A-Z Index     help.missouri.edu    

IT Security News Archive

Microsoft launches free, 90-day trial of Windows 10

(7/31/2015) It's the Windows 10 Enterprise edition, but it gives you a chance to test-drive the new OS before deciding if you really want to upgrade from Windows 7 or 8.1. However, there are some key drawbacks.

OwnStar: Researcher hijacks remote access to OnStar

(7/31/2015) Hack of OnStar Remotelink lets attacker unlock, remote-start, and track cars.

WordPress gets a patch for critical XSS flaw

(7/24/2015) WordPress 4.2.3 fixes a cross-site scripting flaw that could be used to compromise websites

Vulnerability in OpenSSH allows for brute force attack

(7/24/2015) A vulnerability in OpenSSH could allow an attacker to make up to 10,000 password entries during the open source tools' “login grace time,” also known as a brute force attack.

Car Hacking Shifts Into High Gear

(7/24/2015) Researchers now have proven you can hack a car remotely, and at Black Hat USA will share most -- but not all -- of the details on how they did it.

CVS Investigates Credit Card Breach At Its Online Photo Service

(7/21/2015) CVS shut down its online photo center Friday and alerted customers who visited CVSphoto.com that the independent vendor managing online payments for the site may have suffered a credit card breach. CVS has not yet revealed how many customers were impacted by the breach.

PNI Digital Media investigates potential credit card 'issue' as more photo center websites go down

(7/21/2015) A third-party vendor is investigating a potential credit card incident that has prompted Rite Aid, Costco, Sam's Club and Tesco to follow CVS and Walmart Canada in taking their respective photo center websites offline.

Setting priorities with July's huge Patch Tuesday

(7/17/2015) The July 2015 Patch Tuesday is a surprisingly large update with patches to Internet Explorer, Office, SQL Server and several key Windows components

Google expanding security feature that prevents malware installs

(7/17/2015) Google's Safe Browsing feature can often be your "last line of defense" against unwanted software, like malware and browser toolbars.

It's time to kill Flash, says Facebook's new security chief

(7/14/2015) Facebook's new chief security officer wants the web plugin to be put out to pasture.

Apple releases OS X 10.10.4 and iOS 8.4, numerous bugs addressed

(7/8/2015) The Tuesday release of OS X Yosemite 10.10.4 and iOS 8.4 brought new features such as Apple Music, but it also came with fixes for numerous security vulnerabilities.

Charges pending in alleged Cardinals computer intrusion of Astros

(7/8/2015) Federal investigators have recommended charges be brought against at least one St. Louis Cardinals employee implicated in the probe of an alleged computer intrusion of databases belonging to the Houston Astros, officials briefed on the investigation said Friday.

Adobe Fixes Another Zero-Day Flaw in Its Flash Player

(6/26/2015) Adobe rushes an out-of-band patch for its Flash Player to fix a zero-day vulnerability that already was being exploited in the wild.

Florida telemarketer, under FTC watch, suffers data breach

(6/26/2015) A Florida-based computer tech support call center has suffered a data breach, with customer records being abused by fraudsters trying to get access to online bank accounts.

Online password locker LastPass hacked

(6/16/2015) The company revealed the breach in a blog post Monday after investigating "suspicious activity" discovered by its security team.

Stung, White House orders rapid cybersecurity fixes

(6/16/2015) The White House has ordered federal agencies to take immediate steps to make some basic cybersecurity fixes. The move follows a massive breach of government employee records.

LastPass Password Manager Software Security Notice

(6/16/2015) The LastPass security team detected and subsequently blocked suspicious activity on their network. While there is no indication of a breach in user vault data or user accounts illegitimately being accessed, LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised. LastPass is executing additional security measures to ensure that user data remains secure. They are requiring all users logging in from a new device or IP address first verify their account by email, unless multifactor authentication is enabled. LastPass will also be prompting users to update their master password.

Apple working on fix for bug that crashes iPhones with a text message

(5/29/2015) Apple will fix the bug that allows an attacker to crash an iPhone by sending a special string of characters in a text message.

Google beefs up user-identity safety net for apps

(5/29/2015) Maker of the Android mobile operating system helps developers build apps that let users easily, safely sign in.

Thieves stole data on 100,000 taxpayers via IRS app

(5/29/2015) Criminals stole sensitive information about roughly 100,000 taxpayers through the Internal Revenue Service's "Get Transcript" application, a major data breach at the U.S.'s national tax agency.

St. Louis Federal Reserve forces password change after DNS attack

(5/22/2015) A branch of the U.S.'s central bank is forcing a password reset after a cyberattack briefly redirected visitors to parts of its website to bogus Web pages.

Flawed Android factory reset leaves crypto and login keys ripe for picking

(5/22/2015) An estimated 630 million phones fail to purge contacts, e-mails, images, and more.

Google Reveals the Problem With Password Security Questions

(5/22/2015) Google analyzed hundreds of millions of password security questions and answers, revealing how startlingly easy it is for would-be hackers to get into someone else's account.

Dating site hackers expose details of millions of users

(5/22/2015) Personal information relating to almost four million users of a worldwide online dating website has been leaked by hackers, according to Channel 4 News.

Carefirst Blue Cross Breach Hits 1.1M

(5/22/2015) CareFirst BlueCross BlueShield on Wednesday said it had been hit with a data breach that compromised the personal information on approximately 1.1 million customers.

Cyber-security now the top concern for financial services

(5/19/2015) Cyber-security ranks as the number one concern for nearly half of financial institutions in the US, according to a recently published survey.

Insecure Consumer Routers Compromised to Form 'Self-Sustaining' Botnet

(5/18/2015) Security firm Incapsula has discovered thousands of small-business and home routers that have been taken over by attackers to create botnets for use in denial-of-service attacks.

Hackers exploit Starbucks auto-reload feature to steal from customers

(5/18/2015) It seems that attackers have taken advantage of the auto re-load function on the Starbucks app, which lets consumers quickly and easily load value into their accounts from a linked payment card or bank account once the balance dips below a certain threshold.

Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign

(5/12/2015) Charles Harvey Eccleston, 62, allegedly sent dozens of spear phishing emails in January 2015 to DOE employees' emails, the Department of Justice (DOJ) wrote in a press release. He faces four felony offenses, including three counts of crimes involving unauthorized access of computers and a wire fraud charge.

WordPress Fixes More XSS Flaws With Automatic Update

(5/8/2015) WordPress issues its third security update, version 4.2.2, in less than four weeks to fix cross-site scripting security vulnerabilities.

Superfish injects ads in 4% of Google page views

(5/8/2015) Over five percent of browser visits to Google owned websites, including Google Search, are altered by computer programs that inject ads into pages. One called Superfish is responsible for a majority of those ad injections.

Healthcare Data Breaches From Cyberattacks, Criminals Eclipse Employee Error For The First Time

(5/8/2015) Cybercriminals and nation-state actors are indeed targeting healthcare organizations for their valuable data: cyberattacks and physical criminal activity now have officially surpassed insider negligence as the main cause of a data breach in healthcare organizations.

Google Chrome Extension Warns Against Password Reuse

(5/1/2015) Google launched a new extension for its Chrome browser that is designed to discourage people from using the same password to log in to multiple online accounts.

What third-party app crashed American Airlines pilots' iPads and caused flight delays?

(5/1/2015) Dozens of American Airlines flights were delayed on Tuesday after “a faulty iPad navigation app” caused the tablets to crash. Despite Boeing 737 pilots’ claims of all 737’s being grounded and a system-wide outage, American Airlines spokesperson Casey Norton said, “Initial reports on social media of a system-wide problem affecting a specific type of aircraft are inaccurate.” Instead, “several dozen” flights were affected by the outage.

FBI investigating Rutgers University in DDoS attack

(5/1/2015) The FBI is working with Rutgers University to identify the source of a series of distributed denial-of-service (DDoS) attacks that have plagued the school this week.

FBI warns FAA to watch for suspicious hacking activity on flights

(4/24/2015) The FBI issued an alert to the Federal Aviation Administration (FAA) earlier this week to warn about hackers who might try to access airplane network ports, according to Wired.

Accidental breach left HSBC customer data exposed for three months

(4/21/2015) The mortgage account information of an undisclosed number of HSBC Finance Corporation customers was accidentally exposed late in 2014 and remained exposed until discovery on 27 March, 2015, the firm admitted this week.

Jokers, hackers, and airline safety

(4/21/2015) A security researcher joked about hacking a plane and was picked up by the FBI. They didn't think it was one bit funny.

FBI warns of WordPress defacements as new plugin vulnerability is found

(4/10/2015) The FBI issued a public service announcement (PSA) on Tuesday, warning that individuals sympathetic to the Islamic State in the Levant (ISIL), or Islamic State of Iraq and al-Shams (ISIS), are defacing WordPress websites by exploiting vulnerabilities in plugins.

Apple Patches Critical Backdoor Flaw in OS X 10.10.3

(4/10/2015) In addition to a number of updates in OS X 10.10.3, Apple is fixing vulnerabilities across its OS X operating system.

FCC fines AT&T $25M for call center breaches

(4/10/2015) The Federal Communications Commission asserted its information privacy authority Wednesday by reaching a settlement with AT&T—over data breaches at a trio of call centers—that includes a $25 million fine.

Gmail back up and running after weekend of glitches

(4/7/2015) A "majority" of users were affected by a fault, which began after Google failed to update the security certificate on a server used to establish a secure connection

3 Of 4 Global 2000 Companies Still Vulnerable To Heartbleed

(4/7/2015) One year after the public disclosure of Heartbleed, 74 percent of Global 2000 organizations with public-facing systems are still vulnerable to the OpenSSL vulnerability, according to a new report by Venafi.

How cyberattacks can be overlooked in America's most critical sectors

(3/31/2015) Across some of the most crucial sectors of the American economy, there's a lack of consensus of what exactly should be considered a 'cyberincident' – and whether technical mishaps, even without malicious intent, should count. That's a problem.

Army instructs troops to take precautions online: report

(3/31/2015) The Army has issued a global security alert to U.S. soldiers instructing them on how to guard their social media presence to avoid threats from groups like the Islamic State in Iraq and Syria, according to a Saturday report.

Why 'Malvertising' Has Become a Pervasive Security Risk

(3/25/2015) Analysts have estimated that in 2012, nearly 10 billion ad impressions were compromised by malvertising. Who knows how high that number is today?

Windows 10 Eliminates Passwords

(3/23/2015) Microsoft is bringing more personalization and security features to Windows 10, including biometric authentication to unlock a device.

Health Insurance Provider Premera Discloses Data Breach

(3/23/2015) 2015 has become the year of the health care data breach. A newly disclosed breach at Premera is reported to have affected up to 11 million people.

OpenSSL fixes serious denial-of-service bug, 11 other flaws

(3/23/2015) The mystery high-severity flaw that people were expected to be fixed in OpenSSL is no Heartbleed, but it is serious and users should update.

What can you do with $200!?

(3/23/2015) You can rent 133 movies from the Red Box. Download 155 songs from iTunes. Go to the local theater 29 times. The point here? Entertainment isn’t free…and neither are DMCA violations!

Yahoo wants to let you forget your Yahoo password

(3/18/2015) The Internet giant launches a service that sends a short password to your phone. Think two-factor authentication, without the first factor

Firefox 37 Feature to Improve SSL/TLS Certificate Security

(3/10/2015) Mozilla will include a new SSL (Secure Sockets Layer)/TLS (Transport Layer Security) certificate checking mechanism in the upcoming Firefox 37 browser release, which is scheduled to become generally available on March 31.

Uber admits database breach putting driver data at risk

(3/4/2015) Uber said it is notifying impacted drivers now, but it hasn't seen the compromised data actually misused yet.

Mozilla scrubs Superfish certificate from Firefox

(3/4/2015) Mozilla has released an update to Firefox that erases the self-signed digital certificate implanted by Superfish, the vulnerable adware that blew up in Lenovo's face a week and a half ago.

Natural Grocers Investigating Card Breach

(3/4/2015) Sources in the financial industry tell KrebsOnSecurity they have traced a pattern of fraud on customer credit and debit cards suggesting that hackers have tapped into cash registers at Natural Grocers locations across the country.

Over 1 million WordPress websites at risk from SQL injection

(3/2/2015) Over one million websites running the WordPress content management system are potentially at risk of being hijacked due to a critical vulnerability exposed in the WP-Slimstat plugin.

State breakdowns: Anthem breach by the numbers

(3/2/2015) While a whopping 78.8 million consumers may have had personal information viewed by “hackers who had accessed our database,” an Anthem spokesperson confirmed in a statement emailed to SCMagazine.com on Thursday, about 60 to 70 million individuals are current or former Anthem members.

Information disclosure flaw exposes Netgear wireless routers to attcks

(2/18/2015) A vulnerability allows attackers to extract admin passwords and wireless network keys

Smartphone thefts decline following introduction of "kill switch"

(2/13/2015) From January 2013 to December 2014, cell phone robberies dropped 16 percent in New York and 27 percent in San Francisco, officials said in a Wednesday release on the website of New York State Attorney General Eric Schneiderman. In London, the monthly average of mobile phone thefts has been cut in half since September 2013.

Apple beefs up log-in security for iMessage, FaceTime

(2/13/2015) The communications services get two-step verification, aimed at preventing unauthorized access to accounts, even if the username and password are entered.

Three critical patches for Microsoft and six updates that may need some attention

(2/13/2015) For this Microsoft Patch Tuesday, we have three updates rated as critical by Microsoft and six updates rated as important.

TurboTax back to full speed after fraud concerns

(2/11/2015) Software maker Intuit had shut down the filing of state income tax returns via TurboTax due to worries over "suspicious" filings. But the company says there was no breach and filings have resumed.

Samsung's warning: Our Smart TVs record your living room chatter

(2/11/2015) Technically Incorrect: Samsung's small print says that its Smart TV's voice recognition system will not only capture your private conversations, but also pass them onto third parties.

Community debates encryption's value in Anthem incident

(2/11/2015) Anthem's breach has ignited a debate on the insurer's data security safeguards, with many experts arguing that, in this incident, encryption may not have minimized the attack damage like some suspect.

Exclusive: Mandiant speaks on Anthem attack, custom backdoors used

(2/6/2015) Published 4:25 p.m. ET - Mandiant, the incident response firm tapped by Anthem Inc. in the wake of its massive breach, says that the “sophisticated” cyber attack against the health care company involved the use of custom backdoors, one indication that an “advanced attack” did indeed take place against the company.

Ghost flaw in Linux can be exploited through WordPress, other PHP apps

(2/3/2015) A critical vulnerability in glibc, a core Linux library, can be exploited remotely through WordPress and likely other PHP applications to compromise Web servers.

Obama asks for $14 billion to step up cybersecurity

(2/3/2015) The president urges Congress to pass legislation that would strengthen the country's hacking detection system and counterintelligence capabilities.

Researchers observe new Flash Player zero-day bug being exploited

(2/3/2015) Adobe issued two separate fixes at the end of January to address two separate zero-day vulnerabilities identified in Flash Player – now Adobe is warning users of another Flash Player zero-day bug that the company says is reportedly being exploited in the wild.

GHOST: Most Linux servers have a horrible, horrible vulnerability (in glibc)

(1/30/2015) A fault in a widely used component of most Linux distributions could allow an attacker to take remote control of a system after merely sending a malicious email.

Adobe Fixes Second Flash Flaw Exploited By Angler

(1/27/2015) Adobe this weekend released its second emergency zero-day patch for Flash in a single week: this one in fulfillment of a promise to address another vulnerability recently discovered to have been exploited in the wild by the Angler malware kit.

Insecure dongle reportedly puts more than two million U.S. vehicles at risk

(1/23/2015) Digital Bond Labs security researcher Corey Thuen has found a way to unlock car doors, start a car, and gather engine information via a dongle known as "Snapshot" – a device used by Progressive Insurance to track driving habits for risk assessment and premium adjustment, according to Forbes.

WordPress Disconnects Unpatched Sites

(1/23/2015) In a continuing effort to secure hundreds of millions of users, WordPress.com is disconnecting self-hosted sites that haven't updated the Jetpack add-on.

New York Post Twitter account hacked, UPI's compromised, too

(1/21/2015) The Twitter account of the New York Post was hacked, and UPI's was also apparently hit, the latest in a string of attacks that have hit the social media channels of high-profile organizations.

Google nixes widespread malvertising attack

(1/16/2015) Google has stopped a widespread malicious advertising attack that bounced Web surfers to dodgy sites hawking weight loss and skin care products.

Phishing scam uses LinkedIn 'security update' to steal credentials

(1/16/2015) A wave of emails, supposedly sent by LinkedIn Support, have been linked to scammers who are attempting to steal credentials from members of the networking service.


(1/9/2015) The OpenSSL Project released OpenSSL 1.0.1k, OpenSSL 1.0.0p, and OpenSSL 0.9.8zd on Thursday – addressing eight vulnerabilities altogether, two of which could lead to denial-of-service (DoS) attacks and are deemed moderate in severity.

Morgan Stanley Fires Worker Accused of Stealing Client Data

(1/6/2015) Morgan Stanley (MS) fired an employee it said stole data, including account numbers, for as many as 350,000 wealth-management clients and posted some of the information online.

Apple patches iCloud vulnerability exploited by iDict hacking tool

(1/6/2015) A vulnerability in Apple's iCloud service that was recently exploited by the iDict hacking tool released by a hacker known as Pr0x13 on New Year's Day has been patched, according to posts on Twitter from Pr0x13.

Chick-fil-A Investigating Possible Data Breach

(1/6/2015) Fast food restaurant chain Chick-fil-A says it's working with law enforcement, the payment industry, and security firms to determine whether reports of suspicious activity with payment cards used at some of its restaurants were due to a data breach.

WordPress Makes Fix to End All Manual Updates

(12/30/2014) ISC was hacked by way of a WordPress flaw, but there is now an automatic way to secure WordPress sites and (eventually) eliminate the risk of nonpatched systems.

Staples says hack may have compromised 1 million-plus payment cards

(12/23/2014) The data breach at the Staples office-supply chain may have affected roughly 1.16 million payment cards as criminals deployed malware to point-of-sale systems at 115 stores, the company said Friday.

Sony hack was 'cyber vandalism,' not act of war, says Obama

(12/23/2014) The hack of Sony Pictures, which the FBI blamed on North Korea, was not an act of war, President Obama said in an interview broadcast on Sunday.

ICANN data compromised in spearphishing attack

(12/19/2014) Staff email credentials and some user data, including email and postal addresses, were taken

Vulnerability in embedded Web server exposes millions of routers to hacking

(12/19/2014) Attackers can take control of millions of routers by sending a specially crafted request to RomPager, an embedded Web server running on them

NY bank regulator's cybersecurity plan has strong authentication, identity

(12/19/2014) State taking specific steps to protect $2.9 trillion in assets across 1,900 financial institutions

As leaks continue, Sony's legal team tells media to destroy 'stolen info'

(12/17/2014) As Sony Pictures fights an uphill battle, working to minimize the post-breach damage while leaks continue to surface, the company's legal team has delivered a stern message to media covering the developments.

Google blacklists 11,000 WordPress sites amid malware campaign

(12/17/2014) Google has blacklisted over 11,000 domains after a malware campaign, dubbed SoakSoak, compromised more than 100,000 websites using the WordPress content management system.

Sony fights spread of stolen data by using “bad seed” attack on torrents

(12/12/2014) Investigation into hack continues while Sony tries to minimize the damage

Patch Tuesday updates aim for Exchange and Explorer flaws

(12/12/2014) Overall, Microsoft has issued seven security bulletins for December, including three that are critical, covering security vulnerabilities found in Windows (both the server and desktop editions), Office, Exchange Server, SharePoint Server and Internet Explorer.

Adobe Pushes Critical Flash Patch

(12/2/2014) For the second time this month, Adobe has issued a security update for its Flash Player software. New versions are available for Windows, Mac and Linux versions of Flash.

Unreleased Sony movies leaked to file-sharing sites after hack

(12/2/2014) Four unreleased movies were leaked just days after the studio was forced to shut down its network in response to a security breach.

WhatsApp begins rolling out end-to-end encryption

(11/24/2014) WhatsApp announced on Tuesday that its most recent Android update comes with built-in encryption protocol, and in the coming months, all the messaging app's users will have end-to-end encryption enabled.

Internet scammer adopts face of Army officer from Pasco

(11/24/2014) Norma Jean Culpeper of Mullins, South Carolina, says the man who scammed her out of $1,200 by claiming to be an Army officer stationed in Afghanistan was able to do so, in part, because of the picture he emailed her.

Microsoft report explores dangers of running expired security software

(11/18/2014) Operating a computer with an expired security product is practically as unsafe as operating a system without security software at all – that is one of the key takeaways from the Microsoft Security Intelligence Report 17, which was released on Tuesday.

Flash and AIR updates available after Adobe addresses 18 vulnerabilities

(11/14/2014) Windows, Macintosh and Linux users all should now update to the latest version of Adobe Flash player and Adobe AIR as the company has recently addressed 18 vulnerabilities in the software.

November Patch Tuesday: A massive update with a few misses

(11/14/2014) This is a massive update for Microsoft Patch Tuesday with 16 patches released for November 2014.

U.S. Postal Service suffers breach of employee, customer data

(11/11/2014) A U.S. Postal Service data breach has potentially compromised the personal information of 800,000 employees, as well as some customers who contacted the government service.

Traveling business executives targeted through luxury hotel Wi-Fi

(11/11/2014) Traveling on business? Beware — elite cybercriminals may be after your data

Researchers observe a new phishing technique

(11/10/2014) An effective new phishing technique identified by researchers with Trend Micro allows attackers to go after information without having to spend as much time developing copies of websites.

Thieves Cash Out Rewards, Points Accounts

(11/4/2014) A number of readers have complained recently about having their Hilton Honors loyalty accounts emptied by cybercrooks. This type of fraud often catches consumers off-guard, but the truth is that the recent spike in fraud against Hilton Honors members is part of a larger trend that’s been worsening for years as more companies offer rewards programs.

Google Takes New Steps to Block POODLE Flaw

(11/4/2014) Google plans to disable support for SSL 3.0 in an upcoming Chrome release. Mozilla has similar intentions.

Hackers breach some White House computers

(10/31/2014) Hackers thought to be working for the Russian government breached the unclassified White House computer networks in recent weeks, sources said, resulting in temporary disruptions to some services while cybersecurity teams worked to contain the intrusion.

Operators disable firewall features to increase network performance, survey finds

(10/31/2014) In a recent survey of 504 IT professionals, McAfee found that 60 percent prioritize security as the primary driver of network design – something the company did not find too surprising considering recent high-profile breaches.

Cyberespionage group goes phishing for Outlook Web App users

(10/29/2014) A cyberespionage group has been using advanced spear-phishing techniques to steal email log-in credentials from the employees of military agencies, embassies, defense contractors and international media outlets that use Office 365's Outlook Web App.

Facebook, Yahoo prevent use of recycled email addresses to hijack accounts

(10/24/2014) A new mechanism helps email servers determine if a message was intended for a recycled account's previous owner

Worm variant of Android ransomware, Koler, spreads via SMS

(10/24/2014) In May, researchers observed Android ransomware identified as Koler.A locking up the screens of victims around the world who visited certain pornographic websites – now, mobile security company AdaptiveMobile has discovered a worm variant that is spreading through SMS.

Google Accounts Now Support Security Keys

(10/24/2014) People who use Gmail and other Google services now have an extra layer of security available when logging into Google accounts.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

(10/22/2014) An email with the subject “important” tells recipients that they must sign into Dropbox in order to view a document too big to be sent via regular email, but clicking on the link included in the message brings people to a fake Dropbox login page that is actually hosted on Dropbox.

China Accused Of Attacking Apple iCloud

(10/22/2014) Media freedom group GreatFire.org claims Apple's iCloud is being subject to a man-in-the-middle attack by China's censorship apparatus.

Banks: Credit Card Breach at Staples Stores

(10/22/2014) Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. Staples says it is investigating “a potential issue” and has contacted law enforcement.

Microsoft, Adobe Push Critical Security Fixes

(10/17/2014) Adobe, Microsoft and Oracle each released updates today to plug critical security holes in their products.

New 'POODLE' Bug Takes Bite Out of SSL 3.0 Web Encryption Protocol

(10/17/2014) Google on Tuesday revealed yet another Internet-wide security vulnerability with a cute name but potentially disastrous effects. POODLE (Padding Oracle On Downgraded Legacy Encryption) allows attackers to break the security of SSL 3.0, a protocol for secure Web communications that is 14 years old but still used as a last-ditch connection method with legacy devices or when others don't seem to work

Shellshock used to amass botnet and execute phishing campaign

(10/17/2014) Unknown attackers harnessed the Shellshock vulnerability, or "Bash bug," to amass a botnet of 360 bots and launch a phishing campaign on Spanish-speaking Citibank customers.

New mobile trojan masquerading as Tic-tac-toe game targets Android devices

(10/15/2014) A Tic-tac-toe game is actually a new mobile trojan – detected as Trojan-Spy,AndroidOS.Gomal.a, or Gomal – targeting Android devices.

Oracle's 155 bug fixes add to mega Patch Tuesday

(10/15/2014) Oracle has a large number of fixes lined up for Tuesday, including 25 for Java SE, while Microsoft and Adobe have patches due then too.

Dairy Queen confirms breach, Backoff malware intrusion at 395 U.S. stores

(10/15/2014) A data breach at International Dairy Queen, Inc. has resulted in systems at 395 of its more than 4,500 U.S. stores and one Orange Julius location being infected with the same Backoff malware that has plagued other retailers nationwide and exposed customer payment information.

Group infects more than 500K systems, targets banking credentials in U.S.

(10/10/2014) Researchers with security company Proofpoint have identified a Russian-speaking cybercrime group that has infected more than 500,000 systems and is targeting online credentials for major banks in the U.S and Europe.

ATM malware 'Tyupkin' found on over 50 machines in Europe, spreads to U.S.

(10/10/2014) New malware, called “Tyupkin,” has been used by criminals to withdraw millions in cash from ATM machines running 32-bit Windows platforms – and researchers warn that the threat has continued to evolve in recent months.

Microsoft slates critical Windows, IE fixes for next week

(10/10/2014) Microsoft today said it will release nine security updates next week, twice the number of last month, with fixes slated for Internet Explorer (IE), Windows, SharePoint Server and Web app developer tools.

AT&T suffers another insider breach

(10/8/2014) US telecom AT&T has lately been having problems with malicious insiders, and the latest incident has resulted in the compromise of account and personal information of a yet unknown number of customers.

JPMorgan Chase attackers hit other banks

(10/8/2014) A wave of high-profile cyberattacks this year on U.S. companies underscores the need for better security practices

Researchers release BadUSB code at Derbycon

(10/3/2014) Researchers have published BadUSB code two months after Karsten Nohl from SR Labs demonstrated at the Black Hat conference in Las Vegas how to use the virtually undetectable malware to infect nearly any USB device.

JPMorgan Chase Says 76 Million Households Affected by Data Breach

(10/3/2014) Financial giant JPMorgan Chase disclosed to the SEC on Thursday that a security breach this summer' affects some 76 million households and 7 million small businesses, but involves only non-critical information such as phone numbers and email addresses.

Shellshock: Better 'bash' patches now available

(10/1/2014) Summary: The patches are ready. Now it's up to you to put them into place as quickly as possible.

'Vast majority' of Mac users safe from Shellshock Bash bug, Apple says

(10/1/2014) Apple says users of its OS X operating system are "safe by default" from the new security vulnerability, which has been described as bigger than Heartbleed.

Safe from Shellshock: How to protect your home computer from the Bash shell bug

(9/29/2014) But really, the impact on you at home should be minimal, especially if you take some basic precautions. Windows systems aren’t vulnerable whatsoever—though your router may very well be—unless you’re running a program like Cygwin.

‘Shellshock’ Bug Spells Trouble for Web Security

(9/29/2014) Experts say the flaw, dubbed “Shellshock,” is so intertwined with the modern Internet that it could prove challenging to fix, and in the short run is likely to put millions of networks and countless consumer records at risk of compromise.

Google stops malicious advertising campaign that could have reached millions

(9/23/2014) Google shut down malicious Web attacks coming from a compromised advertising network on Friday. The move follows a security firm's analysis that found the ad platform, Zedo, serving up advertisements that attempted to infect the computers of visitors to major websites.

IT security shifts from prevention to resiliency

(9/23/2014) The discussion on cybersecurity has shifted as CIOs and CTOs come to the realization that no system is immune to attacks and breaches. The conversation is now about “cyber resiliency.”

Malicious ads distributed 'on a large scale' by Zedo, Google's DoubleClick ad networks

(9/22/2014) Two online advertising networks, Google’s DoubleClick and Zedo, have been delivering malicious advertisements that could install malware on a person’s computer, according to the security vendor Malwarebytes.

In Home Depot Breach, Investigation Focuses on Self-Checkout Lanes

(9/22/2014) The malicious software that unknown thieves used to steal credit and debit card numbers in the data breach at Home Depot this year was installed mainly on payment systems in the self-checkout lanes at retail stores, according to sources close to the investigation. The finding could mean thieves stole far fewer cards during the almost five-month breach than they might have otherwise.

Despite Apple’s Privacy Pledge, Cops Can Still Pull Data Off a Locked iPhone

(9/22/2014) A reminder to iPhone owners cheering Apple’s latest privacy win: Just because Apple will no longer help police to turn your smartphone inside out doesn’t mean it can prevent the cops from vivisecting the device on their own.

eBay addresses XSS issue affecting auction page visitors

(9/22/2014) A BBC report has revealed that an auction page on eBay.co.uk left visitors vulnerable to cross-site scripting (XSS) attacks. In an aim to take advantage of the security issue, scammers placed malicious Javascript code in the product listing page, so that users would be redirected to a phishing site, BBC said.

How Boston Children's Hospital hit back at Anonymous

(9/16/2014) Hackers purportedly representing Anonymous hit Boston Children's Hospital with phishing and DDoS attacks this spring. The hospital fought back with vigilance, internal transparency and some old-fashioned sneakernet. That – and a little bit of luck – kept patient data safe.

Comcast's open Wi-Fi hotspots inject ads into your browser

(9/15/2014) Comcast is giving users a very good reason to demand an HTTPS connection on every site they visit. The Internet service provider has started injecting ads for its services on websites where you wouldn't normally see them when you're using an Xfinity public Wi-Fi hotspot.

Google says Gmail credential dump not result of company breach

(9/15/2014) After Gmail usernames and passwords for nearly five million accounts were leaked online, Google quickly moved to calm user concerns and confirmed that the majority of the credentials wouldn't be very useful to those aiming to hijack accounts with the information.

Celeb Hack: Is Apple Telling All It Knows?

(9/5/2014) Did Apple have a system-wide data breach? No. Was it complicit through an appalling security lapse by not defending against brute force attacks? You're darn tootin'!

Goodwill announces breach, more than 800K payment cards compromised

(9/5/2014) In a letter to customers dated Tuesday, Jim Gibbons, president and CEO of Goodwill Industries International (GII), announced that payment card data was accessed following a malware attack on a third-party vendor used in about 10 percent of stores.

Banks: Credit Card Breach at Home Depot

(9/5/2014) Multiple banks say they are seeing evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards that went on sale this morning in the cybercrime underground.

Mozilla Improving Security Processes After Exposing Developer Data

(9/3/2014) Users of the Mozilla Developer Network and Bugzilla testing system are advised to update their passwords after a pair of data disclosures were reported in August.

Apple patches 'Find My iPhone' exploit

(9/3/2014) Summary: Apple has patched an exploit with its Find My iPhone online service that may have been used by hackers to gain access to personal photos stored on iCloud accounts belonging to some 100 celebrities.

JPMorgan hackers altered, deleted bank records, says report

(9/2/2014) Investigation into attack on JPMorgan Chase may have expanded to seven of the world's top banks, amid a report that hackers altered records.

UPS announces breach impacting 51 U.S. locations

(8/22/2014) More than 50 of The UPS Store's U.S. locations were found to have malware on their computer systems, and in some cases, it's been present since mid-January.

Microsoft urges customers to uninstall 'Blue Screen of Death' update

(8/19/2014) Microsoft on Friday quietly recommended that customers uninstall one of last week's security updates after users reported that it crippled their computers with the infamous "Blue Screen of Death" (BSOD).

Community Health Systems Breach Atypical For Chinese Hackers

(8/19/2014) Publicly traded healthcare organization's stock goes up as breach notifications go out.

5 things ID thieves want you to do

(8/19/2014) Escaping identity thieves is hard enough. Don't make it any easier on them.

On Patch Tuesday, Microsoft releases nine patches for 37 bugs

(8/15/2014) On Patch Tuesday, Microsoft shipped nine fixes for 37 bugs in its software, bringing a cumulative update for Internet Explorer and addressing security issues in Windows, Office, SharePoint Server, SQL Server software, and the .NET Framework.

Users told to patch critical flaw in Adobe Reader and Acrobat

(8/15/2014) Adobe Systems has released security patches for its Flash Player, Reader and Acrobat products, addressing a total of eight vulnerabilities, including one that is being exploited by attackers.

New Site Recovers Files Locked by Cryptolocker Ransomware

(8/12/2014) Until today, Microsoft Windows users who’ve been unfortunate enough to have the personal files on their computer encrypted and held for ransom by a nasty strain of malware called CryptoLocker have been faced with a tough choice: Pay cybercrooks a ransom of a few hundred to several thousand dollars to unlock the files, or kiss those files goodbye forever. That changed this morning, when two security firms teamed up to launch a free new online service that can help victims unlock and recover files scrambled by the malware.

IE plays security catch-up, will block outdated Java plug-ins

(8/12/2014) An update to IE 8 through IE 11 next week will introduce a new warning when users try to run an outmoded Java ActiveX control

Critical WordPress plugin bug affects hundreds of thousands of sites

(8/12/2014) Hundreds of thousands of websites running a popular WordPress plugin are at risk of hacks that give attackers full administrative control, a security firm warned Thursday.

Sandwich Chain Jimmy John’s Investigating Breach Claims

(8/6/2014) Sources at a growing number of financial institutions in the United States say they are tracking a pattern of fraud that indicates nationwide sandwich chain Jimmy John’s may be the latest retailer dealing with a breach involving customer credit card data. The company says it is working with authorities on an investigation.

P.F. Chang's Names 33 Restaurants Hit by Security Breach

(8/6/2014) P.F. Chang's named on Monday 33 specific restaurants where customer data might have been compromised after news last month that thousands of credit and debit cards might have been hacked at the chain.

Critical code execution bug in Samba gives attackers superuser powers

(8/6/2014) A critical vulnerability in all recent versions of Samba could put users on the receiving end of attacks that allow hackers on the same local network to run programs with nearly unfettered administrative privileges.

"Poweliks" downloads additional malware, abuses PowerShell

(8/6/2014) According to researchers at Trend Micro, a threat dubbed “TROJ.POWELIKS.A.” can open users to additional malware downloads and steal system data, like universally unique identifiers (UUIDs), to deliver the information to attackers.

Vulnerability impacting multiple versions of Android could enable device takeover

(7/30/2014) All mobile devices running Android version 2.1 to 4.3 contain a vulnerability – dubbed “Fake ID” – that enables the identity of trusted applications to be copied; consequently opening the doors to a whole list of malicious things, including, in some cases, taking control over the device.

Mass exploit of WordPress plugin backdoors sites running Joomla, Magento, too

(7/28/2014) As many as 50,000 websites have been remotely commandeered by attackers exploiting a recently patched vulnerability in a popular plugin for the WordPress content management system, security researchers said Wednesday.

Report: Old bugs in Microsoft XML still haunt users, program 'most exposed'

(7/22/2014) A quarterly report revealing the “most exposed” programs on users' systems, found that old vulnerabilities in Microsoft XML Core Services continued to plague users.

Aloha point-of-sale terminal, sold on eBay, yields security surprises

(7/22/2014) HP researcher's findings highlight ongoing problems with POS software and hardware

Critical industrial control systems remain vulnerable to Heartbleed exploits

(7/22/2014) More than three months after the disclosure of the catastrophic Heartbleed vulnerability in the OpenSSL library, critical industrial control systems sold by Siemens remain susceptible to hijacking or crashes that can be triggered by the bug, federal officials have warned.

Avoid tech support phone scams

(7/21/2014) Cybercriminals don't just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft.

Beware Keyloggers at Hotel Business Centers

(7/16/2014) The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests.

Study: Security not prioritized in critical infrastructure, though most admit compromise

(7/16/2014) In a study, most IT execs at critical infrastructure companies revealed that their organization was compromised in the last year, but only 28 percent of them said that security was a top priority across their enterprise.

Facebook disrupts cryptocurrency-mining botnet Lecpetex

(7/11/2014) Facebook has teamed with law enforcement to disrupt malicious operations linked to "Lecpetex," a cryptocurrency-mining botnet composed of up to 250,000 infected computers worldwide.

Emergency Windows update revokes dozens of bogus Google, Yahoo SSL certificates

(7/11/2014) Microsoft has issued an emergency update for most supported versions of Windows to prevent attacks that abuse recently issued digital certificates impersonating Google and Yahoo.

FireEye Uncovers Android Remote Access Malware

(7/3/2014) A new remote access tool has emerged for the Android platform, combining three of the most popular utilities performed by malware on Google’s mobile operating system: data leakage, banking credential theft, and – of course – remote access.

Phishing websites up 10 percent in Q1 2014, the U.S. still hosts the majority

(7/2/2014) The United States continued to host the majority of phishing websites in the first quarter of 2014, but did not even crack the top 36 when it came to global computer infection rates, according to research from the Anti-Phishing Working Group (APWG).

Self-propagating SMS worm Selfmite targets Android devices

(7/2/2014) The new Selfmite Android malware spreads by sending text messages with a malicious link to the device owner's contacts

EMOTET banking malware captures data sent over secured HTTPS connections

(7/2/2014) Spam emails making the rounds in Germany are delivering banking malware identified as EMOTET, a financial threat that is beginning to make its way over to the U.S., according to researchers from Trend Micro.

Police turning to mobile malware for monitoring

(6/27/2014) Governments are increasingly using spyware for mobile devices to monitor targets, raising questions over the possible misuse of such tools, a new study suggests.

RCE vulnerability in TimThumb's WebShot feature puts WordPress users at risk

(6/27/2014) A zero-day remote code execution (RCE) vulnerability has been discovered in the “WebShot” feature of TimThumb, an image resizing utility commonly used on blogging platform WordPress, according to security company Sucuri.

Heartbleed still a threat: Over 300,000 servers remain exposed

(6/24/2014) Two months after the infamous bug was discovered, more than half of vulnerable servers remain unpatched.

Google yanks malicious app from Play Store

(6/20/2014) A malware app called “Google Play Stoy,” which intercepts banking credentials, certificates and text messages from Android devices, has been removed from the Google Play Store, according to a Wednesday blog post from FireEye, which worked with Google to remove it.

Microsoft strips some Windows 7 users of IE11 patch privileges

(6/18/2014) Microsoft has quietly stopped serving security updates to Internet Explorer 11 (IE11) on consumer and small business Windows 7 PCs unless the customer has successfully applied an April update for the browser.

Target finally gets its first CISO

(6/16/2014) Target has hired a chief information security officer (CISO), a move that's noteworthy mainly because it is the first time the company has ever had anyone in this role, even though it is one of the largest retailers in the U.S.

Banks: Credit Card Breach at P.F. Chang’s

(6/16/2014) Nationwide chain P.F. Chang’s China Bistro said today that it is investigating claims of a data breach involving credit and debit card data reportedly stolen from restaurant locations nationwide.

Ransomware "Svpeng" strikes US, leaves Android devices unusable

(6/16/2014) A mobile trojan called “Svpeng,” has now been updated to extort Android users in the U.S., researchers warn

“WARNING Your phone is locked!” Crypto ransomware makes its debut on Android

(6/11/2014) Security researchers have documented another first in the annals of Android malware: a trojan that encrypts photos, videos, and documents stored on a device and demands a ransom for them to be restored.

Possibly 350K ransomware infections, $70K earned, in Dropbox phishing scheme

(6/11/2014) Attackers may have infected nearly 350,000 systems with ransomware and earned more than $70,000 in Bitcoins as part of an ongoing Dropbox phishing scheme, according to researchers with PhishMe.

Android/Simplocker could be the first Android ransomware to encrypt files

(6/9/2014) ESET researchers have shed some light on what could be the first file-encrypting ransomware for Android devices – and it just so happens to have a command-and-control hosted on Tor, as well.

iOS users reporting iPhones, iPads being locked up and held for ransom

(5/28/2014) Reports of iPhones and iPads being digitally locked up and held for up to a $100 ransom have been coming in from Apple users in Australia, as well as in other parts of the world.

eBay to face formal investigations over data breach

(5/27/2014) Attorneys general in three states in the US are looking into the hack, and an official in the UK is considering a formal probe.

eBay buries its own advisory to change passwords following database hack

(5/23/2014) eBay officials are taking flak for burying news of the password reset issued in response to a hack on the company's corporate network that exposed sensitive data for millions of users.

EBay asks users to change password after breach

(5/21/2014) NEW YORK (AP) — E-commerce site eBay is asking users to change their password after a cyberattack compromised a database containing encrypted passwords.

Many sites reusing Heartbleed-compromised private keys

(5/13/2014) Heartbleed has forced many to revoke and reissue TLS/SSL certificates, but more than seven percent have been reissued with the same keys.

Ransomware on Android scares users with gov't notices, asks for $300

(5/13/2014) Ransomware, such as the now-infamous CryptoLocker, has been successfully compromising computers and laptops for years, so it comes as no surprise that the pesky malware is now making its way to mobile devices running the Android operating system.

IT malpractice: Doc operates on server, costs hospitals $4.8M

(5/13/2014) New York Presbyterian and Columbia University Medical Center settle with HHS to end probe into 2010 patient data leak

No Windows XP, Office 2003 patches in May Patch Tuesday

(5/13/2014) Microsoft has released their advance notification for the May 2014 Patch Tuesday updates. There will be a total of eight updates issued next Tuesday, May 13, two of them rated critical.

Voice phishing scheme lets hackers steal personal data from banks

(5/5/2014) Cybercriminals stole debit card information from customers of dozens of financial institutions in a phishing campaign that combined rogue text messages and with VoIP calls.

Firefox 29 fixes several critical flaws, including memory safety bugs

(5/5/2014) Mozilla rolled out Firefox 29 on Tuesday, a huge overhaul that addresses 15 security vulnerabilities, six of which are deemed critical, meaning the bug could be used to run attack code and install software with no user interaction aside from normal browsing.

Microsoft releases unscheduled patch for IE zero-day, XP users get fix too

(5/5/2014) Microsoft has patched a critical Internet Explorer flaw being leveraged in zero-day attacks – and those running no-longer-supported Windows XP will also benefit from the unscheduled update.

Target looks to reassure consumers with move to chip and pin

(5/5/2014) Target slates rollout of chip and pin for its payment cards for next year

Give IE the heave-ho until Microsoft patches zero-day

(4/29/2014) The U.S. government's top cyber-security agency is telling Internet Explorer (IE) users they should consider running a different browser until Microsoft fixes a critical vulnerability.

Feds warn health care sector of looming cyber attacks

(4/29/2014) The FBI has sent a private industry notification (PIN) to health care providers warning them that the security systems they have in place are behind those of other sectors, making them prime targets for cyber attacks.

Covert Bitcoin miner found stashed in malicious Google Play apps

(4/28/2014) Researchers scouring the official Google Play market have unearthed more Android apps that surreptitiously abuse end-user devices to carry out the computationally intensive process of mining Bitcoins.

After Heartbleed, Tech Giants Team Up to Avoid Redux

(4/28/2014) The "Heartbleed" bug in a widely used software system rocked the Internet earlier this month, and major tech companies are teaming up to try to avoid a repeat.

Heartbleed attack used to skip past multifactor authentication

(4/22/2014) Attackers were able to breach a walled-off virtual private network by exploiting the Heartbleed vulnerability, security company Mandiant said on Friday.

Attack exercise reveals threat-sharing roadblock within health orgs

(4/22/2014) Health care participants in an industry wide attack exercise expressed concerns about effectively communicating threat intelligence within their organization.

Microsoft slashes Windows XP custom support prices just days before axing public patches

(4/18/2014) Computerworld - Just days before Microsoft retired Windows XP from public support, the company drastically reduced the price of custom support agreements that give large companies and government agencies another year of XP patches, experts reported today.

Arrested Canadian hacker 'believed' to have exploited Heartbleed bug

(4/18/2014) On Tuesday, Stephen Solis-Reyes, a 19-year-old man that authorities believe leveraged the now infamous bug to steal sensitive information from the Canada Revenue Agency, was arrested by the Royal Canadian Mounted Police (RCMP), without incident, at his home in London, Ontario, according to a Wednesday RCMP release.

Hundreds of Canadian Tax ID Numbers Stolen in 'Heartbleed' Breach

(4/15/2014) Canada's tax-collection agency on Monday said the private information of about 900 people had been compromised as hackers exploited the "Heartbleed" bug, and security experts warned that more attacks are likely to follow.

Report says NSA exploited Heartbleed, kept flaw secret -- but agency denies it

(4/15/2014) A Bloomberg report says the agency knew about the Heartbleed security flaw that's sent sites like Google scrambling to patch their systems -- but it kept it secret and used it to spy. The agency, however, says that's not so.

Heartbleed developer explains OpenSSL mistake that put Web at risk

(4/15/2014) "Trivial" coding error in open source project wasn't intentional, report says.

Akamai Heartbleed patch not a fix after all

(4/14/2014) The Web infrastructure company's patch was supposed to have handled the problem. Turns out it protects only three of six critical encryption values.

See If Sites You Use Are Vulnerable to Heartbleed And How To Change Passwords

(4/14/2014) A flaw in the most popular web encryption system could leave people vulnerable to data theft according to security researchers.

Which sites have patched the Heartbleed bug?

(4/10/2014) We compiled a list of the top 100 sites across the Web, and checked to see if the Heartbleed bug was patched.

Healing Heartbleed: LastPass outs automated checker, major sites admit vulnerability

(4/10/2014) LastPass has released a new tool to show you which of your supposedly secure online accounts are at risk of being compromised, as the Heartbleed fallout continues with numerous major sites admitting to being hit by the devastating bug.

How to protect yourself from the 'Heartbleed' bug

(4/9/2014) A new security bug means that people all across the Web are vulnerable to having their passwords and other sensitive data stolen. Here's what consumers can do to protect themselves.

Microsoft sketches out final Windows XP security updates for next week

(4/4/2014) Computerworld - Microsoft today said it will ship four security updates to customers next week that will include the final public fixes for flaws in Windows XP and Office 2003, both slated for retirement from security support on Tuesday.

Computer Whizzes Do Battle With 'Blizzard' and a 'Cyberattack'

(4/1/2014) Fortunately, the simultaneous blizzard and cyberattack were not real. They were created by the organizers of a collegiate competition held at the Johns Hopkins University Applied Physics Laboratory last week intended to test the wits and reflexes of what they hope will be the next generation of government and corporate cybersecurity professionals.

UMCP reports another cybersecurity breach

(3/27/2014) The University of Maryland, College Park suffered a second cyberattack on the heels of the recent theft of personal data for hundreds of thousands of students, staff and alumni, university officials announced Thursday.

Sally Beauty Confirms Card Data Breach

(3/19/2014) Nationwide cosmetics and beauty retailer Sally Beauty today confirmed that hackers had broken into its networks and stolen credit card data from stores.

Samsung Galaxy devices may have backdoor to user data, developer says

(3/14/2014) Developers working on Replicant, an open-source OS based on Android, claim to find a flaw that provides access "to read, write, and delete files" stored on some Samsung devices.

Johns Hopkins University web server breached; up to 1,300 affected

(3/12/2014) As many as 1,300 current and former Johns Hopkins University biomedical engineering students' personal information was posted online by an attacker claiming to be affiliated with hacktivist collective Anonymous.

Saboteurs slip Dendroid RAT into Google Play

(3/12/2014) A new remote access tool (RAT) that trojanizes Android apps made its way into Google's official app store.

Apple releases iOS 7 update for iPads and iPhones

(3/12/2014) (CNN) -- Apple released its latest mobile operating system update on Monday, iOS 7.1. The major upgrade packs in an assortment of bug fixes, improvements, new features and some subtle changes to the overall interface.

Pre-installed malware found on new Android phones

(3/7/2014) Samsung spokeswoman Jessica Baker said in an email that "if there is a fake Netflix app on the devices, it is something that was not preloaded by Samsung or U.S. carrier partners." Netflix spokesman Joris Evers said the company did not have a comment.

Thieves Jam Up Smucker’s, Card Processor

(3/7/2014) Jam and jelly maker Smucker’s last week shuttered its online store, notifying visitors that the site was being retooled because of a security breach that jeopardized customers’ credit card data.

Update: Microsoft reacts to XP upgrade critics with free file transfer tool

(3/4/2014) Reacting to criticism from customers that upgrading from Windows XP was "impossible," Microsoft today announced it would give away a limited migration tool to help people move to a newer operating system.

Indiana Univ.: Personal data of 146,000 exposed

(2/27/2014) University warns students and recent grads of possible data exposure

Report: Malicious apps in Google Play store grow 388 percent

(2/27/2014) Malicious apps contained in the Google Play store have grown 388 percent between 2011 and 2013, according to a report from RiskIQ, an Internet security services company.

Target hack strips banks and credit unions of $200M

(2/21/2014) The widespread security breach reportedly compromised 40 million credit and debit cards, which are costing banks a pretty penny to reissue.

Microsoft delivers stopgap defense against active IE10 attacks

(2/21/2014) Microsoft on Wednesday issued a stopgap defense that protects Internet Explorer 9 (IE9) and IE10 against ongoing attacks until the company issues a patch, probably in three weeks.

Adobe releases another zero-day fix for Flash

(2/21/2014) For the second time this month, Adobe has addressed a zero-day vulnerability in its popular Flash Player.

U-Md. computer security attack exposes 300,000 records

(2/20/2014) More than 300,000 personal records for faculty, staff and students who have received identification cards at the University of Maryland were compromised in a computer security breach this week, school officials said.

'The Moon' worm infects Linksys routers

(2/18/2014) Self-replicating worm program infects Linksys routers by exploiting an authentication bypass vulnerability

IE10 under attack as hackers exploit zero-day bug

(2/17/2014) FireEye uncovers attacks emanating from a U.S. website just two days after Microsoft issued huge IE patch collection

Security Updates for Shockwave, Windows

(2/17/2014) Adobe and Microsoft today each issued patches to fix critical security flaws in their software.

Target Hackers Tapped Vendor Credentials

(1/31/2014) Target said Wednesday that the hackers who attacked the company employed access credentials that were hardcoded into a product used by the retailer.

Yahoo resets passwords after email hack

(1/31/2014) Yahoo suspects usernames and passwords were stolen from an unidentified third-party database

Beware of this sneaky watering hole attack I just found

(1/29/2014) Kim Komando from The Kim Komando Show talks about this online threat, a watering hole attack is where hackers slip malicious code into a legitimate site.

Theft of unencrypted laptops behind Coca-Cola breach impacting 74,000

(1/29/2014) Due to a theft of unencrypted laptops at Coca-Cola, around 74,000 current and former employees at the company may be at risk of identity theft or fraud.

Sources: Card Breach at Michaels Stores

(1/29/2014) Multiple sources in the banking industry say they are tracking a pattern of fraud on cards that were all recently used at Michaels Stores Inc., an Irving, Texas-based arts-and-crafts retailer that maintains more than 1,250 stores across the United States.

Microsoft retains weapon to silently scrub XP

(1/29/2014) Computerworld - Microsoft will be able to silently reach into Windows XP PCs for more than a year after it stops patching the aged OS to clean malware-infected machines, sources close to the company confirmed Friday.

It’s Data Privacy Day

(1/28/2014) NCSA is teaming up with Facebook to broadcast the Data Privacy Day Kick Off event live online for the world to watch. The live stream will be made available via NCSA’s Data Privacy Day Facebook page this morning starting at 11:20 a.m. ET.

New Android malware disconnects calls, intercepts texts of victims

(1/24/2014) Researchers have discovered a new Android malware family that disguises itself as a security app, and intercepts the incoming texts and calls of victims.

Target's data breach: Yes, it gets worse

(1/22/2014) Now Reuters is reporting that cyberintelligence firm IntelCrawler has unearthed evidence pointing toward at least six ongoing schemes at U.S. merchants with credit card processing systems plagued by the same type of malicious software

Spammers buy Chrome extensions and turn them into adware

(1/22/2014) Changes in Google Chrome extension ownership can expose thousands of users to aggressive advertising and possibly other threats, two extension developers have recently discovered.

NCSA Partners with Reputation.com and RAINN to Provide Privacy Resources for Domestic Violence and Sexual Assault Survivors

(1/8/2014) This January, the National Cyber Security Alliance is partnering with Reputation.com and the Rape, Abuse & Incest National Network (RAINN) to empower survivors of domestic violence and sexual assault by offering tools and resources that will help survivors gain control of their digital footprint and protect their personal information.

Researchers warn of new, meaner ransomware with unbreakable crypto

(1/7/2014) Security researchers have uncovered evidence of a new piece of malware that may be able to take gigabytes' worth of data hostage unless end users pay a ransom.

Possible link discovered that ties together Wi-Fi routers with backdoors

(1/7/2014) A manufacturer of broadband and wireless networking equipment may be the link that ties together a number of Wi-Fi routers that contain backdoors, some of which are vulnerable to remote attacks, according to a researcher.

Researchers report security flaw in Samsung's Galaxy S4

(12/27/2013) An Israeli security team says a vulnerability in Samsung's Knox security platform enables malicious software to track e-mails and record data communications.

Target Admits Massive Credit Card Breach; 40 Million Affected

(12/20/2013) The breach, which was first reported by security journalist Brian Krebs on Wednesday, continued through December 15 and may have affected all locations nationwide. Customers who shopped through Target’s online storefront are not believed to have been affected.

Millions of Target customers' credit, debit card accounts may be hit by data breach

(12/19/2013) Target said Thursday that the credit and debit card information of as many as 40 million customers was compromised over three weeks of the holiday shopping season — one of the largest breaches ever of American consumer data.

Two unencrypted N.J. health insurance laptops stolen, more than 800k impacted

(12/17/2013) Horizon Blue Cross Blue Shield of New Jersey (BCBSNJ) began sending notification letters to more than 800,000 members on Dec. 6, alerting them that their personal information may have been compromised after two unencrypted laptops were stolen from the insurance provider's Newark headquarters about one month prior.

Twitter joins Google, Facebook with 'forward secrecy' security

(11/27/2013) Twitter is the latest to implement "forward secrecy," a cryptographic technique that should stymie even the NSA.

Adobe plugs holes in Flash Player and ColdFusion

(11/18/2013) Security updates for Flash Player addressed two critical vulnerabilities that could cause the software to crash and potentially allow a saboteur to take control of an exploited system, Adobe revealed in a bulletin.

Zero-Days Rule November’s Patch Tuesday

(11/18/2013) Microsoft today issued security updates to fix at least 19 vulnerabilities in its software, including a zero-day flaw in Internet Explorer browser that is already being actively exploited.

ICE Hacked Its Own Employees to Teach Self-Defense in Cyberspace

(11/7/2013) Comments One federal agency is replacing workforce security awareness tutorials with real world hack attempts to test employee reflexes.

'Canary' Chrome chirps when it smells malware

(11/5/2013) Computerworld - Google on Thursday expanded malware blocking in an early development build of Chrome to sniff out a wider range of threats than the browser already recognizes.

Adobe Breach Impacted At Least 38 Million Users

(11/1/2013) The recent data breach at Adobe that exposed user account information and prompted a flurry of password reset emails impacted at least 38 million users, the company now says.

Windows XP infection rate may jump 66% after patches end in April

(11/1/2013) Microsoft yesterday again put the scare into Windows XP users, telling them that after April 8, 2014, the chance that malware will infect their PCs could jump by two-thirds.

ATM malware may spread from Mexico to English-speaking world

(10/29/2013) A malicious software program found in ATMs in Mexico has been improved and translated into English, which suggests it may be used elsewhere, according to security vendor Symantec.

Windows 8.1 includes seamless, automatic disk encryption—if your PC supports it

(10/21/2013) Windows 8.1’s new device encryption treats your x86-based Windows tablet or laptop more like an ARM-based tablet or smartphone. Rather than requiring a user or system administrator to enable it, your device’s boot partition comes encrypted out of the box

Backdoor found in D-Link router firmware code

(10/15/2013) A backdoor found in firmware used in several D-Link routers could allow an attacker to change a device's settings, a serious security problem that could be used for surveillance.

Yahoo to make SSL encryption the default for Webmail users. Finally.

(10/15/2013) Beginning Jan. 8, Yahoo will enable encryption by default for users logging into its Web-based mail service, the company has told The Washington Post.

The Latest Smartphones Could Turn Us All Into Activity Trackers

(10/14/2013) While much has been said of the A7 chip in the new iPhone 5S — arguably the “world’s first consumer ARM-based [system-on-a-chip]” — its associated new M7 coprocessor was surprisingly under-hyped, by both industry media and Apple

Nordstrom Finds Cash Register Skimmers

(10/14/2013) Just this past weekend, for instance, department store chain Nordstrom said it found a half-dozen of these skimmers affixed to registers at a store in Florida.

Adobe fixes "critical" bugs in Reader, Acrobat and RoboHelp publishing tool

(10/14/2013) Adobe has released security updates for its popular Reader and Acrobat products for Windows users.

Adobe To Announce Source Code, Customer Data Breach

(10/4/2013) Adobe Systems Inc. is expected to announce today that hackers broke into its network and stole source code for an as-yet undetermined number of software titles, including its ColdFusion Web application platform, and possibly its Acrobat family of products

LinkedIn Shuts Down Four XSS Flaws

(10/4/2013) LinkedIn has closed the door on four cross-site scripting (XSS) vulnerabilities, which could have been used to ultimately steal credentials from users.

Google shifts to SSL for all searches

(10/1/2013) Have you noticed the Google URL in your browser's address bar now has an HTTPS in front? That is because the internet and technology services giant announced earlier this week that every search will now go over secure sockets layer (SSL), something its account members – those with Google accounts – have been benefiting from since 2011.

AT&T shakes its banhammer at would-be pirates

(9/30/2013) If you appear to pirate on an AT&T connection, your service may be terminated.

Oracle finally adds whitelisting capabilities to Java

(9/30/2013) Oracle added a feature in Java that lets companies control what specific Java applets are allowed to run on their endpoint computers, which could help them better manage Java security risks.

Microsoft to patch dangerous Outlook hack-by-preview bug next week

(9/6/2013) Microsoft today said it will ship 14 security updates next week to patch critical vulnerabilities in Internet Explorer (IE), Windows, Office and SharePoint, its enterprise collaboration platform.

McAfee Report Examines Challenges Retailers Face to Secure In Store Payment Systems

(8/30/2013) McAfee announced today that it has sponsored a report with IHL Group, a global research and advisory firm specializing in technologies for the retail and hospitality industries, to assess retailer security and the approaches used to safeguard retailer transactional systems.

Facebook got 25,000 government requests about users

(8/30/2013) Facebook received more than 25,000 requests from governments about its users during the first half of 2013, with nearly half of those requests coming from U.S. law enforcement and related agencies, the company said.

Hacker group takes responsiblity for DNS attack on major media sites

(8/30/2013) "Media is going down..." That's what the Syrian Electronic Army (SEA) tweeted Tuesday, as the pro-Assad hacker collective announced domains belonging to The New York Times, Huffington Post U.K., and Twitter were compromised.

FDA issues encryption, authentication rules for medical devices

(8/23/2013) The Food and Drug Administration (FDA) has issued new guidance on the radio frequencies of wireless medical devices, including recommendations for authentication and encryption measures to ensure the security of the device and the safety of the patient.

Google gives Chrome mulligan button

(8/23/2013) Google on Tuesday shipped Chrome 29, patching 25 vulnerabilities and rolling out under-the-hood changes the company said would offer more relevant suggestions when users typed in URLs or search strings.

Insurer to Schnucks: We won't pay for lawsuits related to your breach

(8/23/2013) The insurer for Midwestern supermarket chain Schnucks, whose systems were hacked last winter to steal 2.4 million credit card numbers, is claiming in court that the grocer's policy doesn't cover the cost of lawsuits arising from the breach.


(8/16/2013) Microsoft has issued security updates to fix at least 23 distinct vulnerabilities in its Windows operating systems and other software.

Washington Post Site Hacked After Successful Phishing Campaign

(8/16/2013) The Washington Post acknowledged today that a sophisticated phishing attack against its newsroom reporters led to the hacking of its Web site, which was seeded with code that redirected readers to the Web site of the Syrian Electronic Army hacker group.

"Hand of Thief" trojan sniffs out banking credentials of Linux users

(8/13/2013) Not long after the Windows-targeting banking trojan KINS hit the market, saboteurs have introduced new financial malware capable of infecting Linux users.

Researchers find trojanized banking app that exploits critical Android bug

(8/8/2013) Researchers have unearthed another malicious app exploiting a critical vulnerability in Google's Android OS that allows attackers to inject malicious code into legitimate programs without invalidating their digital signature.

Scam Android Apps Plague Google Play

(7/31/2013) More than 1,200 apps published to the official Google Play app store in the past seven months have been designed by "one-click fraud" scammers. But a new variation on that scam now involves many more clicks than just one.

Don’t Get Sucker Pumped

(7/31/2013) Gas pump skimmers are getting craftier. A new scam out of Oklahoma that netted thieves $400,000 before they were caught is a reminder of why it’s usually best to pay with credit versus debit cards when filling up the tank.

White House Employees’ Personal Email Hacked

(7/31/2013) Three White House staffers have had their personal Gmail accounts breached in what appears to be a malicious operation directed at the team responsible for the Obama administration's social media outreach, according to individuals familiar with the incident.

Phishing scam piggybacks on Apple Dev Center hack

(7/26/2013) The recent attack against Apple's Web site for developers has prompted a flood of phishing e-mails asking people to change their passwords.

Five indicted in massive hacking scheme

(7/26/2013) Five men from Russia and Ukraine have been indicted in New Jersey for charges they conspired with each other in a worldwide hacking scheme targeting major corporate networks that compromised more than 160 credit card numbers, the U.S. Department of Justice announced.

Unusual file-infecting malware steals FTP credentials

(7/16/2013) A new version of a file-infecting malware program that's being distributed through drive-by download attacks is also capable of stealing FTP (File Transfer Protocol) credentials, according to security researchers from antivirus firm Trend Micro.

WellPoint settles following government investigation in wake of breach

(7/16/2013) After being ordered to pay $100,000 to the state of Indiana after a major breach of customer data, an Indianapolis-based health insurer faces another costly payout – a $1.7 million settlement with the U.S. Department of Health and Human Services (HHS).

Microsoft Plans Critical Windows Security Patches

(7/10/2013) Patch Tuesday will feature seven security bulletins, including six with the highest severity rating of "critical."

CTO of media company faked-out employees with "phishing" emails

(7/5/2013) About a month ago, Atlantic Media Chief Technology Officer Tom Cochran blasted out a faux phishing email to all 450 email addresses in the company directory. The results, he said, should be something of a wake-up call.

Google to scan for malicious apps in Chrome Web Store

(6/25/2013) Google is trying to better protect the users of its Chrome Web Store from malicious browser apps and extensions. As is already the case in the Google Play Android apps store, content uploaded to the Chrome Web Store will now also be automatically scanned for malware.

Expanded '2-person rule' could help plug NSA leaks

(6/25/2013) NSA, FBI, DOJ officials tell Congress secret programs are vital to U.S. security; outline ways to keep sysadmins from leaking classified data

LinkedIn outage prompts security concerns

(6/21/2013) LinkedIn's domain name was temporarily redirected to a third-party server Thursday, which resulted in a service outage and potentially put user accounts at risk of compromise.

Feds Seized 1,700 Online Domains in 3 Years

(6/21/2013) Federal authorities said today that, since June 2010, they have seized more than 1,700 domains that allegedly breached intellectual property rights.

U.S. and Russia sign pact to create communication link on cyber security

(6/21/2013) The United States and Russia have signed a landmark agreement to reduce the risk of conflict in cyberspace through real-time communications about incidents of national security concern.

Critical vulnerability in Blackberry 10 OS

(6/18/2013) BlackBerry has released an advisory that describes a critical privilege/permissions vulnerability in BlackBerry 10 OS.

Researchers claim they've discovered the most advanced Android trojan yet

(6/11/2013) Researchers say they have discovered a sophisticated trojan that targets Android smartphones

Microsoft to tackle under-attack Office bug next week

(6/7/2013) It plans to patch 23 vulnerabilities, including 19 in a critical update for all versions of Internet Explorer

Microsoft torpedoes Citadel botnet infrastructure

(6/7/2013) A botnet infrastructure believed responsible for stealing more than a half-billion dollars from individuals and organizations worldwide has been crippled, Microsoft announced Wednesday evening.

Harvard College dean steps down after e-mail scandal

(6/3/2013) Months after a secret e-mail search controversy at Harvard College, Evelynn M. Hammonds announced on Tuesday that she will step down as dean on July 1, according to a statement posted online.

Drupal resets account passwords after detecting unauthorized access

(6/3/2013) Drupal.org has reset account passwords after it found unauthorized access to information on its servers.

Google to replace SSL certificates

(5/29/2013) Google will update its certificate infrastructure and has, as a precaution, warned of potential problems.

Microsoft warns of Facebook-hijacking extensions

(5/15/2013) Malicious browser extensions are trying to hijack Facebook profiles, according to a warning from Microsoft's Malware Protection Center.

Microsoft rushes IE8 zero-day fix into next week's Patch Tuesday

(5/10/2013) 33 fixes will also include patches for the IE10 Pwn2Own vulnerabilities

Hackers hit domain registrar, access credit card data and passwords

(5/10/2013) A Denver-based domain name provider has suffered a breach where customers' personal data, including encrypted passwords and credit card information, was compromised.

18 Alaskan Teens Use Phishing Scam To Hack School System

(5/7/2013) At least 18 Alaskan students are accused of using a phishing scam to gain control over the computers at their middle school.

Google: No, app makers, you can't skip the Play Store

(4/30/2013) An update to the Google Play Store contains mostly minor tweaks except for one security fix: apps are no longer allowed to bypass the Play Store when updating.

AP Twitter hack looks like a security tipping point

(4/26/2013) Getting hacked on Twitter is fast becoming a rite of passage for big corporations, but Tuesday's attack on the Associated Press could be a tipping point and shows that social networks must do more to keep their users safe, security experts said.

Microsoft issues replacement for botched patch

(4/26/2013) Microsoft is now issuing a replacement patch for a fix that was shelved two weeks ago after customers reported problems resulting after they installed it.

BadNews infections in Google Play spread premium-rate SMS trojan

(4/23/2013) Researchers have discovered a new family of malware that found its way into legitimate apps inside Google's official store thanks to a malicious advertising network.

Microsoft rolls out standards-compliant two-factor authentication

(4/19/2013) Microsoft today announced that it is rolling out optional two-factor authentication to the 700 million or so Microsoft Account users, confirming last week's rumors.

Popular home routers contain critical security vulnerabilities

(4/19/2013) Thirteen popular home and small office routers contain security problems that could allow a hacker to snoop or modify network traffic, according to new research.

Microsoft: Hold Off Installing MS13-036

(4/18/2013) Microsoft is urging users to who haven’t installed it yet to hold off on MS13-036, a security update that the company released earlier this week to fix a dangerous security bug in its Windows operating system.

Schnucks supermarket chain struggled to find breach that exposed 2.4M cards

(4/18/2013) The Schnucks supermarket chain struggled for two weeks to find the source of a breach after being alerted to a possible leak of credit card info by its card processing company. During that time, Schnucks apparently continued exposing the debit and credit card data of people who shopped at its stores.

Wide-scale attack against WordPress blogs reported

(4/18/2013) Unidentified hackers are said to have have launched a large-scale attack against WordPress blogs and any hosts using weak passwords are urged to update them immediately.

Microsoft's April Patch Tuesday brings no Pwn2Own fix

(4/12/2013) System administrators and IT security pros can take bit of a breather: Microsoft issued a comparatively light set of patches for this edition of its monthly release of software vulnerability fixes.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

(4/12/2013) A New Jersey hospital can now pursue a subpoena that would require an internet service provider (ISP) to hand over information potentially identifying at least one person accused of hacking into its email server.

Gaming Company Certificates Stolen and Used to Attack Activists, Others

(4/12/2013) A rash of breaches at companies that develop online videogames has resulted in digital certificates being stolen from the companies and used in attacks targeting other industries and political activists.

Obama budget signs cybersecurity as a top priority

(4/12/2013) The United States' budget for the 2014 fiscal year will include increased spending on cybersecurity defenses.

Harvard to review privacy policies in wake of email search scandal

(4/5/2013) Harvard University President Drew Faust has ordered a comprehensive review of the university's email privacy polices amid disclosures that a secret search of some deans' email accounts by administrators was broader than originally acknowledged.

Microsoft Security Bulletin Advance Notification for April 2013

(4/5/2013) This is an advance notification of security bulletins that Microsoft is intending to release on April 9, 2013.

Critical denial-of-service flaw in BIND software puts DNS servers at risk

(4/2/2013) A flaw in the widely used BIND DNS (Domain Name System) software can be exploited by remote attackers to crash DNS servers and affect the operation of other programs running on the same machines.

Android Malware Infects Activists' Phones

(3/29/2013) Security researchers have discovered what appears to be the first known sighting of in-the-wild Android malware that's been designed to conduct targeted attacks.

Former student accused of stealing identities pleads guilty

(3/26/2013) A former student of Cal State University in San Marcos, Calif., pleaded guilty to wire fraud, access device fraud and unauthorized use of a computer after being accused of stealing the identities and passwords of 745 students to rig campus elections.

New adware Trojan circulating that targets Mac OS X systems

(3/22/2013) A new Mac OS X Trojan is making the rounds, installing an adware plug-in that renders ads on Web pages to generate revenue for its author.

Microsoft: Hackers obtained high-profile Xbox Live accounts

(3/22/2013) Several high-profile Xbox Live accounts for former and current Microsoft employees were compromised by attackers using social engineering techniques, the company said late Tuesday.

Apple finally fixes App Store flaw by turning on encryption

(3/12/2013) Apple has finally fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications.

Microsoft slates IE, Windows, Office updates for next week

(3/11/2013) Microsoft today announced it will deliver seven security updates next week, four of them rated "critical," to patch Internet Explorer (IE), Windows, Office, SharePoint Server and the Silverlight media software.

FTC Cracks Down on Senders of Spam Text Messages Promoting "Free" Gift Cards

(3/11/2013) The Federal Trade Commission is cracking down on affiliate marketers that allegedly bombarded consumers with hundreds of millions of unwanted spam text messages in an effort to steer them towards deceptive websites falsely promising “free” gift cards.

Apple won't let users run Flash unless it is the latest version

(3/5/2013) Users of Apple's Safari browser will be blocked from using unpatched Adobe Flash software following a new security update.

Researchers uncover new global cyber-espionage campaign

(3/1/2013) A new cyber-espionage campaign dubbed MiniDuke used the recent Adobe Reader zero-day exploit

Security tools reveal cyberintruders' trickery

(3/1/2013) There is a silver lining to the rash of revelations about cyberintruders cracking into the networks of marquee U.S. corporations.

NBC.com hacked and served up malware

(2/27/2013) The website of the US television network NBC, NBC.com, has been hacked and the computers of visitors to it have been infected with malware.

Microsoft joins list of recently hacked companies

(2/27/2013) The software giant said it was hit with a similar hack to that used against Facebook and Apple

Adobe to patch Reader zero-day this week with rush update

(2/19/2013) Adobe on Saturday said it would release an emergency patch for two Reader zero-day vulnerabilities this week.

Facebook hacked, says no user data compromised

(2/19/2013) Facebook says it was recently hacked, though it says no data about its more than a billion users was compromised.

BlackBerry Enterprise Server vulnerable to dangerous TIFFs

(2/19/2013) BlackBerry has published details of critical vulnerabilities in components of its BlackBerry Enterprise Server (BES). The holes allow attackers to execute arbitrary code on systems running BlackBerry Enterprise Server.

Chinese military hackers were 'noisy'

(2/19/2013) The Chinese military hacking group that has stolen huge amounts of data from U.S. organizations is one of some 20 active cyberspying groups engaging in comparable data theft and espionage.

Microsoft and Symantec collaborate to disable click-fraud botnet

(2/8/2013) Microsoft and Symantec worked with US and Spanish officials to take down the Bamital click-fraud botnet which has been operating since at least 2009 and was, at one point, made up of more than 1.8 million compromised systems.

Wireless Carriers Leave Millions of Android Phones Vulnerable to Hackers

(2/8/2013) There are millions of vulnerable Android phones in the hands of consumers today because wireless phone carriers and phone hardware makers refuse to transmit existing software security fixes to phones in a timely manner, according to a security researcher.

For second time in a month, Apple blacklists Java Web plugin

(2/4/2013) For the second time in a month, Apple has effectively blacklisted the current version of the Java Web plugin on OS X.

Mozilla takes drastic step to automatically block virtually all plug-ins in Firefox

(2/4/2013) Cites security, stability reasons for move to turn on 'click-to-play' for all but the latest Flash

Stanford reports fourth HIPAA breach

(1/28/2013) Some 57,000 patients seen at the Palo Alto, Calif.-based Lucile Packard Children's Hospital have been notified of a potential HIPAA-breach after an unencrypted company laptop containing patient medical information was stolen from a physician's car Jan. 9.

Security Flaws Leave Networked Printers Open To Attack

(1/28/2013) Printers that use popular print server software sold by Hewlett-Packard are vulnerable to attacks that can bypass built-in biometric defenses, recover previously printed documents and crash all vulnerable machines attached to a network.

XSS, password flaws found in popular ESPN app

(1/22/2013) Researchers have discovered two security holes in a popular mobile app used to track sports news and scores, leaving users vulnerable to having their data exposed.

HHS posts final HIPAA omnibus rule

(1/22/2013) The long-awaited HIPAA omnibus rule was posted by the Department of Health and Human Services (HHS) on the Federal Register public inspection desk yesterday.

Patient data revealed in medical device hack

(1/18/2013) Researchers have exploited critical vulnerabilities in two popular medical management platforms used in a host of services, including assisting surgeries and generating patient reports.

Java exploit used in Red October cyberespionage attacks, researchers say

(1/18/2013) Seculert researchers identified a Java exploit and corresponding attack pages on Red October command and control servers

New Java Exploit Fetches $5,000 Per Buyer

(1/18/2013) Less than 24 hours after Oracle patched a dangerous security hole in its Java software that was being used to seize control over Windows PCs, miscreants in the Underweb were already selling an exploit for a different and apparently still-unpatched zero-day vulnerability in Java, KrebsOnSecurity has learned.

Feds step up HIPAA enforcement with hospice settlement

(1/8/2013) A Hayden, Idaho-based hospice is the first health care organization to be fined for sustaining a breach that affected fewer than 500 individuals.

6 States Bar Employers From Demanding Facebook Passwords

(1/4/2013) California and Illinois on Tuesday joined four others in becoming the union’s only states barring employers from demanding that employees fork over their social-media passwords.

U of Michigan Health System, Omnicell report patient data breach

(12/28/2012) Approximately 4,000 patients at the University of Michigan Health System (UMHS) have been notified this December that their personal health information has been compromised, UMHS officials announced.

FCC offers security advice to smartphone users

(12/21/2012) FCC publishes 10-step plan for securing mobile devices and their data

Suspected security hole found in many Samsung devices

(12/18/2012) Developer finds vulnerability in Exynos 4-powered devices, including the Galaxy S2 and Galaxy Note, that bypasses system permissions, letting data be extracted from RAM or malicious code be injected.

Identity Theft Is a Growing Risk in Health Care: Ponemon Report

(12/12/2012) Identity theft is more rampant in health care than any other U.S. industry, according to the Ponemon Institute's third-annual report on patient privacy and data security.

Personal info of 1m compromised in Nationwide breach

(12/4/2012) The FBI is investigating a breach at Nationwide Insurance, where hackers recently accessed the sensitive information of about one million people, including policy and non-policy holders.

Security firms warn of spreading Windows AutoRun malware

(12/4/2012) Antivirus vendors are warning customers of a spreading malware that can infect computers through a well-known bug in the Windows AutoRun software used to automatically launch programs on a DVD or USB device.

Google updates all Chrome editions

(12/3/2012) Google has updated the Stable, Beta and Developer Channels of the desktop version of its Chrome browser with a number of bug fixes and improvements.

Facebook Adopts Secure Web Pages By Default

(11/20/2012) Facebook has finally started using HTTPS by default, following a 2010 FTC demand and in the distant footsteps of Google, Twitter, and Hotmail.

Skype Deals With Account Hijacking Exploit

(11/16/2012) Months after being notified of a vulnerability described as "child's play" to exploit, Skype has temporarily addressed the issue by disabling password resets.

Adobe Connect Security Breach Exposes Personal Data of 150K Users

(11/16/2012) Adobe pulls down the forum for its video conferencing service, Adobe Connect after a hacker breached its security and leaked information, including password hashes, on 150,000 users.

Microsoft to patch 19 vulnerabilities on Tuesday

(11/13/2012) Microsoft is prepping six patches that will rectify 19 vulnerabilities in Windows, Internet Explorer, Office and the .NET Framework.

Out-of-date, vulnerable browsers put users at risk

(11/13/2012) Many users are waiting a month or more to apply important security updates that can protect them from exploits and malware.

Facebook password-bypass flaw fixed

(11/6/2012) The social network corrects a flaw over the weekend that could potentially have put over a million accounts at risk of being accessed by unauthorized users.

Firefox to force secure connections for selected domains

(11/6/2012) Forcing secured connections protects the privacy and security of users and their data, Mozilla said

DHS seeks cyber fellows

(11/2/2012) The Homeland Security Department has created a new fellowship program designed to attract recent college graduates into cybersecurity careers.

Barnes & Noble halts use of PIN pad devices after data breach

(10/29/2012) Payment terminals at 63 stores in eight states compromised; unknown number of customers affected

The 25 most popular passwords of 2012

(10/25/2012) You can't go anywhere online without a password these days. You certainly can't play many games without one. The problem, though, is that most of us just aren't very password-creative. Hackers delight in posting usernames and passwords online when they raid a database. To prove the point -- and to help us all make better password decisions -- SplashData compiles an annual list of the most common (and therefore, the worst) passwords from those listings.

Thousands of student records stolen in Florida college breach

(10/12/2012) Confidential information of nearly 300,000 students, faculty, and employees is accessed in hack, education officials warn.

Mozilla re-releases Firefox 16 after patching critical bugs

(10/12/2012) Mozilla re-released Firefox 16 today after pulling the browser from distribution Wednesday when one of its developers found a critical bug that could be used by attackers to hijack machines.

Worm spreading on Skype IM installs ransomware

(10/10/2012) A malicious worm spreading through Skype instant messages threatens to take control of a victim's machine and hold its contents for ransom.

Microsoft speeds up IE10 Flash patching, matches Google

(10/10/2012) Adobe today issued a surprise update for Flash Player that patched 25 critical vulnerabilities in the ubiquitous media software.

U.S. banks could be bracing for wave of account takeovers

(10/10/2012) Security researchers at RSA warned Thursday that a sophisticated plan is being hatched online to raid the bank accounts of customers at some 30 banks in the United States.

Google to users: Your account may be under attack

(10/8/2012) Google is issuing a warning similar to one it had sent in June to tens of thousands of Gmail users to inform them that their accounts may be targeted by hackers.

Microsoft to patch 20 bugs next week in month of Office updates

(10/8/2012) Single critical update will fix serious flaws in Office 2007, 2010 on Windows that hackers could use to hijack PCs

FTC Takes Aim at Tech Support Scareware Scams

(10/8/2012) The agency puts a halt to six such tech support cons, part of a larger effort to stop phony tech support companies from scamming consumers.

Adobe to revoke code signing certificate

(9/28/2012) Adobe takes action after finding malware signed with the Adobe certificates.

Microsoft Fixes Zero-Day, Four Other Flaws in IE

(9/26/2012) Microsoft has released an emergency update for Internet Explorer that fixes at least five vulnerabilities in the default Web browser on Windows, including a zero-day flaw that miscreants have been using to break into vulnerable systems.

Apple closes security holes in Mac OS X and Safari

(9/26/2012) Apple has released updates for versions 10.6 (Snow Leopard), 10.7 (Lion) and 10.8 (Mountain Lion) of its Mac OS X operating system that close a number of critical security holes.

Galaxy S3 hacked via NFC at Mobile Pwn2Own competition

(9/24/2012) Using this exploit attackers can take full control of a Galaxy S3 smartphone, researchers demonstrated

Google Chrome To Get 'Do Not Track'

(9/18/2012) Google browser users should see support for privacy setting that turns off tracking cookies related to ads, by year's end.

Update: Hackers exploit new IE zero-day vulnerability

(9/18/2012) HD Moore, maker of Metasploit, urges users to ditch IE7, IE8 and IE9 until Microsoft fixes critical flaw

First Flash patch for Windows 8 coming "shortly"

(9/14/2012) The version of the Adobe Flash plugin that's bundled with Internet Explorer 10 in Windows 8 is out of date, leaving users susceptible to exploitation.

Worldwide IT Security Spending to Top $60 Billion in 2012, Says Gartner

(9/14/2012) According to data released by Gartner, worldwide spending on security is expected to rise to $60 billion in 2012, up 8.4 percent from $55 billion in 2011.

Google Aurora Attackers Still On Loose, Symantec Says

(9/11/2012) Gang that attacked Google in 2009 has continued operating, stealing sensitive data via zero-day attacks and compromising target companies' business partners.

White House circulating draft of executive order on cybersecurity

(9/11/2012) The White House is circulating a draft of an executive order aimed at protecting the country from cyberattacks, The Hill has learned.

FTC offers guidance for mobile application development

(9/7/2012) As enterprises expand their roll-outs of mobile applications, the Federal Trade Commission wants them to be mindful of the privacy and security ramifications that go along with these advancements.

Chrome 21 update closes high-risk security holes

(9/4/2012) Three high-severity holes have been fixed in Google's latest stable channel update to the Chrome web browser.

Rogue Microsoft Services Agreement emails lead to latest Java exploit

(9/4/2012) Hackers created a malicious version of a legitimate Microsoft email announcement

Toyota Contractor Accused of Sabotaging Company Network, Stealing Data

(8/31/2012) A former programmer for Toyota has been accused of sabotaging applications on the car company’s network and stealing data after he was fired from his job last week, according to a civil complaint filed by the company.

Dropbox Now Offers Two-Step Authentication

(8/28/2012) Online file-backup and storage service Dropbox has begun offering a two-step authentication feature to help users beef up the security of their accounts.

Former DNSChanger addresses out in the wild again

(8/22/2012) European IP address authority RIPE NCC has reallocated two IP address blocks that were previously used by the DNSChanger malware. The FBI and the Internet Systems Consortium (ISC) had control over the addresses from last November through to mid-July of this year, in accordance with a US court order, as there was concern about a total blackout for private users' manipulated computers.

Yes, the cloud is dangerous — here's how to stay safe

(8/20/2012) So what should you do to avoid being another one of these smart people to whom a bad thing could easily happen? You shouldn't allow yourself to be a lightning rod in the middle of the cloud.

AT&T Hit by DDoS Attack, Suffers DNS Outage

(8/17/2012) A distributed denial-of-service attack aimed at AT&T's DNS (Domain Name System) servers has disrupted data traffic for some of the company's customers.

FTC gives final approval to Facebook privacy settlement

(8/15/2012) The U.S. Federal Trade Commission has approved a settlement with Facebook related to charges that the social networking leader deceived consumers regarding the privacy of their data.

Hackers Encrypt Health Records and Hold Data for Ransom

(8/15/2012) As more patient records go digital, a recent hacker attack on a small medical practice shows the big risks involved with electronic files.

Why Effective Awareness Training Matters

(8/14/2012) Training and education are key elements to securing users and data, because even the best technical solutions are incapable of protecting both in every situation.

Hack forces Apple and Amazon to change security policies

(8/13/2012) Apple and Amazon have changed their policies about letting users update account information over the phone, after hackers successfully exploited flaws in both systems to gain access to a journalist's online accounts.

Update: Google to pay $22.5M fine over privacy practices

(8/13/2012) Google will pay a historic fine to settle U.S. government charges that it violated privacy laws when it tracked via cookies users of Apple's Safari browser.

Journalist blames Apple tech for allowing iCloud hack

(8/8/2012) Former Gizmodo reporter says device wipes and Twitter breaches occurred after an AppleCare technician fell victim to a bit of social engineering.

Reuters Twitter account hijacked, fake tweets sent

(8/8/2012) Reuters has suffered a second security breach in two days after hackers gained control of one of its Twitter accounts, the news agency revealed this morning.

Employee password reuse behind Dropbox spam outbreak

(8/6/2012) The spam outbreak that last month flooded the inboxes of Dropbox customers has been traced back to a hacked employee account, company representatives said late Tuesday.

Mac Malware Spies On Email, Survives Reboots

(8/1/2012) Crisis malware lets attackers install without an administrator password and intercept email, IM, and other communications.

Quarter of users see no benefit in updating software

(7/25/2012) Several major software companies, including Microsoft and Symantec, today kicked off what they called "International Technology Upgrade Week" in an attempt to persuade users to keep their code current.

Hackers pose as hacked software vendor to spread Zeus trojan

(7/25/2012) Hackers are sending well-crafted malicious spam to customers of software vendor MapleSoft whose details were stolen in a recent data breach.

Taking the Cyberattack Threat Seriously

(7/20/2012) In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home.

Grum takedown: '50% of worldwide spam is gone'

(7/19/2012) NEW YORK (CNNMoney) -- Good news for your email inbox: You'll be seeing less spam in it now, thanks to a global takedown effort that knocked one of the world's biggest spammers offline this week.

Yahoo closes security hole that led to password breach

(7/17/2012) Yahoo said Friday that it has fixed a security vulnerability that allowed hackers to seize roughly 450,000 unencrypted email addresses and passwords belonging to members of its content-sharing platform.

Yahoo hacked, 450,000 passwords posted online

(7/13/2012) (CNN) -- Hackers posted online what they say is login information for more than 450,000 Yahoo users.

Chrome 20 update fixes high-risk security vulnerabilities

(7/13/2012) Google has published a new update to the stable 20.x branch of Chrome to close a number of security holes in the WebKit-based web browser.

Microsoft Security Bulletin Advance Notification for July 2012

(7/9/2012) This is an advance notification of security bulletins that Microsoft is intending to release on July 10, 2012.

Last call to wipe DNSChanger before 'Internet doomsday'

(7/5/2012) In 10 days, there's a chance you will not be able to access the Internet on your personal computer. No email, no Facebook, no Google, no Twitter — nothing.

Alaska agency must pay $1.7m after 500-person breach

(6/29/2012) The Alaska Department of Health and Social Services (DHSS) will shell out $1.7 million to settle violations of the HIPAA Security Rule.

FTC Sues Wyndham Hotels Over Data Security Failures

(6/29/2012) Hotel chain slammed for poor information security practices, leading to attackers obtaining 600,000 credit card numbers and committing millions of dollars in fraud.

Security concerns over Firefox's "new tab" thumbnail feature

(6/27/2012) One of the new features in the recent Firefox 13 release is raising security concerns from privacy-conscious users: when users open a new tab in version 13 of the open source web browser, they are presented a grid of the nine most visited pages, each with its own screenshot thumbnail.

Senators Float National Data Breach Law, Take Four

(6/27/2012) Data Security Bill is fourth attempt to craft a national law to supersede legislation now on the books in more than 40 states. But it's weaker than some state laws.

Unpatched Microsoft XML Core Services flaw increasingly targeted in attacks, researchers say

(6/25/2012) An unpatched vulnerability in the Microsoft XML Core Services (MSXML) is being exploited in attacks launched from compromised websites to infect computers with malware, according to security researchers from antivirus vendor Sophos.

AutoCAD Worm Targets Design Documents In Possible Espionage Campaign

(6/25/2012) A malware campaign targeting AutoCAD drawings uncovered by security researchers at ESET could be a massive case of industrial espionage.

iOS 6 to ask if apps can access personal data

(6/19/2012) MacRumors reports that, according to the release notes of the developer preview version of iOS 6, the operating system will request explicit user permission when an application attempts to access contacts, calendars, reminders and photos.

Post-hack, companies fire back with their own attacks

(6/19/2012) According to a new report, some companies that have fallen victim to hacking attacks have gone as far as hiring security firms to hack back.

Microsoft Security Bulletin Summary for June 2012

(6/15/2012) Microsoft Security Bulletin Summary for June 2012

Merchant information may have been stolen from Global Payments

(6/15/2012) Hackers might have stolen the personal information of individuals who applied for a merchant account with card payment processor Global Payments.

MySQL vulnerability allows attackers to bypass password verification

(6/12/2012) Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials.

Facebook warns users of the end of the Internet via DNSChanger

(6/11/2012) With the July 9 Web apocalypse nearing for computer owners infected with the malicious DNSChanger malware, the social network reaches out to tell them how to clean their machines.

House Committee to Probe e-Banking Heists

(6/1/2012) The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses.

Google warns DNSChanger victims

(5/29/2012) Google has begun warning visitors to its search engine if they are infected with the DNSChanger malware, and providing them with a link to disinfection instructions.

Cross-browser worm spreads via Facebook, security experts warn

(5/23/2012) Malware writers use Crossrider browser extension development framework to build Facebook worm.

Phisher Guilty of $1.3 Million Scam

(5/16/2012) Fraud experts are encouraged to see banks joining forces with law enforcement to fight cybercrime. But as online attackers become increasingly organized, financial institutions may find themselves fighting even tougher battles.

Twitter warns users to reset passwords after hacking scare

(5/11/2012) Twitter has attempted to assure its users after reports circulated of 55,000 accounts being hacked and login credentials publicly disclosed.

FBI warns globe trotters about malware lurking in hotel room connections

(5/11/2012) The FBI is warning individuals who travel abroad that cybercriminals are installing malware through bogus software updates when users connect to the internet in their hotel rooms.

Microsoft Drops Chinese Vendor After Windows Exploit Leak

(5/8/2012) Microsoft cuts Chinese firewall company Hangzhou DPTech Technologies from Microsoft Active Protections Program (MAPP) for its role in disclosure of Windows Remote Desktop (RDP) flaw.

Major software flaws in iPhones, iPads fixed in update

(5/8/2012) Apple on Monday pushed out a security update for its mobile operating system, iOS, to patch four vulnerabilities.

Microsoft fixes critical Hotmail password bug

(5/2/2012) Microsoft has issued a temporary fix for a scary and potentially disastrous Hotmail vulnerability that could allow hackers to erase your email password, set up their own and take over your account.

VMware patches vulnerabilities in ESX 4.1

(5/2/2012) Virtualisation specialist VMware is warning customers about multiple security holes in versions 4.0 and 4.1 of its ESX enterprise-level computer virtualisation product.

Renewed efforts to revert DNSChanger in effect

(4/27/2012) The effort to clean up the DNSChanger malware attack is seeing renewed focus as the rogue DNS server shutdown deadline approaches on July 9.

Microsoft: Conficker Worm Continues to Plague Enterprises

(4/27/2012) In its latest Security Intelligence Report, Microsoft says weak passwords and unpatched systems conspire to let the three-year-old Conficker worm continue to propagate.

WordPress fixes file upload security problems

(4/25/2012) The developers of the popular open source blog engine WordPress have released a security update for the software.

Firefox skirts Windows security feature to make silent updates happen

(4/25/2012) Firefox 12, set to release Tuesday, sidesteps Windows' UAC

Netflix CEO accuses Comcast of violating net neutrality

(4/20/2012) Netflix's chief executive has accused Comcast of abandoning net-neutrality rules by exempting one of its products from monthly caps on data usage.

Google warns 20,000 websites they could be infected with malware

(4/20/2012) Google has warned 20,000 websites that they might be hacked and injected with JavaScript redirect malware, Google said.

New malware threatens Mac OS X

(4/18/2012) In a set of recent updates to Mac OS X, Apple patched a vulnerability in Java that had allowed a malware infection known as Flashback to spread to some 700,000 of its computers. Now, a new backdoor Java threat called SabPub has reared its head, validating Apple's aggressive measures to block issues due to the plugin.

Online Tax Scams to Guard Against

(4/16/2012) Scammers are out in force as the tax filing deadline approaches. Here are some of the most common scams to be on the lookout for.

Oracle to issue 88 security patches

(4/16/2012) Oracle is planning to release 88 patches on Tuesday, covering vulnerabilities affecting a wide array of its products, according to a pre-release announcement posted to its website on Thursday.

Apple ratchets up App Store security

(4/16/2012) Apple battens down the security hatches by requiring users to create security questions and identify a backup e-mail address.

Here’s what Facebook sends the cops in response to a subpoena

(4/10/2012) When the authorities send a subpoena to Facebook for your account information, what do they receive? Here is a document showing the pages and pages of data Facebook hands over.

New security flaws detected in mobile devices

(4/10/2012) Those cool mobile devices beloved by consumers carry deep-rooted security flaws that are only now being discovered and addressed.

Global Payments loses up to 1.5 million credit card records in data theft

(4/3/2012) Credit card processing company Global Payments has confirmed that a vulnerability within its system led to the theft of up to 1.5 million credit card records.

IT Security
Monthly Topic

Java—not just your innocent morning cup of Joe anymore!

Technology has taken a simple term that used to be synonymous with coffee and transformed it into a complex programming language and computing platform. Web browsers, email clients, video games, and movie/music players are just a few examples of software products we install and use on our computers every day.


Social Networking

University of Missouri / UM System
Division of Information Technology
615 Locust Street, Columbia, MO 65211

Copyright 2009 Curators of the University of Missouri.
DMCA and other copyright information.
An equal opportunity/affirmative action institution.