen from an unidentified third-party database
(1/29/2014) Kim Komando from The Kim Komando Show talks about this online threat, a watering hole attack is where hackers slip malicious code into a legitimate site.
(1/29/2014) Due to a theft of unencrypted laptops at Coca-Cola, around 74,000 current and former employees at the company may be at risk of identity theft or fraud.
(1/29/2014) Multiple sources in the banking industry say they are tracking a pattern of fraud on cards that were all recently used at Michaels Stores Inc., an Irving, Texas-based arts-and-crafts retailer that maintains more than 1,250 stores across the United States.
(1/29/2014) Computerworld - Microsoft will be able to silently reach into Windows XP PCs for more than a year after it stops patching the aged OS to clean malware-infected machines, sources close to the company confirmed Friday.
(1/28/2014) NCSA is teaming up with Facebook to broadcast the Data Privacy Day Kick Off event live online for the world to watch. The live stream will be made available via NCSA’s Data Privacy Day Facebook page this morning starting at 11:20 a.m. ET.
(1/24/2014) Researchers have discovered a new Android malware family that disguises itself as a security app, and intercepts the incoming texts and calls of victims.
(1/22/2014) Now Reuters is reporting that cyberintelligence firm IntelCrawler has unearthed evidence pointing toward at least six ongoing schemes at U.S. merchants with credit card processing systems plagued by the same type of malicious software
(1/22/2014) Changes in Google Chrome extension ownership can expose thousands of users to aggressive advertising and possibly other threats, two extension developers have recently discovered.
(1/8/2014) This January, the National Cyber Security Alliance is partnering with Reputation.com and the Rape, Abuse & Incest National Network (RAINN) to empower survivors of domestic violence and sexual assault by offering tools and resources that will help survivors gain control of their digital footprint and protect their personal information.
(1/7/2014) Security researchers have uncovered evidence of a new piece of malware that may be able to take gigabytes' worth of data hostage unless end users pay a ransom.
(1/7/2014) A manufacturer of broadband and wireless networking equipment may be the link that ties together a number of Wi-Fi routers that contain backdoors, some of which are vulnerable to remote attacks, according to a researcher.
(12/27/2013) An Israeli security team says a vulnerability in Samsung's Knox security platform enables malicious software to track e-mails and record data communications.
(12/20/2013) The breach, which was first reported by security journalist Brian Krebs on Wednesday, continued through December 15 and may have affected all locations nationwide. Customers who shopped through Target’s online storefront are not believed to have been affected.
(12/19/2013) Target said Thursday that the credit and debit card information of as many as 40 million customers was compromised over three weeks of the holiday shopping season — one of the largest breaches ever of American consumer data.
(12/17/2013) Horizon Blue Cross Blue Shield of New Jersey (BCBSNJ) began sending notification letters to more than 800,000 members on Dec. 6, alerting them that their personal information may have been compromised after two unencrypted laptops were stolen from the insurance provider's Newark headquarters about one month prior.
(11/27/2013) Twitter is the latest to implement "forward secrecy," a cryptographic technique that should stymie even the NSA.
(11/18/2013) Security updates for Flash Player addressed two critical vulnerabilities that could cause the software to crash and potentially allow a saboteur to take control of an exploited system, Adobe revealed in a bulletin.
(11/18/2013) Microsoft today issued security updates to fix at least 19 vulnerabilities in its software, including a zero-day flaw in Internet Explorer browser that is already being actively exploited.
(11/7/2013) Comments One federal agency is replacing workforce security awareness tutorials with real world hack attempts to test employee reflexes.
(11/5/2013) Computerworld - Google on Thursday expanded malware blocking in an early development build of Chrome to sniff out a wider range of threats than the browser already recognizes.
(11/1/2013) The recent data breach at Adobe that exposed user account information and prompted a flurry of password reset emails impacted at least 38 million users, the company now says.
(11/1/2013) Microsoft yesterday again put the scare into Windows XP users, telling them that after April 8, 2014, the chance that malware will infect their PCs could jump by two-thirds.
(10/29/2013) A malicious software program found in ATMs in Mexico has been improved and translated into English, which suggests it may be used elsewhere, according to security vendor Symantec.
(10/21/2013) Windows 8.1’s new device encryption treats your x86-based Windows tablet or laptop more like an ARM-based tablet or smartphone. Rather than requiring a user or system administrator to enable it, your device’s boot partition comes encrypted out of the box
(10/15/2013) A backdoor found in firmware used in several D-Link routers could allow an attacker to change a device's settings, a serious security problem that could be used for surveillance.
(10/15/2013) Beginning Jan. 8, Yahoo will enable encryption by default for users logging into its Web-based mail service, the company has told The Washington Post.
(10/14/2013) While much has been said of the A7 chip in the new iPhone 5S — arguably the “world’s first consumer ARM-based [system-on-a-chip]” — its associated new M7 coprocessor was surprisingly under-hyped, by both industry media and Apple
(10/14/2013) Just this past weekend, for instance, department store chain Nordstrom said it found a half-dozen of these skimmers affixed to registers at a store in Florida.
(10/14/2013) Adobe has released security updates for its popular Reader and Acrobat products for Windows users.
(10/4/2013) Adobe Systems Inc. is expected to announce today that hackers broke into its network and stole source code for an as-yet undetermined number of software titles, including its ColdFusion Web application platform, and possibly its Acrobat family of products
(10/4/2013) LinkedIn has closed the door on four cross-site scripting (XSS) vulnerabilities, which could have been used to ultimately steal credentials from users.
(10/1/2013) Have you noticed the Google URL in your browser's address bar now has an HTTPS in front? That is because the internet and technology services giant announced earlier this week that every search will now go over secure sockets layer (SSL), something its account members – those with Google accounts – have been benefiting from since 2011.
(9/30/2013) If you appear to pirate on an AT&T connection, your service may be terminated.
(9/30/2013) Oracle added a feature in Java that lets companies control what specific Java applets are allowed to run on their endpoint computers, which could help them better manage Java security risks.
(9/6/2013) Microsoft today said it will ship 14 security updates next week to patch critical vulnerabilities in Internet Explorer (IE), Windows, Office and SharePoint, its enterprise collaboration platform.
(8/30/2013) McAfee announced today that it has sponsored a report with IHL Group, a global research and advisory firm specializing in technologies for the retail and hospitality industries, to assess retailer security and the approaches used to safeguard retailer transactional systems.
(8/30/2013) Facebook received more than 25,000 requests from governments about its users during the first half of 2013, with nearly half of those requests coming from U.S. law enforcement and related agencies, the company said.
(8/30/2013) "Media is going down..." That's what the Syrian Electronic Army (SEA) tweeted Tuesday, as the pro-Assad hacker collective announced domains belonging to The New York Times, Huffington Post U.K., and Twitter were compromised.
(8/23/2013) The Food and Drug Administration (FDA) has issued new guidance on the radio frequencies of wireless medical devices, including recommendations for authentication and encryption measures to ensure the security of the device and the safety of the patient.
(8/23/2013) Google on Tuesday shipped Chrome 29, patching 25 vulnerabilities and rolling out under-the-hood changes the company said would offer more relevant suggestions when users typed in URLs or search strings.
(8/23/2013) The insurer for Midwestern supermarket chain Schnucks, whose systems were hacked last winter to steal 2.4 million credit card numbers, is claiming in court that the grocer's policy doesn't cover the cost of lawsuits arising from the breach.
(8/16/2013) Microsoft has issued security updates to fix at least 23 distinct vulnerabilities in its Windows operating systems and other software.
(8/16/2013) The Washington Post acknowledged today that a sophisticated phishing attack against its newsroom reporters led to the hacking of its Web site, which was seeded with code that redirected readers to the Web site of the Syrian Electronic Army hacker group.
(8/13/2013) Not long after the Windows-targeting banking trojan KINS hit the market, saboteurs have introduced new financial malware capable of infecting Linux users.
(8/8/2013) Researchers have unearthed another malicious app exploiting a critical vulnerability in Google's Android OS that allows attackers to inject malicious code into legitimate programs without invalidating their digital signature.
(7/31/2013) More than 1,200 apps published to the official Google Play app store in the past seven months have been designed by "one-click fraud" scammers. But a new variation on that scam now involves many more clicks than just one.
(7/31/2013) Gas pump skimmers are getting craftier. A new scam out of Oklahoma that netted thieves $400,000 before they were caught is a reminder of why it’s usually best to pay with credit versus debit cards when filling up the tank.
(7/31/2013) Three White House staffers have had their personal Gmail accounts breached in what appears to be a malicious operation directed at the team responsible for the Obama administration's social media outreach, according to individuals familiar with the incident.
(7/26/2013) The recent attack against Apple's Web site for developers has prompted a flood of phishing e-mails asking people to change their passwords.
(7/26/2013) Five men from Russia and Ukraine have been indicted in New Jersey for charges they conspired with each other in a worldwide hacking scheme targeting major corporate networks that compromised more than 160 credit card numbers, the U.S. Department of Justice announced.
(7/16/2013) A new version of a file-infecting malware program that's being distributed through drive-by download attacks is also capable of stealing FTP (File Transfer Protocol) credentials, according to security researchers from antivirus firm Trend Micro.
(7/16/2013) After being ordered to pay $100,000 to the state of Indiana after a major breach of customer data, an Indianapolis-based health insurer faces another costly payout – a $1.7 million settlement with the U.S. Department of Health and Human Services (HHS).
(7/10/2013) Patch Tuesday will feature seven security bulletins, including six with the highest severity rating of "critical."
(7/5/2013) About a month ago, Atlantic Media Chief Technology Officer Tom Cochran blasted out a faux phishing email to all 450 email addresses in the company directory. The results, he said, should be something of a wake-up call.
(6/25/2013) Google is trying to better protect the users of its Chrome Web Store from malicious browser apps and extensions. As is already the case in the Google Play Android apps store, content uploaded to the Chrome Web Store will now also be automatically scanned for malware.
(6/25/2013) NSA, FBI, DOJ officials tell Congress secret programs are vital to U.S. security; outline ways to keep sysadmins from leaking classified data
(6/21/2013) LinkedIn's domain name was temporarily redirected to a third-party server Thursday, which resulted in a service outage and potentially put user accounts at risk of compromise.
(6/21/2013) Federal authorities said today that, since June 2010, they have seized more than 1,700 domains that allegedly breached intellectual property rights.
(6/21/2013) The United States and Russia have signed a landmark agreement to reduce the risk of conflict in cyberspace through real-time communications about incidents of national security concern.
(6/18/2013) BlackBerry has released an advisory that describes a critical privilege/permissions vulnerability in BlackBerry 10 OS.
(6/11/2013) Researchers say they have discovered a sophisticated trojan that targets Android smartphones
(6/7/2013) It plans to patch 23 vulnerabilities, including 19 in a critical update for all versions of Internet Explorer
(6/7/2013) A botnet infrastructure believed responsible for stealing more than a half-billion dollars from individuals and organizations worldwide has been crippled, Microsoft announced Wednesday evening.
(6/3/2013) Months after a secret e-mail search controversy at Harvard College, Evelynn M. Hammonds announced on Tuesday that she will step down as dean on July 1, according to a statement posted online.
(6/3/2013) Drupal.org has reset account passwords after it found unauthorized access to information on its servers.
(5/29/2013) Google will update its certificate infrastructure and has, as a precaution, warned of potential problems.
(5/15/2013) Malicious browser extensions are trying to hijack Facebook profiles, according to a warning from Microsoft's Malware Protection Center.
(5/10/2013) 33 fixes will also include patches for the IE10 Pwn2Own vulnerabilities
(5/10/2013) A Denver-based domain name provider has suffered a breach where customers' personal data, including encrypted passwords and credit card information, was compromised.
(5/7/2013) At least 18 Alaskan students are accused of using a phishing scam to gain control over the computers at their middle school.
(4/30/2013) An update to the Google Play Store contains mostly minor tweaks except for one security fix: apps are no longer allowed to bypass the Play Store when updating.
(4/26/2013) Getting hacked on Twitter is fast becoming a rite of passage for big corporations, but Tuesday's attack on the Associated Press could be a tipping point and shows that social networks must do more to keep their users safe, security experts said.
(4/26/2013) Microsoft is now issuing a replacement patch for a fix that was shelved two weeks ago after customers reported problems resulting after they installed it.
(4/23/2013) Researchers have discovered a new family of malware that found its way into legitimate apps inside Google's official store thanks to a malicious advertising network.
(4/19/2013) Microsoft today announced that it is rolling out optional two-factor authentication to the 700 million or so Microsoft Account users, confirming last week's rumors.
(4/19/2013) Thirteen popular home and small office routers contain security problems that could allow a hacker to snoop or modify network traffic, according to new research.
(4/18/2013) Microsoft is urging users to who haven’t installed it yet to hold off on MS13-036, a security update that the company released earlier this week to fix a dangerous security bug in its Windows operating system.
(4/18/2013) The Schnucks supermarket chain struggled for two weeks to find the source of a breach after being alerted to a possible leak of credit card info by its card processing company. During that time, Schnucks apparently continued exposing the debit and credit card data of people who shopped at its stores.
(4/18/2013) Unidentified hackers are said to have have launched a large-scale attack against WordPress blogs and any hosts using weak passwords are urged to update them immediately.
(4/12/2013) System administrators and IT security pros can take bit of a breather: Microsoft issued a comparatively light set of patches for this edition of its monthly release of software vulnerability fixes.
(4/12/2013) A New Jersey hospital can now pursue a subpoena that would require an internet service provider (ISP) to hand over information potentially identifying at least one person accused of hacking into its email server.
(4/12/2013) A rash of breaches at companies that develop online videogames has resulted in digital certificates being stolen from the companies and used in attacks targeting other industries and political activists.
(4/12/2013) The United States' budget for the 2014 fiscal year will include increased spending on cybersecurity defenses.
(4/5/2013) Harvard University President Drew Faust has ordered a comprehensive review of the university's email privacy polices amid disclosures that a secret search of some deans' email accounts by administrators was broader than originally acknowledged.
(4/5/2013) This is an advance notification of security bulletins that Microsoft is intending to release on April 9, 2013.
(4/2/2013) A flaw in the widely used BIND DNS (Domain Name System) software can be exploited by remote attackers to crash DNS servers and affect the operation of other programs running on the same machines.
(3/29/2013) Security researchers have discovered what appears to be the first known sighting of in-the-wild Android malware that's been designed to conduct targeted attacks.
(3/26/2013) A former student of Cal State University in San Marcos, Calif., pleaded guilty to wire fraud, access device fraud and unauthorized use of a computer after being accused of stealing the identities and passwords of 745 students to rig campus elections.
(3/22/2013) A new Mac OS X Trojan is making the rounds, installing an adware plug-in that renders ads on Web pages to generate revenue for its author.
(3/22/2013) Several high-profile Xbox Live accounts for former and current Microsoft employees were compromised by attackers using social engineering techniques, the company said late Tuesday.
(3/12/2013) Apple has finally fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications.
(3/11/2013) Microsoft today announced it will deliver seven security updates next week, four of them rated "critical," to patch Internet Explorer (IE), Windows, Office, SharePoint Server and the Silverlight media software.
(3/11/2013) The Federal Trade Commission is cracking down on affiliate marketers that allegedly bombarded consumers with hundreds of millions of unwanted spam text messages in an effort to steer them towards deceptive websites falsely promising “free” gift cards.
(3/5/2013) Users of Apple's Safari browser will be blocked from using unpatched Adobe Flash software following a new security update.
(3/1/2013) A new cyber-espionage campaign dubbed MiniDuke used the recent Adobe Reader zero-day exploit
(3/1/2013) There is a silver lining to the rash of revelations about cyberintruders cracking into the networks of marquee U.S. corporations.
(2/27/2013) The website of the US television network NBC, NBC.com, has been hacked and the computers of visitors to it have been infected with malware.
(2/27/2013) The software giant said it was hit with a similar hack to that used against Facebook and Apple
(2/19/2013) Adobe on Saturday said it would release an emergency patch for two Reader zero-day vulnerabilities this week.
(2/19/2013) Facebook says it was recently hacked, though it says no data about its more than a billion users was compromised.
(2/19/2013) BlackBerry has published details of critical vulnerabilities in components of its BlackBerry Enterprise Server (BES). The holes allow attackers to execute arbitrary code on systems running BlackBerry Enterprise Server.
(2/19/2013) The Chinese military hacking group that has stolen huge amounts of data from U.S. organizations is one of some 20 active cyberspying groups engaging in comparable data theft and espionage.
(2/8/2013) Microsoft and Symantec worked with US and Spanish officials to take down the Bamital click-fraud botnet which has been operating since at least 2009 and was, at one point, made up of more than 1.8 million compromised systems.
(2/8/2013) There are millions of vulnerable Android phones in the hands of consumers today because wireless phone carriers and phone hardware makers refuse to transmit existing software security fixes to phones in a timely manner, according to a security researcher.
(2/4/2013) For the second time in a month, Apple has effectively blacklisted the current version of the Java Web plugin on OS X.
(2/4/2013) Cites security, stability reasons for move to turn on 'click-to-play' for all but the latest Flash
(1/28/2013) Some 57,000 patients seen at the Palo Alto, Calif.-based Lucile Packard Children's Hospital have been notified of a potential HIPAA-breach after an unencrypted company laptop containing patient medical information was stolen from a physician's car Jan. 9.
(1/28/2013) Printers that use popular print server software sold by Hewlett-Packard are vulnerable to attacks that can bypass built-in biometric defenses, recover previously printed documents and crash all vulnerable machines attached to a network.
(1/22/2013) Researchers have discovered two security holes in a popular mobile app used to track sports news and scores, leaving users vulnerable to having their data exposed.
(1/22/2013) The long-awaited HIPAA omnibus rule was posted by the Department of Health and Human Services (HHS) on the Federal Register public inspection desk yesterday.
(1/18/2013) Researchers have exploited critical vulnerabilities in two popular medical management platforms used in a host of services, including assisting surgeries and generating patient reports.
(1/18/2013) Seculert researchers identified a Java exploit and corresponding attack pages on Red October command and control servers
(1/18/2013) Less than 24 hours after Oracle patched a dangerous security hole in its Java software that was being used to seize control over Windows PCs, miscreants in the Underweb were already selling an exploit for a different and apparently still-unpatched zero-day vulnerability in Java, KrebsOnSecurity has learned.
(1/8/2013) A Hayden, Idaho-based hospice is the first health care organization to be fined for sustaining a breach that affected fewer than 500 individuals.
(1/4/2013) California and Illinois on Tuesday joined four others in becoming the union’s only states barring employers from demanding that employees fork over their social-media passwords.
(12/28/2012) Approximately 4,000 patients at the University of Michigan Health System (UMHS) have been notified this December that their personal health information has been compromised, UMHS officials announced.
(12/21/2012) FCC publishes 10-step plan for securing mobile devices and their data
(12/18/2012) Developer finds vulnerability in Exynos 4-powered devices, including the Galaxy S2 and Galaxy Note, that bypasses system permissions, letting data be extracted from RAM or malicious code be injected.
(12/12/2012) Identity theft is more rampant in health care than any other U.S. industry, according to the Ponemon Institute's third-annual report on patient privacy and data security.
(12/4/2012) The FBI is investigating a breach at Nationwide Insurance, where hackers recently accessed the sensitive information of about one million people, including policy and non-policy holders.
(12/4/2012) Antivirus vendors are warning customers of a spreading malware that can infect computers through a well-known bug in the Windows AutoRun software used to automatically launch programs on a DVD or USB device.
(12/3/2012) Google has updated the Stable, Beta and Developer Channels of the desktop version of its Chrome browser with a number of bug fixes and improvements.
(11/20/2012) Facebook has finally started using HTTPS by default, following a 2010 FTC demand and in the distant footsteps of Google, Twitter, and Hotmail.
(11/16/2012) Months after being notified of a vulnerability described as "child's play" to exploit, Skype has temporarily addressed the issue by disabling password resets.
(11/16/2012) Adobe pulls down the forum for its video conferencing service, Adobe Connect after a hacker breached its security and leaked information, including password hashes, on 150,000 users.
(11/13/2012) Microsoft is prepping six patches that will rectify 19 vulnerabilities in Windows, Internet Explorer, Office and the .NET Framework.
(11/13/2012) Many users are waiting a month or more to apply important security updates that can protect them from exploits and malware.
(11/6/2012) The social network corrects a flaw over the weekend that could potentially have put over a million accounts at risk of being accessed by unauthorized users.
(11/6/2012) Forcing secured connections protects the privacy and security of users and their data, Mozilla said
(11/2/2012) The Homeland Security Department has created a new fellowship program designed to attract recent college graduates into cybersecurity careers.
(10/29/2012) Payment terminals at 63 stores in eight states compromised; unknown number of customers affected
(10/25/2012) You can't go anywhere online without a password these days. You certainly can't play many games without one. The problem, though, is that most of us just aren't very password-creative. Hackers delight in posting usernames and passwords online when they raid a database. To prove the point -- and to help us all make better password decisions -- SplashData compiles an annual list of the most common (and therefore, the worst) passwords from those listings.
(10/12/2012) Confidential information of nearly 300,000 students, faculty, and employees is accessed in hack, education officials warn.
(10/12/2012) Mozilla re-released Firefox 16 today after pulling the browser from distribution Wednesday when one of its developers found a critical bug that could be used by attackers to hijack machines.
(10/10/2012) A malicious worm spreading through Skype instant messages threatens to take control of a victim's machine and hold its contents for ransom.
(10/10/2012) Adobe today issued a surprise update for Flash Player that patched 25 critical vulnerabilities in the ubiquitous media software.
(10/10/2012) Security researchers at RSA warned Thursday that a sophisticated plan is being hatched online to raid the bank accounts of customers at some 30 banks in the United States.
(10/8/2012) Google is issuing a warning similar to one it had sent in June to tens of thousands of Gmail users to inform them that their accounts may be targeted by hackers.
(10/8/2012) Single critical update will fix serious flaws in Office 2007, 2010 on Windows that hackers could use to hijack PCs
(10/8/2012) The agency puts a halt to six such tech support cons, part of a larger effort to stop phony tech support companies from scamming consumers.
(9/28/2012) Adobe takes action after finding malware signed with the Adobe certificates.
(9/26/2012) Microsoft has released an emergency update for Internet Explorer that fixes at least five vulnerabilities in the default Web browser on Windows, including a zero-day flaw that miscreants have been using to break into vulnerable systems.
(9/26/2012) Apple has released updates for versions 10.6 (Snow Leopard), 10.7 (Lion) and 10.8 (Mountain Lion) of its Mac OS X operating system that close a number of critical security holes.
(9/24/2012) Using this exploit attackers can take full control of a Galaxy S3 smartphone, researchers demonstrated
(9/18/2012) Google browser users should see support for privacy setting that turns off tracking cookies related to ads, by year's end.
(9/18/2012) HD Moore, maker of Metasploit, urges users to ditch IE7, IE8 and IE9 until Microsoft fixes critical flaw
(9/14/2012) The version of the Adobe Flash plugin that's bundled with Internet Explorer 10 in Windows 8 is out of date, leaving users susceptible to exploitation.
(9/14/2012) According to data released by Gartner, worldwide spending on security is expected to rise to $60 billion in 2012, up 8.4 percent from $55 billion in 2011.
(9/11/2012) Gang that attacked Google in 2009 has continued operating, stealing sensitive data via zero-day attacks and compromising target companies' business partners.
(9/11/2012) The White House is circulating a draft of an executive order aimed at protecting the country from cyberattacks, The Hill has learned.
(9/7/2012) As enterprises expand their roll-outs of mobile applications, the Federal Trade Commission wants them to be mindful of the privacy and security ramifications that go along with these advancements.
(9/4/2012) Three high-severity holes have been fixed in Google's latest stable channel update to the Chrome web browser.
(9/4/2012) Hackers created a malicious version of a legitimate Microsoft email announcement
(8/31/2012) A former programmer for Toyota has been accused of sabotaging applications on the car company’s network and stealing data after he was fired from his job last week, according to a civil complaint filed by the company.
(8/28/2012) Online file-backup and storage service Dropbox has begun offering a two-step authentication feature to help users beef up the security of their accounts.
(8/22/2012) European IP address authority RIPE NCC has reallocated two IP address blocks that were previously used by the DNSChanger malware. The FBI and the Internet Systems Consortium (ISC) had control over the addresses from last November through to mid-July of this year, in accordance with a US court order, as there was concern about a total blackout for private users' manipulated computers.
(8/20/2012) So what should you do to avoid being another one of these smart people to whom a bad thing could easily happen? You shouldn't allow yourself to be a lightning rod in the middle of the cloud.
(8/17/2012) A distributed denial-of-service attack aimed at AT&T's DNS (Domain Name System) servers has disrupted data traffic for some of the company's customers.
(8/15/2012) The U.S. Federal Trade Commission has approved a settlement with Facebook related to charges that the social networking leader deceived consumers regarding the privacy of their data.
(8/15/2012) As more patient records go digital, a recent hacker attack on a small medical practice shows the big risks involved with electronic files.
(8/14/2012) Training and education are key elements to securing users and data, because even the best technical solutions are incapable of protecting both in every situation.
(8/13/2012) Apple and Amazon have changed their policies about letting users update account information over the phone, after hackers successfully exploited flaws in both systems to gain access to a journalist's online accounts.
(8/13/2012) Google will pay a historic fine to settle U.S. government charges that it violated privacy laws when it tracked via cookies users of Apple's Safari browser.
(8/8/2012) Former Gizmodo reporter says device wipes and Twitter breaches occurred after an AppleCare technician fell victim to a bit of social engineering.
(8/8/2012) Reuters has suffered a second security breach in two days after hackers gained control of one of its Twitter accounts, the news agency revealed this morning.
(8/6/2012) The spam outbreak that last month flooded the inboxes of Dropbox customers has been traced back to a hacked employee account, company representatives said late Tuesday.
(8/1/2012) Crisis malware lets attackers install without an administrator password and intercept email, IM, and other communications.
(7/25/2012) Several major software companies, including Microsoft and Symantec, today kicked off what they called "International Technology Upgrade Week" in an attempt to persuade users to keep their code current.
(7/25/2012) Hackers are sending well-crafted malicious spam to customers of software vendor MapleSoft whose details were stolen in a recent data breach.
(7/20/2012) In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home.
(7/19/2012) NEW YORK (CNNMoney) -- Good news for your email inbox: You'll be seeing less spam in it now, thanks to a global takedown effort that knocked one of the world's biggest spammers offline this week.
(7/17/2012) Yahoo said Friday that it has fixed a security vulnerability that allowed hackers to seize roughly 450,000 unencrypted email addresses and passwords belonging to members of its content-sharing platform.
(7/13/2012) (CNN) -- Hackers posted online what they say is login information for more than 450,000 Yahoo users.
(7/13/2012) Google has published a new update to the stable 20.x branch of Chrome to close a number of security holes in the WebKit-based web browser.
(7/9/2012) This is an advance notification of security bulletins that Microsoft is intending to release on July 10, 2012.
(7/5/2012) In 10 days, there's a chance you will not be able to access the Internet on your personal computer. No email, no Facebook, no Google, no Twitter — nothing.
(6/29/2012) The Alaska Department of Health and Social Services (DHSS) will shell out $1.7 million to settle violations of the HIPAA Security Rule.
(6/29/2012) Hotel chain slammed for poor information security practices, leading to attackers obtaining 600,000 credit card numbers and committing millions of dollars in fraud.
(6/27/2012) One of the new features in the recent Firefox 13 release is raising security concerns from privacy-conscious users: when users open a new tab in version 13 of the open source web browser, they are presented a grid of the nine most visited pages, each with its own screenshot thumbnail.
(6/27/2012) Data Security Bill is fourth attempt to craft a national law to supersede legislation now on the books in more than 40 states. But it's weaker than some state laws.
(6/25/2012) An unpatched vulnerability in the Microsoft XML Core Services (MSXML) is being exploited in attacks launched from compromised websites to infect computers with malware, according to security researchers from antivirus vendor Sophos.
(6/25/2012) A malware campaign targeting AutoCAD drawings uncovered by security researchers at ESET could be a massive case of industrial espionage.
(6/19/2012) MacRumors reports that, according to the release notes of the developer preview version of iOS 6, the operating system will request explicit user permission when an application attempts to access contacts, calendars, reminders and photos.
(6/19/2012) According to a new report, some companies that have fallen victim to hacking attacks have gone as far as hiring security firms to hack back.
(6/15/2012) Microsoft Security Bulletin Summary for June 2012
(6/15/2012) Hackers might have stolen the personal information of individuals who applied for a merchant account with card payment processor Global Payments.
(6/12/2012) Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials.
(6/11/2012) With the July 9 Web apocalypse nearing for computer owners infected with the malicious DNSChanger malware, the social network reaches out to tell them how to clean their machines.
(6/1/2012) The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses.
(5/29/2012) Google has begun warning visitors to its search engine if they are infected with the DNSChanger malware, and providing them with a link to disinfection instructions.
(5/23/2012) Malware writers use Crossrider browser extension development framework to build Facebook worm.
(5/16/2012) Fraud experts are encouraged to see banks joining forces with law enforcement to fight cybercrime. But as online attackers become increasingly organized, financial institutions may find themselves fighting even tougher battles.
(5/11/2012) Twitter has attempted to assure its users after reports circulated of 55,000 accounts being hacked and login credentials publicly disclosed.
(5/11/2012) The FBI is warning individuals who travel abroad that cybercriminals are installing malware through bogus software updates when users connect to the internet in their hotel rooms.
(5/8/2012) Microsoft cuts Chinese firewall company Hangzhou DPTech Technologies from Microsoft Active Protections Program (MAPP) for its role in disclosure of Windows Remote Desktop (RDP) flaw.
(5/8/2012) Apple on Monday pushed out a security update for its mobile operating system, iOS, to patch four vulnerabilities.
(5/2/2012) Microsoft has issued a temporary fix for a scary and potentially disastrous Hotmail vulnerability that could allow hackers to erase your email password, set up their own and take over your account.
(5/2/2012) Virtualisation specialist VMware is warning customers about multiple security holes in versions 4.0 and 4.1 of its ESX enterprise-level computer virtualisation product.
(4/27/2012) The effort to clean up the DNSChanger malware attack is seeing renewed focus as the rogue DNS server shutdown deadline approaches on July 9.
(4/27/2012) In its latest Security Intelligence Report, Microsoft says weak passwords and unpatched systems conspire to let the three-year-old Conficker worm continue to propagate.
(4/25/2012) The developers of the popular open source blog engine WordPress have released a security update for the software.
(4/25/2012) Firefox 12, set to release Tuesday, sidesteps Windows' UAC
(4/20/2012) Netflix's chief executive has accused Comcast of abandoning net-neutrality rules by exempting one of its products from monthly caps on data usage.
(4/18/2012) In a set of recent updates to Mac OS X, Apple patched a vulnerability in Java that had allowed a malware infection known as Flashback to spread to some 700,000 of its computers. Now, a new backdoor Java threat called SabPub has reared its head, validating Apple's aggressive measures to block issues due to the plugin.
(4/16/2012) Scammers are out in force as the tax filing deadline approaches. Here are some of the most common scams to be on the lookout for.
(4/16/2012) Oracle is planning to release 88 patches on Tuesday, covering vulnerabilities affecting a wide array of its products, according to a pre-release announcement posted to its website on Thursday.
(4/16/2012) Apple battens down the security hatches by requiring users to create security questions and identify a backup e-mail address.
(4/10/2012) When the authorities send a subpoena to Facebook for your account information, what do they receive? Here is a document showing the pages and pages of data Facebook hands over.
(4/10/2012) Those cool mobile devices beloved by consumers carry deep-rooted security flaws that are only now being discovered and addressed.
(4/3/2012) Credit card processing company Global Payments has confirmed that a vulnerability within its system led to the theft of up to 1.5 million credit card records.