Security News

United Nations Web Site Hacked

Members of TeaMp0isoN found several vulnerabilities in the un.org Web site.

Google Wallet Hacked

The hack doesn't require any extra software or root access.

FTC Faces Lawsuit Over Google Privacy Update

EPIC is trying to block the planned changes to Google's privacy policy, which are scheduled to go into effect on March 1.

Researchers Warn of Rapidly Spreading Citadel Malware

Seculert researchers first uncovered signs of a Citadel botnet on December 17 of last year.

Microsoft to Patch 21 Security Flaws on Valentine's Day

Four of of the nine security bulletins are rated critical.

Researchers Uncover Largest-Ever Android Botnet

The botnet contains more than 100,000 compromised devices.

Chinese Researchers Publish Android Zero Day Flaws

Several of the vulnerabilities could allow an attacker to access personal data on an Android device.

Anonymous Hackers Hit Boston Police Department

The attack was launched in retaliation for the December eviction of Occupy Boston protestors.

Israeli Hackers Disable Hamas Web Site

The site was taken down by members of the 'IDF Team.'

Foxconn Hacked

Login credentials were published on The Pirate Bay.

Google Chrome 17 Improves Security

The new browser release advances the Safe Browsing API and fixes at least 20 security flaws.

STRATFOR Sued Over Security Breach

The class action lawsuit seeks more than $50 million in damages.

Serious Security Flaw Found in Google Wallet

The PIN can be cracked in seconds, providing access to credit card numbers and the transaction history.

Anonymous Hackers Publish Oakland Officials' Private Data

The data was published in response to a recent crackdown on Occupy Oakland protestors.

Faronics Enhances Anti-Virus Solution

The company says the changes were made in response to customer demand and the evolving threat landscape.

Flash Player Sandbox Comes to Firefox

Adobe debuts new beta Flash Player with security sandbox for Firefox. Will it make the web more secure?

Indiana Hospital Suffers Security Breach

Compromised data includes names, addresses and social security numbers.

Privacy Flaw Found in Path for iOS

The app uploads a user's entire address book without requesting permission to do so.

Anonymous Hackers Hit Syrian Government Server

The hackers published 78 passwords, as well as hundreds of e-mails.

Vendors Report Surge in DDoS Attacks

According to Prolexic, the number of attacks more than doubled between the third and fourth quarters of 2011.

Trend Micro Warns of New SendSpace Trojan

The malware harvests Word and Excel files from victims' computers.

RealPlayer 15.02.71 Patches Critical Flaws

The update addresses seven remote code execution vulnerabilities.

U.S. Commerce Department Infected with Malware

The virus attack, first discovered on January 20, is currently under investigation.

Motorola Acknowledges Xoom Tablet Privacy Lapse

More than 100 refurbished Xoom tablets were sold without wiping the previous user's data.

Major Security Flaw Found in TRENDnet Cameras

Live feeds from the company's SecurView devices have been accessible online.

Anonymous Hackers Publish pcAnywhere Source Code

The source code was recently released on The Pirate Bay.

Passware Cracks Apple's FileVault Encryption

The solution requires physical access to a targeted machine.

Anonymous Hackers Hit Brazilian Banks

The Brazilian branch of Anonymous has attacked Bradesco, Itau, Banco de Brasil and HSBC.

Daily Mail Hacked

TeaMp0isoN has claimed responsibility for the attack.

Germany Says Chrome is Most Secure Browser

The government's Federal Office for Information Security recommends that users of Windows 7 choose Chrome.

Marriott Hacker Gets 30 Months in Jail

Attila Nemeth will also serve three years of supervised release following the prison term.

Anonymous Hackers Leak Info on Haditha Massacre

The data includes transcripts of testimony, evidence from the trial, and defense donation records.

Blacknight Hit by Security Breach

The breach on January 31 may have exposed client phone numbers and e-mail addresses.

Palin Hacker Loses Appeal

David Kernell lost his appeal to have his conviction for obstruction of justice thrown out.

Salt Lake Police Hacked by Anonymous

The attack was launched in response to a proposed anti-graffiti bill.

Oracle Patches Security Flaw Affecting Three Products

A remote user could exploit the vulnerability to affect a system's availability.

Google Adds Malware Scan for Android Apps

The new service, called Bouncer, scans apps for malware, spyware and Trojans.

Anonymous Hackers Publish FBI Conference Call

The 17-minute call between the FBI and Scotland Yard was released on YouTube.

DNS Changer Malware Infects Half of Fortune 500 Firms

Internet Identity is warning that infected machines are blocked from installing software updates or activating security software.

Netfleet Hacked

The hackers may have accessed customers' names, e-mail addresses, mailing addresses, phone numbers and encrypted credit card numbers.

U.S., China Lead in Global Hacking Attempts

The two countries account for 38.3 percent of all hacking attempts worldwide.

Mac OS X Updates Patch 51 Vulnerabilities

Forty of the security flaws could enable arbitrary code execution.

VeriSign Was Hacked in 2010

The company has acknowledged that data was stolen.

HTC Patches Wi-Fi Security Flaw in Android Phones

The vulnerability could allow an attacker to view all Wi-Fi user names, passwords and SSID information stored on a device.

WatchGuard Announces XTM 33 Security Appliance

The new appliance is designed to provide small businesses with improved intrusion prevention, spam blocking and gateway anti-virus functionality.

Fairfax Media Sites Hacked

The hackers say they were able to access names, addresses, dates of birth and credit card information.

Kelihos Botnet Returns

According to Kaspersky, many infected computers are once again under the botnet's control.

Report: Minimal Readiness for Cyber Attacks Worldwide

McAfee and SDA say greater cooperation is needed between countries.

Trusteer Warns of New Online Banking Malware

The new versions of Ice IX redirect customers' phone calls to attacker-controlled numbers.

Facebook Sues Adscend Over Malware, Spam

The company says Adscend Media spread malware on the social networking site and stole users' personal information.

Scottish Council Faces Record Fine for Security Breaches

The Midlothian Council has been fined £140,000 for five separate data breaches.

Samba Gets Security Update

Version 3.6.3 patches a flaw that could be exploited to cause a denial of service.

Fifteen Companies Announce E-mail Security Standard

The DMARC framework is intended to protect e-mail at the domain level.

20-Year-Old Romanian Hacker Arrested

Razvan Manole Cernaianu, allegedly known as 'TinKode,' is accused of stealing data from NASA and Pentagon servers.

High School Hackers Arrested for Changing Grades

Three juniors at Palos Verdes High School are accused of hacking into their school's grading system.

Hackers Infect WordPress Web Sites

More than a hundred sites have been compromised, according to Websense.

Malware Uses Google+ Plug-In As Lure

The malware is disguised as a plug-in for Google+ Hangouts.

Cisco Warns of Vulnerability in Security Appliances

Users are advised to deactivate telnet services in order to mitigate the vulnerability.

MetaFlows Intros SaaS Security System

The solution combines local software with a cloud-based service.

Alleged Kelihos Botnet Creator Proclaims Innocence

Andrey Sabelnikov has posted a statement online saying he has no connection to Kelihos or spam.

Cyber Security Market to Exceed $61 Billion in 2012

Visiongain anticipates an increase in public-private partnerships across several cyber security sectors.

New Malware Targets Windows Media Player Vulnerability

Researchers at Trend Micro have found malicious HTML designed to exploit the flaw.

Anonymous Hackers Target European Parliament

The site was taken down yesterday by a distributed denial of service attack.

Sourcefire FireAMP Brings Big Data Analytics to Enterprise Security

Large data sets offer new ways to track malware across a network.

Symantec Tells Users to Disable pcAnywhere, Cites Threat from Anonymous

In the wake of a threat by Anonymous to expose Symantec source code, the company advises customers to stop using pcAnywhere -- but says its antivirus software products are not at risk.

Iranian Government Web Sites Hacked

Members of 'IDF Team' launched the attack in retaliation for an assault on Israeli sites on Wednesday.

Symantec Warns of Massive Android Malware Campaign

The malware was found in 13 different apps on the Android Market.

Alleged EDF Hackers Arrested in France

The three men are accused of involvement in a cyber attack on the French energy firm.

University of Hawaii Settles Security Breach Lawsuit

As part of the agreement, the university will provide victims with two years of credit and fraud protection services.

McAfee Updates Mobile Security App

Version 2.0 adds control over app permissions, as well as call and text messaging filters.

Hackers Take Down Israeli Web Sites

Targets included the Ha'aretz newspaper and the Sheba Medical Center.

New European Privacy Rules Introduced

Under the new rules, fines can be as much as two percent of a company's global annual turnover.

Opera 11.61 Patches Security Flaws

The update addresses a high severity XSS vulnerability, as well as a low severity issue.

Security Flaws Found in WordPress Setup

Because the flaws are in an installation script, WordPress claims there's very little risk of their being exploited.

Google Updates Privacy Policy

Users will not be able to opt out of the new policy.

O2 Acknowledges Security Lapse

For the past two weeks, the carrier provided its users' phone numbers to every Web site they visited.

Joomla! Open Source CMS Gets Security Update

Version 2.5.0 fixes two medium priority XSS vulnerabilities and two low priority information disclosure flaws.

Zappos Sued Over Security Breach

Texas resident Theresa Stevens has filed a class action lawsuit claiming the company failed to protect customers' personal information.

Free Malware Analysis Tool Released

The 'Malwr' tool is a front end for the Cuckoo malware analysis sandbox.

NY Public Service Commission Acknowledges Security Breach

Almost two million customers' personal information was exposed.

Hackers Disrupt U.S. Rail Service

An unidentified railroad 'was slowed for a short while' in December of last year.

Anonymous Hackers Target Irish Government Sites

The government has confirmed that several servers came under attack last night.

Polish Government Sites Hacked

The attacks were launched to protest Poland's plan to support the Anti-Counterfeiting Trade Agreement.

Chrome 16 Gets Security Update

The update patches four 'high severity' vulnerabilities.

Sourcefire Intros FireAMP Anti-Malware Solution

The technology behind FireAMP came from Sourcefire's acquisition of Immunet in January of 2011.

OnGuardOnline.gov Hacked

The hackers say they accessed passwords, bank account information and online dating details.

Microsoft IDs Alleged Kelihos Botnet Creator

The company says Andrey Sabelnikov was running the botnet.

Twitter Buys Anti-Malware Company Dasient

The acquisition follows Twitter's purchase of Whisper Systems in November of last year.

iPad 2, iPhone 4S Hacked

The dual-core A5 chip presented a particular challenge to the hackers.

Pwn2Own 2012 Gets Serious About Security Vulnerabilities

The HP-sponsored hacking challenge revises its rules in an effort to expose even more vulnerabilities.

Researchers Demo SCADA Security Flaws

The flaws range from privilege escalation bugs to denial of service vulnerabilities.

Researcher Links Gameover Malware to Zeus Trojan

Don Jackson says Gameover is a 'private version' of Zeus.

Researchers Hack Into Corporate Conference Rooms

The researchers were able to listen in on meetings and control a camera remotely to read information on documents.

DreamHost Hacked

The Web host says customers' billing and personal information were not exposed.

Anonymous Hackers Hit CBS.com, UniversalMusic.com

Following the attack, nothing remained of the official Web site for CBS except an index page with a single file.

Phishing Campaign Targets Seattle Government Employees

Hundreds of people with seattle.gov e-mail addresses recently received phishing e-mails.

OpenSSL Update Patches DoS Security Flaw

Versions 0.9.8t and 1.0.0g patch a vulnerability that was introduced with the release of a previous security update on January 6.

Grindr Hacked

A hacker has discovered a way to access members' profiles.

SafeNet Intros eToken 3500 for Online Banking Security

The device uses an optical sensor to read transaction details from the user's screen, then generate an electronic signature.

AnchorFree Adds Malware Protection to HotSpot Shield

A recent update to the VPN client added a malware site guard.

Anonymous Hackers Retaliate for Megaupload Takedown

The hackers took down Web sites belonging to the FBI, DoJ, MPAA and others.

Security Expert Warns of Online Banking Vulnerability

Yash K.S. has published a video demonstrating a man-in-the-browser attack capable of manipulating HSBC Bank transactions in real time.

Hacker Leaks Thousands of Facebook Passwords

The hacker claims to have login info for more than 30 million users.

UAE Central Bank Site Hacked

The bank's Web site was taken down by a group calling itself 'IDF Team.'

Imperva Warns of XSS Vulnerability in IE

Microsoft says the problem is not considered a vulnerability.

Romanian Hacker Sentenced for NASA Security Breach

Robert Butyka received a three-year suspended sentence, with a probation period of seven years.

Koobface Botnet Goes Offline

The botnet's command and control server was taken offline, according to a Facebook official.

Secunia Shortens Deadline for Vulnerability Disclosures

The research firm has reduced its deadline from one year to six months.

Information Security Masters Program Launched

The new program at City University London is intended to help security professionals bridge the gap between security and business.

NYT IDs Five Koobface Botnet Suspects

All five are Russians living in St. Petersburg.

Israeli Hackers Target Arab Stock Exchange Sites

The hackers say the attack was in retaliation for recent cyber attacks on Israel's Tel Aviv Stock Exchange, El Al Airlines and other sites.

Father, Son Charged with Fraud, Hacking, Identity Theft

Vladimir and Kirill Zdorovenin are accused of stealing hundreds of thousands of dollars through credit card theft and stock manipulation scams.

New Trojan Variant Targets Facebook Users

A new version of the Carberp Trojan demands login information and $25 to unlock the victim's Facebook account.

Oracle Patches 78 Security Flaws

The first Critical Patch Update of 2012 tackles a long list of issues, but only two patches apply to Oracle's namesake database.

F-Secure Sees Surge in New Mac Malware

The company found 58 new Mac threats between April and December of 2011.

Brazilian Hackers Offer to Teach Cybercrime Skills

Kaspersky Lab says courses are available in hacking, defacing, spamming and more.

Symantec Admits Its Own Network Was Hacked

The company had initially blamed a third party for the security breach.

National Security Agency Releases Security Enhanced Android

SE Android is designed to improve upon Android's application security model.

Hackers Steal $6.7 Million from South African Bank

Cybercriminals transferred money from other customers' accounts into their own in early January.

Security Flaw Found in McAfee SaaS Endpoint Protection

The problem was reported by McAfee customers, who found that their IP addresses were being blacklisted for sending spam.

City College of San Francisco Infested with Malware

At least seven viruses were recently detected that had been in place since 1999.

CoveritLive Hacked

The company says no financial information was compromised.

Fortinet Announces New Security Appliances

The company has also introduced several enhancements to the FortiWeb 4.0 MR3 operating system.

Tel Aviv Stock Exchange, El Al Hacked

The Web sites were shut down, but trading and flights were unaffected.

TeaMp0isoN Hackers Hit T-Mobile

Staff and administrator names, e-mail addresses, phone numbers and passwords were leaked.

Zappos Security Breach Affects 24 Million

Names, e-mail addresses, phone numbers and password hashes were exposed.

Oracle to Patch 78 Security Flaws

Twenty-seven of the vulnerabilities are in the MySQL database.

WEF: Cyber Attacks Lead Global Risks

The World Economic Forum says cyber attacks are among the most likely global risks to occur over the next decade.

Netherlands Announces National Cyber Security Center

The center, based in The Hague, is intended to coordinate information and expertise between government agencies.

Kaspersky Warns of New Facebook Chat Phishing Attack

The messages contain a link to an external phishing page that asks for the victim's name, e-mail, password and more.

Sykipot Malware Targets DoD Smart Cards

A new version of the malware is designed to steal smart card credentials from users at the U.S. Department of Defense and other organizations.

Malware Steals Data from Japanese Space Agency

Information about the space agency's unmanned H-2 Transfer Vehicle may have been compromised.

PHP Gets Security Update to Patch DoS Vulnerabilities

Version 5.3.9 patches two security flaws.

Vermont Department of Taxes Acknowledges Security Lapse

Social security numbers and federal ID numbers were posted online.

FTC, Upromise Settle Over Security Concerns

Customer data was transmitted unencrypted.

NYU, Banks to Establish Cyber Security Center

The plan is for banks to share information with the center, which will then analyze the data to look for suspicious activity.

BlackBerry PlayBook Security Vulnerability Found

Intrepidus Group researchers recently discovered a way to listen in on the connection between the PlayBook and a BlackBerry smartphone.

STRATFOR Admits Credit Card Data Wasn't Encrypted

Company CEO George Friedman attributed the oversight to the company's rapid growth.

Department of Energy to Examine Power Grid Cyber Security

The DOE recently unveiled the Electric Sector Cybersecurity Risk Management Maturity project.

Wireshark Updates Patch Several Security Flaws

Versions 1.4.11 and 1.6.5 of the open source network protocol analyzer were recently released.

Sophos Warns of FDIC Malware

The malware is being distributed in zip files attached to fake FDIC e-mails.

Spammers Target Mobile Users with QR Codes

According to Websense researchers, the method offers the 'ultimate URL obfuscator.'

Symantec Warns of New Android Trojan

Android.Qicsomos is a modified version of an open source solution designed to detect Carrier IQ on a mobile device.

Hackers Publish Logins for Israeli SCADA Systems

A list of addresses and logins for several systems was posted today on Pastebin.

German Police Hack Was Retaliation for Father Spying on Daughter

A friend of the girl's discovered that her father had planted a Trojan on her computer.

Anonymous Hackers Target Finland for Blocking The Pirate Bay

The Web sites for two Finnish anti-piracy organizations were taken down by DDoS attacks.

Pro-Israel Hackers Target Saudi Arabian Web Sites

The hackers are threatening to publish thousand of Saudi shoppers' credit card numbers.

Microsoft Warns of Malware Disguised as Beta Version of PC Games

The malware poses as betas of Defense of the Ancients 2 and Diablo III.

Microsoft Patches SSL BEAST

In the first Patch Tuesday of 2012, Microsoft fixes an old issue and warns about a new security bypass risk.

U.S. Expels Venezuelan Diplomat for Planning Cyber Attacks

Livia Antonieta Acosta Noguera was given 72 hours to leave the country.