The Trojan looks for processes linked to KeePass, Password Safe, and the neXus Personal Security Client.
Data from an Excel spreadsheet containing 9,250 asylum seekers' personal information was mistakenly embedded in a Word document published online.
2.7 million Turkish cardholders' names, HSBC account numbers, card numbers and expiration dates were exposed.
In response to the breach, the department's entire unclassified email system was shut down, with duty officers using Gmail accounts to communicate.
IBM has patented an invention that will help global businesses navigate complex regulatory landscape for cloud data.
Verizon, however, is continuing to insert the tracking data into its customers' Web traffic.
NOAA didn't acknowledge the breach until weeks after the fact, according to the Washington Post.
Microsoft buys Aorato, the company that earlier this year disclosed a critical vulnerability in Microsoft's security.
The campaign targets corporate executives via hotel Wi-Fi networks.
The hacker leveraged his access to send an email to customers claiming the service was shutting down.
The Washington Post reports that Chinese government hackers are believed to have been responsible for the attack.
The company has also acknowleged that the attackers leveraged a third-party vendor's user name and password to access Home Depot's network.
The malware has already been downloaded more than 350,000 times.
'With just a mobile phone, we created a PoS terminal that could read a card through a wallet,' says lead researcher Martin Emms.
An employee improperly accessed an undisclosed number of customers' names, account numbers and Social Security numbers.
'You should proceed under the assumption that every Drupal 7 website was compromised,' a security advisory warns.
The email addresses of an undisclosed number of participants in CurrentC's pilot program were stolen.
While the unclassified network was breached, officials say there's no indication at this point that any data on the classified network was accessed.
That's an increase of more than 600 percent from 2012, according to state attorney general Kamala Harris.
Just 19 percent of IT pros are confident they know about all cloud computing applications, platforms or infrastructure in use in their organizations.
The number of Backoff infections increased by 57 percent from August to September 2014, according to Damballa.
The Electronic Frontier Foundation's Jacob Hoffman-Andrews says AT&T and Sprint may be using similar headers as well.
Those affected were notified two weeks after the breach was discovered.
A folder containing billing information was mistakenly left accessible online.
Potentially affected locations include seven in Pennsylvania, three in New York City, and one in New Jersey.
All Chinese visitors to iCloud.com are being directed to a fake page designed to steal login credentials.
The number of cyber attacks per week surged by 176 percent over the past five years, according to the Ponemon Institute.
'Bottom line, it's time to kill passwords,' says Centrify CEO Tom Kemp.
Twitter immediately disabled SSL 3.0 support following the disclosure.
Dropbox says it wasn't hacked, and that any stolen login credentials came from breaches at other sites.
The company says the infection came from 'a new form of malware that was undetectable by current anti-virus systems.'
Almost 400 locations are affected, exposing customer names, payment card numbers and expiration dates.
Additional targets included Citigroup, HSBC, E*Trade, Regions Financial, ADP and Bank of the West, though it appears that no data was stolen.
FireEye Turns Its Attention to SCADA industrial control systems.
Account numbers and balances were exposed, along with detailed instructions on how to authorize new bank accounts for deposits.
The guidance is intended to help device manufacturers mitigate security risks.
Veracode CEO explains what his company is doing now as he heads toward a public offering.
An employee inappropriately accessed Social Security numbers, driver's license numbers, and Customer Proprietary Network Information (CPNI).
'You were affected if you used the following Web or mobile services: Chase.com, JPMorganOnline, Chase Mobile or JPMorgan Mobile,' the company says.
Lacoon researchers describe the iOS version of the malware as the 'first iOS Trojan linked to Chinese government cyber activity.'
Payment card account numbers may have been accessed, along with some cardholder names and expiration dates.
Mark Reuss, GM's vice president of global product development, says it's crucial to look at vehicle technology 'on a critical systems level.'
Malware was installed on 23 company computers, seven of which were found to be sending data to a server in Hong Kong.
Point-of-sale systems vendor Signature Systems says 108 independent restaurant locations are also affected.
The flaw could 'allow a remote attacker to execute arbitrary code on an affected system,' according to US-CERT.
Attacks by disgruntled employees have cost companies as much as $3 million, according to a recent alert.
880,000 customers' credit card information may have been exposed, along with another 560,000 customers' email addresses and encrypted passwords.
The data was mistakenly made accessible via Google searches between December 2013 and April 2014.
The company says the cybercriminals had 'unique, custom-built malware' in place from April to September 2014.
According to a recent Senate report, the U.S. Transportation Command was aware of only two of those breaches.
Godswill Oyegwa Uyoyou allegedly provided a group of co-conspirators with access to Skye Bank's computer systems.
According to the New York Times, more than 90 of the bank's servers were affected by the breach.
That's true despite the fact that a third of healthcare employees work outside the office or clinic at least once a week, according to Forrester.
Six former Saks Fifth Avenue employees have been charged with grand larceny and identity theft.
Google says the leaked credentials were not the result of a breach of its systems, and less than two percent of them would have worked for Gmail.
A recent McAfee study found that 80 percent of business users fell for at least one in seven phishing emails.
The company says it was recently alerted to the threat by one of its security partners.
Almost 900,000 payment cards appear to have been affected.
The cloud isn't just about virtual servers. The physical layer and its security still matter, which is why IBM is using Intel's Trusted Execution Technology.
'The benefits of encryption have been known for some time, but companies just aren't doing it,' says SafeNet chief strategy officer Tsion Gonen.
The breach may have lasted for several months, making it potentially far more damaging than last year's three-week-long Target breach.
The company says the breaches were the result of 'a very targeted attack on user names, passwords and security questions.'
The users' email addresses and encrypted passwords were posted on a publicly accessible server for approximately three months.
In a recent survey, 61 percent of IT professionals said they can't deter or respond to insider attacks.
The company hasn't yet determined how many locations may be affected.
The hackers stole gigabytes of sensitive data, though it's not clear whether the attacks were aimed at financial gain or cyber espionage.
A DHS advisory urges companies to work with IT, anti-virus vendors, managed service providers and PoS system vendors to check for vulnerabilities.
27 million names, resident registration numbers, account names and passwords were allegedly accessed by a Chinese hacker.
'We have seen no evidence ... of any unauthorized access to users' personal information,' the company stated.
Recent research by Venafi found that 97 percent of Global 2000 organizations' public servers remain vulnerable to Heartbleed.
According to a recent BitSight report, the higher education sector is less secure than retail or healthcare.
Customer names, mailing addresses, email addresses and payment card information may have been accessed at 51 stores in 24 states.
At least two of the attacks were launched from overseas.
The hackers stole about 4.5 patients' names, addresses, birthdates, phone numbers and Social Security numbers.
Potentially affected stores include Acme Markets, Cub Foods, Farm Fresh, Horbacher's, Jewel-Osco, Shaw's, Shop 'n Save, Shoppers and Star Markets.
Hackers stole the funds from TEC Industrial in 55 separate ACH drafts on May 10, 2012.
A data center outage left the popular password management service inaccessible for several hours.
Unencrypted computers containing the data were stolen from three different medical facilities.
More than 175 million customers records were stolen in the second quarter of the year, according to SafeNet.
The company says the breach 'has all the markings of a state-sponsored attack.'
More than 2,000 current and former patients may be affected.
649,055 customers' names, user names, mailing addresses, email addresses, phone numbers and birthdates were exposed.
A Russian gang of fewer than a dozen hackers has collected more than 4.5 billion user records from over 400,000 websites and FTP sites.
A data sanitization process failed for 30 days, exposing 76,000 email addresses and 4,000 encrypted passwords.
The malware appears to have been responsible for several recent high-profile breaches, including those at Target, Neiman Marcus and Goodwill.
The NRC says it'll take a year to develop a new secure IT infrastructure.
'Users who operated or accessed hidden services from early February through July 4 should assume they were affected,' says the project's co-founder.
CrossIdea technology will give IBM more capabilities to evaluate and access risks.
The money will be paid to customers in the form of games and memberships.
More than 1.1 million debit and credit card records were stolen from former Thomas Cook subsidiary Essential Travel.
ArcSight founder joins security vendor to fill gaps that SIEM doesn't solve.
The hackers demanded a ransom after stealing 20,000 email addresses.
Over 1,000 customer accounts were compromised and used to purchase more than 3,500 e-tickets, which were then resold.
Recipients who click on links in the emails are redirected to a fake login page designed to steal email addresses and passwords.
The breach may date back as far as the middle of 2013.
Sentinel Labs researchers say the malware is so hard to detect it's 'virtually invisible.'
That's happening even though 65 percent say it's their responsibility to protect that data.
73 percent of respondents to a recent survey said they're very or extremely concerned about the impact of ransomware, up from 48 percent in January.
Forty-five percent of IT staff say they monitor network and application performance manually instead of using network monitoring tools.
The malware is currently being offered for sale online for $7,000 -- or $1,000 for a one-week trial.
Researchers at UC Berkeley alerted the company to the flaws, and also found vulnerabilities in three competing solutions.
The malware, which was first uncovered in 2011, has infected more than 30,000 Windows PCs worldwide.
Still, only 28 percent say security is one of their organization's top five strategic priorities.
A brokerage firm, a health district, a retirement community, a hospital and an oil change franchisee were all recently hit.
Site owner HotelStayUK says the security flaws were 'obviously completely unacceptable.'
'The future will be hybrid,' says Gartner research vice president Carsten Casper.
'Email encryption is the best tool to stop mass surveillance on the Internet,' says company co-founder Matthias Pfau.
Just 16 percent of IT and IT security professionals know the location of all of their sensitive structured data.
Symantec researchers say the campaign 'bears the hallmarks of a state-sponsored operation.'
Names, birthdates, Social Security numbers and bank account information may have been accessed.
A photo published in a Brazilian newspaper clearly showed the network's SSID and password.
Forty-six percent of senior IT pros say data is leaking from their companies due to the use of file sharing services.
While 63 percent think it's easy to govern access rights, 42 percent admit they aren't able to monitor or prevent insider breaches.
Columbia University's Jason Nieh and Nicolas Viennot found thousands of secret keys being stored in app software.
While the attack exposed some flaws in the app, Yo has exploded in popularity since the breach.
A hacker deleted most of the company's data, backups, machine configurations and offsite backups.
The malware, also called Dyreza, is designed to bypass SSL and steal login credentials.
Names, Social Security numbers and birthdates were exposed, along with a variety of other information.
The hackers claim to have stolen more than half a million customers' names, addresses, phone numbers, email addresses and passwords.
An undisclosed number of customers' Social Security numbers and birthdates were accessed.
From phishing scams to mobile malware, there's a lot to watch out for if you're a soccer fan these days.
Proposed special conditions require Boeing to 'ensure that the airplanes' electronic systems are protected from access by unauthorized sources.'
Daktronics' configuration software comes with a default password that's too often left unchanged.
Patients' names, genders, medical record numbers, birthdates and dates and times of service may have been exposed.
The need for encryption now is greater than ever.
The service was shut down for an hour as TweetDeck fixed an XSS vulnerability.
Thousands of new credit and debit cards, all of which were recently used at P.F. Chang's locations, are being offered for sale online.
The attackers who hit Feedly demanded money to make the attacks stop.
More than 16,000 employees' and job applicants' names, identification numbers, contact details, education and work experience may have been accessed.
Jennifer Robinson was sentenced to 121 months in prison for her involvement in the filing of fraudulent tax returns using stolen patient data.
The affected members' names, addresses, birthdates, medical information and member identification numbers were sent to other members by mistake.
The sentence could be applied to hackers who cause loss of life, serious illness or injury, or serious damage to national security.
An undisclosed number of clients' names, addresses, birthdates and Social Security numbers may have been exposed.
The patients' personal information was sold to private companies marketing Registered Education Savings Plans.
According to the CSIS and McAfee, cybercrime could be costing the U.S. as many as 200,000 jobs.
Marcel Lazar Lehel was sentenced by a Romanian court to four years in prison.
Delson Moo Hiang Kng placed an offensive image on the website of the president of Singapore's official residence.
Louis Francois was also ordered to pay $355,000 in restitution.
An undisclosed number of customers' names, birthdates and Social Security numbers may have been stolen by a former employee.
Second quarter IBM X-Force Threat Intelligence report finds an uptick in spam volume.
The South Central Ambulance Service mistakenly published the age, sexuality and religion of each of its 2,826 staff members.
If Cameron Lacroix's plea agreement is accepted by the court, he'll be sentenced to four years in prison.
A LexisNexis survey also found that 52.5 percent of attorneys have used free consumer file sharing services to share client-privileged communications.
An undisclosed numbers of employees' and retirees' names and Social Security numbers were mistakenly exposed.
Bryant Thompson was sentenced to 10 years in prison, and Quincy Walton was sentenced to seven years.
The link direct victims to a zip file hosted on Dropbox, which delivers a malicious executable.
2,365 customers' contact details, medical care provider information and order histories were stolen by a former employee.
More than 1,000 donors' names, addresses, phone numbers, occupations, employers' names, and bank account or credit card details may have been exposed.
Some partial Social Security numbers and some full Social Security numbers were exposed.
The download installs a keylogger while claiming to verify that the victim's computer is 'clean.'
- Nov 2014
- Oct 2014
- Sep 2014
- Aug 2014
- Jul 2014
- Jun 2014
- May 2014
- Apr 2014
- Mar 2014
- Feb 2014
- Jan 2014
- Dec 2013
- Nov 2013
- Oct 2013
- Sep 2013
- Aug 2013
- Jul 2013
- Jun 2013
- May 2013
- Apr 2013
- Mar 2013
- Feb 2013
- Jan 2013
- Dec 2012
- Nov 2012
- Oct 2012
- Sep 2012
- Aug 2012
- Jul 2012
- Jun 2012
- May 2012
- Apr 2012
- Mar 2012
- Feb 2012
- Jan 2012
- Dec 2011
- Nov 2011
- Oct 2011
- Sep 2011
- Aug 2011
- Jul 2011
- Jun 2011
- May 2011
- Apr 2011
- Mar 2011
- Feb 2011
- Jan 2011
- Dec 2010
- Nov 2010
- Oct 2010
- Sep 2010
- Aug 2010
- Jul 2010
- Jun 2010
- May 2010
- Apr 2010
- Mar 2010
- Feb 2010
- Jan 2010
- Dec 2009
- Nov 2009
- Oct 2009
- Sep 2009
- Aug 2009
- Jul 2009
- Jun 2009
- May 2009
- Apr 2009
- Mar 2009
- Feb 2009
- Jan 2009
- Dec 2008
- Nov 2008
- Oct 2008
- Sep 2008
- Aug 2008
- Jul 2008
- Jun 2008
- May 2008
- Mar 2008
- Nov 2007
- Oct 2007
- May 2006
- Apr 2006
- Mar 2006
- Nov 2005
- Oct 2005
- Sep 2005
- Aug 2005
- Jul 2005
- Jun 2005
- May 2005
- Apr 2005
- Mar 2005
- Feb 2005
- Jan 2005
- Dec 2004
- Nov 2004
- May 2004
- Apr 2004
- Mar 2004
- Feb 2004
- Jan 2004
- Dec 2003
- Nov 2003
- Oct 2003
- Sep 2003
- Aug 2003
- Jul 2003
- Jun 2003
- May 2003
- Apr 2003
- Mar 2003
- Feb 2003
- Jan 2003
- Dec 2002
- Nov 2002
- Oct 2002
- Sep 2002
- Aug 2002
- Jul 2002
- Jun 2002
- May 2002
- Apr 2002
- Mar 2002
- Feb 2002
- Jan 2002
- What are the top Android security apps?
- What are the top Android security risks?
- What are today's top cyber threats?
- What's the most secure way to delete data?
- How does hard drive encryption work?
- Is old software inherently insecure?
- Are Macs immune to malware?
- How can BYOD risk be managed?
- Which web browser is the most secure?
- How do I protect my iOS device?
- What are the top iPhone security apps?
- How do I secure my wireless network?
- Are public Wi-Fi hotspots safe?