47 different U.S. government agencies are affected, according to Recorded Future.
A former employee apparently leveraged customer data to trick victims into providing remote access to their computers.
Cards used at Hershey locations between mid-March and late May 2015 may be affected.
The Securities and Exchange Commission has been contacting public companies to gather information on the group's activities and methods.
A new estimate more than four times greater than the previous one was recently provided to U.S. Senators.
Ten flights were canceled, and more than 1,400 passengers impacted.
The attack is simpler and cheaper to launch than traditional spear phishing attacks, and it can be dangerously effective.
While the vulnerability could provide an attacker with an enormous amount of access to an affected device, it's extremely difficult to exploit.
According to the New York Times, Cardinals officials allegedly tried a series of passwords until they successfully accessed the Astros' network.
Recently unsealed documents indicate that a Chicago residence was searched in connection with the breach in October 2014.
Email addresses, password reminders, server per user salts and authentication hashes were compromised.
The hackers claim the defacement was enabled by targeting the Limelight Networks content delivery network.
Europol recently announced 49 arrests in connection with the fraud campaign.
Exabeam 1.7 makes use of stateful user tracking to keep user credentials in line.
The majority of CISOs say they would spend any additional cyber security funds on human-centric solutions.
The malware currently targets Oracle MICROS and other point-of-sale systems.
The unencrypted computers were stolen from an office that had recently been acquired by Heartland.
Approximately 4 million current and former federal employees may be affected.
The leaked data included names, birthdates, identification numbers and addresses.
A spreadsheet containing the data was sent to over 1,000 people due to a 'technical fault,' the company said.
The company says malware was 'effectively deployed' on some of its point of sale systems between March 6 and April 17, 2015.
A specific series of characters displayed in a notification can cause a device to crash and reboot.
'We've asked Makman if he'd be willing to work with us," Times Internet CEO Satyan Gajwani tweeted.
The leaked data includes user name, birthdates, email address, gender, location, relationship status and sexual orientation.
The Internal Revenue Service says the accounts were breached using 'taxpayer-specific data acquired from non-IRS sources.'
Not enough banks signed on to the $19 million settlement, which would have required them to drop any further claims against Target.
The bank says its domain name servers were hijacked last month.
A call center employee at billing company Medical Management, LLC stole thousands of patients' names, birthdates and Social Security numbers.
Names, user names, birthdates, e-mail addresses and subscribed identification numbers were exposed.
'Over last 5 years my only interest has been to improve aircraft security,' Chris Roberts tweeted recently.
Company chief security officer Mike Burgess says the hackers 'had complete access to the corporate network.'
The College of Engineering's computer network was disconnected from the Internet in response to the breach.
The company says it won't 'speculate on the scope of the intrusion,' since the investigation is ongoing.
The flaw could allow an attacker to escape a VM environment and access the host system.
'Criminals are learning how to turn rewards programs, points, and prepaid cards into cash,' notes Gartner's Avivah Litan.
Charles Eccleston allegedly designed and sent spear phishing emails targeting more than 80 computers at the U.S. Department of Energy.
Forty percent have experienced more than five data breaches, according to the Ponemon Institute.
It's not yet clear how many customers may have been affected.
The breaches exposed more than 530,000 people's personal information.
If it doesn't have permission to overwrite the MBR, the malware destroys all files in the user's home folder.
27 percent say they're experiencing stress-related illness due to work demands, according to GFI Software.
In both cases, customer payment card information appears to have been accessed.
The website's own functionality was used to deliver malware to job posters.
The airline says the funds have now been frozen, and it expects them to be repaid.
And 59 percent said a breach of one company's network can lead directly to attacks on different networks in connected sectors of the economy.
An employee's account was compromised and used to access several internal systems.
Netskope also recently found that almost a quarter of all logins to CRM apps come from compromised credentials.
And for 11 percent of U.S. enterprises, hourly losses can exceed $1 million.
'The cyber threat is one we all face as institutions and individuals," Defense Secretary Ash Carter said.
A specially crafted SSL certificate can be used to crash iOS apps, and even the entire operating system.
The machines had been in use in more than 560 precincts since 2002.
A server configuration error appears to be redirecting all HTTPS traffic to HTTP.
Mortgage customers' names, Social Security numbers and account numbers were exposed.
'Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world,' a GAO report states.
City workers will be able to turn lights on and off remotely, and will be able to dim them or brighten them as needed.
Still, 32 percent told the SANS Institute they have no ability to prevent an insider breach.
No towel required for 45 security fixes in Google's Chrome 42 browser.
SurfWatch Labs' SaaS platform makes security information intelligible to business execs.
Both operations required coordination between government agencies and private sector partners.
The episodes were downloaded over a million times in less than a day.
The company will also provide almost 280,000 customers with free credit monitoring services, and will improve its privacy and security practices.
The attack appears to have been launched in retaliation for sanctions, according to CNN.
A recent survey found that 55 percent of organizations that have been hit by such attacks recommend negotiating with cybecriminals to restore data.
The campaign targets organizations with a combination of social engineering and DDoS attacks.
The target distribution 'strongly aligns with nation-state/political-group interests,' according to Check Point researchers.
15 CDs containing high-risk professionals' personal information were mistakenly sent to people requesting voter registration records.
Both Google and Mozilla are taking aggressive measures against Chinese certificate authority CNNIC.
'Starting today, we're giving notice to those who pose significant threats to our security or economy,' President Obama said.
The attack exploits an old ActiveX vulnerability, according to Symantec researchers.
The airline says tens of thousands of accounts were accessed.
User names, emails addresses and hashed passwords were exposed.
The vulnerability could enable a remote attacker to read or modify any file on an ANTlabs InnGate device, according to Cylance researchers.
That's an 18 percent increase over the previous year in vulnerabilities found, according to Secunia.
An undisclosed number of users were told their passwords 'could have been captured in clear text by malicious code.'
The SSL/TLS certificate authority system's frailty is again exposed, as an unauthorized certificate is issued for Google.
The malware installs a keylogger and scans the infected device's memory for credit card data.
The vulnerability allowed attackers to access any HHonors account simply by knowing or guessing the account number.
One third of IT professionals surveyed said they've experienced more security breaches with the public cloud than with on-premise applications.
The hackers may have accessed the personal, financial and medical information of as many as 11 million people.
The North Korean government called the accusation 'a false judgement by an idiot.'
Names, Social Security numbers, birthdates, phone numbers and home addresses were accessed.
Two separate hacker groups recently threatened to release sensitive data unless ransoms were paid.
And 64 percent of enterprise respondents said they expect that pressure to grow in the coming year.
Among those arrested is a 23-year-old man suspected of involvement in a June 2014 cyber attack on the U.S. Department of Defense.
From Texas to North Carolina, several cases have demonstrated the challenge of protecting patient and employee information.
Dropbox patches flaw that could have exposed users to risk.
The company repeatedly refused to allow the OIG to conduct vulnerability scans of its systems.
79 percent of respondents to a recent survey said ensuring that partners comply with their security requirements is a top priority in the coming year.
An undisclosed number of customers' payment card data may have been accessed.
Hotels in Boston, Las Vegas, Miami, New York and Washington, D.C., are likely affected.
Among the issues uncovered by the GAO is 'significant interconnectivity' between the National Airspace System (NAS) and non-NAS systems.
A recent study found that white hat hackers were successful in 88 percent of attempts to visually hack sensitive information.
The company says 'some limited information we have about some of our customers could have been accessed in violation of our security procedures.'
HyTrust president Eric Chiu suggests the total cost could eventually exceed $1 billion.
Two thirds of CIOs and CISOs say senior leaders in their organization don't view cyber security as a strategic priority.
The data potentially exposed includes names, addresses, phone numbers and Social Security numbers.
Avast debuts free Business Anti-Virus, but what's the catch?
The company says it had no knowledge of any access, and believes its products are secure.
It's not yet clear how much data the attackers have taken.
The company says it has investigated the software and hasn't found 'any evidence to substantiate security concerns.'
The group's tools are capable of reprogramming hard drive firmware, allowing infections to survive disk formatting and OS reinstallation.
Software allows users to leverage their existing Active Directory infrastructures to enhance Hadoop security.
That's a 78 percent increase from the previous year, according to Gemalto.
Banks were infected for between two and four months, with $2.5 million to $10 million stolen in case.
Infection rates for Android devices are now equal to those of Windows laptops, according to Alcatel-Lucent's Motive Security Labs.
According to iSIGHT Partners, the hackers were part of a Chinese group called the Codoso Team or the Sunshop Group.
The FBI is investigating the attack.
Voice commands are forwarded to third-party service provider Nuance Communications.
The report, from U.S. Senator Edward Markey, is based on 16 automakers' responses to questions regarding tracking systems and security.
All the affected locations are run by franchise operator White Lodging Services.
As many as 80 million names, birthdates, Social Security numbers, street addresses and email addresses may have been accessed.
Book2Park is the third airport parking site to be breached in as many weeks.
Patient names, addresses, birthdates, medical record numbers and Social Security numbers may have been accessed.
Victims range from home healthcare patients to pediatric eyewear customers.
'An attacker could shut down over 5,300 fueling stations in the United States with little effort,' says Rapid7's HD Moore.
After paying out $1.5 million in bug bounties in 2014, Google is boosting payments for ongoing security research.
Foreign companies selling equipment to Chinese banks will also be required to disclose source code and submit to audits, the New York Times reports.
A recent survey also found that 59 percent of U.S. IT decision makers believe privileged users pose the greatest threat to their organizations.
Rahul Sasi has tested the malware on the DJI Phantom and Parrot AR.Drone 2.0.
While the hackers claim to have accessed customer data, the airline says 'user data remains secured.'
Credit card numbers and Social Security numbers appear to have been accessed.
Brown was also ordered to pay $890,000 in restitution.
Google pays out $88,500 in bug bounties, with the largest browser security update yet in 2015. In all, Google fixed 62 different security flaws.
Security budgets increased by an average of 34 percent in the year following the Target breach, according to the Ponemon Institute.
'An attacker who controls that dongle has full control of the vehicle,' says Digital Bond Labs' Corey Thuen.
Dell SecureWorks has outlined a list of steps for organizations to take to mitigate the threat.
The bill would expand the definition of private data, and would require all entities that collect and/or store such data to have safeguards in place.
Both companies recently began notifying customers of the breaches, which took place late last year.
The hackers briefly posted threats on Twitter before the accounts were suspended and returned to CENTCOM's control.
Affected customers had apparently reused their passwords on other sites that had been breached.
The Personal Data Notification and Protection Act would require that consumers be notified of all breaches within 30 days.
The company will pay a fine of $106,000, and will comply with a list of improved security requirements.
The websites of the German chancellor and foreign ministry were both attacked by the CyberBerkut hacker group.
Over $5 million in bitcoins appear to have been stolen.
A former financial adviser allegedly stole 10 percent of the company's 3.5 million Wealth Management customers' account information.
'After this talk, politicians will presumably wear gloves when talking in public,' Jan Krissler said.
The breach may have lasted from December 2, 2013 to September 30, 2014.
Credit cards used on the airport parking service's website were recently found for sale online.
The aim, according to the Bureau, is to 'protect our nation and the American people from the rapidly evolving cyber threat.'
The researchers say a former employee or employees may have joined forces with pro-piracy hacktivists to attack the company.
FireEye CTO Dave Merkel details his firm's latest additions and offers some security predictions for 2015.
The attack caused 'massive damage to the whole system,' according to Germany's BSI.
The bank's security team had failed to implement two-factor authentication on one of its network servers.
While Apple introduced the technology to do so two years ago, this was the first time it was used.
The vulnerability has been in place since 2002.
Centralized Zone Data System users' names, addresses, email addresses, phone numbers, usernames and hashed passwords may have been accessed.
An NSC spokesperson says the U.S. is 'considering a range of options in weighing a potential response.'
A significant number of credit cards that were recently used at Park 'N Fly locations are now being offered for sale online.
A SailPoint survey also found that 66 percent of employees still had access to corporate data via cloud apps after leaving their jobs.
Social Security numbers and credit card numbers may have been accessed.
- May 2015
- Apr 2015
- Mar 2015
- Feb 2015
- Jan 2015
- Dec 2014
- Nov 2014
- Oct 2014
- Sep 2014
- Aug 2014
- Jul 2014
- Jun 2014
- May 2014
- Apr 2014
- Mar 2014
- Feb 2014
- Jan 2014
- Dec 2013
- Nov 2013
- Oct 2013
- Sep 2013
- Aug 2013
- Jul 2013
- Jun 2013
- May 2013
- Apr 2013
- Mar 2013
- Feb 2013
- Jan 2013
- Dec 2012
- Nov 2012
- Oct 2012
- Sep 2012
- Aug 2012
- Jul 2012
- Jun 2012
- May 2012
- Apr 2012
- Mar 2012
- Feb 2012
- Jan 2012
- Dec 2011
- Nov 2011
- Oct 2011
- Sep 2011
- Aug 2011
- Jul 2011
- Jun 2011
- May 2011
- Apr 2011
- Mar 2011
- Feb 2011
- Jan 2011
- Dec 2010
- Nov 2010
- Oct 2010
- Sep 2010
- Aug 2010
- Jul 2010
- Jun 2010
- May 2010
- Apr 2010
- Mar 2010
- Feb 2010
- Jan 2010
- Dec 2009
- Nov 2009
- Oct 2009
- Sep 2009
- Aug 2009
- Jul 2009
- Jun 2009
- May 2009
- Apr 2009
- Mar 2009
- Feb 2009
- Jan 2009
- Dec 2008
- Nov 2008
- Oct 2008
- Sep 2008
- Aug 2008
- Jul 2008
- Jun 2008
- May 2008
- Mar 2008
- Nov 2007
- Oct 2007
- May 2006
- Apr 2006
- Mar 2006
- Nov 2005
- Oct 2005
- Sep 2005
- Aug 2005
- Jul 2005
- Jun 2005
- May 2005
- Apr 2005
- Mar 2005
- Feb 2005
- Jan 2005
- Dec 2004
- Nov 2004
- May 2004
- Apr 2004
- Mar 2004
- Feb 2004
- Jan 2004
- Dec 2003
- Nov 2003
- Oct 2003
- Sep 2003
- Aug 2003
- Jul 2003
- Jun 2003
- May 2003
- Apr 2003
- Mar 2003
- Feb 2003
- Jan 2003
- Dec 2002
- Nov 2002
- Oct 2002
- Sep 2002
- Aug 2002
- Jul 2002
- Jun 2002
- May 2002
- Apr 2002
- Mar 2002
- Feb 2002
- Jan 2002
- What are the top Android security apps?
- What are the top Android security risks?
- What are today's top cyber threats?
- What's the most secure way to delete data?
- How does hard drive encryption work?
- Is old software inherently insecure?
- Are Macs immune to malware?
- How can BYOD risk be managed?
- Which web browser is the most secure?
- How do I protect my iOS device?
- What are the top iPhone security apps?
- How do I secure my wireless network?
- Are public Wi-Fi hotspots safe?