(6/26/2015) Adobe rushes an out-of-band patch for its Flash Player to fix a zero-day vulnerability that already was being exploited in the wild.
(6/26/2015) A Florida-based computer tech support call center has suffered a data breach, with customer records being abused by fraudsters trying to get access to online bank accounts.
(6/16/2015) The company revealed the breach in a blog post Monday after investigating "suspicious activity" discovered by its security team.
(6/16/2015) The White House has ordered federal agencies to take immediate steps to make some basic cybersecurity fixes. The move follows a massive breach of government employee records.
(6/16/2015) The LastPass security team detected and subsequently blocked suspicious activity on their network. While there is no indication of a breach in user vault data or user accounts illegitimately being accessed, LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised. LastPass is executing additional security measures to ensure that user data remains secure. They are requiring all users logging in from a new device or IP address first verify their account by email, unless multifactor authentication is enabled. LastPass will also be prompting users to update their master password.
(5/29/2015) Apple will fix the bug that allows an attacker to crash an iPhone by sending a special string of characters in a text message.
(5/29/2015) Maker of the Android mobile operating system helps developers build apps that let users easily, safely sign in.
(5/29/2015) Criminals stole sensitive information about roughly 100,000 taxpayers through the Internal Revenue Service's "Get Transcript" application, a major data breach at the U.S.'s national tax agency.
(5/22/2015) A branch of the U.S.'s central bank is forcing a password reset after a cyberattack briefly redirected visitors to parts of its website to bogus Web pages.
(5/22/2015) An estimated 630 million phones fail to purge contacts, e-mails, images, and more.
(5/22/2015) Google analyzed hundreds of millions of password security questions and answers, revealing how startlingly easy it is for would-be hackers to get into someone else's account.
(5/22/2015) Personal information relating to almost four million users of a worldwide online dating website has been leaked by hackers, according to Channel 4 News.
(5/22/2015) CareFirst BlueCross BlueShield on Wednesday said it had been hit with a data breach that compromised the personal information on approximately 1.1 million customers.
(5/19/2015) Cyber-security ranks as the number one concern for nearly half of financial institutions in the US, according to a recently published survey.
(5/18/2015) Security firm Incapsula has discovered thousands of small-business and home routers that have been taken over by attackers to create botnets for use in denial-of-service attacks.
(5/18/2015) It seems that attackers have taken advantage of the auto re-load function on the Starbucks app, which lets consumers quickly and easily load value into their accounts from a linked payment card or bank account once the balance dips below a certain threshold.
(5/12/2015) Charles Harvey Eccleston, 62, allegedly sent dozens of spear phishing emails in January 2015 to DOE employees' emails, the Department of Justice (DOJ) wrote in a press release. He faces four felony offenses, including three counts of crimes involving unauthorized access of computers and a wire fraud charge.
(5/8/2015) WordPress issues its third security update, version 4.2.2, in less than four weeks to fix cross-site scripting security vulnerabilities.
(5/8/2015) Over five percent of browser visits to Google owned websites, including Google Search, are altered by computer programs that inject ads into pages. One called Superfish is responsible for a majority of those ad injections.
(5/8/2015) Cybercriminals and nation-state actors are indeed targeting healthcare organizations for their valuable data: cyberattacks and physical criminal activity now have officially surpassed insider negligence as the main cause of a data breach in healthcare organizations.
(5/1/2015) Google launched a new extension for its Chrome browser that is designed to discourage people from using the same password to log in to multiple online accounts.
(5/1/2015) Dozens of American Airlines flights were delayed on Tuesday after “a faulty iPad navigation app” caused the tablets to crash. Despite Boeing 737 pilots’ claims of all 737’s being grounded and a system-wide outage, American Airlines spokesperson Casey Norton said, “Initial reports on social media of a system-wide problem affecting a specific type of aircraft are inaccurate.” Instead, “several dozen” flights were affected by the outage.
(5/1/2015) The FBI is working with Rutgers University to identify the source of a series of distributed denial-of-service (DDoS) attacks that have plagued the school this week.
(4/24/2015) The FBI issued an alert to the Federal Aviation Administration (FAA) earlier this week to warn about hackers who might try to access airplane network ports, according to Wired.
(4/21/2015) The mortgage account information of an undisclosed number of HSBC Finance Corporation customers was accidentally exposed late in 2014 and remained exposed until discovery on 27 March, 2015, the firm admitted this week.
(4/21/2015) A security researcher joked about hacking a plane and was picked up by the FBI. They didn't think it was one bit funny.
(4/10/2015) The FBI issued a public service announcement (PSA) on Tuesday, warning that individuals sympathetic to the Islamic State in the Levant (ISIL), or Islamic State of Iraq and al-Shams (ISIS), are defacing WordPress websites by exploiting vulnerabilities in plugins.
(4/10/2015) In addition to a number of updates in OS X 10.10.3, Apple is fixing vulnerabilities across its OS X operating system.
(4/10/2015) The Federal Communications Commission asserted its information privacy authority Wednesday by reaching a settlement with AT&T—over data breaches at a trio of call centers—that includes a $25 million fine.
(4/7/2015) A "majority" of users were affected by a fault, which began after Google failed to update the security certificate on a server used to establish a secure connection
(4/7/2015) One year after the public disclosure of Heartbleed, 74 percent of Global 2000 organizations with public-facing systems are still vulnerable to the OpenSSL vulnerability, according to a new report by Venafi.
(3/31/2015) Across some of the most crucial sectors of the American economy, there's a lack of consensus of what exactly should be considered a 'cyberincident' – and whether technical mishaps, even without malicious intent, should count. That's a problem.
(3/31/2015) The Army has issued a global security alert to U.S. soldiers instructing them on how to guard their social media presence to avoid threats from groups like the Islamic State in Iraq and Syria, according to a Saturday report.
(3/25/2015) Analysts have estimated that in 2012, nearly 10 billion ad impressions were compromised by malvertising. Who knows how high that number is today?
(3/23/2015) Microsoft is bringing more personalization and security features to Windows 10, including biometric authentication to unlock a device.
(3/23/2015) 2015 has become the year of the health care data breach. A newly disclosed breach at Premera is reported to have affected up to 11 million people.
(3/23/2015) The mystery high-severity flaw that people were expected to be fixed in OpenSSL is no Heartbleed, but it is serious and users should update.
(3/23/2015) You can rent 133 movies from the Red Box. Download 155 songs from iTunes. Go to the local theater 29 times. The point here? Entertainment isn’t free…and neither are DMCA violations!
(3/18/2015) The Internet giant launches a service that sends a short password to your phone. Think two-factor authentication, without the first factor
(3/10/2015) Mozilla will include a new SSL (Secure Sockets Layer)/TLS (Transport Layer Security) certificate checking mechanism in the upcoming Firefox 37 browser release, which is scheduled to become generally available on March 31.
(3/4/2015) Uber said it is notifying impacted drivers now, but it hasn't seen the compromised data actually misused yet.
(3/4/2015) Mozilla has released an update to Firefox that erases the self-signed digital certificate implanted by Superfish, the vulnerable adware that blew up in Lenovo's face a week and a half ago.
(3/4/2015) Sources in the financial industry tell KrebsOnSecurity they have traced a pattern of fraud on customer credit and debit cards suggesting that hackers have tapped into cash registers at Natural Grocers locations across the country.
(3/2/2015) Over one million websites running the WordPress content management system are potentially at risk of being hijacked due to a critical vulnerability exposed in the WP-Slimstat plugin.
(3/2/2015) While a whopping 78.8 million consumers may have had personal information viewed by “hackers who had accessed our database,” an Anthem spokesperson confirmed in a statement emailed to SCMagazine.com on Thursday, about 60 to 70 million individuals are current or former Anthem members.
(2/18/2015) A vulnerability allows attackers to extract admin passwords and wireless network keys
(2/13/2015) From January 2013 to December 2014, cell phone robberies dropped 16 percent in New York and 27 percent in San Francisco, officials said in a Wednesday release on the website of New York State Attorney General Eric Schneiderman. In London, the monthly average of mobile phone thefts has been cut in half since September 2013.
(2/13/2015) The communications services get two-step verification, aimed at preventing unauthorized access to accounts, even if the username and password are entered.
(2/13/2015) For this Microsoft Patch Tuesday, we have three updates rated as critical by Microsoft and six updates rated as important.
(2/11/2015) Software maker Intuit had shut down the filing of state income tax returns via TurboTax due to worries over "suspicious" filings. But the company says there was no breach and filings have resumed.
(2/11/2015) Technically Incorrect: Samsung's small print says that its Smart TV's voice recognition system will not only capture your private conversations, but also pass them onto third parties.
(2/11/2015) Anthem's breach has ignited a debate on the insurer's data security safeguards, with many experts arguing that, in this incident, encryption may not have minimized the attack damage like some suspect.
(2/6/2015) Published 4:25 p.m. ET - Mandiant, the incident response firm tapped by Anthem Inc. in the wake of its massive breach, says that the “sophisticated” cyber attack against the health care company involved the use of custom backdoors, one indication that an “advanced attack” did indeed take place against the company.
(2/3/2015) A critical vulnerability in glibc, a core Linux library, can be exploited remotely through WordPress and likely other PHP applications to compromise Web servers.
(2/3/2015) The president urges Congress to pass legislation that would strengthen the country's hacking detection system and counterintelligence capabilities.
(2/3/2015) Adobe issued two separate fixes at the end of January to address two separate zero-day vulnerabilities identified in Flash Player – now Adobe is warning users of another Flash Player zero-day bug that the company says is reportedly being exploited in the wild.
(1/30/2015) A fault in a widely used component of most Linux distributions could allow an attacker to take remote control of a system after merely sending a malicious email.
(1/27/2015) Adobe this weekend released its second emergency zero-day patch for Flash in a single week: this one in fulfillment of a promise to address another vulnerability recently discovered to have been exploited in the wild by the Angler malware kit.
(1/23/2015) Digital Bond Labs security researcher Corey Thuen has found a way to unlock car doors, start a car, and gather engine information via a dongle known as "Snapshot" – a device used by Progressive Insurance to track driving habits for risk assessment and premium adjustment, according to Forbes.
(1/23/2015) In a continuing effort to secure hundreds of millions of users, WordPress.com is disconnecting self-hosted sites that haven't updated the Jetpack add-on.
(1/21/2015) The Twitter account of the New York Post was hacked, and UPI's was also apparently hit, the latest in a string of attacks that have hit the social media channels of high-profile organizations.
(1/16/2015) Google has stopped a widespread malicious advertising attack that bounced Web surfers to dodgy sites hawking weight loss and skin care products.
(1/16/2015) A wave of emails, supposedly sent by LinkedIn Support, have been linked to scammers who are attempting to steal credentials from members of the networking service.
(1/9/2015) The OpenSSL Project released OpenSSL 1.0.1k, OpenSSL 1.0.0p, and OpenSSL 0.9.8zd on Thursday – addressing eight vulnerabilities altogether, two of which could lead to denial-of-service (DoS) attacks and are deemed moderate in severity.
(1/6/2015) Morgan Stanley (MS) fired an employee it said stole data, including account numbers, for as many as 350,000 wealth-management clients and posted some of the information online.
(1/6/2015) A vulnerability in Apple's iCloud service that was recently exploited by the iDict hacking tool released by a hacker known as Pr0x13 on New Year's Day has been patched, according to posts on Twitter from Pr0x13.
(1/6/2015) Fast food restaurant chain Chick-fil-A says it's working with law enforcement, the payment industry, and security firms to determine whether reports of suspicious activity with payment cards used at some of its restaurants were due to a data breach.
(12/30/2014) ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems.
(12/23/2014) The data breach at the Staples office-supply chain may have affected roughly 1.16 million payment cards as criminals deployed malware to point-of-sale systems at 115 stores, the company said Friday.
(12/23/2014) The hack of Sony Pictures, which the FBI blamed on North Korea, was not an act of war, President Obama said in an interview broadcast on Sunday.
(12/19/2014) Staff email credentials and some user data, including email and postal addresses, were taken
(12/19/2014) Attackers can take control of millions of routers by sending a specially crafted request to RomPager, an embedded Web server running on them
(12/19/2014) State taking specific steps to protect $2.9 trillion in assets across 1,900 financial institutions
(12/17/2014) As Sony Pictures fights an uphill battle, working to minimize the post-breach damage while leaks continue to surface, the company's legal team has delivered a stern message to media covering the developments.
(12/17/2014) Google has blacklisted over 11,000 domains after a malware campaign, dubbed SoakSoak, compromised more than 100,000 websites using the WordPress content management system.
(12/12/2014) Investigation into hack continues while Sony tries to minimize the damage
(12/12/2014) Overall, Microsoft has issued seven security bulletins for December, including three that are critical, covering security vulnerabilities found in Windows (both the server and desktop editions), Office, Exchange Server, SharePoint Server and Internet Explorer.
(12/2/2014) For the second time this month, Adobe has issued a security update for its Flash Player software. New versions are available for Windows, Mac and Linux versions of Flash.
(12/2/2014) Four unreleased movies were leaked just days after the studio was forced to shut down its network in response to a security breach.
(11/24/2014) WhatsApp announced on Tuesday that its most recent Android update comes with built-in encryption protocol, and in the coming months, all the messaging app's users will have end-to-end encryption enabled.
(11/24/2014) Norma Jean Culpeper of Mullins, South Carolina, says the man who scammed her out of $1,200 by claiming to be an Army officer stationed in Afghanistan was able to do so, in part, because of the picture he emailed her.
(11/18/2014) Operating a computer with an expired security product is practically as unsafe as operating a system without security software at all – that is one of the key takeaways from the Microsoft Security Intelligence Report 17, which was released on Tuesday.
(11/14/2014) Windows, Macintosh and Linux users all should now update to the latest version of Adobe Flash player and Adobe AIR as the company has recently addressed 18 vulnerabilities in the software.
(11/14/2014) This is a massive update for Microsoft Patch Tuesday with 16 patches released for November 2014.
(11/11/2014) A U.S. Postal Service data breach has potentially compromised the personal information of 800,000 employees, as well as some customers who contacted the government service.
(11/11/2014) Traveling on business? Beware — elite cybercriminals may be after your data
(11/10/2014) An effective new phishing technique identified by researchers with Trend Micro allows attackers to go after information without having to spend as much time developing copies of websites.
(11/4/2014) A number of readers have complained recently about having their Hilton Honors loyalty accounts emptied by cybercrooks. This type of fraud often catches consumers off-guard, but the truth is that the recent spike in fraud against Hilton Honors members is part of a larger trend that’s been worsening for years as more companies offer rewards programs.
(11/4/2014) Google plans to disable support for SSL 3.0 in an upcoming Chrome release. Mozilla has similar intentions.
(10/31/2014) Hackers thought to be working for the Russian government breached the unclassified White House computer networks in recent weeks, sources said, resulting in temporary disruptions to some services while cybersecurity teams worked to contain the intrusion.
(10/31/2014) In a recent survey of 504 IT professionals, McAfee found that 60 percent prioritize security as the primary driver of network design – something the company did not find too surprising considering recent high-profile breaches.
(10/29/2014) A cyberespionage group has been using advanced spear-phishing techniques to steal email log-in credentials from the employees of military agencies, embassies, defense contractors and international media outlets that use Office 365's Outlook Web App.
(10/24/2014) A new mechanism helps email servers determine if a message was intended for a recycled account's previous owner
(10/24/2014) In May, researchers observed Android ransomware identified as Koler.A locking up the screens of victims around the world who visited certain pornographic websites – now, mobile security company AdaptiveMobile has discovered a worm variant that is spreading through SMS.
(10/24/2014) People who use Gmail and other Google services now have an extra layer of security available when logging into Google accounts.
(10/22/2014) An email with the subject “important” tells recipients that they must sign into Dropbox in order to view a document too big to be sent via regular email, but clicking on the link included in the message brings people to a fake Dropbox login page that is actually hosted on Dropbox.
(10/22/2014) Media freedom group GreatFire.org claims Apple's iCloud is being subject to a man-in-the-middle attack by China's censorship apparatus.
(10/22/2014) Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. Staples says it is investigating “a potential issue” and has contacted law enforcement.
(10/17/2014) Adobe, Microsoft and Oracle each released updates today to plug critical security holes in their products.
(10/17/2014) Google on Tuesday revealed yet another Internet-wide security vulnerability with a cute name but potentially disastrous effects. POODLE (Padding Oracle On Downgraded Legacy Encryption) allows attackers to break the security of SSL 3.0, a protocol for secure Web communications that is 14 years old but still used as a last-ditch connection method with legacy devices or when others don't seem to work
(10/17/2014) Unknown attackers harnessed the Shellshock vulnerability, or "Bash bug," to amass a botnet of 360 bots and launch a phishing campaign on Spanish-speaking Citibank customers.
(10/15/2014) A Tic-tac-toe game is actually a new mobile trojan – detected as Trojan-Spy,AndroidOS.Gomal.a, or Gomal – targeting Android devices.
(10/15/2014) Oracle has a large number of fixes lined up for Tuesday, including 25 for Java SE, while Microsoft and Adobe have patches due then too.
(10/15/2014) A data breach at International Dairy Queen, Inc. has resulted in systems at 395 of its more than 4,500 U.S. stores and one Orange Julius location being infected with the same Backoff malware that has plagued other retailers nationwide and exposed customer payment information.
(10/10/2014) Researchers with security company Proofpoint have identified a Russian-speaking cybercrime group that has infected more than 500,000 systems and is targeting online credentials for major banks in the U.S and Europe.
(10/10/2014) New malware, called “Tyupkin,” has been used by criminals to withdraw millions in cash from ATM machines running 32-bit Windows platforms – and researchers warn that the threat has continued to evolve in recent months.
(10/10/2014) Microsoft today said it will release nine security updates next week, twice the number of last month, with fixes slated for Internet Explorer (IE), Windows, SharePoint Server and Web app developer tools.
(10/8/2014) US telecom AT&T has lately been having problems with malicious insiders, and the latest incident has resulted in the compromise of account and personal information of a yet unknown number of customers.
(10/8/2014) A wave of high-profile cyberattacks this year on U.S. companies underscores the need for better security practices
(10/3/2014) Researchers have published BadUSB code two months after Karsten Nohl from SR Labs demonstrated at the Black Hat conference in Las Vegas how to use the virtually undetectable malware to infect nearly any USB device.
(10/3/2014) Financial giant JPMorgan Chase disclosed to the SEC on Thursday that a security breach this summer' affects some 76 million households and 7 million small businesses, but involves only non-critical information such as phone numbers and email addresses.
(10/1/2014) Summary: The patches are ready. Now it's up to you to put them into place as quickly as possible.
(10/1/2014) Apple says users of its OS X operating system are "safe by default" from the new security vulnerability, which has been described as bigger than Heartbleed.
(9/29/2014) But really, the impact on you at home should be minimal, especially if you take some basic precautions. Windows systems aren’t vulnerable whatsoever—though your router may very well be—unless you’re running a program like Cygwin.
(9/29/2014) Experts say the flaw, dubbed “Shellshock,” is so intertwined with the modern Internet that it could prove challenging to fix, and in the short run is likely to put millions of networks and countless consumer records at risk of compromise.
(9/23/2014) Google shut down malicious Web attacks coming from a compromised advertising network on Friday. The move follows a security firm's analysis that found the ad platform, Zedo, serving up advertisements that attempted to infect the computers of visitors to major websites.
(9/23/2014) The discussion on cybersecurity has shifted as CIOs and CTOs come to the realization that no system is immune to attacks and breaches. The conversation is now about “cyber resiliency.”
(9/22/2014) Two online advertising networks, Google’s DoubleClick and Zedo, have been delivering malicious advertisements that could install malware on a person’s computer, according to the security vendor Malwarebytes.
(9/22/2014) The malicious software that unknown thieves used to steal credit and debit card numbers in the data breach at Home Depot this year was installed mainly on payment systems in the self-checkout lanes at retail stores, according to sources close to the investigation. The finding could mean thieves stole far fewer cards during the almost five-month breach than they might have otherwise.
(9/22/2014) A reminder to iPhone owners cheering Apple’s latest privacy win: Just because Apple will no longer help police to turn your smartphone inside out doesn’t mean it can prevent the cops from vivisecting the device on their own.
(9/16/2014) Hackers purportedly representing Anonymous hit Boston Children's Hospital with phishing and DDoS attacks this spring. The hospital fought back with vigilance, internal transparency and some old-fashioned sneakernet. That – and a little bit of luck – kept patient data safe.
(9/15/2014) Comcast is giving users a very good reason to demand an HTTPS connection on every site they visit. The Internet service provider has started injecting ads for its services on websites where you wouldn't normally see them when you're using an Xfinity public Wi-Fi hotspot.
(9/15/2014) After Gmail usernames and passwords for nearly five million accounts were leaked online, Google quickly moved to calm user concerns and confirmed that the majority of the credentials wouldn't be very useful to those aiming to hijack accounts with the information.
(9/5/2014) Did Apple have a system-wide data breach? No. Was it complicit through an appalling security lapse by not defending against brute force attacks? You're darn tootin'!
(9/5/2014) In a letter to customers dated Tuesday, Jim Gibbons, president and CEO of Goodwill Industries International (GII), announced that payment card data was accessed following a malware attack on a third-party vendor used in about 10 percent of stores.
(9/5/2014) Multiple banks say they are seeing evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards that went on sale this morning in the cybercrime underground.
(9/3/2014) Users of the Mozilla Developer Network and Bugzilla testing system are advised to update their passwords after a pair of data disclosures were reported in August.
(9/3/2014) Summary: Apple has patched an exploit with its Find My iPhone online service that may have been used by hackers to gain access to personal photos stored on iCloud accounts belonging to some 100 celebrities.
(9/2/2014) Investigation into attack on JPMorgan Chase may have expanded to seven of the world's top banks, amid a report that hackers altered records.
(8/22/2014) More than 50 of The UPS Store's U.S. locations were found to have malware on their computer systems, and in some cases, it's been present since mid-January.
(8/19/2014) Microsoft on Friday quietly recommended that customers uninstall one of last week's security updates after users reported that it crippled their computers with the infamous "Blue Screen of Death" (BSOD).
(8/19/2014) Publicly traded healthcare organization's stock goes up as breach notifications go out.
(8/19/2014) Escaping identity thieves is hard enough. Don't make it any easier on them.
(8/15/2014) On Patch Tuesday, Microsoft shipped nine fixes for 37 bugs in its software, bringing a cumulative update for Internet Explorer and addressing security issues in Windows, Office, SharePoint Server, SQL Server software, and the .NET Framework.
(8/15/2014) Adobe Systems has released security patches for its Flash Player, Reader and Acrobat products, addressing a total of eight vulnerabilities, including one that is being exploited by attackers.
(8/12/2014) Until today, Microsoft Windows users who’ve been unfortunate enough to have the personal files on their computer encrypted and held for ransom by a nasty strain of malware called CryptoLocker have been faced with a tough choice: Pay cybercrooks a ransom of a few hundred to several thousand dollars to unlock the files, or kiss those files goodbye forever. That changed this morning, when two security firms teamed up to launch a free new online service that can help victims unlock and recover files scrambled by the malware.
(8/12/2014) An update to IE 8 through IE 11 next week will introduce a new warning when users try to run an outmoded Java ActiveX control
(8/12/2014) Hundreds of thousands of websites running a popular WordPress plugin are at risk of hacks that give attackers full administrative control, a security firm warned Thursday.
(8/6/2014) Sources at a growing number of financial institutions in the United States say they are tracking a pattern of fraud that indicates nationwide sandwich chain Jimmy John’s may be the latest retailer dealing with a breach involving customer credit card data. The company says it is working with authorities on an investigation.
(8/6/2014) P.F. Chang's named on Monday 33 specific restaurants where customer data might have been compromised after news last month that thousands of credit and debit cards might have been hacked at the chain.
(8/6/2014) A critical vulnerability in all recent versions of Samba could put users on the receiving end of attacks that allow hackers on the same local network to run programs with nearly unfettered administrative privileges.
(8/6/2014) According to researchers at Trend Micro, a threat dubbed “TROJ.POWELIKS.A.” can open users to additional malware downloads and steal system data, like universally unique identifiers (UUIDs), to deliver the information to attackers.
(7/30/2014) All mobile devices running Android version 2.1 to 4.3 contain a vulnerability – dubbed “Fake ID” – that enables the identity of trusted applications to be copied; consequently opening the doors to a whole list of malicious things, including, in some cases, taking control over the device.
(7/28/2014) As many as 50,000 websites have been remotely commandeered by attackers exploiting a recently patched vulnerability in a popular plugin for the WordPress content management system, security researchers said Wednesday.
(7/22/2014) A quarterly report revealing the “most exposed” programs on users' systems, found that old vulnerabilities in Microsoft XML Core Services continued to plague users.
(7/22/2014) HP researcher's findings highlight ongoing problems with POS software and hardware
(7/22/2014) More than three months after the disclosure of the catastrophic Heartbleed vulnerability in the OpenSSL library, critical industrial control systems sold by Siemens remain susceptible to hijacking or crashes that can be triggered by the bug, federal officials have warned.
(7/21/2014) Cybercriminals don't just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft.
(7/16/2014) The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests.
(7/16/2014) In a study, most IT execs at critical infrastructure companies revealed that their organization was compromised in the last year, but only 28 percent of them said that security was a top priority across their enterprise.
(7/11/2014) Facebook has teamed with law enforcement to disrupt malicious operations linked to "Lecpetex," a cryptocurrency-mining botnet composed of up to 250,000 infected computers worldwide.
(7/11/2014) Microsoft has issued an emergency update for most supported versions of Windows to prevent attacks that abuse recently issued digital certificates impersonating Google and Yahoo.
(7/3/2014) A new remote access tool has emerged for the Android platform, combining three of the most popular utilities performed by malware on Google’s mobile operating system: data leakage, banking credential theft, and – of course – remote access.
(7/2/2014) The United States continued to host the majority of phishing websites in the first quarter of 2014, but did not even crack the top 36 when it came to global computer infection rates, according to research from the Anti-Phishing Working Group (APWG).
(7/2/2014) The new Selfmite Android malware spreads by sending text messages with a malicious link to the device owner's contacts
(7/2/2014) Spam emails making the rounds in Germany are delivering banking malware identified as EMOTET, a financial threat that is beginning to make its way over to the U.S., according to researchers from Trend Micro.
(6/27/2014) Governments are increasingly using spyware for mobile devices to monitor targets, raising questions over the possible misuse of such tools, a new study suggests.
(6/27/2014) A zero-day remote code execution (RCE) vulnerability has been discovered in the “WebShot” feature of TimThumb, an image resizing utility commonly used on blogging platform WordPress, according to security company Sucuri.
(6/24/2014) Two months after the infamous bug was discovered, more than half of vulnerable servers remain unpatched.
(6/20/2014) A malware app called “Google Play Stoy,” which intercepts banking credentials, certificates and text messages from Android devices, has been removed from the Google Play Store, according to a Wednesday blog post from FireEye, which worked with Google to remove it.
(6/18/2014) Microsoft has quietly stopped serving security updates to Internet Explorer 11 (IE11) on consumer and small business Windows 7 PCs unless the customer has successfully applied an April update for the browser.
(6/16/2014) Target has hired a chief information security officer (CISO), a move that's noteworthy mainly because it is the first time the company has ever had anyone in this role, even though it is one of the largest retailers in the U.S.
(6/16/2014) Nationwide chain P.F. Chang’s China Bistro said today that it is investigating claims of a data breach involving credit and debit card data reportedly stolen from restaurant locations nationwide.
(6/16/2014) A mobile trojan called “Svpeng,” has now been updated to extort Android users in the U.S., researchers warn
(6/11/2014) Security researchers have documented another first in the annals of Android malware: a trojan that encrypts photos, videos, and documents stored on a device and demands a ransom for them to be restored.
(6/11/2014) Attackers may have infected nearly 350,000 systems with ransomware and earned more than $70,000 in Bitcoins as part of an ongoing Dropbox phishing scheme, according to researchers with PhishMe.
(6/9/2014) ESET researchers have shed some light on what could be the first file-encrypting ransomware for Android devices – and it just so happens to have a command-and-control hosted on Tor, as well.
(5/28/2014) Reports of iPhones and iPads being digitally locked up and held for up to a $100 ransom have been coming in from Apple users in Australia, as well as in other parts of the world.
(5/27/2014) Attorneys general in three states in the US are looking into the hack, and an official in the UK is considering a formal probe.
(5/23/2014) eBay officials are taking flak for burying news of the password reset issued in response to a hack on the company's corporate network that exposed sensitive data for millions of users.
(5/21/2014) NEW YORK (AP) — E-commerce site eBay is asking users to change their password after a cyberattack compromised a database containing encrypted passwords.
(5/13/2014) Heartbleed has forced many to revoke and reissue TLS/SSL certificates, but more than seven percent have been reissued with the same keys.
(5/13/2014) Ransomware, such as the now-infamous CryptoLocker, has been successfully compromising computers and laptops for years, so it comes as no surprise that the pesky malware is now making its way to mobile devices running the Android operating system.
(5/13/2014) New York Presbyterian and Columbia University Medical Center settle with HHS to end probe into 2010 patient data leak
(5/13/2014) Microsoft has released their advance notification for the May 2014 Patch Tuesday updates. There will be a total of eight updates issued next Tuesday, May 13, two of them rated critical.
(5/5/2014) Cybercriminals stole debit card information from customers of dozens of financial institutions in a phishing campaign that combined rogue text messages and with VoIP calls.
(5/5/2014) Mozilla rolled out Firefox 29 on Tuesday, a huge overhaul that addresses 15 security vulnerabilities, six of which are deemed critical, meaning the bug could be used to run attack code and install software with no user interaction aside from normal browsing.
(5/5/2014) Microsoft has patched a critical Internet Explorer flaw being leveraged in zero-day attacks – and those running no-longer-supported Windows XP will also benefit from the unscheduled update.
(5/5/2014) Target slates rollout of chip and pin for its payment cards for next year
(4/29/2014) The U.S. government's top cyber-security agency is telling Internet Explorer (IE) users they should consider running a different browser until Microsoft fixes a critical vulnerability.
(4/29/2014) The FBI has sent a private industry notification (PIN) to health care providers warning them that the security systems they have in place are behind those of other sectors, making them prime targets for cyber attacks.
(4/28/2014) Researchers scouring the official Google Play market have unearthed more Android apps that surreptitiously abuse end-user devices to carry out the computationally intensive process of mining Bitcoins.
(4/28/2014) The "Heartbleed" bug in a widely used software system rocked the Internet earlier this month, and major tech companies are teaming up to try to avoid a repeat.
(4/22/2014) Attackers were able to breach a walled-off virtual private network by exploiting the Heartbleed vulnerability, security company Mandiant said on Friday.
(4/22/2014) Health care participants in an industry wide attack exercise expressed concerns about effectively communicating threat intelligence within their organization.
(4/18/2014) Computerworld - Just days before Microsoft retired Windows XP from public support, the company drastically reduced the price of custom support agreements that give large companies and government agencies another year of XP patches, experts reported today.
(4/18/2014) On Tuesday, Stephen Solis-Reyes, a 19-year-old man that authorities believe leveraged the now infamous bug to steal sensitive information from the Canada Revenue Agency, was arrested by the Royal Canadian Mounted Police (RCMP), without incident, at his home in London, Ontario, according to a Wednesday RCMP release.
(4/15/2014) Canada's tax-collection agency on Monday said the private information of about 900 people had been compromised as hackers exploited the "Heartbleed" bug, and security experts warned that more attacks are likely to follow.
(4/15/2014) A Bloomberg report says the agency knew about the Heartbleed security flaw that's sent sites like Google scrambling to patch their systems -- but it kept it secret and used it to spy. The agency, however, says that's not so.
(4/15/2014) "Trivial" coding error in open source project wasn't intentional, report says.
(4/14/2014) The Web infrastructure company's patch was supposed to have handled the problem. Turns out it protects only three of six critical encryption values.
(4/14/2014) A flaw in the most popular web encryption system could leave people vulnerable to data theft according to security researchers.
(4/10/2014) We compiled a list of the top 100 sites across the Web, and checked to see if the Heartbleed bug was patched.
(4/10/2014) LastPass has released a new tool to show you which of your supposedly secure online accounts are at risk of being compromised, as the Heartbleed fallout continues with numerous major sites admitting to being hit by the devastating bug.
(4/9/2014) A new security bug means that people all across the Web are vulnerable to having their passwords and other sensitive data stolen. Here's what consumers can do to protect themselves.
(4/4/2014) Computerworld - Microsoft today said it will ship four security updates to customers next week that will include the final public fixes for flaws in Windows XP and Office 2003, both slated for retirement from security support on Tuesday.
(4/1/2014) Fortunately, the simultaneous blizzard and cyberattack were not real. They were created by the organizers of a collegiate competition held at the Johns Hopkins University Applied Physics Laboratory last week intended to test the wits and reflexes of what they hope will be the next generation of government and corporate cybersecurity professionals.
(3/27/2014) The University of Maryland, College Park suffered a second cyberattack on the heels of the recent theft of personal data for hundreds of thousands of students, staff and alumni, university officials announced Thursday.
(3/19/2014) Nationwide cosmetics and beauty retailer Sally Beauty today confirmed that hackers had broken into its networks and stolen credit card data from stores.
(3/14/2014) Developers working on Replicant, an open-source OS based on Android, claim to find a flaw that provides access "to read, write, and delete files" stored on some Samsung devices.
(3/12/2014) As many as 1,300 current and former Johns Hopkins University biomedical engineering students' personal information was posted online by an attacker claiming to be affiliated with hacktivist collective Anonymous.
(3/12/2014) A new remote access tool (RAT) that trojanizes Android apps made its way into Google's official app store.
(3/12/2014) (CNN) -- Apple released its latest mobile operating system update on Monday, iOS 7.1. The major upgrade packs in an assortment of bug fixes, improvements, new features and some subtle changes to the overall interface.
(3/7/2014) Samsung spokeswoman Jessica Baker said in an email that "if there is a fake Netflix app on the devices, it is something that was not preloaded by Samsung or U.S. carrier partners." Netflix spokesman Joris Evers said the company did not have a comment.
(3/7/2014) Jam and jelly maker Smucker’s last week shuttered its online store, notifying visitors that the site was being retooled because of a security breach that jeopardized customers’ credit card data.
(3/4/2014) Reacting to criticism from customers that upgrading from Windows XP was "impossible," Microsoft today announced it would give away a limited migration tool to help people move to a newer operating system.
(2/27/2014) University warns students and recent grads of possible data exposure
(2/27/2014) Malicious apps contained in the Google Play store have grown 388 percent between 2011 and 2013, according to a report from RiskIQ, an Internet security services company.
(2/21/2014) The widespread security breach reportedly compromised 40 million credit and debit cards, which are costing banks a pretty penny to reissue.
(2/21/2014) Microsoft on Wednesday issued a stopgap defense that protects Internet Explorer 9 (IE9) and IE10 against ongoing attacks until the company issues a patch, probably in three weeks.
(2/21/2014) For the second time this month, Adobe has addressed a zero-day vulnerability in its popular Flash Player.
(2/20/2014) More than 300,000 personal records for faculty, staff and students who have received identification cards at the University of Maryland were compromised in a computer security breach this week, school officials said.
(2/18/2014) Self-replicating worm program infects Linksys routers by exploiting an authentication bypass vulnerability
(2/17/2014) FireEye uncovers attacks emanating from a U.S. website just two days after Microsoft issued huge IE patch collection
(2/17/2014) Adobe and Microsoft today each issued patches to fix critical security flaws in their software.
(1/31/2014) Target said Wednesday that the hackers who attacked the company employed access credentials that were hardcoded into a product used by the retailer.
(1/31/2014) Yahoo suspects usernames and passwords were stolen from an unidentified third-party database
(1/29/2014) Kim Komando from The Kim Komando Show talks about this online threat, a watering hole attack is where hackers slip malicious code into a legitimate site.
(1/29/2014) Due to a theft of unencrypted laptops at Coca-Cola, around 74,000 current and former employees at the company may be at risk of identity theft or fraud.
(1/29/2014) Multiple sources in the banking industry say they are tracking a pattern of fraud on cards that were all recently used at Michaels Stores Inc., an Irving, Texas-based arts-and-crafts retailer that maintains more than 1,250 stores across the United States.
(1/29/2014) Computerworld - Microsoft will be able to silently reach into Windows XP PCs for more than a year after it stops patching the aged OS to clean malware-infected machines, sources close to the company confirmed Friday.
(1/28/2014) NCSA is teaming up with Facebook to broadcast the Data Privacy Day Kick Off event live online for the world to watch. The live stream will be made available via NCSA’s Data Privacy Day Facebook page this morning starting at 11:20 a.m. ET.
(1/24/2014) Researchers have discovered a new Android malware family that disguises itself as a security app, and intercepts the incoming texts and calls of victims.
(1/22/2014) Now Reuters is reporting that cyberintelligence firm IntelCrawler has unearthed evidence pointing toward at least six ongoing schemes at U.S. merchants with credit card processing systems plagued by the same type of malicious software
(1/22/2014) Changes in Google Chrome extension ownership can expose thousands of users to aggressive advertising and possibly other threats, two extension developers have recently discovered.
(1/8/2014) This January, the National Cyber Security Alliance is partnering with Reputation.com and the Rape, Abuse & Incest National Network (RAINN) to empower survivors of domestic violence and sexual assault by offering tools and resources that will help survivors gain control of their digital footprint and protect their personal information.
(1/7/2014) Security researchers have uncovered evidence of a new piece of malware that may be able to take gigabytes' worth of data hostage unless end users pay a ransom.
(1/7/2014) A manufacturer of broadband and wireless networking equipment may be the link that ties together a number of Wi-Fi routers that contain backdoors, some of which are vulnerable to remote attacks, according to a researcher.
(12/27/2013) An Israeli security team says a vulnerability in Samsung's Knox security platform enables malicious software to track e-mails and record data communications.
(12/20/2013) The breach, which was first reported by security journalist Brian Krebs on Wednesday, continued through December 15 and may have affected all locations nationwide. Customers who shopped through Target’s online storefront are not believed to have been affected.
(12/19/2013) Target said Thursday that the credit and debit card information of as many as 40 million customers was compromised over three weeks of the holiday shopping season — one of the largest breaches ever of American consumer data.
(12/17/2013) Horizon Blue Cross Blue Shield of New Jersey (BCBSNJ) began sending notification letters to more than 800,000 members on Dec. 6, alerting them that their personal information may have been compromised after two unencrypted laptops were stolen from the insurance provider's Newark headquarters about one month prior.
(11/27/2013) Twitter is the latest to implement "forward secrecy," a cryptographic technique that should stymie even the NSA.
(11/18/2013) Security updates for Flash Player addressed two critical vulnerabilities that could cause the software to crash and potentially allow a saboteur to take control of an exploited system, Adobe revealed in a bulletin.
(11/18/2013) Microsoft today issued security updates to fix at least 19 vulnerabilities in its software, including a zero-day flaw in Internet Explorer browser that is already being actively exploited.
(11/7/2013) Comments One federal agency is replacing workforce security awareness tutorials with real world hack attempts to test employee reflexes.
(11/5/2013) Computerworld - Google on Thursday expanded malware blocking in an early development build of Chrome to sniff out a wider range of threats than the browser already recognizes.
(11/1/2013) The recent data breach at Adobe that exposed user account information and prompted a flurry of password reset emails impacted at least 38 million users, the company now says.
(11/1/2013) Microsoft yesterday again put the scare into Windows XP users, telling them that after April 8, 2014, the chance that malware will infect their PCs could jump by two-thirds.
(10/29/2013) A malicious software program found in ATMs in Mexico has been improved and translated into English, which suggests it may be used elsewhere, according to security vendor Symantec.
(10/21/2013) Windows 8.1’s new device encryption treats your x86-based Windows tablet or laptop more like an ARM-based tablet or smartphone. Rather than requiring a user or system administrator to enable it, your device’s boot partition comes encrypted out of the box
(10/15/2013) A backdoor found in firmware used in several D-Link routers could allow an attacker to change a device's settings, a serious security problem that could be used for surveillance.
(10/15/2013) Beginning Jan. 8, Yahoo will enable encryption by default for users logging into its Web-based mail service, the company has told The Washington Post.
(10/14/2013) While much has been said of the A7 chip in the new iPhone 5S — arguably the “world’s first consumer ARM-based [system-on-a-chip]” — its associated new M7 coprocessor was surprisingly under-hyped, by both industry media and Apple
(10/14/2013) Just this past weekend, for instance, department store chain Nordstrom said it found a half-dozen of these skimmers affixed to registers at a store in Florida.
(10/14/2013) Adobe has released security updates for its popular Reader and Acrobat products for Windows users.
(10/4/2013) Adobe Systems Inc. is expected to announce today that hackers broke into its network and stole source code for an as-yet undetermined number of software titles, including its ColdFusion Web application platform, and possibly its Acrobat family of products
(10/4/2013) LinkedIn has closed the door on four cross-site scripting (XSS) vulnerabilities, which could have been used to ultimately steal credentials from users.
(10/1/2013) Have you noticed the Google URL in your browser's address bar now has an HTTPS in front? That is because the internet and technology services giant announced earlier this week that every search will now go over secure sockets layer (SSL), something its account members – those with Google accounts – have been benefiting from since 2011.
(9/30/2013) If you appear to pirate on an AT&T connection, your service may be terminated.
(9/30/2013) Oracle added a feature in Java that lets companies control what specific Java applets are allowed to run on their endpoint computers, which could help them better manage Java security risks.
(9/6/2013) Microsoft today said it will ship 14 security updates next week to patch critical vulnerabilities in Internet Explorer (IE), Windows, Office and SharePoint, its enterprise collaboration platform.
(8/30/2013) McAfee announced today that it has sponsored a report with IHL Group, a global research and advisory firm specializing in technologies for the retail and hospitality industries, to assess retailer security and the approaches used to safeguard retailer transactional systems.
(8/30/2013) Facebook received more than 25,000 requests from governments about its users during the first half of 2013, with nearly half of those requests coming from U.S. law enforcement and related agencies, the company said.
(8/30/2013) "Media is going down..." That's what the Syrian Electronic Army (SEA) tweeted Tuesday, as the pro-Assad hacker collective announced domains belonging to The New York Times, Huffington Post U.K., and Twitter were compromised.
(8/23/2013) The Food and Drug Administration (FDA) has issued new guidance on the radio frequencies of wireless medical devices, including recommendations for authentication and encryption measures to ensure the security of the device and the safety of the patient.
(8/23/2013) Google on Tuesday shipped Chrome 29, patching 25 vulnerabilities and rolling out under-the-hood changes the company said would offer more relevant suggestions when users typed in URLs or search strings.
(8/23/2013) The insurer for Midwestern supermarket chain Schnucks, whose systems were hacked last winter to steal 2.4 million credit card numbers, is claiming in court that the grocer's policy doesn't cover the cost of lawsuits arising from the breach.
(8/16/2013) Microsoft has issued security updates to fix at least 23 distinct vulnerabilities in its Windows operating systems and other software.
(8/16/2013) The Washington Post acknowledged today that a sophisticated phishing attack against its newsroom reporters led to the hacking of its Web site, which was seeded with code that redirected readers to the Web site of the Syrian Electronic Army hacker group.
(8/13/2013) Not long after the Windows-targeting banking trojan KINS hit the market, saboteurs have introduced new financial malware capable of infecting Linux users.
(8/8/2013) Researchers have unearthed another malicious app exploiting a critical vulnerability in Google's Android OS that allows attackers to inject malicious code into legitimate programs without invalidating their digital signature.
(7/31/2013) More than 1,200 apps published to the official Google Play app store in the past seven months have been designed by "one-click fraud" scammers. But a new variation on that scam now involves many more clicks than just one.
(7/31/2013) Gas pump skimmers are getting craftier. A new scam out of Oklahoma that netted thieves $400,000 before they were caught is a reminder of why it’s usually best to pay with credit versus debit cards when filling up the tank.
(7/31/2013) Three White House staffers have had their personal Gmail accounts breached in what appears to be a malicious operation directed at the team responsible for the Obama administration's social media outreach, according to individuals familiar with the incident.
(7/26/2013) The recent attack against Apple's Web site for developers has prompted a flood of phishing e-mails asking people to change their passwords.
(7/26/2013) Five men from Russia and Ukraine have been indicted in New Jersey for charges they conspired with each other in a worldwide hacking scheme targeting major corporate networks that compromised more than 160 credit card numbers, the U.S. Department of Justice announced.
(7/16/2013) A new version of a file-infecting malware program that's being distributed through drive-by download attacks is also capable of stealing FTP (File Transfer Protocol) credentials, according to security researchers from antivirus firm Trend Micro.
(7/16/2013) After being ordered to pay $100,000 to the state of Indiana after a major breach of customer data, an Indianapolis-based health insurer faces another costly payout – a $1.7 million settlement with the U.S. Department of Health and Human Services (HHS).
(7/10/2013) Patch Tuesday will feature seven security bulletins, including six with the highest severity rating of "critical."
(7/5/2013) About a month ago, Atlantic Media Chief Technology Officer Tom Cochran blasted out a faux phishing email to all 450 email addresses in the company directory. The results, he said, should be something of a wake-up call.
(6/25/2013) Google is trying to better protect the users of its Chrome Web Store from malicious browser apps and extensions. As is already the case in the Google Play Android apps store, content uploaded to the Chrome Web Store will now also be automatically scanned for malware.
(6/25/2013) NSA, FBI, DOJ officials tell Congress secret programs are vital to U.S. security; outline ways to keep sysadmins from leaking classified data
(6/21/2013) LinkedIn's domain name was temporarily redirected to a third-party server Thursday, which resulted in a service outage and potentially put user accounts at risk of compromise.
(6/21/2013) Federal authorities said today that, since June 2010, they have seized more than 1,700 domains that allegedly breached intellectual property rights.
(6/21/2013) The United States and Russia have signed a landmark agreement to reduce the risk of conflict in cyberspace through real-time communications about incidents of national security concern.
(6/18/2013) BlackBerry has released an advisory that describes a critical privilege/permissions vulnerability in BlackBerry 10 OS.
(6/11/2013) Researchers say they have discovered a sophisticated trojan that targets Android smartphones
(6/7/2013) It plans to patch 23 vulnerabilities, including 19 in a critical update for all versions of Internet Explorer
(6/7/2013) A botnet infrastructure believed responsible for stealing more than a half-billion dollars from individuals and organizations worldwide has been crippled, Microsoft announced Wednesday evening.
(6/3/2013) Months after a secret e-mail search controversy at Harvard College, Evelynn M. Hammonds announced on Tuesday that she will step down as dean on July 1, according to a statement posted online.
(6/3/2013) Drupal.org has reset account passwords after it found unauthorized access to information on its servers.
(5/29/2013) Google will update its certificate infrastructure and has, as a precaution, warned of potential problems.
(5/15/2013) Malicious browser extensions are trying to hijack Facebook profiles, according to a warning from Microsoft's Malware Protection Center.
(5/10/2013) 33 fixes will also include patches for the IE10 Pwn2Own vulnerabilities
(5/10/2013) A Denver-based domain name provider has suffered a breach where customers' personal data, including encrypted passwords and credit card information, was compromised.
(5/7/2013) At least 18 Alaskan students are accused of using a phishing scam to gain control over the computers at their middle school.
(4/30/2013) An update to the Google Play Store contains mostly minor tweaks except for one security fix: apps are no longer allowed to bypass the Play Store when updating.
(4/26/2013) Getting hacked on Twitter is fast becoming a rite of passage for big corporations, but Tuesday's attack on the Associated Press could be a tipping point and shows that social networks must do more to keep their users safe, security experts said.
(4/26/2013) Microsoft is now issuing a replacement patch for a fix that was shelved two weeks ago after customers reported problems resulting after they installed it.
(4/23/2013) Researchers have discovered a new family of malware that found its way into legitimate apps inside Google's official store thanks to a malicious advertising network.
(4/19/2013) Microsoft today announced that it is rolling out optional two-factor authentication to the 700 million or so Microsoft Account users, confirming last week's rumors.
(4/19/2013) Thirteen popular home and small office routers contain security problems that could allow a hacker to snoop or modify network traffic, according to new research.
(4/18/2013) Microsoft is urging users to who haven’t installed it yet to hold off on MS13-036, a security update that the company released earlier this week to fix a dangerous security bug in its Windows operating system.
(4/18/2013) The Schnucks supermarket chain struggled for two weeks to find the source of a breach after being alerted to a possible leak of credit card info by its card processing company. During that time, Schnucks apparently continued exposing the debit and credit card data of people who shopped at its stores.
(4/18/2013) Unidentified hackers are said to have have launched a large-scale attack against WordPress blogs and any hosts using weak passwords are urged to update them immediately.
(4/12/2013) System administrators and IT security pros can take bit of a breather: Microsoft issued a comparatively light set of patches for this edition of its monthly release of software vulnerability fixes.
(4/12/2013) A New Jersey hospital can now pursue a subpoena that would require an internet service provider (ISP) to hand over information potentially identifying at least one person accused of hacking into its email server.
(4/12/2013) A rash of breaches at companies that develop online videogames has resulted in digital certificates being stolen from the companies and used in attacks targeting other industries and political activists.
(4/12/2013) The United States' budget for the 2014 fiscal year will include increased spending on cybersecurity defenses.
(4/5/2013) Harvard University President Drew Faust has ordered a comprehensive review of the university's email privacy polices amid disclosures that a secret search of some deans' email accounts by administrators was broader than originally acknowledged.
(4/5/2013) This is an advance notification of security bulletins that Microsoft is intending to release on April 9, 2013.
(4/2/2013) A flaw in the widely used BIND DNS (Domain Name System) software can be exploited by remote attackers to crash DNS servers and affect the operation of other programs running on the same machines.
(3/29/2013) Security researchers have discovered what appears to be the first known sighting of in-the-wild Android malware that's been designed to conduct targeted attacks.
(3/26/2013) A former student of Cal State University in San Marcos, Calif., pleaded guilty to wire fraud, access device fraud and unauthorized use of a computer after being accused of stealing the identities and passwords of 745 students to rig campus elections.
(3/22/2013) A new Mac OS X Trojan is making the rounds, installing an adware plug-in that renders ads on Web pages to generate revenue for its author.
(3/22/2013) Several high-profile Xbox Live accounts for former and current Microsoft employees were compromised by attackers using social engineering techniques, the company said late Tuesday.
(3/12/2013) Apple has finally fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications.
(3/11/2013) Microsoft today announced it will deliver seven security updates next week, four of them rated "critical," to patch Internet Explorer (IE), Windows, Office, SharePoint Server and the Silverlight media software.
(3/11/2013) The Federal Trade Commission is cracking down on affiliate marketers that allegedly bombarded consumers with hundreds of millions of unwanted spam text messages in an effort to steer them towards deceptive websites falsely promising “free” gift cards.
(3/5/2013) Users of Apple's Safari browser will be blocked from using unpatched Adobe Flash software following a new security update.
(3/1/2013) A new cyber-espionage campaign dubbed MiniDuke used the recent Adobe Reader zero-day exploit
(3/1/2013) There is a silver lining to the rash of revelations about cyberintruders cracking into the networks of marquee U.S. corporations.
(2/27/2013) The website of the US television network NBC, NBC.com, has been hacked and the computers of visitors to it have been infected with malware.
(2/27/2013) The software giant said it was hit with a similar hack to that used against Facebook and Apple
(2/19/2013) Adobe on Saturday said it would release an emergency patch for two Reader zero-day vulnerabilities this week.
(2/19/2013) Facebook says it was recently hacked, though it says no data about its more than a billion users was compromised.
(2/19/2013) BlackBerry has published details of critical vulnerabilities in components of its BlackBerry Enterprise Server (BES). The holes allow attackers to execute arbitrary code on systems running BlackBerry Enterprise Server.
(2/19/2013) The Chinese military hacking group that has stolen huge amounts of data from U.S. organizations is one of some 20 active cyberspying groups engaging in comparable data theft and espionage.
(2/8/2013) Microsoft and Symantec worked with US and Spanish officials to take down the Bamital click-fraud botnet which has been operating since at least 2009 and was, at one point, made up of more than 1.8 million compromised systems.
(2/8/2013) There are millions of vulnerable Android phones in the hands of consumers today because wireless phone carriers and phone hardware makers refuse to transmit existing software security fixes to phones in a timely manner, according to a security researcher.
(2/4/2013) For the second time in a month, Apple has effectively blacklisted the current version of the Java Web plugin on OS X.
(2/4/2013) Cites security, stability reasons for move to turn on 'click-to-play' for all but the latest Flash
(1/28/2013) Some 57,000 patients seen at the Palo Alto, Calif.-based Lucile Packard Children's Hospital have been notified of a potential HIPAA-breach after an unencrypted company laptop containing patient medical information was stolen from a physician's car Jan. 9.
(1/28/2013) Printers that use popular print server software sold by Hewlett-Packard are vulnerable to attacks that can bypass built-in biometric defenses, recover previously printed documents and crash all vulnerable machines attached to a network.
(1/22/2013) Researchers have discovered two security holes in a popular mobile app used to track sports news and scores, leaving users vulnerable to having their data exposed.
(1/22/2013) The long-awaited HIPAA omnibus rule was posted by the Department of Health and Human Services (HHS) on the Federal Register public inspection desk yesterday.
(1/18/2013) Researchers have exploited critical vulnerabilities in two popular medical management platforms used in a host of services, including assisting surgeries and generating patient reports.
(1/18/2013) Seculert researchers identified a Java exploit and corresponding attack pages on Red October command and control servers
(1/18/2013) Less than 24 hours after Oracle patched a dangerous security hole in its Java software that was being used to seize control over Windows PCs, miscreants in the Underweb were already selling an exploit for a different and apparently still-unpatched zero-day vulnerability in Java, KrebsOnSecurity has learned.
(1/8/2013) A Hayden, Idaho-based hospice is the first health care organization to be fined for sustaining a breach that affected fewer than 500 individuals.
(1/4/2013) California and Illinois on Tuesday joined four others in becoming the union’s only states barring employers from demanding that employees fork over their social-media passwords.
(12/28/2012) Approximately 4,000 patients at the University of Michigan Health System (UMHS) have been notified this December that their personal health information has been compromised, UMHS officials announced.
(12/21/2012) FCC publishes 10-step plan for securing mobile devices and their data
(12/18/2012) Developer finds vulnerability in Exynos 4-powered devices, including the Galaxy S2 and Galaxy Note, that bypasses system permissions, letting data be extracted from RAM or malicious code be injected.
(12/12/2012) Identity theft is more rampant in health care than any other U.S. industry, according to the Ponemon Institute's third-annual report on patient privacy and data security.
(12/4/2012) The FBI is investigating a breach at Nationwide Insurance, where hackers recently accessed the sensitive information of about one million people, including policy and non-policy holders.
(12/4/2012) Antivirus vendors are warning customers of a spreading malware that can infect computers through a well-known bug in the Windows AutoRun software used to automatically launch programs on a DVD or USB device.
(12/3/2012) Google has updated the Stable, Beta and Developer Channels of the desktop version of its Chrome browser with a number of bug fixes and improvements.
(11/20/2012) Facebook has finally started using HTTPS by default, following a 2010 FTC demand and in the distant footsteps of Google, Twitter, and Hotmail.
(11/16/2012) Months after being notified of a vulnerability described as "child's play" to exploit, Skype has temporarily addressed the issue by disabling password resets.
(11/16/2012) Adobe pulls down the forum for its video conferencing service, Adobe Connect after a hacker breached its security and leaked information, including password hashes, on 150,000 users.
(11/13/2012) Microsoft is prepping six patches that will rectify 19 vulnerabilities in Windows, Internet Explorer, Office and the .NET Framework.
(11/13/2012) Many users are waiting a month or more to apply important security updates that can protect them from exploits and malware.
(11/6/2012) The social network corrects a flaw over the weekend that could potentially have put over a million accounts at risk of being accessed by unauthorized users.
(11/6/2012) Forcing secured connections protects the privacy and security of users and their data, Mozilla said
(11/2/2012) The Homeland Security Department has created a new fellowship program designed to attract recent college graduates into cybersecurity careers.
(10/29/2012) Payment terminals at 63 stores in eight states compromised; unknown number of customers affected
(10/25/2012) You can't go anywhere online without a password these days. You certainly can't play many games without one. The problem, though, is that most of us just aren't very password-creative. Hackers delight in posting usernames and passwords online when they raid a database. To prove the point -- and to help us all make better password decisions -- SplashData compiles an annual list of the most common (and therefore, the worst) passwords from those listings.
(10/12/2012) Confidential information of nearly 300,000 students, faculty, and employees is accessed in hack, education officials warn.
(10/12/2012) Mozilla re-released Firefox 16 today after pulling the browser from distribution Wednesday when one of its developers found a critical bug that could be used by attackers to hijack machines.
(10/10/2012) A malicious worm spreading through Skype instant messages threatens to take control of a victim's machine and hold its contents for ransom.
(10/10/2012) Adobe today issued a surprise update for Flash Player that patched 25 critical vulnerabilities in the ubiquitous media software.
(10/10/2012) Security researchers at RSA warned Thursday that a sophisticated plan is being hatched online to raid the bank accounts of customers at some 30 banks in the United States.
(10/8/2012) Google is issuing a warning similar to one it had sent in June to tens of thousands of Gmail users to inform them that their accounts may be targeted by hackers.
(10/8/2012) Single critical update will fix serious flaws in Office 2007, 2010 on Windows that hackers could use to hijack PCs
(10/8/2012) The agency puts a halt to six such tech support cons, part of a larger effort to stop phony tech support companies from scamming consumers.
(9/28/2012) Adobe takes action after finding malware signed with the Adobe certificates.
(9/26/2012) Microsoft has released an emergency update for Internet Explorer that fixes at least five vulnerabilities in the default Web browser on Windows, including a zero-day flaw that miscreants have been using to break into vulnerable systems.
(9/26/2012) Apple has released updates for versions 10.6 (Snow Leopard), 10.7 (Lion) and 10.8 (Mountain Lion) of its Mac OS X operating system that close a number of critical security holes.
(9/24/2012) Using this exploit attackers can take full control of a Galaxy S3 smartphone, researchers demonstrated
(9/18/2012) Google browser users should see support for privacy setting that turns off tracking cookies related to ads, by year's end.
(9/18/2012) HD Moore, maker of Metasploit, urges users to ditch IE7, IE8 and IE9 until Microsoft fixes critical flaw
(9/14/2012) The version of the Adobe Flash plugin that's bundled with Internet Explorer 10 in Windows 8 is out of date, leaving users susceptible to exploitation.
(9/14/2012) According to data released by Gartner, worldwide spending on security is expected to rise to $60 billion in 2012, up 8.4 percent from $55 billion in 2011.
(9/11/2012) Gang that attacked Google in 2009 has continued operating, stealing sensitive data via zero-day attacks and compromising target companies' business partners.
(9/11/2012) The White House is circulating a draft of an executive order aimed at protecting the country from cyberattacks, The Hill has learned.
(9/7/2012) As enterprises expand their roll-outs of mobile applications, the Federal Trade Commission wants them to be mindful of the privacy and security ramifications that go along with these advancements.
(9/4/2012) Three high-severity holes have been fixed in Google's latest stable channel update to the Chrome web browser.
(9/4/2012) Hackers created a malicious version of a legitimate Microsoft email announcement
(8/31/2012) A former programmer for Toyota has been accused of sabotaging applications on the car company’s network and stealing data after he was fired from his job last week, according to a civil complaint filed by the company.
(8/28/2012) Online file-backup and storage service Dropbox has begun offering a two-step authentication feature to help users beef up the security of their accounts.
(8/22/2012) European IP address authority RIPE NCC has reallocated two IP address blocks that were previously used by the DNSChanger malware. The FBI and the Internet Systems Consortium (ISC) had control over the addresses from last November through to mid-July of this year, in accordance with a US court order, as there was concern about a total blackout for private users' manipulated computers.
(8/20/2012) So what should you do to avoid being another one of these smart people to whom a bad thing could easily happen? You shouldn't allow yourself to be a lightning rod in the middle of the cloud.
(8/17/2012) A distributed denial-of-service attack aimed at AT&T's DNS (Domain Name System) servers has disrupted data traffic for some of the company's customers.
(8/15/2012) The U.S. Federal Trade Commission has approved a settlement with Facebook related to charges that the social networking leader deceived consumers regarding the privacy of their data.
(8/15/2012) As more patient records go digital, a recent hacker attack on a small medical practice shows the big risks involved with electronic files.
(8/14/2012) Training and education are key elements to securing users and data, because even the best technical solutions are incapable of protecting both in every situation.
(8/13/2012) Apple and Amazon have changed their policies about letting users update account information over the phone, after hackers successfully exploited flaws in both systems to gain access to a journalist's online accounts.
(8/13/2012) Google will pay a historic fine to settle U.S. government charges that it violated privacy laws when it tracked via cookies users of Apple's Safari browser.
(8/8/2012) Former Gizmodo reporter says device wipes and Twitter breaches occurred after an AppleCare technician fell victim to a bit of social engineering.
(8/8/2012) Reuters has suffered a second security breach in two days after hackers gained control of one of its Twitter accounts, the news agency revealed this morning.
(8/6/2012) The spam outbreak that last month flooded the inboxes of Dropbox customers has been traced back to a hacked employee account, company representatives said late Tuesday.
(8/1/2012) Crisis malware lets attackers install without an administrator password and intercept email, IM, and other communications.
(7/25/2012) Several major software companies, including Microsoft and Symantec, today kicked off what they called "International Technology Upgrade Week" in an attempt to persuade users to keep their code current.
(7/25/2012) Hackers are sending well-crafted malicious spam to customers of software vendor MapleSoft whose details were stolen in a recent data breach.
(7/20/2012) In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home.
(7/19/2012) NEW YORK (CNNMoney) -- Good news for your email inbox: You'll be seeing less spam in it now, thanks to a global takedown effort that knocked one of the world's biggest spammers offline this week.
(7/17/2012) Yahoo said Friday that it has fixed a security vulnerability that allowed hackers to seize roughly 450,000 unencrypted email addresses and passwords belonging to members of its content-sharing platform.
(7/13/2012) (CNN) -- Hackers posted online what they say is login information for more than 450,000 Yahoo users.
(7/13/2012) Google has published a new update to the stable 20.x branch of Chrome to close a number of security holes in the WebKit-based web browser.
(7/9/2012) This is an advance notification of security bulletins that Microsoft is intending to release on July 10, 2012.
(7/5/2012) In 10 days, there's a chance you will not be able to access the Internet on your personal computer. No email, no Facebook, no Google, no Twitter — nothing.
(6/29/2012) The Alaska Department of Health and Social Services (DHSS) will shell out $1.7 million to settle violations of the HIPAA Security Rule.
(6/29/2012) Hotel chain slammed for poor information security practices, leading to attackers obtaining 600,000 credit card numbers and committing millions of dollars in fraud.
(6/27/2012) One of the new features in the recent Firefox 13 release is raising security concerns from privacy-conscious users: when users open a new tab in version 13 of the open source web browser, they are presented a grid of the nine most visited pages, each with its own screenshot thumbnail.
(6/27/2012) Data Security Bill is fourth attempt to craft a national law to supersede legislation now on the books in more than 40 states. But it's weaker than some state laws.
(6/25/2012) An unpatched vulnerability in the Microsoft XML Core Services (MSXML) is being exploited in attacks launched from compromised websites to infect computers with malware, according to security researchers from antivirus vendor Sophos.
(6/25/2012) A malware campaign targeting AutoCAD drawings uncovered by security researchers at ESET could be a massive case of industrial espionage.
(6/19/2012) MacRumors reports that, according to the release notes of the developer preview version of iOS 6, the operating system will request explicit user permission when an application attempts to access contacts, calendars, reminders and photos.
(6/19/2012) According to a new report, some companies that have fallen victim to hacking attacks have gone as far as hiring security firms to hack back.
(6/15/2012) Microsoft Security Bulletin Summary for June 2012
(6/15/2012) Hackers might have stolen the personal information of individuals who applied for a merchant account with card payment processor Global Payments.
(6/12/2012) Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials.
(6/11/2012) With the July 9 Web apocalypse nearing for computer owners infected with the malicious DNSChanger malware, the social network reaches out to tell them how to clean their machines.
(6/1/2012) The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses.
(5/29/2012) Google has begun warning visitors to its search engine if they are infected with the DNSChanger malware, and providing them with a link to disinfection instructions.
(5/23/2012) Malware writers use Crossrider browser extension development framework to build Facebook worm.
(5/16/2012) Fraud experts are encouraged to see banks joining forces with law enforcement to fight cybercrime. But as online attackers become increasingly organized, financial institutions may find themselves fighting even tougher battles.
(5/11/2012) Twitter has attempted to assure its users after reports circulated of 55,000 accounts being hacked and login credentials publicly disclosed.
(5/11/2012) The FBI is warning individuals who travel abroad that cybercriminals are installing malware through bogus software updates when users connect to the internet in their hotel rooms.
(5/8/2012) Microsoft cuts Chinese firewall company Hangzhou DPTech Technologies from Microsoft Active Protections Program (MAPP) for its role in disclosure of Windows Remote Desktop (RDP) flaw.
(5/8/2012) Apple on Monday pushed out a security update for its mobile operating system, iOS, to patch four vulnerabilities.
(5/2/2012) Microsoft has issued a temporary fix for a scary and potentially disastrous Hotmail vulnerability that could allow hackers to erase your email password, set up their own and take over your account.
(5/2/2012) Virtualisation specialist VMware is warning customers about multiple security holes in versions 4.0 and 4.1 of its ESX enterprise-level computer virtualisation product.
(4/27/2012) The effort to clean up the DNSChanger malware attack is seeing renewed focus as the rogue DNS server shutdown deadline approaches on July 9.
(4/27/2012) In its latest Security Intelligence Report, Microsoft says weak passwords and unpatched systems conspire to let the three-year-old Conficker worm continue to propagate.
(4/25/2012) The developers of the popular open source blog engine WordPress have released a security update for the software.
(4/25/2012) Firefox 12, set to release Tuesday, sidesteps Windows' UAC
(4/20/2012) Netflix's chief executive has accused Comcast of abandoning net-neutrality rules by exempting one of its products from monthly caps on data usage.
(4/18/2012) In a set of recent updates to Mac OS X, Apple patched a vulnerability in Java that had allowed a malware infection known as Flashback to spread to some 700,000 of its computers. Now, a new backdoor Java threat called SabPub has reared its head, validating Apple's aggressive measures to block issues due to the plugin.
(4/16/2012) Scammers are out in force as the tax filing deadline approaches. Here are some of the most common scams to be on the lookout for.
(4/16/2012) Oracle is planning to release 88 patches on Tuesday, covering vulnerabilities affecting a wide array of its products, according to a pre-release announcement posted to its website on Thursday.
(4/16/2012) Apple battens down the security hatches by requiring users to create security questions and identify a backup e-mail address.
(4/10/2012) When the authorities send a subpoena to Facebook for your account information, what do they receive? Here is a document showing the pages and pages of data Facebook hands over.
(4/10/2012) Those cool mobile devices beloved by consumers carry deep-rooted security flaws that are only now being discovered and addressed.
(4/3/2012) Credit card processing company Global Payments has confirmed that a vulnerability within its system led to the theft of up to 1.5 million credit card records.