Security News 

Ukraine Blackout Was Caused by ‘Premeditated and Multi-Level' Cyber Attack

The country's national power company hasn't said whether it was able to link the attack to any specific group or nation state.

Just Eight Percent of IT Pros Say Most of Their Staff Have the Skills They Need

More than three times as many IT pros would prefer to grow their staff's skills than grow the number of people on their team, a recent survey found.

McDonald's Website Flaw Exposes User Passwords

'If there's one thing you shouldn't do, it's decrypting passwords client side,' researcher Tijme Gommers noted.

Researchers Warn of Highly Effective New Gmail Phishing Scam

The attack has already caught several technical users, according to Wordfence CEO Mark Maunder.

95 Percent of Enterprise Cloud Services Aren't Enterprise Ready

82 percent don't encrypt data at rest, according to a recent report.

Report: Anthem Breach Was Caused by a Foreign Government

CrowdStrike analysts determined the identity of the attacker, and concluded that the attacker was acting on a foreign government's behalf.

UK Government Cyber Accelerator Announces Support for Seven Startups

The seven companies will begin a three-month program providing mentoring, contact with investors, office space and access to GCHQ personnel.

74 Percent of Organizations Using Two-Factor Authentication Face User Complaints

Nine percent of organizations using two-factor authentication say their users simply 'hate it,' a recent survey found.

ESEA Hacker Demands $100,000, Exposes 1.5 Million User Records

The hacker provided the records to LeakedSource after ESEA refused to pay the ransom.

69 Percent of Companies Have Suffered Data Loss Due to Employee Turnover

28 percent of organizations don't wipe corporate data from employee-owned devices when they leave, a recent survey found.

Almost a Fifth of Companies Have No DDoS Protection At All

And 39 percent are unclear on how to protect against DDoS attacks, a recent survey found.

New California Law: Deploy Ransomware, Face Four Years in Prison

The law went into effect on January 1, 2017.

Hospital Patient Posts 15,000 People's Protected Health Information on Social Media Site

The exposed data includes names, addresses, Social Security numbers and Medicaid identification numbers.

Topps Data Breach Exposes Months of Credit Card Data

Customers who shopped at the company's website between July 30 and October 12 of 2016 may be affected.

90 Percent of IT Pros Worry About Password Reuse

And 94 percent have implemented two-factor authentication for at least one application, a recent survey found.

Chinese Hackers Charged with Breaching U.S. Law Firms, Trading on Stolen Information

The hackers are alleged to have made over $4 million in illegal profits from the trades.

74 Percent of IT Pros Work Unpaid Overtime Every Week

Over a third work more than 15 extra hours per week, a recent survey found.

66 Percent of U.S. Consumers Have Given Their Phone Passcodes to Others

One in four said something embarrassing has popped up on their phone while someone else was holding it, a recent survey found.

55 Percent of Consumers Would Respond to a Retailer Breach by Switching to Cash

And 20 percent would just stop shopping at the affected merchant, a recent survey found., L.A. County Acknowledge Massive Data Breaches

9.5 million users and 756,000 L.A. County residents may be affected.

44 Percent of Organizations Miss Data Breach Investigating and Reporting Deadlines

And seven percent said a missed deadline had resulted in serious consequences, a recent survey found.

Researchers Find Russian Hacker Selling Access to U.S. Election Assistance Commission

The hacker claimed to be accessing the system via an unpatched SQL injection vulnerability.

More Than One Billion Yahoo User Accounts Exposed in Massive Breach

Over a billion names, email addresses, phone numbers, birthdates, hashed passwords and security questions and answers may may have been accessed.

New Amazon Phishing Campaign Targets Holiday Shoppers

Thousands of victims worldwide have already been hit by the scam.

Hackers Steal Trade Secrets in 'Massive Cyber Attack' on German Manufacturer

The company said the attack involved 'organized, highly professional hacker activities.'

Hackers Expose Info on 87 Million Dailymotion User Accounts

In 18.3 million cases, the exposed data includes hashed passwords.

60 Percent of Enterprises Were Breached by Social Engineering Attacks in 2016

And 65 percent of those attacks compromised employees' login credentials, a recent survey found.

Half of IT Pros Are More Worried About Insider Threats Than External Ones

The leading concern regarding insider threats is malware installed by careless employees, a recent survey found.

900,000 Deutsche Telekom Routers Disabled by Massive Cyber Attack

The routers were 'affected by an attack from outside,' the company said.

36 Percent of IT Pros Say Loss of Data in the Cloud Would be Catastrophic

And 14 percent said it would cost them their jobs, a recent survey found.

Hackers Hit Madison Square Garden, Radio City Music Hall, Beacon Theater, Chicago Theater, Michigan State University

The data potentially accessed ranges from students' names and Social Security numbers to credit card numbers and expiration dates.

Almost a Third of Americans Won't Shop Online Due to Security Concerns

And another 14 percent said they're unlikely to do so, a recent survey found.

Over 97 Percent of All Phishing Emails Deliver Ransomware

And 82 percent of email servers are misconfigured, recent research discovered.

Over 18 Percent of Docs in File Sharing Apps Contain Sensitive Data

And 9.3 percent of files shared externally contain sensitive data, a recent survey found.

38 Percent of Mobile Professionals Have Never Used a VPN

And 42 percent access corporate data over public Wi-Fi, a recent survey found.

Researchers Demo Citywide Bricking Attack via IoT Malware

The proof-of-concept worm could jump from one smart bulb to another via ZigBee wireless connectivity.

77 Percent of Ransomware Attacks Successfully Bypass Email Filtering

And 95 percent bypass firewalls, a recent survey found.

40,000 Tesco Bank Accounts Accessed by Cyber Thieves

In 20,000 cases, the bank says, the breaches resulted in 'money being withdrawn fraudulently.'

Massive DDoS Attacks Disable Internet Access Throughout Liberia

The attacks exceeded 500 Gbps.

43 Percent of IT Pros Say Cyber Attacks That Hit Their Companies Were Preventable

21 percent say the breaches could have been prevented if security policies were better communicated to employees.

73 Percent of Security Pros Aren't Using Threat Intelligence Data Effectively

Just 46 percent say they're using threat data at all in deciding how to respond to malicious activity.

Australian Red Cross Data Breach Exposes 550,000 Blood Donors' Personal Information

Names, genders, email addresses, phone numbers and birthdates were exposed by a third party vendor.

Schneider Electric Patches Major ICS Vulnerability

The flaw was discovered almost six months ago by researchers at Indegy Labs.

Two-Thirds of Americans Think They're Tech Savvy... But They're Not

64 percent of U.S. consumers think they're always safe sharing personal data on a major retail or social networking site.

Major DDoS Attack Disables Websites Across the U.S.

The attack on Dyn's managed DNS services hit sites ranging from CNN to Twitter.

Massive Weebly Data Breach Exposes Over 43 Million Users' Info

The exposed data includes email addresses and/or user names, IP addresses and encrypted passwords.

Hackers Steal Data from Japanese Nuclear Facility

The hackers were able to siphon the data out of the facility for six months before they were discovered.

Vera Bradley Acknowledges Point-of-Sale Breach

The retailer was notified by law enforcement of a 'potential data security issue' on September 15.

43 Percent of IT Pros Say It's Difficult to Secure Data in the Cloud

And 73 percent prefer to keep their sensitive corporate data on premises rather than in the cloud, a recent survey found.

48 Percent of Companies Don't Inspect the Cloud for Malware

Among those that do check for it, fully 57 percent have found malware, a recent survey found.

Two Thirds of Cyber Security Pros Struggle to Define Their Career Paths

Still, 46 percent are solicited for jobs at other companies at least once a week, a recent survey found.

49 Percent of Business Leaders Have Sent Sensitive Corporate Data from Personal Email Accounts

And 39 percent have lost business information in a public place, a recent survey found.

98 Percent of IT Pros Admit Challenges with Incident Response

And 71 percent said incident response has become more difficult over the past two years, a recent survey found.

97 Percent of Consumers Say They're Unsettled by Data Breaches

And 29 percent said it would take them several months to begin trusting a company again following a data breach, a recent survey found.

One Third of Enterprises Suffered an Insider Breach in the Past 12 Months

Fully 74 percent of IT pros say their organization is vulnerable to insider threats, a recent survey found.

76 Percent of Security Pros Say Sharing Threat Intelligence Is a Moral Responsibility

Fully 95 percent are using threat intelligence in some way, a recent survey found.

M&A Due Diligence, Cyber Security, and the Massive Yahoo Data Breach

Verizon, which announced plans to acquire Yahoo two months ago, says it only learned of the breach last week.

Chinese Researchers Find Major Security Flaws in Tesla Model S

The flaws enabled the researchers to fold in the rear view mirrors, pop the trunk, and activate the brakes remotely while the car was being driven.

40 Percent of Organizations Store Admin Passwords in Word Documents

Still, 55 percent say they have evolved processes for managing privileged accounts, a recent survey found.

28 Percent of Organizations Don't Encrypt Data in Public Cloud Environments

And 47 percent said security concerns are their main reason for avoiding cloud deployments, a recent survey found.

FBI Urges Ransomware Victims to Report Attacks

Doing so, the FBI stated, 'provides law enforcement with a greater understanding of the threat.'

World Anti-Doping Agency Breached by Russian Hackers

Confidential medical information for U.S. athletes including Simone Biles and Serena Williams was published online.

DDoS Attacks Up by 75 Percent in Q2 2016

The largest attack detected in the second quarter peaked at 256 Gbps, according to Verisign.

U.S. Small Businesses Lose $75 Billion a Year to Ransomware

Downtime resulting from ransomware attacks can cost companies more than $8,500 an hour, a recent survey found.

Hutton Hotel, Kimpton Hotels Acknowledge Payment Card Breaches

Cards used at front desks and restaurants may be affected.

Intel Spins Out McAfee Security Unit in $4.2B Deal

Intel sells majority stake in its security unit in a deal that values the former McAfee at $4.2 billion. New majority owner TPG will again use the McAfee name.

Mobile Device Infections Surged by 96 Percent in First Half of 2016

And smartphones accounted for 78 percent of those infections, according to Nokia.

SWIFT Warns of New Cyber Attacks on Banks

As many as 12 banks may have suffered breaches.

68 Million Dropbox Account Credentials Exposed

The data comes from a breach dating back to mid-2012.

52 Percent of Hackers Would Help the FBI Hack the iPhone for a Fee

And nine percent would do it for free, a recent survey found.

Just 30 Percent of Organizations Feel Ready to Handle IoT Security Risks

Still, 47 percent expect the number of IoT devices on their networks to increase by at least 30 percent next year.

66 Percent of IT Pros Say Privileged Users Access Sensitive Data Simply Out of Curiosity

And 74 percent think privileged users believe they're empowered to access all the information they're able to view, a recent survey found.

Tech Vendors, Law Enforcement Team to Take on Ransomware

Intel Security and Kaspersky Labs worked with international law enforcement agencies on a website that offers decryption keys for several variants of ransomware.

Credit Card Breach Hits All Eddie Bauer Stores in U.S., Canada

Names, card numbers, security codes and expiration dates were accessed.

Sage Employee Arrested for Insider Breach

The breach may have exposed the personal information of employees at 280 companies.

How to Hide Malware with a Digitally Signed Executable

Deep Instinct reveals flaw that could potentially enable a security certificate bypass in Microsoft applications.

Point-of-Sale Breach Hits Hyatt, Marriott, InterContinental, Starwood Hotels

Customer names, account numbers, expiration dates and verification codes may have been accessed.

MICROS Hackers Hit Five More POS Companies

The hackers targeted weaknesses in the vendors' servers, then attempted to steal login information and use it to access retailers' POS systems.

62 Percent of Employees Have Access to Data They Shouldn't Be Able to See

And 76 percent of organizations have experienced the loss or theft of data in the past two years, a recent survey found.

Russian Hackers Hit Oracle's MICROS POS

It's not yet clear how many customers may be affected.

Advocate Health Care to Pay Record-Breaking $5.55 Million Fine for Data Breach

'We hope this settlement sends a strong message,' OCR director Jocelyn Samuels said.

3.7 Million People Affected by Massive Data Breach at Banner Health

A wide range of information was exposed, from credit card numbers to patient data.

71 Percent of IT Pros Say Cyber Security Skills Shortage Causes Damage to Organizations

And 82 percent admit to a shortage of cyber security skills, a recent survey found.

88 Percent of All Ransomware Targets the Healthcare Sector

The education sector comes second at 6 percent, according to a recent report.

Authentic8 Advances Disposable Browser Security Model

Scott Petry, co-founder and CEO of Authentic8, talks about his past with Postini and how his new startup is the future of online security. [VIDEO]

Only a Third of All Sensitive Data Stored in Cloud Apps is Encrypted

And 54 percent of IT pros said it's more difficult to protect confidential or sensitive information when using cloud services, a recent survey found.

O2, Kimpton Hotels Investigate Data Breach Claims

The O2 breach appears to have been caused by password reuse, while the Kimpton breach leveraged point-of-sale malware.

Clash of Kings Data Breach Exposes 1.6 Million Accounts

The exposed data includes user names, email addresses, IP addresses, device identifiers, Facebook data, and hashed and salted passwords.

20 Percent of Organizations Fail to Change Default Passwords on Privileged Accounts

And 50 percent don't audit privileged account activity, a recent survey found.

U.S. Dept. of Health and Human Services Publishes New Guidance on Ransomware

'Organizations need to take steps to safeguard their data from ransomware attacks,' says Office for Civil Rights director Jocelyn Samuels.

External Cyber Attacks Cost the Average Enterprise $3.5 Million a Year

Still, 79 percent of companies lack comprehensive strategies to detect and mitigate such attacks, a recent survey found.

58 Percent of Businesses in the U.K. Were Breached in the Past Two Years

And just 25 percent are completely confident in their ability to handle security incidents, a recent survey found.

Omni Hotels, Noodles & Company, NC State Acknowledge Data Breaches

The three recent breaches exposed thousands of customers' personal and payment card information.

1,025 Wendy's Locations Impacted by Credit Card Breach

The attacks appear to have been enabled by the theft of third-party service providers' remote access credentials.

50 Percent of SMBs Were Breached in the Past Year

And just 14 percent of SMBs see their ability to mitigate cyber attacks as highly effective, a recent survey found.

Less Than a Third of Companies Have Cyber Security Experts in Their IT Departments

And 67 percent of IT professionals have no cyber security certifications, a recent survey found.

Massachusetts General Hospital Suffers Third-Party Data Breach

Approximately 4,300 patients' names, birthdates and Social Security numbers were exposed.

Massive IoT DDoS Attack Leverages 25,513 CCTV Cameras

The cameras, located in 105 countries, delivered as many as 50,000 HTTP requests per second.

Massive Ransomware Attack Hits Millions of Microsoft Office 365 Users

Approximately 57 percent of all organizations using Office 365 were hit by the attack.

Hacker Selling 655,000 Stolen Medical Records for $700,000

The stolen records include full names, Social Security numbers, birthdates, mailing addresses and insurance information.

Cisco Gets into CASB Tech with $293M Purchase of CloudLock

Cisco broadens its cloud security business with $293 million acquisition of CloudLock, a provider of cloud access security broker (CASB) technology.

Carbonite, GoToMyPC Hit by Password Reuse Attacks

Both attacks leveraged email addresses and password stolen from other sites.

Wendy's Hit By Class Action Lawsuit Over Massive Credit Card Breach

The suit was filed by Veridian Credit Union on behalf of all U.S. financial institutions whose customers were affected by the data breach.

Acer Hacked

Names, addresses, credit card numbers, expiration dates and CVV codes were accessed.

Cisco Intros $10 Million Global Cyber Security Scholarship Program

The program is intended to increase the pool of available talent with cyber security skills.

BluVector Takes Aim at Security Bug Hunting

[VIDEO] Former top IBM security exec, Kris Lovejoy, now president of BluVector by Acuity discusses what her new firm's tech is all about.

Russian Hackers Hit Republican, Democratic Presidential Campaigns

Hackers breached the DNC's network. and targeted Trump's and Clinton's campaigns along with some Republican PACs.

27 Percent of Cloud Apps Present Significant Risks to the Enterprise

And the average organization's users connect 733 third-party cloud apps to the corporate environment, according to a recent report.

66 Percent of U.S. Adults Say They're Likely to Stop Doing Business with a Breached Company

And 21 percent are very likely to do so, a recent survey found.

Mitsubishi Highlander Hacked via Wi-Fi

Pen Test Partners researchers were able to disable the car's alarm remotely.

Majority of NFL Players' Medical Exam Results Exposed by Laptop Theft

The unencrypted laptop held copies of the medical exam results for all NFL Combine attendees for the past 13 years.

Myspace, Tumblr, Fling Breaches Exposed 465 Million Accounts

The data, all of it dating back to 2013 or earlier, is being offered for sale online.

40 Percent of IT Pros Say C-Suite Poses Greatest Risk to Information Security

The same percentage admitted having retained access to sensitive data after leaving a job, a recent survey found.

Unencrypted Laptops Expose Over 400,000 Patients' Medical Data

Far too many unencrypted laptops containing vast amounts of sensitive data are still being left in employees' vehicles.

Phishing Attacks Steal W-2 Info from Milwaukee Bucks, Saint Agnes Medical Center, Rockhurst University

Thousands of employees' tax information may have been stolen.

Healthcare Data Breaches Expose 65,000 People's PHI

The potentially exposed data includes names, addresses, Social Security numbers, birthdates, treatment information and health insurance information.

TeslaCrypt Ransomware Shuts Down, Releases Master Key

ESET has made a free decryption tool available to those affected.

LinkedIn Breach Exposed 117 Million User Accounts

The stolen database holds 167 million records, of which 117 million include email addresses and passwords.

52 Percent of Consumers Would Pay More for Products or Services with Better Data Security

And 72 percent now share less personal information with companies than they used to, a recent survey found.

SWIFT Acknowledges Major Malware Attack on Second Bank

The attack is 'part of a wider and highly adaptive campaign targeting banks,' according to SWIFT.

89 Percent of Healthcare Organizations Were Breached in the Past Two Years

And 45 percent were breached five or more times in the same period of time, a recent survey found.

Kroger, Wendy's, Kiddicare Suffer Data Breaches

The exposed data ranges from employee tax information to customer credit card data.

Anonymous DDoS Attacks Hit Central Banks of Cyprus, Greece, Netherlands

'[O]ur target is the Global Banking Cartel,' the hackers stated.

50 Percent of North American Companies Believe They're More Secure Than a Year Ago

Just 12 percent think they're less secure, a recent survey found.

Michigan Utility, German Nuclear Plant Infected with Malware

The system used to monitor fuel rods at the nuclear plant was infected with several viruses, and the utility was hit by a ransomware attack.

Hackers Breach Goldcorp, Lifeboat, Qatar National Bank

A wide range of data, from login credentials to employee payroll information, was exposed.

31 Percent of Developers See Software as Greatest Threat to IoT Security

And 90 percent of IT professionals believe the influx of IoT devices creates security and privacy issues in the workplace, recent surveys have found.

22 Percent of Data Breaches Are Caused by Compromised Credentials

And 65 percent of companies expect to suffer a breach due to compromised credentials int the future, a recent survey found.

94 Percent of IT Pros See Free Wi-Fi Hotspots as a Significant Security Threat

Sixty-two percent ban their mobile workers from using free Wi-Fi hotspots, a recent survey found.

Healthcare Data Breaches Expose 23,000 Patients' Personal Information

The data exposed includes names, addresses, birthdates, insurance information and Social Security numbers.

58 Percent of Employees Haven't Been Taught How to Use Cloud Apps Safely

And 39 percent haven't been informed of the risks of downloading cloud apps without IT's knowledge, a recent survey found.

City of Baltimore Investigates Possible Data Breach

Dozens of city employees' personal information was used to file fraudulent tax returns.

IBM Researchers Warn of New GozNym Banking Trojan

The malware has already been used to steal $4 million from banks in the U.S. and Canada.

FDIC Suffers Insider Breach

A former employee mistakenly downloaded 44,000 customers' personal information.

Breaches in Turkey, Philippines Expose 100 Million Citizens' Personal Data

A wide variety of personally identifiable information was accessed in both cases.

FBI Warns of Massive Surge in CEO Fraud Scams

Losses from such scams exceeded $2.3 billion between October 2013 and February 2016.

34 Percent of C-Level Executives Are Never Updated on Security Incidents

And 36 percent are only updated on a need-to-know basis, a recent survey found.

Leading New York Law Firms Hacked

A recent American Bar Association survey found that one in four law firms with at least 100 attorneys have experienced a breach.

MedStar Health Infected with Ransomware

'You can't schedule patients, you can't access records, you can't do anything,' an employee told the Washington Post.

Grand Ole Opry, Sprouts, Seagate Breached by Phishing Attacks

Thousands of employees' W-2 tax forms were accessed by attackers.

Hackers Breach Water Treatment Plant, Alter Chemicals in Water Supply

The hackers 'modified application settings with little apparent knowledge of how the flow control system worked,' according to a Verizon report.

Four Hospitals Infected with Ransomware

Despite what Kentucky Methodist Hospital described as an 'internal state of emergency,' none of the hospitals paid the ransoms demanded.

27 Percent of U.S. Employees Would Sell Their Passwords

And 32 percent admit sharing passwords with co-workers, a recent survey found.

Hackers Hit Bailey's, 1-800-Flowers, Rosen Hotels and Resorts

Names, payment card numbers, expiration dates, CVV codes, mailing addresses, email addresses and more may have been accessed.

Major Ransomware Campaign Hits Leading Websites Including MSN, BBC, AOL

Tens of thousands of users may have been infected in a matter of hours.

Hackers Steal $81 Million from Federal Reserve

An additional request for $20 million was halted because the hackers misspelled the word 'foundation.'

Skyport Systems Funding Tops $67M to Build Secure Servers

New $30 million funding round for security startup Skyport Systems includes participation of Google Ventures.

UK Regulator Ofcom Suffers Massive Insider Breach

Six years of sensitive data on TV companies may have been stolen by a former employee.

21st Century Oncology Notifies 2.2 Million Patients of Data Breach

Names, Social Security numbers, physicians' names, diagnoses, and treatment and insurance information may have been copied and transferred.

New KeRanger Ransomware Targets Mac OS X

The malware was signed with a valid Mac app development certificate.