Security News 

Chinese Government Targets iCloud Users with MITM Attack

All Chinese visitors to iCloud.com are being directed to a fake page designed to steal login credentials.

Cost of Cybercrime in U.S. Reaches $12.7 Million per Organization

The number of cyber attacks per week surged by 176 percent over the past five years, according to the Ponemon Institute.

Forgotten Passwords Cost Companies $200,000 a Year

'Bottom line, it's time to kill passwords,' says Centrify CEO Tom Kemp.

Google Researchers Warn of POODLE SSL Vulnerability

Twitter immediately disabled SSL 3.0 support following the disclosure.

Hackers Claim Breach of 7 Million Dropbox Accounts

Dropbox says it wasn't hacked, and that any stolen login credentials came from breaches at other sites.

Kmart Stores Infected with Point-of-Sale Malware

The company says the infection came from 'a new form of malware that was undetectable by current anti-virus systems.'

Dairy Queen Acknowledges Major Credit Card Breach

Almost 400 locations are affected, exposing customer names, payment card numbers and expiration dates.

JPMorgan Hackers Also Hit Over a Dozen Other Financial Firms

Additional targets included Citigroup, HSBC, E*Trade, Regions Financial, ADP and Bank of the West, though it appears that no data was stolen.

Keeping SCADA Systems Secure

FireEye Turns Its Attention to SCADA industrial control systems.

Misconfigured Server Causes Massive Data Breach at MBIA

Account numbers and balances were exposed, along with detailed instructions on how to authorize new bank accounts for deposits.

FDA Issues Cyber Security Guidance for Medical Devices

The guidance is intended to help device manufacturers mitigate security risks.

Veracode Gears up for Security IPO

Veracode CEO explains what his company is doing now as he heads toward a public offering.

AT&T Acknowledges Another Insider Breach

An employee inappropriately accessed Social Security numbers, driver's license numbers, and Customer Proprietary Network Information (CPNI).

JPMorgan Data Breach Impacts 76 Million Households, 7 Million Businesses

'You were affected if you used the following Web or mobile services: Chase.com, JPMorganOnline, Chase Mobile or JPMorgan Mobile,' the company says.

Android, iOS Malware Targets Hong Kong Protesters

Lacoon researchers describe the iOS version of the malware as the 'first iOS Trojan linked to Chinese government cyber activity.'

Supervalu Hacked Again

Payment card account numbers may have been accessed, along with some cardholder names and expiration dates.

General Motors Appoints First Product Cybersecurity Officer

Mark Reuss, GM's vice president of global product development, says it's crucial to look at vehicle technology 'on a critical systems level.'

Japan Airlines Breach Exposes 750,000 People's Personal Data

Malware was installed on 23 company computers, seven of which were found to be sending data to a server in Hong Kong.

Jimmy John's Credit Card Breach Affects 216 Locations

Point-of-sale systems vendor Signature Systems says 108 independent restaurant locations are also affected.

Shellshock Bash Vulnerability: Worse Than Heartbleed

The flaw could 'allow a remote attacker to execute arbitrary code on an affected system,' according to US-CERT.

FBI, DHS Warn of Surge in Insider Threats from Disgruntled Employees

Attacks by disgruntled employees have cost companies as much as $3 million, according to a recent alert.

Data Breach at TripAdvisor's Viator Impacts 1.4 Million Users

880,000 customers' credit card information may have been exposed, along with another 560,000 customers' email addresses and encrypted passwords.

Employee Error Exposes Over 10,000 Patients' Personal Data

The data was mistakenly made accessible via Google searches between December 2013 and April 2014.

Home Depot Breach Affects 56 Million Credit Cards

The company says the cybercriminals had 'unique, custom-built malware' in place from April to September 2014.

Chinese Hackers Breached U.S. Military Contractors 20 Times in One Year

According to a recent Senate report, the U.S. Transportation Command was aware of only two of those breaches.

IT Employee Charged With $37 Million Bank Heist

Godswill Oyegwa Uyoyou allegedly provided a group of co-conspirators with access to Skye Bank's computer systems.

JPMorgan Hackers Accessed Info on 1 Million Customer Accounts

According to the New York Times, more than 90 of the bank's servers were affected by the breach.

Over 41 Percent of Healthcare Organizations Still Aren't Encrypting Endpoints

That's true despite the fact that a third of healthcare employees work outside the office or clinic at least once a week, according to Forrester.

Insider Credit Card Breach Leads to $400,000 Saks Shopping Spree

Six former Saks Fifth Avenue employees have been charged with grand larceny and identity theft.

Hacker Publishes 5 Million Gmail Addresses, Passwords

Google says the leaked credentials were not the result of a breach of its systems, and less than two percent of them would have worked for Gmail.

Phishing Attacks Target iCloud Users Following Celebrity Photo Breach

A recent McAfee study found that 80 percent of business users fell for at least one in seven phishing emails.

Dyreza Malware Now Targeting Salesforce.com Users

The company says it was recently alerted to the threat by one of its security partners.

IBM Brings Bare Metal Intel TXT Security to Cloud

The cloud isn't just about virtual servers. The physical layer and its security still matter, which is why IBM is using Intel's Trusted Execution Technology.

Goodwill Data Breach Linked to Third-Party Vendor

Almost 900,000 payment cards appear to have been affected.

Unencrypted Laptop Thefts Expose Personal, Medical, Financial Data

'The benefits of encryption have been known for some time, but companies just aren't doing it,' says SafeNet chief strategy officer Tsion Gonen.

Home Depot Credit Card Breach May Affect All U.S. Locations

The breach may have lasted for several months, making it potentially far more damaging than last year's three-week-long Target breach.

Apple Admits Celebrity Accounts Were Hacked, But Denies iCloud Breach

The company says the breaches were the result of 'a very targeted attack on user names, passwords and security questions.'

Mozilla Exposes 97,000 Bugzilla User Passwords

The users' email addresses and encrypted passwords were posted on a publicly accessible server for approximately three months.

Most Enterprises Can't Detect or Deter Insider Threats

In a recent survey, 61 percent of IT professionals said they can't deter or respond to insider attacks.

Dairy Queen Acknowledges Possible Credit Card Breach

The company hasn't yet determined how many locations may be affected.

Russian Hackers Breach JPMorgan Chase, Four Other U.S. Banks

The hackers stole gigabytes of sensitive data, though it's not clear whether the attacks were aimed at financial gain or cyber espionage.

Over 1,000 U.S. Businesses Infected with Backoff PoS Malware

A DHS advisory urges companies to work with IT, anti-virus vendors, managed service providers and PoS system vendors to check for vulnerabilities.

Three Quarters of South Korean Population Affected by Massive Data Breach

27 million names, resident registration numbers, account names and passwords were allegedly accessed by a Chinese hacker.

Sony Networks Taken Down by DDoS Attack

'We have seen no evidence ... of any unauthorized access to users' personal information,' the company stated.

Community Health Systems Breach Linked to Heartbleed Bug

Recent research by Venafi found that 97 percent of Global 2000 organizations' public servers remain vulnerable to Heartbleed.

U.S. Colleges and Universities Are Failing at Cyber Security

According to a recent BitSight report, the higher education sector is less secure than retail or healthcare.

UPS Store Acknowledges Credit Card Breach

Customer names, mailing addresses, email addresses and payment card information may have been accessed at 51 stores in 24 states.

Nuclear Regulatory Commission Hacked Three Times

At least two of the attacks were launched from overseas.

Chinese Hackers Breach Community Health Systems, 4.5 Million Affected

The hackers stole about 4.5 patients' names, addresses, birthdates, phone numbers and Social Security numbers.

Supervalu Admits Massive Supermarket Credit Card Breach

Potentially affected stores include Acme Markets, Cub Foods, Farm Fresh, Horbacher's, Jewel-Osco, Shaw's, Shop 'n Save, Shoppers and Star Markets.

Bank Faces Lawsuit Over $327,000 in Losses from Cyber Attack

Hackers stole the funds from TEC Industrial in 55 separate ACH drafts on May 10, 2012.

Password Manager LastPass Suffers Outage

A data center outage left the popular password management service inaccessible for several hours.

Computer Thefts Expose Over 45,000 Patients' Personal Data

Unencrypted computers containing the data were stolen from three different medical facilities.

Hackers Stole 2 Million Customer Records Per Day in Q2 2014

More than 175 million customers records were stolen in the second quarter of the year, according to SafeNet.

Breach at USIS Exposes Government Employees' Data

The company says the breach 'has all the markings of a state-sponsored attack.'

Cancer Clinic Employee Charged with Theft of Patient Data

More than 2,000 current and former patients may be affected.

Gambling Site Acknowledges Four-Year-Old Data Breach

649,055 customers' names, user names, mailing addresses, email addresses, phone numbers and birthdates were exposed.

CyberVor Breach Exposes 1.2 Billion User Names, Passwords

A Russian gang of fewer than a dozen hackers has collected more than 4.5 billion user records from over 400,000 websites and FTP sites.

Mozilla Exposes 4,000 Passwords by Mistake

A data sanitization process failed for 30 days, exposing 76,000 email addresses and 4,000 encrypted passwords.

US-CERT Warns of New Backoff Malware

The malware appears to have been responsible for several recent high-profile breaches, including those at Target, Neiman Marcus and Goodwill.

Chinese Hackers Hit Canada's National Research Council

The NRC says it'll take a year to develop a new secure IT infrastructure.

Tor Hacked

'Users who operated or accessed hidden services from early February through July 4 should assume they were affected,' says the project's co-founder.

IBM Expands Security Portfolio with CrossIdeas Acquisition

CrossIdea technology will give IBM more capabilities to evaluate and access risks.

Sony Settles Data Breach Lawsuit for $15 Million

The money will be paid to customers in the form of games and memberships.

Travel Agent Fined $255,000 for Data Breach

More than 1.1 million debit and credit card records were stolen from former Thomas Cook subsidiary Essential Travel.

European Central Bank Hacked

The hackers demanded a ransom after stealing 20,000 email addresses.

New ThreatStream CEO Wants to Solve SIEM Challenge

ArcSight founder joins security vendor to fill gaps that SIEM doesn't solve.

Six Charged in Connection with $1 Million StubHub Breach

Over 1,000 customer accounts were compromised and used to purchase more than 3,500 e-tickets, which were then resold.

New Phishing Campaign Targets LinkedIn Users

Recipients who click on links in the emails are redirected to a fake login page designed to steal email addresses and passwords.

Goodwill Industries Hit by Credit Card Breach

The breach may date back as far as the middle of 2013.

Hackers Leverage Russian Government Malware

Sentinel Labs researchers say the malware is so hard to detect it's 'virtually invisible.'

68 Percent of Employees Expose Critical Corporate Data by Mistake

That's happening even though 65 percent say it's their responsibility to protect that data.

IT Pros Report Surge in Concern About Ransomware

73 percent of respondents to a recent survey said they're very or extremely concerned about the impact of ransomware, up from 48 percent in January.

73 Percent of IT Staff Currently Have Unresolved Network Events

Forty-five percent of IT staff say they monitor network and application performance manually instead of using network monitoring tools.

Trusteer Warns of New Kronos Banking Trojan

The malware is currently being offered for sale online for $7,000 -- or $1,000 for a one-week trial.

LastPass Acknowledges Two Security Flaws

Researchers at UC Berkeley alerted the company to the flaws, and also found vulnerabilities in three competing solutions.

NCA, FBI, Europol Take Down Shylock Banking Malware

The malware, which was first uncovered in 2011, has infected more than 30,000 Windows PCs worldwide.

67 Percent of Critical Infrastructure Providers Were Breached Last Year

Still, only 28 percent say security is one of their organization's top five strategic priorities.

Laptop Thefts Expose Personal, Medical, Financial Data

A brokerage firm, a health district, a retirement community, a hospital and an oil change franchisee were all recently hit.

HotelHippo Shuts Down In Response to Vulnerability Disclosure

Site owner HotelStayUK says the security flaws were 'obviously completely unacceptable.'

Physical Location of Data Will Be Irrelevant By 2020

'The future will be hybrid,' says Gartner research vice president Carsten Casper.

Tutanota Encrypted Email Service Launches

'Email encryption is the best tool to stop mass surveillance on the Internet,' says company co-founder Matthias Pfau.

Most IT Pros Don't Know Where All Corporate Data Resides

Just 16 percent of IT and IT security professionals know the location of all of their sensitive structured data.

Dragonfly Cyber Attacks Breach Western Energy Companies

Symantec researchers say the campaign 'bears the hallmarks of a state-sponsored operation.'

163,000 Affected by Butler University Data Breach

Names, birthdates, Social Security numbers and bank account information may have been accessed.

World Cup Security Team Accidentally Reveals Wi-Fi Password

A photo published in a Brazilian newspaper clearly showed the network's SSID and password.

File Sharing Apps Pose a Significant Data Breach Threat

Forty-six percent of senior IT pros say data is leaking from their companies due to the use of file sharing services.

IT Managers Are Overconfident About Insider Breaches

While 63 percent think it's easy to govern access rights, 42 percent admit they aren't able to monitor or prevent insider breaches.

Researchers Uncover Crucial Security Flaw in Google Play

Columbia University's Jason Nieh and Nicolas Viennot found thousands of secret keys being stored in app software.

Yo Hacked, Hires Hacker

While the attack exposed some flaws in the app, Yo has exploded in popularity since the breach.

Code Spaces Destroyed by Cyber Attack

A hacker deleted most of the company's data, backups, machine configurations and offsite backups.

Security Researchers Warn of New Dyre Banking Trojan

The malware, also called Dyreza, is designed to bypass SSL and steal login credentials.

Email Breaches Expose Over 37,000 People's Data at California Colleges

Names, Social Security numbers and birthdates were exposed, along with a variety of other information.

Hackers Breach Domino's Pizza, Demand Ransom

The hackers claim to have stolen more than half a million customers' names, addresses, phone numbers, email addresses and passwords.

ATT Customer Info Exposed by Third Party Data Breach

An undisclosed number of customers' Social Security numbers and birthdates were accessed.

How to Avoid FIFA World Cup Cyber Threats

From phishing scams to mobile malware, there's a lot to watch out for if you're a soccer fan these days.

ICS-CERT Warns of Highway Sign Security Vulnerability

Daktronics' configuration software comes with a default password that's too often left unchanged.

Stolen USB Drive Exposes 33,702 Calif. Patients' Data

Patients' names, genders, medical record numbers, birthdates and dates and times of service may have been exposed.

FAA Orders Boeing to Protect Airplanes from Cyber Attacks

Proposed special conditions require Boeing to 'ensure that the airplanes' electronic systems are protected from access by unauthorized sources.'

HP Atalla Tackles Encryption in the Post-Snowden Era

The need for encryption now is greater than ever.

TweetDeck Briefly Shuts Down in Response to Security Flaw

The service was shut down for an hour as TweetDeck fixed an XSS vulnerability.

P.F. Chang's Suffers Credit Card Breach

Thousands of new credit and debit cards, all of which were recently used at P.F. Chang's locations, are being offered for sale online.

Evernote, Feedly Hit by DDoS Attacks

The attackers who hit Feedly demanded money to make the attacks stop.

Leader of Identity Theft Ring Gets 10 Years in Prison

Jennifer Robinson was sentenced to 121 months in prison for her involvement in the filing of fraudulent tax returns using stolen patient data.

U.S. Forces Korea Hacked

More than 16,000 employees' and job applicants' names, identification numbers, contact details, education and work experience may have been accessed.

U.K. Considers Life Sentences for Hackers

The sentence could be applied to hackers who cause loss of life, serious illness or injury, or serious damage to national security.

Mailroom Employee Exposes 3,675 Highmark Members' Data

The affected members' names, addresses, birthdates, medical information and member identification numbers were sent to other members by mistake.

Placemark Investments Acknowledges Data Breach

An undisclosed number of clients' names, addresses, birthdates and Social Security numbers may have been exposed.

Rouge Valley Hospital Insider Breach Affects 8,300 Patients

The patients' personal information was sold to private companies marketing Registered Education Savings Plans.

Global Cost of Cybercrime Exceeds $400 Billion

According to the CSIS and McAfee, cybercrime could be costing the U.S. as many as 200,000 jobs.

Hacker Guccifer Jailed

Marcel Lazar Lehel was sentenced by a Romanian court to four years in prison.

Hacker Fined $8,000 for Government Cyber Attack

Delson Moo Hiang Kng placed an offensive image on the website of the president of Singapore's official residence.

Tax Preparer Gets Five Years for Identity Theft

Louis Francois was also ordered to pay $355,000 in restitution.

Walgreens Acknowledges Insider Breach

An undisclosed number of customers' names, birthdates and Social Security numbers may have been stolen by a former employee.

The Link between Windows XP Users and Spam Volume

Second quarter IBM X-Force Threat Intelligence report finds an uptick in spam volume.

Just 22 Percent of Law Firms Use Encrypted Email

A LexisNexis survey also found that 52.5 percent of attorneys have used free consumer file sharing services to share client-privileged communications.

U.K. Ambulance Service Acknowledges Data Breach

The South Central Ambulance Service mistakenly published the age, sexuality and religion of each of its 2,826 staff members.

Paris Hilton Hacker Heads Back to Jail

If Cameron Lacroix's plea agreement is accepted by the court, he'll be sentenced to four years in prison.

Employee Error Exposes Hurley Medical Center Data

An undisclosed numbers of employees' and retirees' names and Social Security numbers were mistakenly exposed.

New Phishing Campaign Leverages Malicious Dropbox Links

The link direct victims to a zip file hosted on Dropbox, which delivers a malicious executable.

Alabama Prison Officers Jailed for Identity Theft

Bryant Thompson was sentenced to 10 years in prison, and Quincy Walton was sentenced to seven years.

Ladies First Choice Acknowledges Insider Breach

2,365 customers' contact details, medical care provider information and order histories were stolen by a former employee.

Data Breach at Arkansas State University Affects 50,000 People

Some partial Social Security numbers and some full Social Security numbers were exposed.

Stolen Laptop Exposes Alaska Political Donors' Financial Information

More than 1,000 donors' names, addresses, phone numbers, occupations, employers' names, and bank account or credit card details may have been exposed.

Montana Health Department Acknowledges Data Breach

Names, addresses, birthdates, Social Security numbers, clinical information and dates of service were exposed.

International Action Targets GameOver Zeus, Cryptolocker

Communications between PCs infected by GameOver Zeus were redirected to government servers, and Cryptolocker command and control servers were seized.

Stolen Computer Equipment Exposes Mental Health Data

Clients' names, birthdates, treatment records, and health and clinical histories may have been exposed.

Fake Heartbleed Removal Tool Delivers Malware

The download installs a keylogger while claiming to verify that the victim's computer is 'clean.'

Power Equipment Direct Acknowledges Data Breach

Screenshots of checkout pages were stolen from the evening of May 4, 2014 until the morning of May 5, 2014.

Hospital Employee Pleads Guilty to Identity Theft

Detrius Elliott stole the identities of at least 78 hospital patients' financial guarantors.

Dangerous App Boasts a Million Downloads on Google Play

The file management and optimization app is capable of sending SMS messages to premium rate numbers without the user's consent.

Stolen Laptop Exposes 46,771 Insurance Clients' Data

The laptop contained 46,771 Union Labor Life benefit plan participants' names, addresses and Social Security numbers.

Home Depot Acknowledges Another Insider Breach

A former employee accessed more than 30,000 customers' credit card information.

OFFICE Hacked

Customers' names, email addresses, passwords, addresses, phone numbers and birthdates were accessed.

30 Percent of Millennials Would Snoop on Customer Data at Work

A Courion survey also found that one in five U.K. employees say hackers do a 'worthwhile job' in exposing security flaws.

ProMedica Bay Park Hospital Admits Insider Breach

594 patients' names, birthdates, diagnoses, physicians' names and medications were accessed.

Stolen USB Drive Exposes 2,962 Humana Members' Personal Data

The drive contained the members' names and Social Security numbers, along with some medical information.

San Diego State University Acknowledges Data Breach

1,050 students' names, Social Security numbers, birthdates and addresses were exposed.

Stolen Computers Expose 1,213 Elliot Hospital Patients' Data

Names, addresses, phone numbers, birthdates and health information may have been accessed.

Survey Finds More Enterprises Using Multi-Factor Authentication

By 2016, according to SafeNet, 56 percent of organizations worldwide expect the majority of their users to leverage multi-factor authentication.

Spotify Hacked

While only one user's data was accessed, all Android users are being advised to upgrade their apps as a precaution.

Paytime Acknowledges Data Breach

Names, Social Security numbers, birthdates, home addresses, phone numbers, hire dates and wage information were accessed.

IBM Patents Browser-Based Fraud Detection Technology

What you do in your browser now forms a second factor of authentication for e-commerce transactions, thanks to IBM.

Avast Forum Hacked

Users' nicknames, user names, e-mail addresses and hashed passwords were compromised.

AutoNation Acknowledges Third Party Data Breach

Customers' names, addresses, e-mail addresses and credit card numbers may have been accessed.

Hacker Sabu Freed

Hector Xavier Monsegur was sentenced to time served due to his 'extraordinary cooperation' with the FBI.

Majority of European IT Managers Don't Trust U.S. Clouds

62 percent also say using a European-based cloud is easier from a regulatory and compliance perspective, according to Perspecsys.

MCCCD Data Breach Costs Reach $19.7 Million

The district's governing board recently approved an additional $300,000 for records management, and $2.3 million in lawyers' fees.

Lowe's Acknowledges Third Party Data Breach

Employees' names, addresses, birthdates, Social Security numbers and driver's license numbers may have been exposed.

Monsanto Subsidiary Hacked

An undisclosed number of Precision Planting customers' and employees' personal information may have been accessed.