A folder containing billing information was mistakenly left accessible online.
Potentially affected locations include seven in Pennsylvania, three in New York City, and one in New Jersey.
All Chinese visitors to iCloud.com are being directed to a fake page designed to steal login credentials.
The number of cyber attacks per week surged by 176 percent over the past five years, according to the Ponemon Institute.
'Bottom line, it's time to kill passwords,' says Centrify CEO Tom Kemp.
Twitter immediately disabled SSL 3.0 support following the disclosure.
Dropbox says it wasn't hacked, and that any stolen login credentials came from breaches at other sites.
The company says the infection came from 'a new form of malware that was undetectable by current anti-virus systems.'
Almost 400 locations are affected, exposing customer names, payment card numbers and expiration dates.
FireEye Turns Its Attention to SCADA industrial control systems.
Additional targets included Citigroup, HSBC, E*Trade, Regions Financial, ADP and Bank of the West, though it appears that no data was stolen.
Account numbers and balances were exposed, along with detailed instructions on how to authorize new bank accounts for deposits.
The guidance is intended to help device manufacturers mitigate security risks.
Veracode CEO explains what his company is doing now as he heads toward a public offering.
An employee inappropriately accessed Social Security numbers, driver's license numbers, and Customer Proprietary Network Information (CPNI).
'You were affected if you used the following Web or mobile services: Chase.com, JPMorganOnline, Chase Mobile or JPMorgan Mobile,' the company says.
Lacoon researchers describe the iOS version of the malware as the 'first iOS Trojan linked to Chinese government cyber activity.'
Payment card account numbers may have been accessed, along with some cardholder names and expiration dates.
Mark Reuss, GM's vice president of global product development, says it's crucial to look at vehicle technology 'on a critical systems level.'
Malware was installed on 23 company computers, seven of which were found to be sending data to a server in Hong Kong.
Point-of-sale systems vendor Signature Systems says 108 independent restaurant locations are also affected.
The flaw could 'allow a remote attacker to execute arbitrary code on an affected system,' according to US-CERT.
Attacks by disgruntled employees have cost companies as much as $3 million, according to a recent alert.
880,000 customers' credit card information may have been exposed, along with another 560,000 customers' email addresses and encrypted passwords.
The data was mistakenly made accessible via Google searches between December 2013 and April 2014.
The company says the cybercriminals had 'unique, custom-built malware' in place from April to September 2014.
According to a recent Senate report, the U.S. Transportation Command was aware of only two of those breaches.
Godswill Oyegwa Uyoyou allegedly provided a group of co-conspirators with access to Skye Bank's computer systems.
According to the New York Times, more than 90 of the bank's servers were affected by the breach.
That's true despite the fact that a third of healthcare employees work outside the office or clinic at least once a week, according to Forrester.
Six former Saks Fifth Avenue employees have been charged with grand larceny and identity theft.
Google says the leaked credentials were not the result of a breach of its systems, and less than two percent of them would have worked for Gmail.
A recent McAfee study found that 80 percent of business users fell for at least one in seven phishing emails.
The company says it was recently alerted to the threat by one of its security partners.
Almost 900,000 payment cards appear to have been affected.
The cloud isn't just about virtual servers. The physical layer and its security still matter, which is why IBM is using Intel's Trusted Execution Technology.
'The benefits of encryption have been known for some time, but companies just aren't doing it,' says SafeNet chief strategy officer Tsion Gonen.
The breach may have lasted for several months, making it potentially far more damaging than last year's three-week-long Target breach.
The company says the breaches were the result of 'a very targeted attack on user names, passwords and security questions.'
The users' email addresses and encrypted passwords were posted on a publicly accessible server for approximately three months.
In a recent survey, 61 percent of IT professionals said they can't deter or respond to insider attacks.
The company hasn't yet determined how many locations may be affected.
The hackers stole gigabytes of sensitive data, though it's not clear whether the attacks were aimed at financial gain or cyber espionage.
A DHS advisory urges companies to work with IT, anti-virus vendors, managed service providers and PoS system vendors to check for vulnerabilities.
27 million names, resident registration numbers, account names and passwords were allegedly accessed by a Chinese hacker.
'We have seen no evidence ... of any unauthorized access to users' personal information,' the company stated.
Recent research by Venafi found that 97 percent of Global 2000 organizations' public servers remain vulnerable to Heartbleed.
According to a recent BitSight report, the higher education sector is less secure than retail or healthcare.
Customer names, mailing addresses, email addresses and payment card information may have been accessed at 51 stores in 24 states.
At least two of the attacks were launched from overseas.
The hackers stole about 4.5 patients' names, addresses, birthdates, phone numbers and Social Security numbers.
Potentially affected stores include Acme Markets, Cub Foods, Farm Fresh, Horbacher's, Jewel-Osco, Shaw's, Shop 'n Save, Shoppers and Star Markets.
Hackers stole the funds from TEC Industrial in 55 separate ACH drafts on May 10, 2012.
A data center outage left the popular password management service inaccessible for several hours.
Unencrypted computers containing the data were stolen from three different medical facilities.
More than 175 million customers records were stolen in the second quarter of the year, according to SafeNet.
The company says the breach 'has all the markings of a state-sponsored attack.'
More than 2,000 current and former patients may be affected.
649,055 customers' names, user names, mailing addresses, email addresses, phone numbers and birthdates were exposed.
A Russian gang of fewer than a dozen hackers has collected more than 4.5 billion user records from over 400,000 websites and FTP sites.
A data sanitization process failed for 30 days, exposing 76,000 email addresses and 4,000 encrypted passwords.
The malware appears to have been responsible for several recent high-profile breaches, including those at Target, Neiman Marcus and Goodwill.
The NRC says it'll take a year to develop a new secure IT infrastructure.
'Users who operated or accessed hidden services from early February through July 4 should assume they were affected,' says the project's co-founder.
CrossIdea technology will give IBM more capabilities to evaluate and access risks.
The money will be paid to customers in the form of games and memberships.
More than 1.1 million debit and credit card records were stolen from former Thomas Cook subsidiary Essential Travel.
ArcSight founder joins security vendor to fill gaps that SIEM doesn't solve.
The hackers demanded a ransom after stealing 20,000 email addresses.
Over 1,000 customer accounts were compromised and used to purchase more than 3,500 e-tickets, which were then resold.
Recipients who click on links in the emails are redirected to a fake login page designed to steal email addresses and passwords.
The breach may date back as far as the middle of 2013.
Sentinel Labs researchers say the malware is so hard to detect it's 'virtually invisible.'
That's happening even though 65 percent say it's their responsibility to protect that data.
73 percent of respondents to a recent survey said they're very or extremely concerned about the impact of ransomware, up from 48 percent in January.
Forty-five percent of IT staff say they monitor network and application performance manually instead of using network monitoring tools.
The malware is currently being offered for sale online for $7,000 -- or $1,000 for a one-week trial.
Researchers at UC Berkeley alerted the company to the flaws, and also found vulnerabilities in three competing solutions.
The malware, which was first uncovered in 2011, has infected more than 30,000 Windows PCs worldwide.
Still, only 28 percent say security is one of their organization's top five strategic priorities.
A brokerage firm, a health district, a retirement community, a hospital and an oil change franchisee were all recently hit.
Site owner HotelStayUK says the security flaws were 'obviously completely unacceptable.'
'The future will be hybrid,' says Gartner research vice president Carsten Casper.
'Email encryption is the best tool to stop mass surveillance on the Internet,' says company co-founder Matthias Pfau.
Just 16 percent of IT and IT security professionals know the location of all of their sensitive structured data.
Symantec researchers say the campaign 'bears the hallmarks of a state-sponsored operation.'
Names, birthdates, Social Security numbers and bank account information may have been accessed.
A photo published in a Brazilian newspaper clearly showed the network's SSID and password.
Forty-six percent of senior IT pros say data is leaking from their companies due to the use of file sharing services.
While 63 percent think it's easy to govern access rights, 42 percent admit they aren't able to monitor or prevent insider breaches.
Columbia University's Jason Nieh and Nicolas Viennot found thousands of secret keys being stored in app software.
While the attack exposed some flaws in the app, Yo has exploded in popularity since the breach.
A hacker deleted most of the company's data, backups, machine configurations and offsite backups.
The malware, also called Dyreza, is designed to bypass SSL and steal login credentials.
Names, Social Security numbers and birthdates were exposed, along with a variety of other information.
The hackers claim to have stolen more than half a million customers' names, addresses, phone numbers, email addresses and passwords.
An undisclosed number of customers' Social Security numbers and birthdates were accessed.
From phishing scams to mobile malware, there's a lot to watch out for if you're a soccer fan these days.
Proposed special conditions require Boeing to 'ensure that the airplanes' electronic systems are protected from access by unauthorized sources.'
Daktronics' configuration software comes with a default password that's too often left unchanged.
Patients' names, genders, medical record numbers, birthdates and dates and times of service may have been exposed.
The need for encryption now is greater than ever.
The service was shut down for an hour as TweetDeck fixed an XSS vulnerability.
Thousands of new credit and debit cards, all of which were recently used at P.F. Chang's locations, are being offered for sale online.
The attackers who hit Feedly demanded money to make the attacks stop.
Jennifer Robinson was sentenced to 121 months in prison for her involvement in the filing of fraudulent tax returns using stolen patient data.
More than 16,000 employees' and job applicants' names, identification numbers, contact details, education and work experience may have been accessed.
The affected members' names, addresses, birthdates, medical information and member identification numbers were sent to other members by mistake.
The sentence could be applied to hackers who cause loss of life, serious illness or injury, or serious damage to national security.
The patients' personal information was sold to private companies marketing Registered Education Savings Plans.
An undisclosed number of clients' names, addresses, birthdates and Social Security numbers may have been exposed.
According to the CSIS and McAfee, cybercrime could be costing the U.S. as many as 200,000 jobs.
Marcel Lazar Lehel was sentenced by a Romanian court to four years in prison.
Louis Francois was also ordered to pay $355,000 in restitution.
Delson Moo Hiang Kng placed an offensive image on the website of the president of Singapore's official residence.
Second quarter IBM X-Force Threat Intelligence report finds an uptick in spam volume.
An undisclosed number of customers' names, birthdates and Social Security numbers may have been stolen by a former employee.
The South Central Ambulance Service mistakenly published the age, sexuality and religion of each of its 2,826 staff members.
If Cameron Lacroix's plea agreement is accepted by the court, he'll be sentenced to four years in prison.
A LexisNexis survey also found that 52.5 percent of attorneys have used free consumer file sharing services to share client-privileged communications.
An undisclosed numbers of employees' and retirees' names and Social Security numbers were mistakenly exposed.
The link direct victims to a zip file hosted on Dropbox, which delivers a malicious executable.
Bryant Thompson was sentenced to 10 years in prison, and Quincy Walton was sentenced to seven years.
2,365 customers' contact details, medical care provider information and order histories were stolen by a former employee.
More than 1,000 donors' names, addresses, phone numbers, occupations, employers' names, and bank account or credit card details may have been exposed.
Some partial Social Security numbers and some full Social Security numbers were exposed.
Names, addresses, birthdates, Social Security numbers, clinical information and dates of service were exposed.
Communications between PCs infected by GameOver Zeus were redirected to government servers, and Cryptolocker command and control servers were seized.
The download installs a keylogger while claiming to verify that the victim's computer is 'clean.'
Clients' names, birthdates, treatment records, and health and clinical histories may have been exposed.
Detrius Elliott stole the identities of at least 78 hospital patients' financial guarantors.
Screenshots of checkout pages were stolen from the evening of May 4, 2014 until the morning of May 5, 2014.
The laptop contained 46,771 Union Labor Life benefit plan participants' names, addresses and Social Security numbers.
The file management and optimization app is capable of sending SMS messages to premium rate numbers without the user's consent.
Customers' names, email addresses, passwords, addresses, phone numbers and birthdates were accessed.
A former employee accessed more than 30,000 customers' credit card information.
A Courion survey also found that one in five U.K. employees say hackers do a 'worthwhile job' in exposing security flaws.
594 patients' names, birthdates, diagnoses, physicians' names and medications were accessed.
1,050 students' names, Social Security numbers, birthdates and addresses were exposed.
The drive contained the members' names and Social Security numbers, along with some medical information.
By 2016, according to SafeNet, 56 percent of organizations worldwide expect the majority of their users to leverage multi-factor authentication.
Names, addresses, phone numbers, birthdates and health information may have been accessed.
While only one user's data was accessed, all Android users are being advised to upgrade their apps as a precaution.
Names, Social Security numbers, birthdates, home addresses, phone numbers, hire dates and wage information were accessed.
What you do in your browser now forms a second factor of authentication for e-commerce transactions, thanks to IBM.
Customers' names, addresses, e-mail addresses and credit card numbers may have been accessed.
Users' nicknames, user names, e-mail addresses and hashed passwords were compromised.
Hector Xavier Monsegur was sentenced to time served due to his 'extraordinary cooperation' with the FBI.
Employees' names, addresses, birthdates, Social Security numbers and driver's license numbers may have been exposed.
An undisclosed number of Precision Planting customers' and employees' personal information may have been accessed.
- Oct 2014
- Sep 2014
- Aug 2014
- Jul 2014
- Jun 2014
- May 2014
- Apr 2014
- Mar 2014
- Feb 2014
- Jan 2014
- Dec 2013
- Nov 2013
- Oct 2013
- Sep 2013
- Aug 2013
- Jul 2013
- Jun 2013
- May 2013
- Apr 2013
- Mar 2013
- Feb 2013
- Jan 2013
- Dec 2012
- Nov 2012
- Oct 2012
- Sep 2012
- Aug 2012
- Jul 2012
- Jun 2012
- May 2012
- Apr 2012
- Mar 2012
- Feb 2012
- Jan 2012
- Dec 2011
- Nov 2011
- Oct 2011
- Sep 2011
- Aug 2011
- Jul 2011
- Jun 2011
- May 2011
- Apr 2011
- Mar 2011
- Feb 2011
- Jan 2011
- Dec 2010
- Nov 2010
- Oct 2010
- Sep 2010
- Aug 2010
- Jul 2010
- Jun 2010
- May 2010
- Apr 2010
- Mar 2010
- Feb 2010
- Jan 2010
- Dec 2009
- Nov 2009
- Oct 2009
- Sep 2009
- Aug 2009
- Jul 2009
- Jun 2009
- May 2009
- Apr 2009
- Mar 2009
- Feb 2009
- Jan 2009
- Dec 2008
- Nov 2008
- Oct 2008
- Sep 2008
- Aug 2008
- Jul 2008
- Jun 2008
- May 2008
- Mar 2008
- Nov 2007
- Oct 2007
- May 2006
- Apr 2006
- Mar 2006
- Nov 2005
- Oct 2005
- Sep 2005
- Aug 2005
- Jul 2005
- Jun 2005
- May 2005
- Apr 2005
- Mar 2005
- Feb 2005
- Jan 2005
- Dec 2004
- Nov 2004
- May 2004
- Apr 2004
- Mar 2004
- Feb 2004
- Jan 2004
- Dec 2003
- Nov 2003
- Oct 2003
- Sep 2003
- Aug 2003
- Jul 2003
- Jun 2003
- May 2003
- Apr 2003
- Mar 2003
- Feb 2003
- Jan 2003
- Dec 2002
- Nov 2002
- Oct 2002
- Sep 2002
- Aug 2002
- Jul 2002
- Jun 2002
- May 2002
- Apr 2002
- Mar 2002
- Feb 2002
- Jan 2002
- What are the top Android security apps?
- What are the top Android security risks?
- What are today's top cyber threats?
- What's the most secure way to delete data?
- How does hard drive encryption work?
- Is old software inherently insecure?
- Are Macs immune to malware?
- How can BYOD risk be managed?
- Which web browser is the most secure?
- How do I protect my iOS device?
- What are the top iPhone security apps?
- How do I secure my wireless network?
- Are public Wi-Fi hotspots safe?