Security News 

New York Intros New Cyber Security Rules for Financial Companies

The regulations, requiring companies to establish and maintain cyber security programs, take effect on March 1.

950,000 Coachella User Accounts Being Sold Online

Email addresses, user names and hashed passwords are being offered for sale for $300.

76 Percent of Healthcare Organizations Plan to Increase Security Spending in 2017

90 percent of U.S. healthcare organizations feel vulnerable to data threats, a recent survey found.

62 Percent of Companies Store Sensitive Customer Data in the Public Cloud

And almost 40 percent of cloud services are commissioned without the involvement of IT, a recent survey found.

Ransomware Dips but Remains 'Evolving Menace'

Microsoft detects a drop in ransomware encounters toward the end of 2016 but warns against growing complacent.

Where Do Venture Capitalists See Security Opportunities?

VCs from Trident Capital Cybersecurity, Elephant, Glasswing Ventures and Ten Eleven Ventures discuss where they see the opportunity to profit.

26 Percent of IT Pros Admit Sharing Passwords

And just 55 percent believe their company's current technology investment is sufficient to ensure security, a recent survey found.

74 Percent of Companies that Suffer a Data Breach Don't Know How It Happened

And just two thirds of IT pros say their current IT security budget is sufficient, a recent survey found.

RSA 2017: Business-Driven Security, Defending the IoT and a Digital Switzerland

The IT security industry responds to a growing cloud ecosystem, IoT's expanding reach and a rise in nation-state cyberattacks.

Global Shortfall of 1.8 Million Cyber Security Pros Expected by 2022

45 percent of companies say the cyber security skills shortage is causing breaches, a recent survey found.

Over 75 Percent of Ransomware Comes from Russian Speakers

More than 1,445,000 users were hit by ransomware in 2016, according to a recent report.

Skycure Brings Mobile Threat Intelligence to Microsoft EMS

A new integration allows Microsoft Enterprise Mobility + Security customers to protect their mobile devices against sophisticated threats.

PIP Printing Breach Exposes 400 GB of Highly Sensitive Data

The exposed data ranges from former NFL players' Social Security numbers and medical information to confidential files from Hustler Hollywood stores.

Centrify Adds Intelligence to Identity and Access Management

A new add-on for the Centrify Identity Services Platform uses machine learning to spot and block suspicious access attempts.

RSA Conference Security Panel Isn't Worried about GDPR

Lawyers from Google, Cisco and Microsoft talk about privacy and why they're confident they're all moving in the right direction.

RSA 2017: IT Security Teams Face an Uphill Battle

Today's businesses are journeying into treacherous territory with too few security professionals behind the wheel.

Arby's Hacked, Credit Card Data Compromised

More than 335,000 credit and debit cards may have been compromised.

69 Percent of Companies' Security Solutions Are Outdated, Inadequate

70 percent have invested in IT security technology that wasn't successfully deployed a recent survey found.

SS8 BreachDetect Uses 'Time Machine' to Unravel Cyber Kill Chains

No forensics experience? No problem. BreachDetect uses new timeline views and plain-language explanations to unmask breach attempts. 

Vizio Fined $2.2 Million for Tracking 11 Million Users' Behavior without Consent

The company aggregated viewing data, attached demographic information to it, and sold it to third parties for use in targeted advertising.

InterContinental Hotels Group Suffers Credit Card Breach

Bars and restaurants at 12 IHG properties across North America were affected.

Container-Aware Security Startup Capsule8 Emerges from Stealth

Striking while the iron's hot, Capsule8 makes its official debut to help enterprises guard their container-filled Linux infrastructures.

Threat Surge: 2016 Saw 167 Times as Much Ransomware as 2015

Reasons for the surge include the rise of ransomware as a service, easier access in the underground market, and the low cost of conducting an attack.

Just 21 Percent of Banks and Insurers Are Confident They Can Detect a Data Breach

Still, 83 percent of consumers say they trust banks and insurers to maintain strong cyber security, a recent survey found.

Children's Medical Center of Dallas Pays $3.2 Million Fine for HIPAA Violations

The organization failed to encrypt patient data after an unencrypted, non-password protect BlackBerry containing PHI was lost in 2009.

Tenable Launches Vulnerability Management Service for Elastic IT Environments

The company's new cloud-based offering helps businesses better asses the risks of their dynamic IT workloads.

Hackers Disable Door Locks at Four-Star Hotel, Demand Ransom

The hackers demanded 2 Bitcoins in payment to return control of the systems back to the hotel -- and the hotel says it had no choice but to pay.

HPE Acquires Niara for Intelligent Network Threat Protection

The buy will help strengthen the company's Aruba ClearPass network access control and management platform.

Hacker Compromises 2.5 Million Xbox 360, PSP ISO Forum Accounts

Email addresses, passwords and IP addresses were exposed.

30 Percent of IT Pros Admit Their Organizations Are Very or Extremely Vulnerable to Attack

And 26 percent said their organizations were breached in the past year, a recent survey found.

Ransomware App Found in Google Play Store

The app demanded 0.2 Bitcoins in payment from infected users.

IBM to Raise Security Visibility in the C-Suite with Agile 3 Buy

The deal is expected to help put (and keep) data security on radars of corporate business leaders. 

4,419 Data Breaches Exposed Over 4.2 Billion Records in 2016

94 of those breaches exposed a million or more records each, according to a recent report.

F5 Networks Defends Applications with New Herculon Appliances

The company debuts new appliances that help businesses keep cyber-attackers away from their critical applications.

Ongoing Shamoon Malware Attacks Linked to Greenbug Cyber Espionage Group

The attacks continued to hit organizations in Saudi Arabia earlier this week.

62 Percent of Data Security Pros Don't Know Where Their Most Sensitive Unstructured Data Resides

And 93 percent say they face persistent challenges in protecting data, a recent survey found.

All-Time High of 1,093 Data Breaches Reported in U.S. in 2016

The number represents a 40 percent increase over the previous year, according to a recent report.

Secret Double Octopus Raises $6M Series A

Multi-factor security firm gets new financial backing as it takes aim at growing share in the authentication market.

Three Medical Data Breaches Expose 242,600 Patients' PHI

The exposed data includes names, Social Security numbers, birthdates, contact details, medical record numbers and/or clinical information.

Ukraine Blackout Was Caused by ‘Premeditated and Multi-Level' Cyber Attack

The country's national power company hasn't said whether it was able to link the attack to any specific group or nation state.

Just Eight Percent of IT Pros Say Most of Their Staff Have the Skills They Need

More than three times as many IT pros would prefer to grow their staff's skills than grow the number of people on their team, a recent survey found.

McDonald's Website Flaw Exposes User Passwords

'If there's one thing you shouldn't do, it's decrypting passwords client side,' researcher Tijme Gommers noted.

Researchers Warn of Highly Effective New Gmail Phishing Scam

The attack has already caught several technical users, according to Wordfence CEO Mark Maunder.

95 Percent of Enterprise Cloud Services Aren't Enterprise Ready

82 percent don't encrypt data at rest, according to a recent report.

Report: Anthem Breach Was Caused by a Foreign Government

CrowdStrike analysts determined the identity of the attacker, and concluded that the attacker was acting on a foreign government's behalf.

UK Government Cyber Accelerator Announces Support for Seven Startups

The seven companies will begin a three-month program providing mentoring, contact with investors, office space and access to GCHQ personnel.

74 Percent of Organizations Using Two-Factor Authentication Face User Complaints

Nine percent of organizations using two-factor authentication say their users simply 'hate it,' a recent survey found.

ESEA Hacker Demands $100,000, Exposes 1.5 Million User Records

The hacker provided the records to LeakedSource after ESEA refused to pay the ransom.

69 Percent of Companies Have Suffered Data Loss Due to Employee Turnover

28 percent of organizations don't wipe corporate data from employee-owned devices when they leave, a recent survey found.

Almost a Fifth of Companies Have No DDoS Protection At All

And 39 percent are unclear on how to protect against DDoS attacks, a recent survey found.

New California Law: Deploy Ransomware, Face Four Years in Prison

The law went into effect on January 1, 2017.

Hospital Patient Posts 15,000 People's Protected Health Information on Social Media Site

The exposed data includes names, addresses, Social Security numbers and Medicaid identification numbers.

Topps Data Breach Exposes Months of Credit Card Data

Customers who shopped at the company's website between July 30 and October 12 of 2016 may be affected.

90 Percent of IT Pros Worry About Password Reuse

And 94 percent have implemented two-factor authentication for at least one application, a recent survey found.

Chinese Hackers Charged with Breaching U.S. Law Firms, Trading on Stolen Information

The hackers are alleged to have made over $4 million in illegal profits from the trades.

74 Percent of IT Pros Work Unpaid Overtime Every Week

Over a third work more than 15 extra hours per week, a recent survey found.

66 Percent of U.S. Consumers Have Given Their Phone Passcodes to Others

One in four said something embarrassing has popped up on their phone while someone else was holding it, a recent survey found.

55 Percent of Consumers Would Respond to a Retailer Breach by Switching to Cash

And 20 percent would just stop shopping at the affected merchant, a recent survey found.

Lynda.com, L.A. County Acknowledge Massive Data Breaches

9.5 million Lynda.com users and 756,000 L.A. County residents may be affected.

44 Percent of Organizations Miss Data Breach Investigating and Reporting Deadlines

And seven percent said a missed deadline had resulted in serious consequences, a recent survey found.

Researchers Find Russian Hacker Selling Access to U.S. Election Assistance Commission

The hacker claimed to be accessing the system via an unpatched SQL injection vulnerability.

More Than One Billion Yahoo User Accounts Exposed in Massive Breach

Over a billion names, email addresses, phone numbers, birthdates, hashed passwords and security questions and answers may may have been accessed.

New Amazon Phishing Campaign Targets Holiday Shoppers

Thousands of victims worldwide have already been hit by the scam.

Hackers Steal Trade Secrets in 'Massive Cyber Attack' on German Manufacturer

The company said the attack involved 'organized, highly professional hacker activities.'

Hackers Expose Info on 87 Million Dailymotion User Accounts

In 18.3 million cases, the exposed data includes hashed passwords.

60 Percent of Enterprises Were Breached by Social Engineering Attacks in 2016

And 65 percent of those attacks compromised employees' login credentials, a recent survey found.

Half of IT Pros Are More Worried About Insider Threats Than External Ones

The leading concern regarding insider threats is malware installed by careless employees, a recent survey found.

900,000 Deutsche Telekom Routers Disabled by Massive Cyber Attack

The routers were 'affected by an attack from outside,' the company said.

36 Percent of IT Pros Say Loss of Data in the Cloud Would be Catastrophic

And 14 percent said it would cost them their jobs, a recent survey found.

Hackers Hit Madison Square Garden, Radio City Music Hall, Beacon Theater, Chicago Theater, Michigan State University

The data potentially accessed ranges from students' names and Social Security numbers to credit card numbers and expiration dates.

Almost a Third of Americans Won't Shop Online Due to Security Concerns

And another 14 percent said they're unlikely to do so, a recent survey found.

Over 97 Percent of All Phishing Emails Deliver Ransomware

And 82 percent of email servers are misconfigured, recent research discovered.

Over 18 Percent of Docs in File Sharing Apps Contain Sensitive Data

And 9.3 percent of files shared externally contain sensitive data, a recent survey found.

38 Percent of Mobile Professionals Have Never Used a VPN

And 42 percent access corporate data over public Wi-Fi, a recent survey found.

Researchers Demo Citywide Bricking Attack via IoT Malware

The proof-of-concept worm could jump from one smart bulb to another via ZigBee wireless connectivity.

77 Percent of Ransomware Attacks Successfully Bypass Email Filtering

And 95 percent bypass firewalls, a recent survey found.

40,000 Tesco Bank Accounts Accessed by Cyber Thieves

In 20,000 cases, the bank says, the breaches resulted in 'money being withdrawn fraudulently.'

Massive DDoS Attacks Disable Internet Access Throughout Liberia

The attacks exceeded 500 Gbps.

43 Percent of IT Pros Say Cyber Attacks That Hit Their Companies Were Preventable

21 percent say the breaches could have been prevented if security policies were better communicated to employees.

73 Percent of Security Pros Aren't Using Threat Intelligence Data Effectively

Just 46 percent say they're using threat data at all in deciding how to respond to malicious activity.

Australian Red Cross Data Breach Exposes 550,000 Blood Donors' Personal Information

Names, genders, email addresses, phone numbers and birthdates were exposed by a third party vendor.

Schneider Electric Patches Major ICS Vulnerability

The flaw was discovered almost six months ago by researchers at Indegy Labs.

Two-Thirds of Americans Think They're Tech Savvy... But They're Not

64 percent of U.S. consumers think they're always safe sharing personal data on a major retail or social networking site.

Major DDoS Attack Disables Websites Across the U.S.

The attack on Dyn's managed DNS services hit sites ranging from CNN to Twitter.

Massive Weebly Data Breach Exposes Over 43 Million Users' Info

The exposed data includes email addresses and/or user names, IP addresses and encrypted passwords.

Hackers Steal Data from Japanese Nuclear Facility

The hackers were able to siphon the data out of the facility for six months before they were discovered.

Vera Bradley Acknowledges Point-of-Sale Breach

The retailer was notified by law enforcement of a 'potential data security issue' on September 15.

43 Percent of IT Pros Say It's Difficult to Secure Data in the Cloud

And 73 percent prefer to keep their sensitive corporate data on premises rather than in the cloud, a recent survey found.

48 Percent of Companies Don't Inspect the Cloud for Malware

Among those that do check for it, fully 57 percent have found malware, a recent survey found.

Two Thirds of Cyber Security Pros Struggle to Define Their Career Paths

Still, 46 percent are solicited for jobs at other companies at least once a week, a recent survey found.

49 Percent of Business Leaders Have Sent Sensitive Corporate Data from Personal Email Accounts

And 39 percent have lost business information in a public place, a recent survey found.

98 Percent of IT Pros Admit Challenges with Incident Response

And 71 percent said incident response has become more difficult over the past two years, a recent survey found.

97 Percent of Consumers Say They're Unsettled by Data Breaches

And 29 percent said it would take them several months to begin trusting a company again following a data breach, a recent survey found.

One Third of Enterprises Suffered an Insider Breach in the Past 12 Months

Fully 74 percent of IT pros say their organization is vulnerable to insider threats, a recent survey found.

76 Percent of Security Pros Say Sharing Threat Intelligence Is a Moral Responsibility

Fully 95 percent are using threat intelligence in some way, a recent survey found.

M&A Due Diligence, Cyber Security, and the Massive Yahoo Data Breach

Verizon, which announced plans to acquire Yahoo two months ago, says it only learned of the breach last week.

Chinese Researchers Find Major Security Flaws in Tesla Model S

The flaws enabled the researchers to fold in the rear view mirrors, pop the trunk, and activate the brakes remotely while the car was being driven.

40 Percent of Organizations Store Admin Passwords in Word Documents

Still, 55 percent say they have evolved processes for managing privileged accounts, a recent survey found.

28 Percent of Organizations Don't Encrypt Data in Public Cloud Environments

And 47 percent said security concerns are their main reason for avoiding cloud deployments, a recent survey found.

FBI Urges Ransomware Victims to Report Attacks

Doing so, the FBI stated, 'provides law enforcement with a greater understanding of the threat.'

World Anti-Doping Agency Breached by Russian Hackers

Confidential medical information for U.S. athletes including Simone Biles and Serena Williams was published online.

DDoS Attacks Up by 75 Percent in Q2 2016

The largest attack detected in the second quarter peaked at 256 Gbps, according to Verisign.

U.S. Small Businesses Lose $75 Billion a Year to Ransomware

Downtime resulting from ransomware attacks can cost companies more than $8,500 an hour, a recent survey found.

Intel Spins Out McAfee Security Unit in $4.2B Deal

Intel sells majority stake in its security unit in a deal that values the former McAfee at $4.2 billion. New majority owner TPG will again use the McAfee name.



Hutton Hotel, Kimpton Hotels Acknowledge Payment Card Breaches

Cards used at front desks and restaurants may be affected.

Mobile Device Infections Surged by 96 Percent in First Half of 2016

And smartphones accounted for 78 percent of those infections, according to Nokia.

SWIFT Warns of New Cyber Attacks on Banks

As many as 12 banks may have suffered breaches.

68 Million Dropbox Account Credentials Exposed

The data comes from a breach dating back to mid-2012.

52 Percent of Hackers Would Help the FBI Hack the iPhone for a Fee

And nine percent would do it for free, a recent survey found.

Just 30 Percent of Organizations Feel Ready to Handle IoT Security Risks

Still, 47 percent expect the number of IoT devices on their networks to increase by at least 30 percent next year.

66 Percent of IT Pros Say Privileged Users Access Sensitive Data Simply Out of Curiosity

And 74 percent think privileged users believe they're empowered to access all the information they're able to view, a recent survey found.

Tech Vendors, Law Enforcement Team to Take on Ransomware

Intel Security and Kaspersky Labs worked with international law enforcement agencies on a website that offers decryption keys for several variants of ransomware.

Credit Card Breach Hits All Eddie Bauer Stores in U.S., Canada

Names, card numbers, security codes and expiration dates were accessed.

Sage Employee Arrested for Insider Breach

The breach may have exposed the personal information of employees at 280 companies.

Point-of-Sale Breach Hits Hyatt, Marriott, InterContinental, Starwood Hotels

Customer names, account numbers, expiration dates and verification codes may have been accessed.

How to Hide Malware with a Digitally Signed Executable

Deep Instinct reveals flaw that could potentially enable a security certificate bypass in Microsoft applications.

MICROS Hackers Hit Five More POS Companies

The hackers targeted weaknesses in the vendors' servers, then attempted to steal login information and use it to access retailers' POS systems.

62 Percent of Employees Have Access to Data They Shouldn't Be Able to See

And 76 percent of organizations have experienced the loss or theft of data in the past two years, a recent survey found.

Russian Hackers Hit Oracle's MICROS POS

It's not yet clear how many customers may be affected.

Advocate Health Care to Pay Record-Breaking $5.55 Million Fine for Data Breach

'We hope this settlement sends a strong message,' OCR director Jocelyn Samuels said.

3.7 Million People Affected by Massive Data Breach at Banner Health

A wide range of information was exposed, from credit card numbers to patient data.

71 Percent of IT Pros Say Cyber Security Skills Shortage Causes Damage to Organizations

And 82 percent admit to a shortage of cyber security skills, a recent survey found.

88 Percent of All Ransomware Targets the Healthcare Sector

The education sector comes second at 6 percent, according to a recent report.

Authentic8 Advances Disposable Browser Security Model

Scott Petry, co-founder and CEO of Authentic8, talks about his past with Postini and how his new startup is the future of online security. [VIDEO]



Only a Third of All Sensitive Data Stored in Cloud Apps is Encrypted

And 54 percent of IT pros said it's more difficult to protect confidential or sensitive information when using cloud services, a recent survey found.

O2, Kimpton Hotels Investigate Data Breach Claims

The O2 breach appears to have been caused by password reuse, while the Kimpton breach leveraged point-of-sale malware.

Clash of Kings Data Breach Exposes 1.6 Million Accounts

The exposed data includes user names, email addresses, IP addresses, device identifiers, Facebook data, and hashed and salted passwords.

20 Percent of Organizations Fail to Change Default Passwords on Privileged Accounts

And 50 percent don't audit privileged account activity, a recent survey found.

U.S. Dept. of Health and Human Services Publishes New Guidance on Ransomware

'Organizations need to take steps to safeguard their data from ransomware attacks,' says Office for Civil Rights director Jocelyn Samuels.

External Cyber Attacks Cost the Average Enterprise $3.5 Million a Year

Still, 79 percent of companies lack comprehensive strategies to detect and mitigate such attacks, a recent survey found.

58 Percent of Businesses in the U.K. Were Breached in the Past Two Years

And just 25 percent are completely confident in their ability to handle security incidents, a recent survey found.

Omni Hotels, Noodles & Company, NC State Acknowledge Data Breaches

The three recent breaches exposed thousands of customers' personal and payment card information.

1,025 Wendy's Locations Impacted by Credit Card Breach

The attacks appear to have been enabled by the theft of third-party service providers' remote access credentials.

50 Percent of SMBs Were Breached in the Past Year

And just 14 percent of SMBs see their ability to mitigate cyber attacks as highly effective, a recent survey found.

Less Than a Third of Companies Have Cyber Security Experts in Their IT Departments

And 67 percent of IT professionals have no cyber security certifications, a recent survey found.

Massachusetts General Hospital Suffers Third-Party Data Breach

Approximately 4,300 patients' names, birthdates and Social Security numbers were exposed.

Massive IoT DDoS Attack Leverages 25,513 CCTV Cameras

The cameras, located in 105 countries, delivered as many as 50,000 HTTP requests per second.

Massive Ransomware Attack Hits Millions of Microsoft Office 365 Users

Approximately 57 percent of all organizations using Office 365 were hit by the attack.

Hacker Selling 655,000 Stolen Medical Records for $700,000

The stolen records include full names, Social Security numbers, birthdates, mailing addresses and insurance information.

Cisco Gets into CASB Tech with $293M Purchase of CloudLock

Cisco broadens its cloud security business with $293 million acquisition of CloudLock, a provider of cloud access security broker (CASB) technology.

Carbonite, GoToMyPC Hit by Password Reuse Attacks

Both attacks leveraged email addresses and password stolen from other sites.

Wendy's Hit By Class Action Lawsuit Over Massive Credit Card Breach

The suit was filed by Veridian Credit Union on behalf of all U.S. financial institutions whose customers were affected by the data breach.

Acer Hacked

Names, addresses, credit card numbers, expiration dates and CVV codes were accessed.

Cisco Intros $10 Million Global Cyber Security Scholarship Program

The program is intended to increase the pool of available talent with cyber security skills.

BluVector Takes Aim at Security Bug Hunting

[VIDEO] Former top IBM security exec, Kris Lovejoy, now president of BluVector by Acuity discusses what her new firm's tech is all about.

Russian Hackers Hit Republican, Democratic Presidential Campaigns

Hackers breached the DNC's network. and targeted Trump's and Clinton's campaigns along with some Republican PACs.

27 Percent of Cloud Apps Present Significant Risks to the Enterprise

And the average organization's users connect 733 third-party cloud apps to the corporate environment, according to a recent report.

66 Percent of U.S. Adults Say They're Likely to Stop Doing Business with a Breached Company

And 21 percent are very likely to do so, a recent survey found.

Mitsubishi Highlander Hacked via Wi-Fi

Pen Test Partners researchers were able to disable the car's alarm remotely.

Majority of NFL Players' Medical Exam Results Exposed by Laptop Theft

The unencrypted laptop held copies of the medical exam results for all NFL Combine attendees for the past 13 years.