IT Security News Archive
Critical vulnerability in Blackberry 10 OS
(6/18/2013) BlackBerry has released an advisory that describes a critical privilege/permissions vulnerability in BlackBerry 10 OS.
Researchers claim they've discovered the most advanced Android trojan yet
(6/11/2013) Researchers say they have discovered a sophisticated trojan that targets Android smartphones
Microsoft to tackle under-attack Office bug next week
(6/7/2013) It plans to patch 23 vulnerabilities, including 19 in a critical update for all versions of Internet Explorer
Microsoft torpedoes Citadel botnet infrastructure
(6/7/2013) A botnet infrastructure believed responsible for stealing more than a half-billion dollars from individuals and organizations worldwide has been crippled, Microsoft announced Wednesday evening.
Harvard College dean steps down after e-mail scandal
(6/3/2013) Months after a secret e-mail search controversy at Harvard College, Evelynn M. Hammonds announced on Tuesday that she will step down as dean on July 1, according to a statement posted online.
Drupal resets account passwords after detecting unauthorized access
(6/3/2013) Drupal.org has reset account passwords after it found unauthorized access to information on its servers.
Google to replace SSL certificates
(5/29/2013) Google will update its certificate infrastructure and has, as a precaution, warned of potential problems.
Microsoft warns of Facebook-hijacking extensions
(5/15/2013) Malicious browser extensions are trying to hijack Facebook profiles, according to a warning from Microsoft's Malware Protection Center.
Microsoft rushes IE8 zero-day fix into next week's Patch Tuesday
(5/10/2013) 33 fixes will also include patches for the IE10 Pwn2Own vulnerabilities
Hackers hit domain registrar, access credit card data and passwords
(5/10/2013) A Denver-based domain name provider has suffered a breach where customers' personal data, including encrypted passwords and credit card information, was compromised.
18 Alaskan Teens Use Phishing Scam To Hack School System
(5/7/2013) At least 18 Alaskan students are accused of using a phishing scam to gain control over the computers at their middle school.
Google: No, app makers, you can't skip the Play Store
(4/30/2013) An update to the Google Play Store contains mostly minor tweaks except for one security fix: apps are no longer allowed to bypass the Play Store when updating.
AP Twitter hack looks like a security tipping point
(4/26/2013) Getting hacked on Twitter is fast becoming a rite of passage for big corporations, but Tuesday's attack on the Associated Press could be a tipping point and shows that social networks must do more to keep their users safe, security experts said.
Microsoft issues replacement for botched patch
(4/26/2013) Microsoft is now issuing a replacement patch for a fix that was shelved two weeks ago after customers reported problems resulting after they installed it.
BadNews infections in Google Play spread premium-rate SMS trojan
(4/23/2013) Researchers have discovered a new family of malware that found its way into legitimate apps inside Google's official store thanks to a malicious advertising network.
Microsoft rolls out standards-compliant two-factor authentication
(4/19/2013) Microsoft today announced that it is rolling out optional two-factor authentication to the 700 million or so Microsoft Account users, confirming last week's rumors.
Popular home routers contain critical security vulnerabilities
(4/19/2013) Thirteen popular home and small office routers contain security problems that could allow a hacker to snoop or modify network traffic, according to new research.
Microsoft: Hold Off Installing MS13-036
(4/18/2013) Microsoft is urging users to who haven’t installed it yet to hold off on MS13-036, a security update that the company released earlier this week to fix a dangerous security bug in its Windows operating system.
Schnucks supermarket chain struggled to find breach that exposed 2.4M cards
(4/18/2013) The Schnucks supermarket chain struggled for two weeks to find the source of a breach after being alerted to a possible leak of credit card info by its card processing company. During that time, Schnucks apparently continued exposing the debit and credit card data of people who shopped at its stores.
Wide-scale attack against WordPress blogs reported
(4/18/2013) Unidentified hackers are said to have have launched a large-scale attack against WordPress blogs and any hosts using weak passwords are urged to update them immediately.
Microsoft's April Patch Tuesday brings no Pwn2Own fix
(4/12/2013) System administrators and IT security pros can take bit of a breather: Microsoft issued a comparatively light set of patches for this edition of its monthly release of software vulnerability fixes.
Judge rules hospital can ask ISP for help in ID'ing alleged hackers
(4/12/2013) A New Jersey hospital can now pursue a subpoena that would require an internet service provider (ISP) to hand over information potentially identifying at least one person accused of hacking into its email server.
Gaming Company Certificates Stolen and Used to Attack Activists, Others
(4/12/2013) A rash of breaches at companies that develop online videogames has resulted in digital certificates being stolen from the companies and used in attacks targeting other industries and political activists.
Obama budget signs cybersecurity as a top priority
(4/12/2013) The United States' budget for the 2014 fiscal year will include increased spending on cybersecurity defenses.
Harvard to review privacy policies in wake of email search scandal
(4/5/2013) Harvard University President Drew Faust has ordered a comprehensive review of the university's email privacy polices amid disclosures that a secret search of some deans' email accounts by administrators was broader than originally acknowledged.
Microsoft Security Bulletin Advance Notification for April 2013
(4/5/2013) This is an advance notification of security bulletins that Microsoft is intending to release on April 9, 2013.
Critical denial-of-service flaw in BIND software puts DNS servers at risk
(4/2/2013) A flaw in the widely used BIND DNS (Domain Name System) software can be exploited by remote attackers to crash DNS servers and affect the operation of other programs running on the same machines.
Android Malware Infects Activists' Phones
(3/29/2013) Security researchers have discovered what appears to be the first known sighting of in-the-wild Android malware that's been designed to conduct targeted attacks.
Former student accused of stealing identities pleads guilty
(3/26/2013) A former student of Cal State University in San Marcos, Calif., pleaded guilty to wire fraud, access device fraud and unauthorized use of a computer after being accused of stealing the identities and passwords of 745 students to rig campus elections.
New adware Trojan circulating that targets Mac OS X systems
(3/22/2013) A new Mac OS X Trojan is making the rounds, installing an adware plug-in that renders ads on Web pages to generate revenue for its author.
Microsoft: Hackers obtained high-profile Xbox Live accounts
(3/22/2013) Several high-profile Xbox Live accounts for former and current Microsoft employees were compromised by attackers using social engineering techniques, the company said late Tuesday.
Apple finally fixes App Store flaw by turning on encryption
(3/12/2013) Apple has finally fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications.
Microsoft slates IE, Windows, Office updates for next week
(3/11/2013) Microsoft today announced it will deliver seven security updates next week, four of them rated "critical," to patch Internet Explorer (IE), Windows, Office, SharePoint Server and the Silverlight media software.
FTC Cracks Down on Senders of Spam Text Messages Promoting "Free" Gift Cards
(3/11/2013) The Federal Trade Commission is cracking down on affiliate marketers that allegedly bombarded consumers with hundreds of millions of unwanted spam text messages in an effort to steer them towards deceptive websites falsely promising “free” gift cards.
Apple won't let users run Flash unless it is the latest version
(3/5/2013) Users of Apple's Safari browser will be blocked from using unpatched Adobe Flash software following a new security update.
Researchers uncover new global cyber-espionage campaign
(3/1/2013) A new cyber-espionage campaign dubbed MiniDuke used the recent Adobe Reader zero-day exploit
Security tools reveal cyberintruders' trickery
(3/1/2013) There is a silver lining to the rash of revelations about cyberintruders cracking into the networks of marquee U.S. corporations.
NBC.com hacked and served up malware
(2/27/2013) The website of the US television network NBC, NBC.com, has been hacked and the computers of visitors to it have been infected with malware.
Microsoft joins list of recently hacked companies
(2/27/2013) The software giant said it was hit with a similar hack to that used against Facebook and Apple
Adobe to patch Reader zero-day this week with rush update
(2/19/2013) Adobe on Saturday said it would release an emergency patch for two Reader zero-day vulnerabilities this week.
Facebook hacked, says no user data compromised
(2/19/2013) Facebook says it was recently hacked, though it says no data about its more than a billion users was compromised.
BlackBerry Enterprise Server vulnerable to dangerous TIFFs
(2/19/2013) BlackBerry has published details of critical vulnerabilities in components of its BlackBerry Enterprise Server (BES). The holes allow attackers to execute arbitrary code on systems running BlackBerry Enterprise Server.
Chinese military hackers were 'noisy'
(2/19/2013) The Chinese military hacking group that has stolen huge amounts of data from U.S. organizations is one of some 20 active cyberspying groups engaging in comparable data theft and espionage.
Microsoft and Symantec collaborate to disable click-fraud botnet
(2/8/2013) Microsoft and Symantec worked with US and Spanish officials to take down the Bamital click-fraud botnet which has been operating since at least 2009 and was, at one point, made up of more than 1.8 million compromised systems.
Wireless Carriers Leave Millions of Android Phones Vulnerable to Hackers
(2/8/2013) There are millions of vulnerable Android phones in the hands of consumers today because wireless phone carriers and phone hardware makers refuse to transmit existing software security fixes to phones in a timely manner, according to a security researcher.
For second time in a month, Apple blacklists Java Web plugin
(2/4/2013) For the second time in a month, Apple has effectively blacklisted the current version of the Java Web plugin on OS X.
Mozilla takes drastic step to automatically block virtually all plug-ins in Firefox
(2/4/2013) Cites security, stability reasons for move to turn on 'click-to-play' for all but the latest Flash
Stanford reports fourth HIPAA breach
(1/28/2013) Some 57,000 patients seen at the Palo Alto, Calif.-based Lucile Packard Children's Hospital have been notified of a potential HIPAA-breach after an unencrypted company laptop containing patient medical information was stolen from a physician's car Jan. 9.
Security Flaws Leave Networked Printers Open To Attack
(1/28/2013) Printers that use popular print server software sold by Hewlett-Packard are vulnerable to attacks that can bypass built-in biometric defenses, recover previously printed documents and crash all vulnerable machines attached to a network.
XSS, password flaws found in popular ESPN app
(1/22/2013) Researchers have discovered two security holes in a popular mobile app used to track sports news and scores, leaving users vulnerable to having their data exposed.
HHS posts final HIPAA omnibus rule
(1/22/2013) The long-awaited HIPAA omnibus rule was posted by the Department of Health and Human Services (HHS) on the Federal Register public inspection desk yesterday.
Patient data revealed in medical device hack
(1/18/2013) Researchers have exploited critical vulnerabilities in two popular medical management platforms used in a host of services, including assisting surgeries and generating patient reports.
Java exploit used in Red October cyberespionage attacks, researchers say
(1/18/2013) Seculert researchers identified a Java exploit and corresponding attack pages on Red October command and control servers
New Java Exploit Fetches $5,000 Per Buyer
(1/18/2013) Less than 24 hours after Oracle patched a dangerous security hole in its Java software that was being used to seize control over Windows PCs, miscreants in the Underweb were already selling an exploit for a different and apparently still-unpatched zero-day vulnerability in Java, KrebsOnSecurity has learned.
Feds step up HIPAA enforcement with hospice settlement
(1/8/2013) A Hayden, Idaho-based hospice is the first health care organization to be fined for sustaining a breach that affected fewer than 500 individuals.
6 States Bar Employers From Demanding Facebook Passwords
(1/4/2013) California and Illinois on Tuesday joined four others in becoming the union’s only states barring employers from demanding that employees fork over their social-media passwords.
U of Michigan Health System, Omnicell report patient data breach
(12/28/2012) Approximately 4,000 patients at the University of Michigan Health System (UMHS) have been notified this December that their personal health information has been compromised, UMHS officials announced.
FCC offers security advice to smartphone users
(12/21/2012) FCC publishes 10-step plan for securing mobile devices and their data
Suspected security hole found in many Samsung devices
(12/18/2012) Developer finds vulnerability in Exynos 4-powered devices, including the Galaxy S2 and Galaxy Note, that bypasses system permissions, letting data be extracted from RAM or malicious code be injected.
Identity Theft Is a Growing Risk in Health Care: Ponemon Report
(12/12/2012) Identity theft is more rampant in health care than any other U.S. industry, according to the Ponemon Institute's third-annual report on patient privacy and data security.
Personal info of 1m compromised in Nationwide breach
(12/4/2012) The FBI is investigating a breach at Nationwide Insurance, where hackers recently accessed the sensitive information of about one million people, including policy and non-policy holders.
Security firms warn of spreading Windows AutoRun malware
(12/4/2012) Antivirus vendors are warning customers of a spreading malware that can infect computers through a well-known bug in the Windows AutoRun software used to automatically launch programs on a DVD or USB device.
Google updates all Chrome editions
(12/3/2012) Google has updated the Stable, Beta and Developer Channels of the desktop version of its Chrome browser with a number of bug fixes and improvements.
Facebook Adopts Secure Web Pages By Default
(11/20/2012) Facebook has finally started using HTTPS by default, following a 2010 FTC demand and in the distant footsteps of Google, Twitter, and Hotmail.
Skype Deals With Account Hijacking Exploit
(11/16/2012) Months after being notified of a vulnerability described as "child's play" to exploit, Skype has temporarily addressed the issue by disabling password resets.
Adobe Connect Security Breach Exposes Personal Data of 150K Users
(11/16/2012) Adobe pulls down the forum for its video conferencing service, Adobe Connect after a hacker breached its security and leaked information, including password hashes, on 150,000 users.
Microsoft to patch 19 vulnerabilities on Tuesday
(11/13/2012) Microsoft is prepping six patches that will rectify 19 vulnerabilities in Windows, Internet Explorer, Office and the .NET Framework.
Out-of-date, vulnerable browsers put users at risk
(11/13/2012) Many users are waiting a month or more to apply important security updates that can protect them from exploits and malware.
Facebook password-bypass flaw fixed
(11/6/2012) The social network corrects a flaw over the weekend that could potentially have put over a million accounts at risk of being accessed by unauthorized users.
Firefox to force secure connections for selected domains
(11/6/2012) Forcing secured connections protects the privacy and security of users and their data, Mozilla said
DHS seeks cyber fellows
(11/2/2012) The Homeland Security Department has created a new fellowship program designed to attract recent college graduates into cybersecurity careers.
Barnes & Noble halts use of PIN pad devices after data breach
(10/29/2012) Payment terminals at 63 stores in eight states compromised; unknown number of customers affected
The 25 most popular passwords of 2012
(10/25/2012) You can't go anywhere online without a password these days. You certainly can't play many games without one. The problem, though, is that most of us just aren't very password-creative. Hackers delight in posting usernames and passwords online when they raid a database. To prove the point -- and to help us all make better password decisions -- SplashData compiles an annual list of the most common (and therefore, the worst) passwords from those listings.
Thousands of student records stolen in Florida college breach
(10/12/2012) Confidential information of nearly 300,000 students, faculty, and employees is accessed in hack, education officials warn.
Mozilla re-releases Firefox 16 after patching critical bugs
(10/12/2012) Mozilla re-released Firefox 16 today after pulling the browser from distribution Wednesday when one of its developers found a critical bug that could be used by attackers to hijack machines.
Worm spreading on Skype IM installs ransomware
(10/10/2012) A malicious worm spreading through Skype instant messages threatens to take control of a victim's machine and hold its contents for ransom.
Microsoft speeds up IE10 Flash patching, matches Google
(10/10/2012) Adobe today issued a surprise update for Flash Player that patched 25 critical vulnerabilities in the ubiquitous media software.
U.S. banks could be bracing for wave of account takeovers
(10/10/2012) Security researchers at RSA warned Thursday that a sophisticated plan is being hatched online to raid the bank accounts of customers at some 30 banks in the United States.
Google to users: Your account may be under attack
(10/8/2012) Google is issuing a warning similar to one it had sent in June to tens of thousands of Gmail users to inform them that their accounts may be targeted by hackers.
Microsoft to patch 20 bugs next week in month of Office updates
(10/8/2012) Single critical update will fix serious flaws in Office 2007, 2010 on Windows that hackers could use to hijack PCs
FTC Takes Aim at Tech Support Scareware Scams
(10/8/2012) The agency puts a halt to six such tech support cons, part of a larger effort to stop phony tech support companies from scamming consumers.
Adobe to revoke code signing certificate
(9/28/2012) Adobe takes action after finding malware signed with the Adobe certificates.
Microsoft Fixes Zero-Day, Four Other Flaws in IE
(9/26/2012) Microsoft has released an emergency update for Internet Explorer that fixes at least five vulnerabilities in the default Web browser on Windows, including a zero-day flaw that miscreants have been using to break into vulnerable systems.
Apple closes security holes in Mac OS X and Safari
(9/26/2012) Apple has released updates for versions 10.6 (Snow Leopard), 10.7 (Lion) and 10.8 (Mountain Lion) of its Mac OS X operating system that close a number of critical security holes.
Galaxy S3 hacked via NFC at Mobile Pwn2Own competition
(9/24/2012) Using this exploit attackers can take full control of a Galaxy S3 smartphone, researchers demonstrated
Google Chrome To Get 'Do Not Track'
(9/18/2012) Google browser users should see support for privacy setting that turns off tracking cookies related to ads, by year's end.
Update: Hackers exploit new IE zero-day vulnerability
(9/18/2012) HD Moore, maker of Metasploit, urges users to ditch IE7, IE8 and IE9 until Microsoft fixes critical flaw
First Flash patch for Windows 8 coming "shortly"
(9/14/2012) The version of the Adobe Flash plugin that's bundled with Internet Explorer 10 in Windows 8 is out of date, leaving users susceptible to exploitation.
Worldwide IT Security Spending to Top $60 Billion in 2012, Says Gartner
(9/14/2012) According to data released by Gartner, worldwide spending on security is expected to rise to $60 billion in 2012, up 8.4 percent from $55 billion in 2011.
Google Aurora Attackers Still On Loose, Symantec Says
(9/11/2012) Gang that attacked Google in 2009 has continued operating, stealing sensitive data via zero-day attacks and compromising target companies' business partners.
White House circulating draft of executive order on cybersecurity
(9/11/2012) The White House is circulating a draft of an executive order aimed at protecting the country from cyberattacks, The Hill has learned.
FTC offers guidance for mobile application development
(9/7/2012) As enterprises expand their roll-outs of mobile applications, the Federal Trade Commission wants them to be mindful of the privacy and security ramifications that go along with these advancements.
Chrome 21 update closes high-risk security holes
(9/4/2012) Three high-severity holes have been fixed in Google's latest stable channel update to the Chrome web browser.
Rogue Microsoft Services Agreement emails lead to latest Java exploit
(9/4/2012) Hackers created a malicious version of a legitimate Microsoft email announcement
Toyota Contractor Accused of Sabotaging Company Network, Stealing Data
(8/31/2012) A former programmer for Toyota has been accused of sabotaging applications on the car company’s network and stealing data after he was fired from his job last week, according to a civil complaint filed by the company.
Dropbox Now Offers Two-Step Authentication
(8/28/2012) Online file-backup and storage service Dropbox has begun offering a two-step authentication feature to help users beef up the security of their accounts.
Former DNSChanger addresses out in the wild again
(8/22/2012) European IP address authority RIPE NCC has reallocated two IP address blocks that were previously used by the DNSChanger malware. The FBI and the Internet Systems Consortium (ISC) had control over the addresses from last November through to mid-July of this year, in accordance with a US court order, as there was concern about a total blackout for private users' manipulated computers.
Yes, the cloud is dangerous — here's how to stay safe
(8/20/2012) So what should you do to avoid being another one of these smart people to whom a bad thing could easily happen? You shouldn't allow yourself to be a lightning rod in the middle of the cloud.
AT&T Hit by DDoS Attack, Suffers DNS Outage
(8/17/2012) A distributed denial-of-service attack aimed at AT&T's DNS (Domain Name System) servers has disrupted data traffic for some of the company's customers.
FTC gives final approval to Facebook privacy settlement
(8/15/2012) The U.S. Federal Trade Commission has approved a settlement with Facebook related to charges that the social networking leader deceived consumers regarding the privacy of their data.
Hackers Encrypt Health Records and Hold Data for Ransom
(8/15/2012) As more patient records go digital, a recent hacker attack on a small medical practice shows the big risks involved with electronic files.
Why Effective Awareness Training Matters
(8/14/2012) Training and education are key elements to securing users and data, because even the best technical solutions are incapable of protecting both in every situation.
Hack forces Apple and Amazon to change security policies
(8/13/2012) Apple and Amazon have changed their policies about letting users update account information over the phone, after hackers successfully exploited flaws in both systems to gain access to a journalist's online accounts.
Update: Google to pay $22.5M fine over privacy practices
(8/13/2012) Google will pay a historic fine to settle U.S. government charges that it violated privacy laws when it tracked via cookies users of Apple's Safari browser.
Journalist blames Apple tech for allowing iCloud hack
(8/8/2012) Former Gizmodo reporter says device wipes and Twitter breaches occurred after an AppleCare technician fell victim to a bit of social engineering.
Reuters Twitter account hijacked, fake tweets sent
(8/8/2012) Reuters has suffered a second security breach in two days after hackers gained control of one of its Twitter accounts, the news agency revealed this morning.
Employee password reuse behind Dropbox spam outbreak
(8/6/2012) The spam outbreak that last month flooded the inboxes of Dropbox customers has been traced back to a hacked employee account, company representatives said late Tuesday.
Mac Malware Spies On Email, Survives Reboots
(8/1/2012) Crisis malware lets attackers install without an administrator password and intercept email, IM, and other communications.
Quarter of users see no benefit in updating software
(7/25/2012) Several major software companies, including Microsoft and Symantec, today kicked off what they called "International Technology Upgrade Week" in an attempt to persuade users to keep their code current.
Hackers pose as hacked software vendor to spread Zeus trojan
(7/25/2012) Hackers are sending well-crafted malicious spam to customers of software vendor MapleSoft whose details were stolen in a recent data breach.
Taking the Cyberattack Threat Seriously
(7/20/2012) In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home.
Grum takedown: '50% of worldwide spam is gone'
(7/19/2012) NEW YORK (CNNMoney) -- Good news for your email inbox: You'll be seeing less spam in it now, thanks to a global takedown effort that knocked one of the world's biggest spammers offline this week.
Yahoo closes security hole that led to password breach
(7/17/2012) Yahoo said Friday that it has fixed a security vulnerability that allowed hackers to seize roughly 450,000 unencrypted email addresses and passwords belonging to members of its content-sharing platform.
Yahoo hacked, 450,000 passwords posted online
(7/13/2012) (CNN) -- Hackers posted online what they say is login information for more than 450,000 Yahoo users.
Chrome 20 update fixes high-risk security vulnerabilities
(7/13/2012) Google has published a new update to the stable 20.x branch of Chrome to close a number of security holes in the WebKit-based web browser.
Microsoft Security Bulletin Advance Notification for July 2012
(7/9/2012) This is an advance notification of security bulletins that Microsoft is intending to release on July 10, 2012.
Last call to wipe DNSChanger before 'Internet doomsday'
(7/5/2012) In 10 days, there's a chance you will not be able to access the Internet on your personal computer. No email, no Facebook, no Google, no Twitter — nothing.
Alaska agency must pay $1.7m after 500-person breach
(6/29/2012) The Alaska Department of Health and Social Services (DHSS) will shell out $1.7 million to settle violations of the HIPAA Security Rule.
FTC Sues Wyndham Hotels Over Data Security Failures
(6/29/2012) Hotel chain slammed for poor information security practices, leading to attackers obtaining 600,000 credit card numbers and committing millions of dollars in fraud.
Security concerns over Firefox's "new tab" thumbnail feature
(6/27/2012) One of the new features in the recent Firefox 13 release is raising security concerns from privacy-conscious users: when users open a new tab in version 13 of the open source web browser, they are presented a grid of the nine most visited pages, each with its own screenshot thumbnail.
Senators Float National Data Breach Law, Take Four
(6/27/2012) Data Security Bill is fourth attempt to craft a national law to supersede legislation now on the books in more than 40 states. But it's weaker than some state laws.
Unpatched Microsoft XML Core Services flaw increasingly targeted in attacks, researchers say
(6/25/2012) An unpatched vulnerability in the Microsoft XML Core Services (MSXML) is being exploited in attacks launched from compromised websites to infect computers with malware, according to security researchers from antivirus vendor Sophos.
AutoCAD Worm Targets Design Documents In Possible Espionage Campaign
(6/25/2012) A malware campaign targeting AutoCAD drawings uncovered by security researchers at ESET could be a massive case of industrial espionage.
iOS 6 to ask if apps can access personal data
(6/19/2012) MacRumors reports that, according to the release notes of the developer preview version of iOS 6, the operating system will request explicit user permission when an application attempts to access contacts, calendars, reminders and photos.
Post-hack, companies fire back with their own attacks
(6/19/2012) According to a new report, some companies that have fallen victim to hacking attacks have gone as far as hiring security firms to hack back.
Microsoft Security Bulletin Summary for June 2012
(6/15/2012) Microsoft Security Bulletin Summary for June 2012
Merchant information may have been stolen from Global Payments
(6/15/2012) Hackers might have stolen the personal information of individuals who applied for a merchant account with card payment processor Global Payments.
MySQL vulnerability allows attackers to bypass password verification
(6/12/2012) Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials.
Facebook warns users of the end of the Internet via DNSChanger
(6/11/2012) With the July 9 Web apocalypse nearing for computer owners infected with the malicious DNSChanger malware, the social network reaches out to tell them how to clean their machines.
House Committee to Probe e-Banking Heists
(6/1/2012) The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses.
Google warns DNSChanger victims
(5/29/2012) Google has begun warning visitors to its search engine if they are infected with the DNSChanger malware, and providing them with a link to disinfection instructions.
Cross-browser worm spreads via Facebook, security experts warn
(5/23/2012) Malware writers use Crossrider browser extension development framework to build Facebook worm.
Phisher Guilty of $1.3 Million Scam
(5/16/2012) Fraud experts are encouraged to see banks joining forces with law enforcement to fight cybercrime. But as online attackers become increasingly organized, financial institutions may find themselves fighting even tougher battles.
Twitter warns users to reset passwords after hacking scare
(5/11/2012) Twitter has attempted to assure its users after reports circulated of 55,000 accounts being hacked and login credentials publicly disclosed.
FBI warns globe trotters about malware lurking in hotel room connections
(5/11/2012) The FBI is warning individuals who travel abroad that cybercriminals are installing malware through bogus software updates when users connect to the internet in their hotel rooms.
Microsoft Drops Chinese Vendor After Windows Exploit Leak
(5/8/2012) Microsoft cuts Chinese firewall company Hangzhou DPTech Technologies from Microsoft Active Protections Program (MAPP) for its role in disclosure of Windows Remote Desktop (RDP) flaw.
Major software flaws in iPhones, iPads fixed in update
(5/8/2012) Apple on Monday pushed out a security update for its mobile operating system, iOS, to patch four vulnerabilities.
Microsoft fixes critical Hotmail password bug
(5/2/2012) Microsoft has issued a temporary fix for a scary and potentially disastrous Hotmail vulnerability that could allow hackers to erase your email password, set up their own and take over your account.
VMware patches vulnerabilities in ESX 4.1
(5/2/2012) Virtualisation specialist VMware is warning customers about multiple security holes in versions 4.0 and 4.1 of its ESX enterprise-level computer virtualisation product.
Renewed efforts to revert DNSChanger in effect
(4/27/2012) The effort to clean up the DNSChanger malware attack is seeing renewed focus as the rogue DNS server shutdown deadline approaches on July 9.
Microsoft: Conficker Worm Continues to Plague Enterprises
(4/27/2012) In its latest Security Intelligence Report, Microsoft says weak passwords and unpatched systems conspire to let the three-year-old Conficker worm continue to propagate.
WordPress fixes file upload security problems
(4/25/2012) The developers of the popular open source blog engine WordPress have released a security update for the software.
Firefox skirts Windows security feature to make silent updates happen
(4/25/2012) Firefox 12, set to release Tuesday, sidesteps Windows' UAC
Netflix CEO accuses Comcast of violating net neutrality
(4/20/2012) Netflix's chief executive has accused Comcast of abandoning net-neutrality rules by exempting one of its products from monthly caps on data usage.
Google warns 20,000 websites they could be infected with malware
(4/20/2012) Google has warned 20,000 websites that they might be hacked and injected with JavaScript redirect malware, Google said.
New malware threatens Mac OS X
(4/18/2012) In a set of recent updates to Mac OS X, Apple patched a vulnerability in Java that had allowed a malware infection known as Flashback to spread to some 700,000 of its computers. Now, a new backdoor Java threat called SabPub has reared its head, validating Apple's aggressive measures to block issues due to the plugin.
Online Tax Scams to Guard Against
(4/16/2012) Scammers are out in force as the tax filing deadline approaches. Here are some of the most common scams to be on the lookout for.
Oracle to issue 88 security patches
(4/16/2012) Oracle is planning to release 88 patches on Tuesday, covering vulnerabilities affecting a wide array of its products, according to a pre-release announcement posted to its website on Thursday.
Apple ratchets up App Store security
(4/16/2012) Apple battens down the security hatches by requiring users to create security questions and identify a backup e-mail address.
Here’s what Facebook sends the cops in response to a subpoena
(4/10/2012) When the authorities send a subpoena to Facebook for your account information, what do they receive? Here is a document showing the pages and pages of data Facebook hands over.
New security flaws detected in mobile devices
(4/10/2012) Those cool mobile devices beloved by consumers carry deep-rooted security flaws that are only now being discovered and addressed.
Global Payments loses up to 1.5 million credit card records in data theft
(4/3/2012) Credit card processing company Global Payments has confirmed that a vulnerability within its system led to the theft of up to 1.5 million credit card records.
Google patches 9 Chrome bugs, pays more to top researchers
(3/23/2012) Google yesterday patched nine vulnerabilities in Chrome in the sixth security update to Chrome 17, the edition that launched Feb. 8.
US ISPs commit to new cybersecurity measures
(3/23/2012) A group of U.S. Internet service providers, including the four largest, have committed to taking new steps to combat three major cybersecurity threats, based on recommendations from a U.S. Federal Communications Commission advisory committee.
Mozilla will start Firefox silent updates in June
(3/16/2012) Mozilla yesterday reiterated that it's still working on silent updates for Firefox, and said it should have the Chrome-like service in place by early June.
Microsoft urges firms to focus on severe RDP flaw
(3/16/2012) Microsoft issued six patches on Tuesday, but in particular, it focused on warning firms to expedite applying a fix for a critical vulnerability that will likely be exploited quickly by online criminals.
In new attack on mobile handsets, fraudsters target one-time-passwords
(3/16/2012) Among the most recent, reported by Trusteer, a Boston-based provider of secure web access services, are two online banking fraud schemes designed to defeat the one-time-password (OTP) authorization systems used by many banks.
Browser Bug Hunters Collect Payoff in Pwn2Own
(3/14/2012) Researchers last Friday unveiled zero-day vulnerabilities in Google's Chrome and Mozilla's Firefox during the final day of two hacking challenges that awarded $210,000 to contestants.
Security firm goes public with Apple Safari flaws
(3/14/2012) Secunia publishes information on two vulnerabilities in browser after Apple reportedly fails to provide status updates
Adobe Patches Critical Flash Flaws
(3/7/2012) For the second time in less than a month, Adobe has issued an update to fix dangerous flaws in its Flash Player software. The patch addresses two vulnerabilities rated “critical,” but Adobe says it is not aware of active attacks against either flaw.
Google patches 14 Chrome bugs, pays record $47K in bounties and bonuses
(3/7/2012) Google yesterday patched 14 vulnerabilities in Chrome and handed out a record $47,500 in rewards to researchers, including $30,000 for "sustained, extraordinary" contributions to its bug-reporting program.
New York senator asks FTC to investigate Google, Apple
(3/7/2012) Sen. Charles Schumer says the companies should be investigated after it was revealed that private information is available in apps running on iOS and Android.
To Combat Piracy, RapidShare Cuts Download Speeds for Free Users
(2/29/2012) How do you stop a software pirate? Valve Software managing director and co-founder Gabe Newell has said that it's an issue of quality of service: Provide potential gamers a service and value greater than that which they could achieve by piracy, and they'll purchase a title instead of downloading it.
Researcher: 200,000 Windows PCs vulnerable to pcAnywhere hijacking
(2/28/2012) Users aren't patching problem-plagued remote access program; up to 5K point-of-sale systems at risk
Waledac malware returns after two years with password-stealing capabilities
(2/17/2012) A new version of the Waledac malware has been spotted on the Internet, but unlike previous variants, which were mainly used for spamming purposes, this one steals various log-in credentials and BitCoins, a type of virtual currency.
Adobe Flash Flaw Under Attack, Update Issued
(2/17/2012) Adobe Wednesday announced the release of a new version of its Flash player that fixes seven security flaws, one of which is already being targeted via zero-day attacks. Adobe has recommended that all users immediately install the Flash player update.
Mozilla closes critical security hole in Firefox, Thunderbird and Seamonkey
(2/14/2012) Mozilla has released Firefox 10.0.1, Firefox ESR 10.0.1, Thunderbird 10.0.1, Thunderbird ESR 10.0.1 and SeaMonkey 2.7.1 to fix a single critical security hole in the browsers and mail clients which appeared in version 10.
AT&T customers surprised by 'unlimited data' limit
(2/14/2012) AT&T customers surprised by 'unlimited data' limit
GSA Details Federal Cloud Security Program
(2/10/2012) The General Services Administration on Tuesday released extensive new details on FedRAMP, the federal government's new standardized approach to vetting the security of cloud computing services, taking an important step toward launching the program.
Symantec Patches PCAnywhere, But Should You Delete?
(2/3/2012) Symantec says hotfix 'eliminates known vulnerabilities,' but hackers could use source code to exploit unknown holes. Some users will want to delete the app entirely.
Trojan Targets Industry, Government With Fake Conference Invitations
(2/3/2012) Attackers targeted executives in the defense industry and government officials with fake invitations to conferences to install the MSUpdater Trojan to steal sensitive data.
Apple Fixes 52 Bugs in OS X Snow Leopard, Lion in Security Update
(2/3/2012) Apple released its first security update for 2012 and the first major update for OS X Lion. Apple released 39 patches addressing 52 CVE issues and revoked DigiCert Malaysia.
Google to Censor Blogger Blogs on a ‘Per Country Basis’
(2/3/2012) Google has quietly announced changes to its Blogger free-blogging platform that will enable the blocking of content only in countries where censorship is required.
Drive-by-download attack exploits critical vulnerability in Windows Media Player
(1/31/2012) Security researchers from antivirus vendor Trend Micro have come across a Web-based attack that exploits a known vulnerability in Windows Media Player.
Update: Industry group makes fresh push to fight phishing
(1/31/2012) Companies such as Facebook, Google and PayPal are pushing for widespread use of a new technical specification, DMARC, that could make it harder for phishers to reach their victims.
Google patches several serious Chrome bugs
(1/27/2012) Critical vulnerability disclosed Monday was actually fixed earlier this month
Feds Issue Comprehensive Cloud Security Guidance
(1/27/2012) National Institute of Standards and Technology urges government and private sector users not to leave cloud security to providers or service arrangements.
Symantec admits stolen source code impacts pcAnywhere
(1/27/2012) Symantec is advising users of its pcAnywhere remote access product to disable the software if they don't absolutely need it.
DreamHost resets passwords after database breach
(1/25/2012) Unauthorized database access prompted DreamHost to reset the FTP and shell access passwords of its customers
Supreme Court Rejects Student Social-Media Cases
(1/23/2012) The justices have not squarely addressed the student-speech issue as it applies to the digital world — one filled with online social-networking tools such as Facebook, Twitter, MySpace and others. The issue before the justices tests whether public schools may discipline students who, while off campus, use social-networking sites to mock school officials.
Non-U.S. customers kept in dark as Zappos cleans up after data breach
(1/18/2012) Online clothing shop Zappos.com reset the passwords of over 24 million customers after security breach
Lost in BYOD's uncharted legal waters
(1/11/2012) As companies and users engage in shared ownership of devices and data, there's no clear answer on the right legal approach
Google patches Chrome, beefs up malicious file blocking tech
(1/11/2012) Google last week patched Chrome 16 and improved the download warnings in the impending Chrome 17.
Microsoft plans big January Patch Tuesday
(1/9/2012) Mystery of the month, say experts, is what Microsoft means by 'security feature bypass' update
Ramnit worm goes after Facebook credentials
(1/9/2012) A pervasive worm has expanded its reach to now steal login and password details for Facebook users, warned security vendor Seculert, which found a server holding 45,000 login credentials.
pple reportedly putting DMCA squeeze on App Store pirates
(1/9/2012) Jailbreakers may find it more difficult to find pirated apps from the App Store thanks to Apple's latest legal maneuvers. The company has reportedly been sending DMCA takedown notices to Apptrackr, a popular service for tracking down cracked apps, in order to try and cut off pirated app downloads at the source.
Facebook hands out White Hat debit cards to hackers
(1/3/2012) A few companies pay money to bug hunters. But Facebook is giving out something more unique than just a check. Some security researchers are getting a customized "White Hat Bug Bounty Program" Visa debit card.
U.S. Department of Homeland Security National Cyber Security Division and Idaho National Laboratory Win National Cybersecurity Innovation Award
(1/3/2012) The SANS Institute announced today that Department of Homeland Security National Cyber Security Division and Idaho National Laboratory have won the 2011 U.S. National Cybersecurity Innovation Award for building Cybersecurity skills needed to defend the power grid and other control systems.
Firmware update mitigates HP's LaserJet printer security problems
(12/27/2011) HP has released a firmware update for some of its LaserJet printers, aimed at mitigating the risk posed by a vulnerability disclosed in late November.
Anonymous shreds intelligence firm Stratfor in latest hack
(12/27/2011) In what may be its most devastating attack since HBGary, the Anonymous hacktivist collective rooted the database of security intelligence firm Stratfor to plunder a claimed 200 gigabytes of data.
Lax security exposes voice mail to hacking, study says
(12/27/2011) In a study of 31 mobile operators in Europe, Morocco and Thailand, Karsten Nohl, a Berlin hacker and mobile security specialist, found that many operators provided poor or weak protection from illicit surveillance and identity theft.
And the winners of the Cyber Challenge are...
(12/21/2011) Top finishers among competitors from more than 150 high schools around the country won more than $6,000 in scholarships in this fall’s Cyber Foundation competition.
Groups Petition for Right to Hack the Xbox, Back Up DVDs
(12/13/2011) The public could be allowed to copy DVDs onto their tablets and unlock video-game consoles to run home-brewed games if regulators side with public interest groups’ new requests to amend federal intellectual-property law.
Three "critical" patches to be in Microsoft security update
(12/13/2011) Tuesday's monthly security update, to be released around 1 p.m. EST, will come with three "critical" and 11 "important" bulletins to plug holes in Windows, Office, Internet Explorer, Publisher and Windows Media Player.
Feds launch cloud security standards program
(12/13/2011) FedRAMP program will require that all federal agencies only use cloud providers that meet its security standards
Yahoo Messenger flaw enables spamming through other people's status messages
(12/7/2011) The unpatched vulnerability in Yahoo Messenger allows attackers to change other people's status messages automatically
8 companies hit with lawsuit over Carrier IQ software
(12/7/2011) It's the third lawsuit to be filed since privacy controversy started last week
Verizon-Supported Cybersecurity Bill Advances in U.S. House
(12/5/2011) The House Intelligence Committee approved a bill encouraging telecommunications companies including Verizon Communications Inc. (VZ) and Comcast Corp. (CMCSA) to share data on hacker attacks with the U.S. government.
Justice Dept. cracks down on Cyber Monday scams
(11/30/2011) On one of the busiest online shopping days of the year, the Justice Department announced that it shut down 150 Web sites selling counterfeit goods ranging from sports jerseys to handbags to the popular P90X exercise program. The operation was part of a campaign launched last year that has targeted more than 350 sites visited by millions of consumers.
USB sticks still being used insecurely, Ponemon study finds
(11/29/2011) USB sticks remain a big security weakness for UK organisations with many employees using drives without permission and not bothering to report their loss, a Ponemon Institute study has found.
Feds back off on Jan.1 eHealth standards deadline
(11/28/2011) U.S. health officials delay enforcement until March 31, 2012
What Apple's sandboxing means for developers and users
(11/9/2011) Recently Apple announced to developers that beginning in March 2012, all applications submitted to the Mac App Store will require support for Apple's sandboxing routines.
Federal Bureau of Investigation and the U.S. Attorney General's Office Win National Cybersecurity Innovation Award
(11/7/2011) WASHINGTON, Nov. 3, 2011 /PRNewswire-USNewswire/ -- The SANS Institute announced today that the Federal Bureau of Investigation and the U.S. Attorney General's Office have won the 2011 U.S. National Cybersecurity Innovation Award for their innovative techniques in cyber law enforcement using the computer virus' own command and control system to disable the malicious software.
Federal cyber rules halt LAPD's move to Google Apps
(10/31/2011) FBI security rules are holding up the Los Angeles Police Department's move to Google Web-based email and office applications, according to contractors.
Researchers Found Way to ID Skype Users Who Also Use BitTorrent
(10/27/2011) A group of researchers have found a way to tie Skype users to their peer-to-peer networks in order to identify who might be responsible for sharing files on Bit Torrent and other P2P networks
Critical Java Update Fixes 20 Flaws
(10/21/2011) Oracle Corp. released a critical update to plug at least 20 security holes in versions of its ubiquitous Java software. Nearly all of the Java vulnerabilities can be exploited remotely to compromise vulnerable systems with little or no help from users.
New Mac malware variant disables OS X defenses
(10/21/2011) Malware authors have updated a Mac trojan to disable the anti-malware protection Apple has built into its OS X platform, researchers warned this week.
Zeus Trojan P2P update makes take-downs harder
(10/14/2011) The Zeus financial malware has been updated with peer-to-peer functionality that makes it much more resilient to take-down efforts and gives its controllers flexibility in how they run their fraud operations.
Cybercrime becomes bigger threat to energy industry than terrorists
(10/14/2011) Today, the greater threat is the digital theft of competitive information or technical data by outside hackers or unscrupulous employees, speakers at an FBI-sponsored event on energy security said Wednesday.
Google Releases Chrome Desktop-Sharing Feature
(10/11/2011) Google isn’t reinventing the wheel with a new feature it is testing that allows any two computers using its Chrome browser to connect with each other.
Developer function enables phishing at American Express
(10/11/2011) Security specialist Niklas Femerstrand has discovered a hole on the American Express web site that attackers can use to steal, among other things, the login data of credit card customers.
Stanford Hospital blames contractor for data breach
(10/10/2011) Stanford Hospital & Clinics this week blamed a third party billing contractor for a data breach that exposed the personal data of some 20,000 patients.
Google updates Chrome to restore browser after Microsoft blunder
(10/5/2011) Google updated Chrome over the weekend to help users affected by Microsoft's errant flagging of the browser as malware.
HTC Android Devices Contain Serious App Flaw That Exposes User Data
(10/5/2011) Researchers have discovered a serious data leak on HTC's Android smartphones because of problems in how information is logged and stored.
Facebook fixes ID cookie glitch
(10/3/2011) Facebook has said that it has "fixed" cookies that could have tracked users after they logged out of the site.
Mozilla considers disabling Java in Firefox
(10/3/2011) The Firefox developers are currently discussing whether to disable Oracle's Java plug-in as a potential workaround for the recently disclosed SSL/TLS vulnerability.
Why geolocation apps can be dangerous
(9/28/2011) ISACA today weighed in on how geolocation apps are catching on with mobile device users.
Mac trojan pretends to be Flash Player Installer to get in the door
(9/28/2011) Hot on the heels of last week's Mac malware posing as a PDF is a new piece of malware posing as something even more insidious: a Flash player installer.
U.S. Cyber Challenge Announces Winners of Cyber Quests III
(9/28/2011) The U.S. Cyber Challenge (USCC) today announced the winners of its latest Cyber Quests, a national online competition allowing participants to demonstrate their knowledge in a variety of information security disciplines.
MySQL.com hacked to serve malware
(9/28/2011) The website for the open-source MySQL database was hacked and used to serve malware to visitors Monday.
Senate Panel Approves Bill Aimed at Thwarting Computer Attacks
(9/26/2011) Legislation aimed at protecting the nation’s financial networks and power grids from computer hackers and safeguarding consumer data online won approval from a U.S. Senate panel in a party-line vote.
Sony Forces Gamers to Promise They Won’t Sue En-Masse for Hacks
(9/21/2011) Sony quietly updated its terms of service (.pdf) last week to require online gamers to agree to waive their right to any class-action lawsuit in order to log in to their network accounts.
Oracle patches "Apache Killer" flaw in HTTP Server
(9/21/2011) Oracle on Thursday issued an emergency patch to fix a flaw, known as “Apache Killer,” that could allow attackers to crash its HTTP Server products based on Apache 2.0 or 2.2.
SpyEye hacking kit adds Android infection to bag of tricks
(9/16/2011) Intercepts text messages bank use as secondary authentication for account access.
Windows 8 to offer built-in malware protection
(9/16/2011) Microsoft is including a beefier version of its malware protection in Windows 8.
Microsoft removes anti-virus app from Windows Phone marketplace
(9/14/2011) Microsoft has removed the AVG Mobilation for Windows Phone 7 virus scanner from its marketplace as doubts had been raised about its functionality and compliance with data protection regulations.
Microsoft, Adobe announce forthcoming patches
(9/13/2011) Microsoft and Adobe are both planning to release security updates on Tuesday, the companies announced.
Obama administration seeking tougher penalties for cybercrimes like hacking
(9/13/2011) The Obama administration is seeking tougher sentences for people who are found guilty of hacking or other digital offenses, two officials said Wednesday.
Patient data posted online in major breach of privacy
(9/13/2011) A medical privacy breach at Stanford University’s hospital in Palo Alto, Calif., led to the public posting of medical records for 20,000 emergency room patients, including names and diagnosis codes, on a commercial website for nearly a year, the hospital has confirmed.
Next post Google Certificate Hackers May Have Stolen 200 Others
(9/6/2011) Hackers who obtained a fraudulent digital certificate for Google may have actually obtained more than 200 digital certificates for other top internet entities such as Mozilla, Yahoo and even the privacy and anonymizing service Tor.
Hackers break into Linux source code site
(9/6/2011) But Linux geeks say that the kernel source code is secure. As Linux fans know, there are two kinds of hackers: the good guys who develop free software, such as the Linux kernel, and the bad guys who break into computers.
"Morto" worm spreading via Remote Desktop connections
(8/31/2011) A first-of-its-kind worm is currently spreading in the wild via Windows Remote Desktop Protocol (RDP), security firms have warned.
DHS partners with Boys & Girls Clubs of America on cybersecurity
(8/31/2011) The over-100-years-old Boys & Girls Clubs of America join the DHS "Stop.Think.Connect." campaign, a national effort to achieve a higher level of internet security by educating Americans at home, in the workplace and in communities.
Apache warns Web server admins of DoS attack tool
(8/29/2011) Developers of the Apache open-source project today warned users of the popular Web server software that a denial-of-service (DoS) tool is circulating that exploits a bug in the program.
Twitter begins moving users to default #HTTPS sessions
(8/29/2011) Twitter is to begin switching user sessions to https by default.
Yale warns 43,000 about 10-month-long data breach
(8/24/2011) Yale University has notified about 43,000 faculty, staff, students and alumni that their names and Social Security numbers were publicly available via Google search for about 10 months.
eThieves Steal $217k from Arena Firm
(8/22/2011) Cyber thieves stole $217,000 last month from the Metropolitan Entertainment & Convention Authority (MECA), a nonprofit organization responsible for operating the Qwest Center and other gathering places in Omaha, Nebraska.
AT&T sues two over scheme to steal customer data
(8/22/2011) AT&T has accused two Utah men of carrying out a data mining scheme, using automatic dialing programs to harvest information from its customer database and costing the company more than $6.5 million.
The collar bomber's explosive tech gaffe
(8/22/2011) The man who said he had fixed a bomb around a girl's neck handed his name to police ... on a flash drive.
Adobe admits Google fuzzing report led to 80 'code changes' in Flash Player
(8/17/2011) Adobe on Friday acknowledged that as many as 80 bugs in Flash Player were reported by a Google security engineer as it defended its decision not to spell out details of the vulnerabilities.
New Android spyware answers incoming calls
(8/17/2011) A malicious Android app that disguises itself as Google's new social networking platform, Google+, is capable of stealing data, and answering and recording incoming phone calls, researchers said this week.
Visa Pushes PIN Requirement With Credit Card Purchases
(8/15/2011) European consumers are used to this drill, but now Visa is putting its muscle behind increased security measures in the United States.
Huge Decline in Fake AV Following Credit Card Processing Shakeup
(8/10/2011) On Wednesday I wrote that many of the top fake antivirus distribution programs had ceased operations, citing difficulty in processing credit card transactions from victims
Android trojan records phone calls
(8/8/2011) Security experts at CA have discovered a new piece of malware for Google's Android mobile operating system which secretly records phone conversations.
Microsoft slates 22 patches for Windows, IE next week
(8/8/2011) Microsoft today said it will ship 13 security updates next week to patch 22 vulnerabilities in Internet Explorer, Windows, Visio and Visual Studio.
Phisher who hit 38,500 gets long prison sentence
(8/2/2011) A California man was sentenced to 12 years and seven months in prison Thursday for his role as the brains behind a widespread phishing scam that took in more than 38,000 victims.
Criminals abusing Amazon cloud to spread SpyEye
(8/2/2011) Criminals for the past several weeks have been exploiting Amazon's Simple Storage Service (S3) cloud offering to spread SpyEye malware, according to researchers at anti-virus firm Kaspersky Lab.
Trojan Tricks Victims Into Transferring Funds
(8/1/2011) Now, a new malware variant uses a devilish scheme to trick people into voluntarily transferring money from their accounts to a cyber thief’s account.
Hollywood Wins Court Order to Force BT to Block Pirate Site Newzbin2
(8/1/2011) The major Hollywood studios, backed by the Motion Picture Association, persuaded a judge to order BT to block all access to suspected pirate site Newzbin2.
http://www.columbiamissourian.com/stories/2011/07/30/cyber-security-camp-gives-lessons-future-midwest-students
(8/1/2011) Three winners walked away from the United States Cyber Challenge Regional Cyber Security Boot Camp at MU with $1,000 scholarships.
Google adds malware warning to search results
(7/28/2011) Google announced today it is instituting a malware warning system on its search results page to alert users to the possibility that their computer is infected.
Mac OS X Lion reveals passwords in sleep mode?
(7/28/2011) According to Passware, the latest version of Mac OS X has a "vulnerability" that allows login passwords to be exposed while the Mac is locked or in sleep mode.
Comcast Hijacks Firefox Homepage: “We’ll Fix”
(7/27/2011) Comcast says it is revamping the software that new customers need to install to start service with the ISP.
Hacker Sentenced In Virginia to 10 Years In Prison For Stealing 675,000 Credit Card Numbers Leading To $36 Million In Losses
(7/27/2011) Rogelio Hackett Jr., 25, of Lithonia, Ga., was sentenced today to 120 months in prison by U.S. District Judge Anthony J. Trenga in Alexandria, Va., for trafficking in counterfeit credit cards and aggravated identity theft, announced Assistant Attorney General Lanny A. Breuer of the Criminal Division and U.S. Attorney Neil H. MacBride for the Eastern District of Virginia.
Federal auditors scold IRS for slow notification of security breaches
(7/22/2011) In a recent report, the Treasury Department Inspector General for Tax Administration reprimanded the Internal Revenue Service for failing to notify taxpayers in a timely way — if at all —when the tax agency inadvertently exposed their personal information.
Google Warns Searchers Of Windows Malware Infection
(7/22/2011) Google has started alerting users running Windows about a specific form of local malware it can detect through network traffic flows.
Apple patches 58 Safari bugs to deflect drive-by attacks
(7/22/2011) Apple today updated Safari to version 5.1, patching 58 security vulnerabilities and adding several new features, including sandboxing on Mac OS X 10.7.
Oracle to issue 78 bug fixes on Tuesday
(7/19/2011) Oracle is planning to issue 78 patches covering a number of its software products on Tuesday, including 13 fixes for its flagship database, according to a statement posted to its website on Thursday.
Researcher finds serious vulnerability in Skype
(7/19/2011) A security consultant has notified Skype of a cross-site scripting flaw that could be used to change the password on someone's account, according to details posted online.
ZeuS trojan attacks Android
(7/15/2011) Several AV vendors report that, after targeting Symbian, BlackBerry and Windows Mobile devices, a variant of the ZeuS online banking trojan now also infects Android smartphones.
Google Blasts An Entire Domain From Its Search Results For Being Too Spammy
(7/8/2011) Google has hidden more than 11 million URLs from its search results as part of its ongoing effort against search spam.
Google boosts Gmail's anti-phishing feature
(7/5/2011) Google this week added an anti-phishing feature to Gmail that automatically displays the sender's address for some messages.
Citigroup hackers made $2.7 million
(6/29/2011) Citigroup suffered about $2.7 million in losses after hackers found a way to steal credit card numbers from its website and post fraudulent charges.
Film-makers seek injunction to block pirate site
(6/29/2011) Film-makers are going to court in a bid to block access to a site that links to pirated versions of popular movies
former student pleads guilty to computer hacking
(6/24/2011) Daniel J. Fowler, 21, of Kansas City, Mo., pleaded guilty before U.S. Magistrate Judge John T. Maughmer to the charges contained in a Nov. 18, 2010, federal indictment. In addition to the computer hacking conspiracy, Fowler also pleaded guilty to one count of computer intrusion causing damage (computer hacking).
Attackers exploit latest Flash bug on large scale, says researcher
(6/21/2011) The attacks exploit the critical Flash Player bug that Adobe patched June 14 with its second "out-of-band," or emergency update, in nine days.
Exploits begin for patched Internet Explorer bug
(6/21/2011) Attackers are now actively exploiting one of the 11 Internet Explorer (IE) vulnerabilities patched Tuesday by Microsoft, a Symantec researcher said Friday.
Microsoft Patches Fix 34 Security Flaws
(6/20/2011) Microsoft on Tuesday released 16 software updates to fix at least 34 security vulnerabilities in its Windows operating systems and other software.
Citigroup reveals breach affected over 360,000 cards
(6/20/2011) Over 360,083 credit card accounts in North America of Citigroup were affected as a result of a compromise of its card account management website in May, the bank said in an update on Wednesday.
Sony Hacked Again, 1 Million Passwords Exposed
(6/7/2011) Hacker group LulzSec releases 150,000 Sony Pictures records, including usernames and passwords, in latest setback for consumer electronics giant.
Large-scale IPv6 trial set for June 8
(6/7/2011) The largest experiment in the 40-year history of the Internet will take place on Wednesday, as hundreds of Web sites test a new standard called IPv6 that can support vastly more devices with faster, lower-cost connectivity than today's technology.
Is sharing a log-in a criminal act?
(6/3/2011) Tennessee lawmakers have passed a bill that would make sharing log-in information, including usernames and passwords, illegal within the state's borders, the Associated Press reports.
Sony restores all PlayStation Network services
(6/3/2011) Sony has completed its restoration of the PlayStation Network and Qriocity music service after a data breach forced a shutdown in April.
Facebook video scam puts malware on Mac and Windows
(6/3/2011) Facebook seems unable to stop scammers from circulating malicious Web links that install fake antivirus software on victims' computers.
Hackers steal Hotmail messages thanks to Web flaw
(5/27/2011) Criminals recently spent more than a week siphoning e-mail messages from Hotmail users' accounts, thanks to a programming bug in Microsoft's website.
Security researcher finds 'cookiejacking' risk in IE
(5/27/2011) A security researcher in Italy has discovered a flaw in Internet Explorer that he says could enable hackers to steal cookies from a PC and then log onto password-protected Web sites.
Facebook Adds Mobile Authentication
(5/25/2011) Facebook has introduced a new authentication feature designed to help users better protect their accounts from being hijacked by password-stealing miscreants.
Despite Reports, Sony Says PlayStation Network Was Not Hacked Again
(5/24/2011) Password reset issues cause network downtime, but no new hacks occurred, company says.
Senators: New smartphone tracking law needed
(5/24/2011) The U.S. Congress needs to pass new laws to protect smartphone customers from having their locations tracked by operating systems and applications, members of a Senate subcommittee said Thursday.
Dropbox Lied to Users About Data Security, Complaint to FTC Alleges
(5/18/2011) Dropbox, the wildly popular online storage system, deceived users about the security and encryption of its services, putting it at a competitive advantage, according to an FTC complaint filed Thursday by a prominent security researcher.
Windows scareware fakes impending drive disaster
(5/18/2011) Scammers are trying to trick Windows users into paying to fix bogus hard drive errors that have apparently erased important files, a researcher said today.
Fake security software takes aim at Mac users
(5/4/2011) 'Rogueware' plague expands from Windows to Mac OS, tries to dupe Apple users into paying $60-$80
PlayStation Hack Prompts Suspension of Sony Online Entertainment Games Site
(5/4/2011) In the wake of the Sony PlayStation Network outage, Sony has taken down another arm of its online gaming offerings.
China Implicated In Hacking Of SMB Online Bank Accounts
(5/2/2011) FBI warns that small- to midsize businesses are being targeted in an attack that so far has bilked companies' accounts of millions of dollars and wired the money to Chinese companies.
Sony confirms PlayStation Network cards were encrypted
(5/2/2011) A Sony spokesman said Thursday that the credit card numbers belonging to millions of PlayStation Network (PSN) and Qriocity users were encrypted when they potentially were compromised by hackers.
Amazon Cloud Outage Proves Importance Of Failover Planning
(5/2/2011) Contingency plans kept Bizo and Mashery up and running during the Amazon service outage, offering lessons to other cloud-based businesses.
Update on PlayStation Network and Qriocity
(4/29/2011) We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network.
FBI Raids Apartment of Alleged King’s Speech Uploader
(4/26/2011) The FBI has raided the Los Angeles apartment of a Screen Actors Guild member the bureau believes was first to upload the Oscar-winning movie The King’s Speech as well as Black Swan, and other in-theater-only films to the Pirate Bay in January, according to interviews and sealed court records obtained by Wired.com
Apple Gets Hit With Class Action Suit Over Location Tracking
(4/26/2011) Apple is facing a class action suit over the location data that two security researchers recently publicized
Advanced Cyber-Attack Claims Are Usually False, Overhyped
(4/26/2011) Many companies nowadays tend to claim they were the victims of an advanced persistent threat instead of admitting their security systems failed. As a result APTs have become overhyped.
Apple, Google Collect User Data
(4/22/2011) Apple Inc.'s iPhones and Google Inc.'s Android smartphones regularly transmit their locations back to Apple and Google, respectively, according to data and documents analyzed by The Wall Street Journal—intensifying concerns over privacy and the widening trade in personal data.
Senators Propose Data Privacy Law
(4/18/2011) Senators John Kerry (D-Mass.) and John McCain (R-Ariz.) on Tuesday introduced "The Commercial Privacy Bill of Rights Act of 2011," a bill designed to protect people's personal information.
Ransomware squeezes users with bogus Windows activation demand
(4/13/2011) Computerworld - A new Trojan tries to extort money from users by convincing them to dial international telephone numbers to reactive Windows, a security researcher said today.
Phishing scam masquerades as Adobe upgrade
(4/5/2011) Phishers use all kinds of come-ons to lure their victims. But one persistent piece of spam tries to trick people by offering an upgrade to Adobe Acrobat
Epsilon Data Breach Hits Banks, Retail Giants
(4/5/2011) Marketing company Epsilon is reporting a data breach that could affect the email addresses of thousands of customers of major banks, retail and hotel chains.
Junk mail down 1/3 since Rustock botnet takedown
(4/1/2011) Junk mail down 1/3 since Rustock botnet takedown, But Bagle does brisk business
MySQL Web site falls victim to SQL injection attack
(3/29/2011) Oracle's MySQL.com customer Web site was compromised over the weekend by a pair of hackers who publicly posted usernames, and in some cases passwords, of the site's users.
Survey shows we're too lazy about mobile phone security
(3/29/2011) A new survey shows U.S. consumers are shockingly lax about basic security on their mobile phones.
Firefox 4 includes new feature for thwarting web attacks
(3/25/2011) The latest version of Mozilla's Firefox web browser, version 4, was released this week with a number of new security features, including a mechanism for preventing web-based attacks.
Homegrown: Rustock Botnet Fed by U.S. Firms
(3/23/2011) Great cyber story, read more about Microsoft's take down of Rustock Botnet.
Twitter adds option to always use HTTPS connection
(3/21/2011) Twitter announced on Wednesday that it will give its users the option to always automatically connect to Twitter.com using HTTPS, which encrypts communications between users' computers and Twitter servers.
Good guys take down notorious Rustock spamming botnet
(3/21/2011) Rustock, one of the largest and most notorious spam botnets, suddenly fell silent Wednesday and has remained off line.
Microsoft Set To Formally Launch IE9
(3/15/2011) Microsoft on Monday was set to launch the latest version of its Internet Explorer Web browser at an evening event at the South by Southwest tech and media fest in Austin, Texas
FTC officially closes Twitter security investigation
(3/15/2011) The U.S. Federal Trade Commission has closed the book on its legal action against Twitter, stemming from two 2009 hacking incidents where high-profile Twitter users -- including President Barack Obama -- lost control of their accounts.
Apple issues security updates for Safari, iOS
(3/14/2011) Apple on Wednesday issued security updates for its Safari 5 web browser and iOS mobile operating system to address dozens of vulnerabilities.
Google Again Sued Over Gmail Content Scanning
(3/14/2011) The latest complaint argues Google's disclosures are inadequate because nobody reads lengthy legal documents.
Symantec Finds Fake Google Security Tool
(3/14/2011) The phony version of the Android Market Security Tool was found by Symantec on China-based, third-party Web sites that are not sanctioned by Google.
Google yanks over 50 infected apps from Android Market
(3/8/2011) Google has pulled more than 50 malware-infected apps from its Android Market, but hasn't yet triggered automatic uninstalls of those programs from users' phones, security experts said today.
"BlackHole" malware, in beta, aims for Mac users
(3/1/2011) Experts are debating the level of risk posed by what appears to be a new malware variant targeting Mac OS X users.
HIPAA privacy actions seen as warning
(3/1/2011) HHS hits Cignet with $4.3M penalty; Mass. General settles for $1M
Trojan steals session IDs, bypasses logout requests
(2/25/2011) A new banking trojan targeting U.S. customers has the ability to keep online account sessions open after customers believe they have logged off, enabling criminals to surreptitiously steal money, according to researchers at web security firm Trusteer.
Microsoft Has a Change of Heart on How to Keep Internet Safe
(2/23/2011) Should ISPs be the ones who keep hacked PCs off the Internet? Microsoft's chief security executive used to think so, but now he's had a change of heart.
Obama seeks big boost in cybersecurity spending
(2/18/2011) The White House is proposing a big increase in cybersecurity research and development in next year's budget to improve, in part, its ability to reduce the risk of insider threats and ensure the safety of control systems such as those used at power plants.
Senators explore Web site seizure options
(2/18/2011) U.S senators will introduce legislation this year targeting Web sites that traffic in digital piracy or counterfeited goods, said the primary sponsor of a controversial bill proposed in 2010 that would give government agencies more authority to shut down those sites.
Sweetheart, but fake, deals put on ICE
(2/16/2011) "Operation Broken Hearted" protects consumers from counterfeit Valentine's Day goods
Mozilla adds 'Do Not Track' to newest Firefox 4 beta
(2/16/2011) Mozilla on Tuesday rolled out the eleventh beta of Firefox 4, adding the "Do Not Track" feature it touted three weeks ago to the browser.
HBGary Federal Hacked by Anonymous
(2/9/2011) A company that is helping the federal government track down cyberactivists who have been attacking business which refused to support Wikileaks has itself been hacked by the very same activists.
Lawmakers ask Facebook about access to users' data
(2/9/2011) SAN FRANCISCO — Two U.S. congressmen continued to press Facebook on the privacy front Wednesday, questioning the company's plan to make users' addresses and mobile phone numbers available to third-party sites and application developers.
Alleged 'scareware' Vendors to Pay $8.2 Million to FTC
(1/28/2011) The operator of an alleged "scareware" scheme, using deceptive advertising to trick Internet users into buying software to fix their supposedly infected computers, will pay the U.S. Federal Trade Commission US$8.2 million to settle a complaint brought by the agency
Facebook Enables HTTPS So You Can Share Without Being Hijacked
(1/28/2011) Facebook announced Wednesday it would begin supporting a feature to protect users from having their accounts hijacked over Wi-Fi connections or snooped on by schools and businesses.
Cybercrime migrating to mobile and Apple, Cisco report
(1/26/2011) The tide in cybercrime is shifting away from attacks on Windows machines and migrating to the mobile marketplace, according to a just released yearly report from Cisco.
Mozilla, Google Propose Defenses Against Ad Tracking
(1/26/2011) Google and Mozilla this week proposed new tools to help consumers gain more control over ad tracking cookies.
Vulnerabilities in the Boonana Trojan increase the danger
(1/21/2011) First spotted almost three months ago, the Boonana Trojan stood out because of its capability to infect both computer running Windows and those running Mac OS X.
Facebook Developers Get Access to Mobile Phone, Address Information
(1/20/2011) Facebook is now offering applications access to users' mobile phone and addresses, though sharing must be approved by users.
Mac OS X 10.6.6 Adds Bug Fixes, Alongside Mac App Store
(1/11/2011) The big news of Mac OS X 10.6.6's release is clearly the Mac App Store, but that's not the only change that came in the latest version of Snow Leopard. In addition, Apple nipped a pair of bugs and closed a security hole.
Microsoft Security Bulletin Summary for January 2011.
(1/11/2011) Microsoft will issue two security bulletins on Tuesday, January 11 to fix three vulnerabilities.
Honda online database hacked
(1/6/2011) Cybercriminals hacked into the database of American Honda Motor Co., Inc. stealing the names, e-mail addresses and Vehicle Identification Numbers (VIN) of 2.2 million car owners.
White House’ eCard Dupes Dot-Gov Geeks
(1/6/2011) A malware-laced e-mail that spoofed seasons greetings from The White House siphoned gigabytes of sensitive documents from dozens of victims over the holidays, including a number of government employees and contractors who work on cybersecurity matters.
Microsoft warns of Word attacks
(1/3/2011) Hackers are exploiting a vulnerability in Microsoft Word to plant malware on Windows PCs, Microsoft said Tuesday.
VA Employees Using Unauthorized Cloud Services
(12/30/2010) Department of Veterans Affairs staff have been using Google and Yahoo tools without the agency's knowledge, raising privacy, security concerns.
Escrow Co. Sues Bank Over $440K Cyber Theft
(12/28/2010) An escrow firm in Missouri is suing its bank to recover $440,000 that organized cyber thieves stole in an online robbery earlier this year, claiming the bank’s reliance on passwords to secure high-dollar transactions failed to measure up to federal e-banking security guidelines.
Bank of America cuts services for WikiLeaks
(12/22/2010) Bank of America has joined the growing list of financial and technology companies that have cut off services to WikiLeaks, a move that comes amid speculation that the whistleblower site is preparing to release information about the bank.
SQL Injection Blamed for New Breach
(12/22/2010) The breach of a Web server that housed payment card data for a New York tourism company's website highlights security gaps in cardholder data protection.
Net neutrality plan has the votes at FCC
(12/22/2010) Michael Copps, the swing vote at the U.S. Federal Communications Commission for a set of network neutrality rules, said Monday he will vote for the proposal
Ohio State Says Hackers Breached Data on 760,000
(12/17/2010) Ohio State University is notifying about 760,000 people whose personal information was stored in the university’s computer server that a data breach could put them at risk for identity theft.
Google DoubleClick Caught Serving Malicious Ad
(12/16/2010) DoubleClick, the Google-owned ad technology, has been distributing malware in an online ad served through a number of websites, according to the security researcher who says he discovered the attack.
'Do Not Track' online privacy measure under consideration
(12/6/2010) You may soon be able to stop advertisers from tracking your every move online if the Federal Trade Commission's call for a "Do Not Track" option becomes a reality.
Adobe launches 'sandboxed' Reader X
(11/24/2010) Adobe today released Reader X, the next version of its popular software that includes a "sandbox" designed to protect users from PDF attacks
Kroxxu botnet targets one million users
(11/24/2010) The Kroxxu botnet is believed to have affected over one million web users.
Google Patches Security Flaw Affecting Gmail Users
(11/24/2010) Google patched a vulnerability Nov. 20 that allowed someone to send spam to Gmail users.
Adobe Fixes Zero-Day Flaw in Reader and
(11/19/2010) Adobe has issued an out-of-band fix for a vulnerability in Reader and Acrobat that is being actively exploited.
Apple fixes stability, Flash, and Top Sites issues with Safari updates
(11/19/2010) Apple has released a couple of updates for Safari that address a few stability and performance issues with the program, as well as increase the accuracy and relevance of the Top Sites results and Address autofill information.
Worm Crawling Through Windows Messenger
(11/17/2010) A malicious worm is creeping around Windows Live Messenger 2009, but Microsoft has already taken steps to stop its spread.
Researchers Down Koobface Botnet
(11/17/2010) Researchers at the Information Warfare Monitor project -- a collaboration between Canadian security firm SecDev and the University of Toronto's Citizen Lab -- over the weekend helped take down three of the command-and-control servers, aka motherships, responsible for the Koobface botnet.
Florida hospital admits to data breach affecting 1500 patients
(11/17/2010) A data breach at Holy Cross Hospital in Ft. Lauderdale, Fla., resulted in the theft of sensitive information concerning 1500 patients who visited the hospital’s emergency room.
Hacker Makes the 5th of November One to Remember
(11/9/2010) A hacker at Washington State University gave students and information-technology staff members another reason to remember the Fifth of November this year.
U.S. Cyber Command Opens Doors
(11/8/2010) The military command in charge of defending Department of Defense networks against cyber attacks is fully operational, about a month later than expected.
Microsoft to Fix 11 Vulnerabilities on November 9
(11/8/2010) Microsoft will issue three security bulletins on Tuesday, November 9. One of the bulletins is rated critical; the other two are rated important.
Password flaw in Apple iPhone set to be fixed next month
(10/29/2010) Apple has said that it is aware of a vulnerability in its iPhone that will be fixed in a software update next month.
APNewsBreak: University posts info of 40K students
(10/29/2010) HONOLULU – The Social Security numbers, grades and other personal information of more than 40,000 former University of Hawaii students were posted online for nearly a year before being removed this week.
NCSA/Norton by Symantec Online Safety Study released today
(10/28/2010) NCSA and Norton by Symantec released their annual Online Safety Study sometimes referred to as the home user study.
DNS – Facebook Beefs Up Security After Privacy Concerns Surface
(10/27/2010) Facebook (News - Alert) is introducing plans to encrypt user IDs and has come up with other safety precautions after press reports surfaced about privacy concerns on the popular social media service.
Oracle Java Attacks Reach 'Unprecedented' Levels, Microsoft Reports
(10/25/2010) Three Java vulnerabilities have been the target of more than 6 million attacks in the third quarter of 2010, Microsoft reported.
Human error gave spammers keys to Microsoft systems
(10/15/2010) Microsoft blamed human error after two computers on its network were hacked and then misused by spammers to promote questionable online pharmaceutical websites.
Facebook introduces one time passwords for insecure computers
(10/15/2010) In future Facebook users will be able to receive a one time login password as a mobile phone text.
Zeus hackers could steal corporate secrets too
(10/13/2010) Criminals who use the Zeus banking crimeware may be working on an new angle: corporate espionage.
Aldi data breach shows payment terminal holes
(10/12/2010) Thieves hit point-of-sale terminals in Aldi grocery stores in 11 states.
Security concerns prompt D.C. to suspend Web-based overseas voting
(10/12/2010) Test run of open-source Digital Vote by Mail system exposed some serious flaws
Alleged Brains Behind International Fraud Case Arrested in Ukraine
(10/8/2010) Five people have been detained in Ukraine in connection with online bank fraud in which US $70 million was stolen from the bank accounts of US small and mid-sized businesses, municipalities and other organizations over the last year-and-a-half.
Intel Threatens to Sue Anyone Who Uses HDCP Crack
(9/24/2010) Intel threatened legal action Friday against anybody who uses its proprietary crypto key — leaked on the internet
FTC drops P2P file sharing probe of LimeWire
(8/31/2010) Agency cites upgrades to LimeWire software that aim to prevent inadvertent P2P file sharing
Vulnerability Disclosures Increase By 36% In 2010
(8/27/2010) Vulnerability disclosures have reached record levels, with 4,396 new vulnerabilities documented in the first half of 2010 -- a 36% increase over the same period last year.
iTunes/PayPal scam is due to phishing, not a bug?
(8/27/2010) A recent flurry of iTunes customers' reports that their accounts must have been hacked and used to execute purchases via PayPal that occasionally total up to thousands of dollars, has raised the question of whether Apple's App Store has again suffered a breach.
Hospital: files with personal, medical data on 800,000 gone
(8/23/2010) A data management firm has lost hospital records, containing a wide array of personal information, that belonged to hundreds of thousands of people.
University Databases In the Bull's Eye
(7/9/2010) Recent wave of university hacks nationwide exposes vestiges of former practice of using social security number as identifiers.
Spammers Targe Facebook and Twitter at Once
(6/21/2010) Due to their ever-growing popularity, social networks have been a continuous target of cybercriminals to proliferate their malicious schemes. TrendLabsSM received samples of another Facebook spam, this time also taking advantage of the popular micro-blogging site, Twitter.
Tab Napping'- a new online scam
(6/11/2010) Watch out for this new online phishing scam which uses 'tab napping' to attack your computer - and your finances...
New Facebook Scam Targets 'Fan Check' Application
(10/15/2009) The latest scam simply uses the popular social networking site as a scapegoat while leading users to outside malicious sites.
BlackBerry Phishing Hole
(10/15/2009) Research in Motion (RIM) has shipped a fix for a serious security vulnerability that exposes BlackBerry users to phishing attacks.
How I'd Hack You Weak Passwords
(4/16/2009) Examples of how easy it might be for someone to crack the passwords you use.
iPhone Worm
(4/16/2009) World's first iPhone worm Rick-Rolls Wallpaper.
Passwords Leaked
(4/16/2009) Passwords leaked,a good example for changing your password and changing them often.
RSA warns of new "chat-in-the-middle" attacks
(4/16/2009) Security researchers have discovered a new kind of phishing threat for online banking customers, which they have dubbed a ¿Chat-in-the-Middle¿ attack.
Study: How Twitter is hurting students
(4/16/2009) Are social networks hurting or helping your students? You might be surprised at the results of a recent study.
iPhone apps help track sex offenders, spot crime
(4/16/2009) Article about iPhone app that helps locate sex offenders, families using to help protect their families.
Text Message Scam
(4/16/2009) Text messaging scam hits Columbia.
Facebook Will Strengthen Privacy Practices
(4/16/2009) Facebook has agreed to give users more control about the information they share with third-party applications.
IT Security
Monthly Topic
Encryption: Decoder Ring Not Included
It’s as though you are standing in the temple staring at dimly lit walls cast with shadows from your flaming torch. You have narrowly escaped the clutches of danger to get here and it all comes down to this. The key to unlocking the riches is in the hieroglyphics encrypted on the walls in front of you.
