Security News 

Citadel Malware Now Targets Password Managers

The Trojan looks for processes linked to KeePass, Password Safe, and the neXus Personal Security Client.

Australian Government Data Breach Linked to Poor Security Training

Data from an Excel spreadsheet containing 9,250 asylum seekers' personal information was mistakenly embedded in a Word document published online.

HSBC Acknowledges Massive Payment Card Breach

2.7 million Turkish cardholders' names, HSBC account numbers, card numbers and expiration dates were exposed.

U.S. State Department Hacked

In response to the breach, the department's entire unclassified email system was shut down, with duty officers using Gmail accounts to communicate.

IBM Boosts Cloud Data Protection, Compliance

IBM has patented an invention that will help global businesses navigate complex regulatory landscape for cloud data.

AT&T Stops Using 'Permacookies' to Track Customer Activity

Verizon, however, is continuing to insert the tracking data into its customers' Web traffic.

Chinese Hackers Breach NOAA

NOAA didn't acknowledge the breach until weeks after the fact, according to the Washington Post.

Microsoft Buys Aorato to Boost Active Directory Security

Microsoft buys Aorato, the company that earlier this year disclosed a critical vulnerability in Microsoft's security.

Darkhotel APT Campaign Targets Traveling Executives

The campaign targets corporate executives via hotel Wi-Fi networks.

BrowserStack Hacked via Shellshock

The hacker leveraged his access to send an email to customers claiming the service was shutting down.

U.S. Postal Service Hacked, Over 800,000 Affected

The Washington Post reports that Chinese government hackers are believed to have been responsible for the attack.

Home Depot Breach Also Exposed 53 Million Email Addresses

The company has also acknowleged that the attackers leveraged a third-party vendor's user name and password to access Home Depot's network.

WireLurker Malware Infects Mac OS X, iOS Devices

The malware has already been downloaded more than 350,000 times.

Researchers Hack Contactless Visa Cards

'With just a mobile phone, we created a PoS terminal that could read a card through a wallet,' says lead researcher Martin Emms.

Capital One Acknowledges Insider Breach

An employee improperly accessed an undisclosed number of customers' names, account numbers and Social Security numbers.

Drupal Acknowledges Major SQL Injection Vulnerability

'You should proceed under the assumption that every Drupal 7 website was compromised,' a security advisory warns.

Hackers Hit Mobile Payment Solution CurrentC

The email addresses of an undisclosed number of participants in CurrentC's pilot program were stolen.

White House Network Hacked

While the unclassified network was breached, officials say there's no indication at this point that any data on the classified network was accessed.

18.5 Million Californians' Personal Data Exposed in 2013

That's an increase of more than 600 percent from 2012, according to state attorney general Kamala Harris.

Survey Finds Enterprises Struggling to Secure Data in the Cloud

Just 19 percent of IT pros are confident they know about all cloud computing applications, platforms or infrastructure in use in their organizations.

Backoff PoS Malware Infections Rising Steadily

The number of Backoff infections increased by 57 percent from August to September 2014, according to Damballa.

Verizon Wireless Uses 'Permacookies' to Track Customer Web Activity

The Electronic Frontier Foundation's Jacob Hoffman-Andrews says AT&T and Sprint may be using similar headers as well.

Oregon Employment Department Notifies 851,322 People of Data Breach

Those affected were notified two weeks after the breach was discovered.

Employee Error at Touchstone Medical Imaging Exposes 307,528 Patients' Personal Data

A folder containing billing information was mistakenly left accessible online.

Staples Investigates Possible Data Breach

Potentially affected locations include seven in Pennsylvania, three in New York City, and one in New Jersey.

Chinese Government Targets iCloud Users with MITM Attack

All Chinese visitors to are being directed to a fake page designed to steal login credentials.

Cost of Cybercrime in U.S. Reaches $12.7 Million per Organization

The number of cyber attacks per week surged by 176 percent over the past five years, according to the Ponemon Institute.

Forgotten Passwords Cost Companies $200,000 a Year

'Bottom line, it's time to kill passwords,' says Centrify CEO Tom Kemp.

Google Researchers Warn of POODLE SSL Vulnerability

Twitter immediately disabled SSL 3.0 support following the disclosure.

Hackers Claim Breach of 7 Million Dropbox Accounts

Dropbox says it wasn't hacked, and that any stolen login credentials came from breaches at other sites.

Kmart Stores Infected with Point-of-Sale Malware

The company says the infection came from 'a new form of malware that was undetectable by current anti-virus systems.'

Dairy Queen Acknowledges Major Credit Card Breach

Almost 400 locations are affected, exposing customer names, payment card numbers and expiration dates.

JPMorgan Hackers Also Hit Over a Dozen Other Financial Firms

Additional targets included Citigroup, HSBC, E*Trade, Regions Financial, ADP and Bank of the West, though it appears that no data was stolen.

Keeping SCADA Systems Secure

FireEye Turns Its Attention to SCADA industrial control systems.

Misconfigured Server Causes Massive Data Breach at MBIA

Account numbers and balances were exposed, along with detailed instructions on how to authorize new bank accounts for deposits.

FDA Issues Cyber Security Guidance for Medical Devices

The guidance is intended to help device manufacturers mitigate security risks.

Veracode Gears up for Security IPO

Veracode CEO explains what his company is doing now as he heads toward a public offering.

AT&T Acknowledges Another Insider Breach

An employee inappropriately accessed Social Security numbers, driver's license numbers, and Customer Proprietary Network Information (CPNI).

JPMorgan Data Breach Impacts 76 Million Households, 7 Million Businesses

'You were affected if you used the following Web or mobile services:, JPMorganOnline, Chase Mobile or JPMorgan Mobile,' the company says.

Android, iOS Malware Targets Hong Kong Protesters

Lacoon researchers describe the iOS version of the malware as the 'first iOS Trojan linked to Chinese government cyber activity.'

Supervalu Hacked Again

Payment card account numbers may have been accessed, along with some cardholder names and expiration dates.

General Motors Appoints First Product Cybersecurity Officer

Mark Reuss, GM's vice president of global product development, says it's crucial to look at vehicle technology 'on a critical systems level.'

Japan Airlines Breach Exposes 750,000 People's Personal Data

Malware was installed on 23 company computers, seven of which were found to be sending data to a server in Hong Kong.

Jimmy John's Credit Card Breach Affects 216 Locations

Point-of-sale systems vendor Signature Systems says 108 independent restaurant locations are also affected.

Shellshock Bash Vulnerability: Worse Than Heartbleed

The flaw could 'allow a remote attacker to execute arbitrary code on an affected system,' according to US-CERT.

FBI, DHS Warn of Surge in Insider Threats from Disgruntled Employees

Attacks by disgruntled employees have cost companies as much as $3 million, according to a recent alert.

Data Breach at TripAdvisor's Viator Impacts 1.4 Million Users

880,000 customers' credit card information may have been exposed, along with another 560,000 customers' email addresses and encrypted passwords.

Employee Error Exposes Over 10,000 Patients' Personal Data

The data was mistakenly made accessible via Google searches between December 2013 and April 2014.

Home Depot Breach Affects 56 Million Credit Cards

The company says the cybercriminals had 'unique, custom-built malware' in place from April to September 2014.

Chinese Hackers Breached U.S. Military Contractors 20 Times in One Year

According to a recent Senate report, the U.S. Transportation Command was aware of only two of those breaches.

IT Employee Charged With $37 Million Bank Heist

Godswill Oyegwa Uyoyou allegedly provided a group of co-conspirators with access to Skye Bank's computer systems.

JPMorgan Hackers Accessed Info on 1 Million Customer Accounts

According to the New York Times, more than 90 of the bank's servers were affected by the breach.

Over 41 Percent of Healthcare Organizations Still Aren't Encrypting Endpoints

That's true despite the fact that a third of healthcare employees work outside the office or clinic at least once a week, according to Forrester.

Insider Credit Card Breach Leads to $400,000 Saks Shopping Spree

Six former Saks Fifth Avenue employees have been charged with grand larceny and identity theft.

Hacker Publishes 5 Million Gmail Addresses, Passwords

Google says the leaked credentials were not the result of a breach of its systems, and less than two percent of them would have worked for Gmail.

Phishing Attacks Target iCloud Users Following Celebrity Photo Breach

A recent McAfee study found that 80 percent of business users fell for at least one in seven phishing emails.

Dyreza Malware Now Targeting Users

The company says it was recently alerted to the threat by one of its security partners.

Goodwill Data Breach Linked to Third-Party Vendor

Almost 900,000 payment cards appear to have been affected.

IBM Brings Bare Metal Intel TXT Security to Cloud

The cloud isn't just about virtual servers. The physical layer and its security still matter, which is why IBM is using Intel's Trusted Execution Technology.

Unencrypted Laptop Thefts Expose Personal, Medical, Financial Data

'The benefits of encryption have been known for some time, but companies just aren't doing it,' says SafeNet chief strategy officer Tsion Gonen.

Home Depot Credit Card Breach May Affect All U.S. Locations

The breach may have lasted for several months, making it potentially far more damaging than last year's three-week-long Target breach.

Apple Admits Celebrity Accounts Were Hacked, But Denies iCloud Breach

The company says the breaches were the result of 'a very targeted attack on user names, passwords and security questions.'

Mozilla Exposes 97,000 Bugzilla User Passwords

The users' email addresses and encrypted passwords were posted on a publicly accessible server for approximately three months.

Most Enterprises Can't Detect or Deter Insider Threats

In a recent survey, 61 percent of IT professionals said they can't deter or respond to insider attacks.

Dairy Queen Acknowledges Possible Credit Card Breach

The company hasn't yet determined how many locations may be affected.

Russian Hackers Breach JPMorgan Chase, Four Other U.S. Banks

The hackers stole gigabytes of sensitive data, though it's not clear whether the attacks were aimed at financial gain or cyber espionage.

Over 1,000 U.S. Businesses Infected with Backoff PoS Malware

A DHS advisory urges companies to work with IT, anti-virus vendors, managed service providers and PoS system vendors to check for vulnerabilities.

Three Quarters of South Korean Population Affected by Massive Data Breach

27 million names, resident registration numbers, account names and passwords were allegedly accessed by a Chinese hacker.

Sony Networks Taken Down by DDoS Attack

'We have seen no evidence ... of any unauthorized access to users' personal information,' the company stated.

Community Health Systems Breach Linked to Heartbleed Bug

Recent research by Venafi found that 97 percent of Global 2000 organizations' public servers remain vulnerable to Heartbleed.

U.S. Colleges and Universities Are Failing at Cyber Security

According to a recent BitSight report, the higher education sector is less secure than retail or healthcare.

UPS Store Acknowledges Credit Card Breach

Customer names, mailing addresses, email addresses and payment card information may have been accessed at 51 stores in 24 states.

Nuclear Regulatory Commission Hacked Three Times

At least two of the attacks were launched from overseas.

Chinese Hackers Breach Community Health Systems, 4.5 Million Affected

The hackers stole about 4.5 patients' names, addresses, birthdates, phone numbers and Social Security numbers.

Supervalu Admits Massive Supermarket Credit Card Breach

Potentially affected stores include Acme Markets, Cub Foods, Farm Fresh, Horbacher's, Jewel-Osco, Shaw's, Shop 'n Save, Shoppers and Star Markets.

Bank Faces Lawsuit Over $327,000 in Losses from Cyber Attack

Hackers stole the funds from TEC Industrial in 55 separate ACH drafts on May 10, 2012.

Password Manager LastPass Suffers Outage

A data center outage left the popular password management service inaccessible for several hours.

Computer Thefts Expose Over 45,000 Patients' Personal Data

Unencrypted computers containing the data were stolen from three different medical facilities.

Hackers Stole 2 Million Customer Records Per Day in Q2 2014

More than 175 million customers records were stolen in the second quarter of the year, according to SafeNet.

Breach at USIS Exposes Government Employees' Data

The company says the breach 'has all the markings of a state-sponsored attack.'

Cancer Clinic Employee Charged with Theft of Patient Data

More than 2,000 current and former patients may be affected.

Gambling Site Acknowledges Four-Year-Old Data Breach

649,055 customers' names, user names, mailing addresses, email addresses, phone numbers and birthdates were exposed.

CyberVor Breach Exposes 1.2 Billion User Names, Passwords

A Russian gang of fewer than a dozen hackers has collected more than 4.5 billion user records from over 400,000 websites and FTP sites.

Mozilla Exposes 4,000 Passwords by Mistake

A data sanitization process failed for 30 days, exposing 76,000 email addresses and 4,000 encrypted passwords.

US-CERT Warns of New Backoff Malware

The malware appears to have been responsible for several recent high-profile breaches, including those at Target, Neiman Marcus and Goodwill.

Chinese Hackers Hit Canada's National Research Council

The NRC says it'll take a year to develop a new secure IT infrastructure.

Tor Hacked

'Users who operated or accessed hidden services from early February through July 4 should assume they were affected,' says the project's co-founder.

IBM Expands Security Portfolio with CrossIdeas Acquisition

CrossIdea technology will give IBM more capabilities to evaluate and access risks.

Sony Settles Data Breach Lawsuit for $15 Million

The money will be paid to customers in the form of games and memberships.

Travel Agent Fined $255,000 for Data Breach

More than 1.1 million debit and credit card records were stolen from former Thomas Cook subsidiary Essential Travel.

New ThreatStream CEO Wants to Solve SIEM Challenge

ArcSight founder joins security vendor to fill gaps that SIEM doesn't solve.

European Central Bank Hacked

The hackers demanded a ransom after stealing 20,000 email addresses.

Six Charged in Connection with $1 Million StubHub Breach

Over 1,000 customer accounts were compromised and used to purchase more than 3,500 e-tickets, which were then resold.

New Phishing Campaign Targets LinkedIn Users

Recipients who click on links in the emails are redirected to a fake login page designed to steal email addresses and passwords.

Goodwill Industries Hit by Credit Card Breach

The breach may date back as far as the middle of 2013.

Hackers Leverage Russian Government Malware

Sentinel Labs researchers say the malware is so hard to detect it's 'virtually invisible.'

68 Percent of Employees Expose Critical Corporate Data by Mistake

That's happening even though 65 percent say it's their responsibility to protect that data.

IT Pros Report Surge in Concern About Ransomware

73 percent of respondents to a recent survey said they're very or extremely concerned about the impact of ransomware, up from 48 percent in January.

73 Percent of IT Staff Currently Have Unresolved Network Events

Forty-five percent of IT staff say they monitor network and application performance manually instead of using network monitoring tools.

Trusteer Warns of New Kronos Banking Trojan

The malware is currently being offered for sale online for $7,000 -- or $1,000 for a one-week trial.

LastPass Acknowledges Two Security Flaws

Researchers at UC Berkeley alerted the company to the flaws, and also found vulnerabilities in three competing solutions.

NCA, FBI, Europol Take Down Shylock Banking Malware

The malware, which was first uncovered in 2011, has infected more than 30,000 Windows PCs worldwide.

67 Percent of Critical Infrastructure Providers Were Breached Last Year

Still, only 28 percent say security is one of their organization's top five strategic priorities.

Laptop Thefts Expose Personal, Medical, Financial Data

A brokerage firm, a health district, a retirement community, a hospital and an oil change franchisee were all recently hit.

HotelHippo Shuts Down In Response to Vulnerability Disclosure

Site owner HotelStayUK says the security flaws were 'obviously completely unacceptable.'

Physical Location of Data Will Be Irrelevant By 2020

'The future will be hybrid,' says Gartner research vice president Carsten Casper.

Tutanota Encrypted Email Service Launches

'Email encryption is the best tool to stop mass surveillance on the Internet,' says company co-founder Matthias Pfau.

Most IT Pros Don't Know Where All Corporate Data Resides

Just 16 percent of IT and IT security professionals know the location of all of their sensitive structured data.

Dragonfly Cyber Attacks Breach Western Energy Companies

Symantec researchers say the campaign 'bears the hallmarks of a state-sponsored operation.'

163,000 Affected by Butler University Data Breach

Names, birthdates, Social Security numbers and bank account information may have been accessed.

World Cup Security Team Accidentally Reveals Wi-Fi Password

A photo published in a Brazilian newspaper clearly showed the network's SSID and password.

File Sharing Apps Pose a Significant Data Breach Threat

Forty-six percent of senior IT pros say data is leaking from their companies due to the use of file sharing services.

IT Managers Are Overconfident About Insider Breaches

While 63 percent think it's easy to govern access rights, 42 percent admit they aren't able to monitor or prevent insider breaches.

Researchers Uncover Crucial Security Flaw in Google Play

Columbia University's Jason Nieh and Nicolas Viennot found thousands of secret keys being stored in app software.

Yo Hacked, Hires Hacker

While the attack exposed some flaws in the app, Yo has exploded in popularity since the breach.

Code Spaces Destroyed by Cyber Attack

A hacker deleted most of the company's data, backups, machine configurations and offsite backups.

Security Researchers Warn of New Dyre Banking Trojan

The malware, also called Dyreza, is designed to bypass SSL and steal login credentials.

Email Breaches Expose Over 37,000 People's Data at California Colleges

Names, Social Security numbers and birthdates were exposed, along with a variety of other information.

Hackers Breach Domino's Pizza, Demand Ransom

The hackers claim to have stolen more than half a million customers' names, addresses, phone numbers, email addresses and passwords.

ATT Customer Info Exposed by Third Party Data Breach

An undisclosed number of customers' Social Security numbers and birthdates were accessed.

How to Avoid FIFA World Cup Cyber Threats

From phishing scams to mobile malware, there's a lot to watch out for if you're a soccer fan these days.

FAA Orders Boeing to Protect Airplanes from Cyber Attacks

Proposed special conditions require Boeing to 'ensure that the airplanes' electronic systems are protected from access by unauthorized sources.'

ICS-CERT Warns of Highway Sign Security Vulnerability

Daktronics' configuration software comes with a default password that's too often left unchanged.

Stolen USB Drive Exposes 33,702 Calif. Patients' Data

Patients' names, genders, medical record numbers, birthdates and dates and times of service may have been exposed.

HP Atalla Tackles Encryption in the Post-Snowden Era

The need for encryption now is greater than ever.

TweetDeck Briefly Shuts Down in Response to Security Flaw

The service was shut down for an hour as TweetDeck fixed an XSS vulnerability.

P.F. Chang's Suffers Credit Card Breach

Thousands of new credit and debit cards, all of which were recently used at P.F. Chang's locations, are being offered for sale online.

Evernote, Feedly Hit by DDoS Attacks

The attackers who hit Feedly demanded money to make the attacks stop.

U.S. Forces Korea Hacked

More than 16,000 employees' and job applicants' names, identification numbers, contact details, education and work experience may have been accessed.

Leader of Identity Theft Ring Gets 10 Years in Prison

Jennifer Robinson was sentenced to 121 months in prison for her involvement in the filing of fraudulent tax returns using stolen patient data.

Mailroom Employee Exposes 3,675 Highmark Members' Data

The affected members' names, addresses, birthdates, medical information and member identification numbers were sent to other members by mistake.

U.K. Considers Life Sentences for Hackers

The sentence could be applied to hackers who cause loss of life, serious illness or injury, or serious damage to national security.

Placemark Investments Acknowledges Data Breach

An undisclosed number of clients' names, addresses, birthdates and Social Security numbers may have been exposed.

Rouge Valley Hospital Insider Breach Affects 8,300 Patients

The patients' personal information was sold to private companies marketing Registered Education Savings Plans.

Global Cost of Cybercrime Exceeds $400 Billion

According to the CSIS and McAfee, cybercrime could be costing the U.S. as many as 200,000 jobs.

Hacker Guccifer Jailed

Marcel Lazar Lehel was sentenced by a Romanian court to four years in prison.

Hacker Fined $8,000 for Government Cyber Attack

Delson Moo Hiang Kng placed an offensive image on the website of the president of Singapore's official residence.

Tax Preparer Gets Five Years for Identity Theft

Louis Francois was also ordered to pay $355,000 in restitution.

Walgreens Acknowledges Insider Breach

An undisclosed number of customers' names, birthdates and Social Security numbers may have been stolen by a former employee.

The Link between Windows XP Users and Spam Volume

Second quarter IBM X-Force Threat Intelligence report finds an uptick in spam volume.

U.K. Ambulance Service Acknowledges Data Breach

The South Central Ambulance Service mistakenly published the age, sexuality and religion of each of its 2,826 staff members.

Paris Hilton Hacker Heads Back to Jail

If Cameron Lacroix's plea agreement is accepted by the court, he'll be sentenced to four years in prison.

Just 22 Percent of Law Firms Use Encrypted Email

A LexisNexis survey also found that 52.5 percent of attorneys have used free consumer file sharing services to share client-privileged communications.

Employee Error Exposes Hurley Medical Center Data

An undisclosed numbers of employees' and retirees' names and Social Security numbers were mistakenly exposed.

Alabama Prison Officers Jailed for Identity Theft

Bryant Thompson was sentenced to 10 years in prison, and Quincy Walton was sentenced to seven years.

New Phishing Campaign Leverages Malicious Dropbox Links

The link direct victims to a zip file hosted on Dropbox, which delivers a malicious executable.

Ladies First Choice Acknowledges Insider Breach

2,365 customers' contact details, medical care provider information and order histories were stolen by a former employee.

Stolen Laptop Exposes Alaska Political Donors' Financial Information

More than 1,000 donors' names, addresses, phone numbers, occupations, employers' names, and bank account or credit card details may have been exposed.

Data Breach at Arkansas State University Affects 50,000 People

Some partial Social Security numbers and some full Social Security numbers were exposed.

Fake Heartbleed Removal Tool Delivers Malware

The download installs a keylogger while claiming to verify that the victim's computer is 'clean.'