Security News 

New Trojan Targets Petroleum, Gas, Helium Companies

The attack exploits an old ActiveX vulnerability, according to Symantec researchers.

Hackers Breach British Airways Frequent Flyer Accounts

The airline says tens of thousands of accounts were accessed.

Slack Hacked

User names, emails addresses and hashed passwords were exposed.

Security Flaw Found in Hotel Wi-Fi Systems

The vulnerability could enable a remote attacker to read or modify any file on an ANTlabs InnGate device, according to Cylance researchers.

15,435 Vulnerabilities Found in 3,870 Applications in 2014

That's an 18 percent increase over the previous year in vulnerabilities found, according to Secunia.

Twitch Hacked

An undisclosed number of users were told their passwords 'could have been captured in clear text by malicious code.'

Google Hit Again by Unauthorized SSL/TLS Certificates

The SSL/TLS certificate authority system's frailty is again exposed, as an unauthorized certificate is issued for Google.

Cisco Warns of PoSeidon Point-of-Sale Malware

The malware installs a keylogger and scans the infected device's memory for credit card data.

Massive Security Flaw Found in Hilton HHonors Website

The vulnerability allowed attackers to access any HHonors account simply by knowing or guessing the account number.

90 Percent of IT Pros Worry About Public Cloud Security

One third of IT professionals surveyed said they've experienced more security breaches with the public cloud than with on-premise applications.

Premera Blue Cross Hacked

The hackers may have accessed the personal, financial and medical information of as many as 11 million people.

North Korea Blamed for Nuclear Power Plant Data Breach

The North Korean government called the accusation 'a false judgement by an idiot.'

Data Breach at Dental Practice Exposes 151,000 Patients' Personal Info

Names, Social Security numbers, birthdates, phone numbers and home addresses were accessed.

Hackers Demand Ransoms to Protect Blood Test Results, Nuclear Power Info

Two separate hacker groups recently threatened to release sensitive data unless ransoms were paid.

Survey Finds IT Security Pros Under Increasing Pressure

And 64 percent of enterprise respondents said they expect that pressure to grow in the coming year.

57 Arrested in Cybercrime Clampdown

Among those arrested is a 23-year-old man suspected of involvement in a June 2014 cyber attack on the U.S. Department of Defense.

Nurses Leverage Privileged Access to Commit Identity Theft

From Texas to North Carolina, several cases have demonstrated the challenge of protecting patient and employee information.

IBM Exposes Critical Dropbox Vulnerability

Dropbox patches flaw that could have exposed users to risk.

Anthem Refused Security Audit Before and After Data Breach

The company repeatedly refused to allow the OIG to conduct vulnerability scans of its systems.

Enterprises Seek Third-Party Compliance with Security Requirements

79 percent of respondents to a recent survey said ensuring that partners comply with their security requirements is a top priority in the coming year.

Natural Grocers Hacked

An undisclosed number of customers' payment card data may have been accessed.

Mandarin Oriental Hotels Hacked

Hotels in Boston, Las Vegas, Miami, New York and Washington, D.C., are likely affected.

Security Flaws Found in U.S. Air Traffic Control System

Among the issues uncovered by the GAO is 'significant interconnectivity' between the National Airspace System (NAS) and non-NAS systems.

Ponemon, 3M Warn of Low-Tech Visual Hacking Threat

A recent study found that white hat hackers were successful in 88 percent of attempts to visually hack sensitive information.

TalkTalk Acknowledges Massive Data Breach

The company says 'some limited information we have about some of our customers could have been accessed in violation of our security procedures.'

Target Breach Has Cost the Company $162 Million So Far

HyTrust president Eric Chiu suggests the total cost could eventually exceed $1 billion.

Study Finds Disconnect Between IT, Leadership on Cyber Security

Two thirds of CIOs and CISOs say senior leaders in their organization don't view cyber security as a strategic priority.

How Much Does Business AV Cost? Try Free

Avast debuts free Business Anti-Virus, but what's the catch?

Stolen Laptops, Hard Drives Expose Over 100,000 People's Personal Data

The data potentially exposed includes names, addresses, phone numbers and Social Security numbers.

Gemalto Responds to Alleged SIM Hack

The company says it had no knowledge of any access, and believes its products are secure.

Hackers Still in State Department Network Three Months After Breach

It's not yet clear how much data the attackers have taken.

Lenovo Computers Shipped with Pre-Installed Malware

The company says it has investigated the software and hasn't found 'any evidence to substantiate security concerns.'

Centrify Offers Identity Management for Hadoop

Software allows users to leverage their existing Active Directory infrastructures to enhance Hadoop security.

Kaspersky Warns of 'Outstandingly Professional' Equation Group Cyber Attacks

The group's tools are capable of reprogramming hard drive firmware, allowing infections to survive disk formatting and OS reinstallation.

1 Billion Data Records Compromised in 2014

That's a 78 percent increase from the previous year, according to Gemalto.

Carbanak Hackers Steal $1 Billion from 100 Banks Worldwide

Banks were infected for between two and four months, with $2.5 million to $10 million stolen in case.

16 Million Mobile Devices Infected with Malware

Infection rates for Android devices are now equal to those of Windows laptops, according to Alcatel-Lucent's Motive Security Labs.

Forbes Hacked

According to iSIGHT Partners, the hackers were part of a Chinese group called the Codoso Team or the Sunshop Group.

Newsweek Twitter Account Breached by Pro-ISIL Hackers

The FBI is investigating the attack.

Samsung Smart TVs Can Send Personal Information to Third Party

Voice commands are forwarded to third-party service provider Nuance Communications.

Report Warns of Cyber Security Vulnerabilities in Cars, Trucks

The report, from U.S. Senator Edward Markey, is based on 16 automakers' responses to questions regarding tracking systems and security.

Marriott Hotels Hit by Credit Card Breach

All the affected locations are run by franchise operator White Lodging Services.

Anthem Healthcare Breach Could Be Largest Ever

As many as 80 million names, birthdates, Social Security numbers, street addresses and email addresses may have been accessed.

Hackers Breach Book2Park, Barbecue Renew, EgoPay

Book2Park is the third airport parking site to be breached in as many weeks.

Insider Breach Exposes 14,000 UMass Memorial Patients' Data

Patient names, addresses, birthdates, medical record numbers and Social Security numbers may have been accessed.

Stolen Computers, Mobile Phones Expose Thousands of Patients' Medical Data

Victims range from home healthcare patients to pediatric eyewear customers.

Google Ups Ante for Security Researchers

After paying out $1.5 million in bug bounties in 2014, Google is boosting payments for ongoing security research.

5,300 U.S. Gas Stations Vulnerable to Cyber Attacks

'An attacker could shut down over 5,300 fueling stations in the United States with little effort,' says Rapid7's HD Moore.

China to Require Backdoors in Foreign Hardware, Software

Foreign companies selling equipment to Chinese banks will also be required to disclose source code and submit to audits, the New York Times reports.

93 Percent of U.S. Organizations Are Vulnerable to Insider Threats

A recent survey also found that 59 percent of U.S. IT decision makers believe privileged users pose the greatest threat to their organizations.

Researcher Develops Malware for Drones

Rahul Sasi has tested the malware on the DJI Phantom and Parrot AR.Drone 2.0.

Hackers Deface Malaysia Airlines Website

While the hackers claim to have accessed customer data, the airline says 'user data remains secured.'

Wingstop, Metropolitan State University Hit by Hackers

Credit card numbers and Social Security numbers appear to have been accessed.

Barrett Brown Sentenced to 63 Months in Prison

Brown was also ordered to pay $890,000 in restitution.

Target Breach Had Massive Impact on Cyber Security Awareness

Security budgets increased by an average of 34 percent in the year following the Target breach, according to the Ponemon Institute.

Google Pays Big Bug Bounties in Chrome 40 Fix

Google pays out $88,500 in bug bounties, with the largest browser security update yet in 2015. In all, Google fixed 62 different security flaws.

Progressive Insurance Dongle Hacked

'An attacker who controls that dongle has full control of the vehicle,' says Digital Bond Labs' Corey Thuen.

Researchers Warn of Skeleton Key Malware

Dell SecureWorks has outlined a list of steps for organizations to take to mitigate the threat.

N.Y. Attorney General Proposes Aggressive Data Protection Law

The bill would expand the definition of private data, and would require all entities that collect and/or store such data to have safeguards in place.

Airport Parking Companies Confirm Credit Card Breaches

Both companies recently began notifying customers of the breaches, which took place late last year.

Pro-ISIL Hackers Breach U.S. CENTCOM Social Media Accounts

The hackers briefly posted threats on Twitter before the accounts were suspended and returned to CENTCOM's control.

Hackers Steal Miles from American, United Airlines

Affected customers had apparently reused their passwords on other sites that had been breached.

President Obama Proposes National Breach Notification Standard

The Personal Data Notification and Protection Act would require that consumers be notified of all breaches within 30 days.

Zappos Reaches Data Breach Settlement with Nine States

The company will pay a fine of $106,000, and will comply with a list of improved security requirements.

Pro-Russian Hackers Take Down German Government Websites

The websites of the German chancellor and foreign ministry were both attacked by the CyberBerkut hacker group.

Bitcoin Exchange Bitstamp Hacked

Over $5 million in bitcoins appear to have been stolen.

Morgan Stanley Acknowledges Insider Breach

A former financial adviser allegedly stole 10 percent of the company's 3.5 million Wealth Management customers' account information.

Hacker Creates Fake Fingerprint from Photo of Politician

'After this talk, politicians will presumably wear gloves when talking in public,' Jan Krissler said.

Chick-fil-A Suffers Credit Card Breach

The breach may have lasted from December 2, 2013 to September 30, 2014.

OneStopParking Hacked

Credit cards used on the airport parking service's website were recently found for sale online.

FBI Seeks Cyber Special Agents

The aim, according to the Bureau, is to 'protect our nation and the American people from the rapidly evolving cyber threat.'

Researchers: Sony Hack Was Insider Breach

The researchers say a former employee or employees may have joined forces with pro-piracy hacktivists to attack the company.

FireEye Expands Security Platform

FireEye CTO Dave Merkel details his firm's latest additions and offers some security predictions for 2015.

Cyber Attack Causes Physical Damage at German Iron Plant

The attack caused 'massive damage to the whole system,' according to Germany's BSI.

Entry Point Identified for JPMorgan Chase Breach

The bank's security team had failed to implement two-factor authentication on one of its network servers.

Apple Delivers First-Ever Automated Mac Security Update

While Apple introduced the technology to do so two years ago, this was the first time it was used.

Misfortune Cookie Vulnerability Affects 12 Million Devices

The vulnerability has been in place since 2002.

ICANN Hacked

Centralized Zone Data System users' names, addresses, email addresses, phone numbers, usernames and hashed passwords may have been accessed.

U.S. Ties North Korea to Cyber Attack on Sony Pictures

An NSC spokesperson says the U.S. is 'considering a range of options in weighing a potential response.'

Park 'N Fly Investigates Possible Credit Card Breach

A significant number of credit cards that were recently used at Park 'N Fly locations are now being offered for sale online.

Survey: 20 Percent of Employees Have Stolen Corporate Data

A SailPoint survey also found that 66 percent of employees still had access to corporate data via cloud apps after leaving their jobs.

UC Berkeley Hacked

Social Security numbers and credit card numbers may have been accessed.

Mandiant CEO Calls Sony Data Breach 'Unprecedented'

Kevin Mandia said no company 'could have been fully prepared' for the attack.

Comcast Faces Class Action Lawsuit Over Xfinity Wi-Fi Hotspots

The lawsuit alleges that Comcast's new wireless routers increase electricity costs, degrade performance, and subject customers to security risks.

Charge Anywhere Acknowledges Five-Year-Long Data Breach

Cardholder data may have been exposed in plain text from November 5, 2009 to September 24, 2014.

LastPass, Dashlane Can Now Change Your Passwords For You

Both password managers recently added functionality that automates the process of changing your passwords on popular websites.

Lizard Squad Hackers Hit Sony PlayStation Network

The same group launched a similar attack on Sony just over three months ago.

U.S. Department of Justice Launches Cybersecurity Unit

The new unit will operate within the department's Computer Crime and Intellectual Property Section.

Bebe Stores Hit By Credit Card Breach

It's not yet clear whether the breach is still ongoing, or how long it lasted.

Canada Revenue Agency Exposes Affluent Taypayers' Financial Data

Details on charitable donations and home addresses were sent to a reporter by mistake.

FBI Warns of Destructive Malware Attacks on U.S. Companies

The FBI warning appears to refer to last week's cyber attack on Sony Pictures Entertainment.

FIN4 Hacker Group Steals Insider Info from Public Companies

The group has targeted more than 100 leading companies since mid-2013, according to FireEye.

Syrian Electronic Army Hackers Deface Western News Sites

Victims included the Chicago Tribune, CNBC, the Dallas Morning News, the Los Angeles Times, the Guardian and the Independent.

Home Depot Breach Has Already Cost $43 Million

The company also says it 'expects to incur significant legal and other professional services expenses associated with the data breach' in the future.

Virgin Islands Banks Hit by Massive Security Breach

Debit card accounts at Scotiabank, Banco Popular and FirstBank were compromised.

Sony Pictures Entertainment Disabled by Cyber Attack

The company's corporate networks and email were taken offline following the attack.

Regin Malware Likely Came From Western Intelligence Agency

According to the Guardian, the leading suspects are the U.S., the U.K., or Israel.

Verisign Warns of Surge in Large-Scale DDoS Attacks

The number of attacks exceeding 10 Gbps grew by 38 percent from Q2 to Q3 2014.

Google Brings Open Source Security Gifts

Google isn't just about search anymore. In recent weeks it has announced multiple security projects including Santa for Mac.

Citadel Malware Now Targets Password Managers

The Trojan looks for processes linked to KeePass, Password Safe, and the neXus Personal Security Client.

Australian Government Data Breach Linked to Poor Security Training

Data from an Excel spreadsheet containing 9,250 asylum seekers' personal information was mistakenly embedded in a Word document published online.

HSBC Acknowledges Massive Payment Card Breach

2.7 million Turkish cardholders' names, HSBC account numbers, card numbers and expiration dates were exposed.

U.S. State Department Hacked

In response to the breach, the department's entire unclassified email system was shut down, with duty officers using Gmail accounts to communicate.

IBM Boosts Cloud Data Protection, Compliance

IBM has patented an invention that will help global businesses navigate complex regulatory landscape for cloud data.

AT&T Stops Using 'Permacookies' to Track Customer Activity

Verizon, however, is continuing to insert the tracking data into its customers' Web traffic.

Chinese Hackers Breach NOAA

NOAA didn't acknowledge the breach until weeks after the fact, according to the Washington Post.

Microsoft Buys Aorato to Boost Active Directory Security

Microsoft buys Aorato, the company that earlier this year disclosed a critical vulnerability in Microsoft's security.

Darkhotel APT Campaign Targets Traveling Executives

The campaign targets corporate executives via hotel Wi-Fi networks.

BrowserStack Hacked via Shellshock

The hacker leveraged his access to send an email to customers claiming the service was shutting down.

U.S. Postal Service Hacked, Over 800,000 Affected

The Washington Post reports that Chinese government hackers are believed to have been responsible for the attack.

Home Depot Breach Also Exposed 53 Million Email Addresses

The company has also acknowleged that the attackers leveraged a third-party vendor's user name and password to access Home Depot's network.

WireLurker Malware Infects Mac OS X, iOS Devices

The malware has already been downloaded more than 350,000 times.

Researchers Hack Contactless Visa Cards

'With just a mobile phone, we created a PoS terminal that could read a card through a wallet,' says lead researcher Martin Emms.

Capital One Acknowledges Insider Breach

An employee improperly accessed an undisclosed number of customers' names, account numbers and Social Security numbers.

Drupal Acknowledges Major SQL Injection Vulnerability

'You should proceed under the assumption that every Drupal 7 website was compromised,' a security advisory warns.

Hackers Hit Mobile Payment Solution CurrentC

The email addresses of an undisclosed number of participants in CurrentC's pilot program were stolen.

White House Network Hacked

While the unclassified network was breached, officials say there's no indication at this point that any data on the classified network was accessed.

18.5 Million Californians' Personal Data Exposed in 2013

That's an increase of more than 600 percent from 2012, according to state attorney general Kamala Harris.

Survey Finds Enterprises Struggling to Secure Data in the Cloud

Just 19 percent of IT pros are confident they know about all cloud computing applications, platforms or infrastructure in use in their organizations.

Backoff PoS Malware Infections Rising Steadily

The number of Backoff infections increased by 57 percent from August to September 2014, according to Damballa.

Verizon Wireless Uses 'Permacookies' to Track Customer Web Activity

The Electronic Frontier Foundation's Jacob Hoffman-Andrews says AT&T and Sprint may be using similar headers as well.

Oregon Employment Department Notifies 851,322 People of Data Breach

Those affected were notified two weeks after the breach was discovered.

Employee Error at Touchstone Medical Imaging Exposes 307,528 Patients' Personal Data

A folder containing billing information was mistakenly left accessible online.

Staples Investigates Possible Data Breach

Potentially affected locations include seven in Pennsylvania, three in New York City, and one in New Jersey.

Chinese Government Targets iCloud Users with MITM Attack

All Chinese visitors to are being directed to a fake page designed to steal login credentials.

Cost of Cybercrime in U.S. Reaches $12.7 Million per Organization

The number of cyber attacks per week surged by 176 percent over the past five years, according to the Ponemon Institute.

Forgotten Passwords Cost Companies $200,000 a Year

'Bottom line, it's time to kill passwords,' says Centrify CEO Tom Kemp.

Google Researchers Warn of POODLE SSL Vulnerability

Twitter immediately disabled SSL 3.0 support following the disclosure.

Hackers Claim Breach of 7 Million Dropbox Accounts

Dropbox says it wasn't hacked, and that any stolen login credentials came from breaches at other sites.

Kmart Stores Infected with Point-of-Sale Malware

The company says the infection came from 'a new form of malware that was undetectable by current anti-virus systems.'

Dairy Queen Acknowledges Major Credit Card Breach

Almost 400 locations are affected, exposing customer names, payment card numbers and expiration dates.

JPMorgan Hackers Also Hit Over a Dozen Other Financial Firms

Additional targets included Citigroup, HSBC, E*Trade, Regions Financial, ADP and Bank of the West, though it appears that no data was stolen.

Keeping SCADA Systems Secure

FireEye Turns Its Attention to SCADA industrial control systems.

Misconfigured Server Causes Massive Data Breach at MBIA

Account numbers and balances were exposed, along with detailed instructions on how to authorize new bank accounts for deposits.

FDA Issues Cyber Security Guidance for Medical Devices

The guidance is intended to help device manufacturers mitigate security risks.

Veracode Gears up for Security IPO

Veracode CEO explains what his company is doing now as he heads toward a public offering.

AT&T Acknowledges Another Insider Breach

An employee inappropriately accessed Social Security numbers, driver's license numbers, and Customer Proprietary Network Information (CPNI).

JPMorgan Data Breach Impacts 76 Million Households, 7 Million Businesses

'You were affected if you used the following Web or mobile services:, JPMorganOnline, Chase Mobile or JPMorgan Mobile,' the company says.

Android, iOS Malware Targets Hong Kong Protesters

Lacoon researchers describe the iOS version of the malware as the 'first iOS Trojan linked to Chinese government cyber activity.'

Supervalu Hacked Again

Payment card account numbers may have been accessed, along with some cardholder names and expiration dates.

General Motors Appoints First Product Cybersecurity Officer

Mark Reuss, GM's vice president of global product development, says it's crucial to look at vehicle technology 'on a critical systems level.'

Japan Airlines Breach Exposes 750,000 People's Personal Data

Malware was installed on 23 company computers, seven of which were found to be sending data to a server in Hong Kong.

Jimmy John's Credit Card Breach Affects 216 Locations

Point-of-sale systems vendor Signature Systems says 108 independent restaurant locations are also affected.

Shellshock Bash Vulnerability: Worse Than Heartbleed

The flaw could 'allow a remote attacker to execute arbitrary code on an affected system,' according to US-CERT.

FBI, DHS Warn of Surge in Insider Threats from Disgruntled Employees

Attacks by disgruntled employees have cost companies as much as $3 million, according to a recent alert.

Data Breach at TripAdvisor's Viator Impacts 1.4 Million Users

880,000 customers' credit card information may have been exposed, along with another 560,000 customers' email addresses and encrypted passwords.

Employee Error Exposes Over 10,000 Patients' Personal Data

The data was mistakenly made accessible via Google searches between December 2013 and April 2014.

Home Depot Breach Affects 56 Million Credit Cards

The company says the cybercriminals had 'unique, custom-built malware' in place from April to September 2014.

Chinese Hackers Breached U.S. Military Contractors 20 Times in One Year

According to a recent Senate report, the U.S. Transportation Command was aware of only two of those breaches.

IT Employee Charged With $37 Million Bank Heist

Godswill Oyegwa Uyoyou allegedly provided a group of co-conspirators with access to Skye Bank's computer systems.