The vulnerability could enable a remote attacker to read or modify any file on an ANTlabs InnGate device, according to Cylance researchers.
That's an 18 percent increase over the previous year in vulnerabilities found, according to Secunia.
An undisclosed number of users were told their passwords 'could have been captured in clear text by malicious code.'
The SSL/TLS certificate authority system's frailty is again exposed, as an unauthorized certificate is issued for Google.
The malware installs a keylogger and scans the infected device's memory for credit card data.
The vulnerability allowed attackers to access any HHonors account simply by knowing or guessing the account number.
One third of IT professionals surveyed said they've experienced more security breaches with the public cloud than with on-premise applications.
The hackers may have accessed the personal, financial and medical information of as many as 11 million people.
The North Korean government called the accusation 'a false judgement by an idiot.'
Names, Social Security numbers, birthdates, phone numbers and home addresses were accessed.
Two separate hacker groups recently threatened to release sensitive data unless ransoms were paid.
And 64 percent of enterprise respondents said they expect that pressure to grow in the coming year.
Among those arrested is a 23-year-old man suspected of involvement in a June 2014 cyber attack on the U.S. Department of Defense.
Dropbox patches flaw that could have exposed users to risk.
From Texas to North Carolina, several cases have demonstrated the challenge of protecting patient and employee information.
The company repeatedly refused to allow the OIG to conduct vulnerability scans of its systems.
79 percent of respondents to a recent survey said ensuring that partners comply with their security requirements is a top priority in the coming year.
An undisclosed number of customers' payment card data may have been accessed.
Hotels in Boston, Las Vegas, Miami, New York and Washington, D.C., are likely affected.
Among the issues uncovered by the GAO is 'significant interconnectivity' between the National Airspace System (NAS) and non-NAS systems.
A recent study found that white hat hackers were successful in 88 percent of attempts to visually hack sensitive information.
The company says 'some limited information we have about some of our customers could have been accessed in violation of our security procedures.'
HyTrust president Eric Chiu suggests the total cost could eventually exceed $1 billion.
Two thirds of CIOs and CISOs say senior leaders in their organization don't view cyber security as a strategic priority.
The data potentially exposed includes names, addresses, phone numbers and Social Security numbers.
Avast debuts free Business Anti-Virus, but what's the catch?
The company says it had no knowledge of any access, and believes its products are secure.
It's not yet clear how much data the attackers have taken.
The company says it has investigated the software and hasn't found 'any evidence to substantiate security concerns.'
The group's tools are capable of reprogramming hard drive firmware, allowing infections to survive disk formatting and OS reinstallation.
Software allows users to leverage their existing Active Directory infrastructures to enhance Hadoop security.
That's a 78 percent increase from the previous year, according to Gemalto.
Banks were infected for between two and four months, with $2.5 million to $10 million stolen in case.
Infection rates for Android devices are now equal to those of Windows laptops, according to Alcatel-Lucent's Motive Security Labs.
According to iSIGHT Partners, the hackers were part of a Chinese group called the Codoso Team or the Sunshop Group.
The FBI is investigating the attack.
Voice commands are forwarded to third-party service provider Nuance Communications.
The report, from U.S. Senator Edward Markey, is based on 16 automakers' responses to questions regarding tracking systems and security.
All the affected locations are run by franchise operator White Lodging Services.
As many as 80 million names, birthdates, Social Security numbers, street addresses and email addresses may have been accessed.
Book2Park is the third airport parking site to be breached in as many weeks.
Patient names, addresses, birthdates, medical record numbers and Social Security numbers may have been accessed.
Victims range from home healthcare patients to pediatric eyewear customers.
'An attacker could shut down over 5,300 fueling stations in the United States with little effort,' says Rapid7's HD Moore.
After paying out $1.5 million in bug bounties in 2014, Google is boosting payments for ongoing security research.
Foreign companies selling equipment to Chinese banks will also be required to disclose source code and submit to audits, the New York Times reports.
A recent survey also found that 59 percent of U.S. IT decision makers believe privileged users pose the greatest threat to their organizations.
Rahul Sasi has tested the malware on the DJI Phantom and Parrot AR.Drone 2.0.
While the hackers claim to have accessed customer data, the airline says 'user data remains secured.'
Credit card numbers and Social Security numbers appear to have been accessed.
Brown was also ordered to pay $890,000 in restitution.
Google pays out $88,500 in bug bounties, with the largest browser security update yet in 2015. In all, Google fixed 62 different security flaws.
Security budgets increased by an average of 34 percent in the year following the Target breach, according to the Ponemon Institute.
'An attacker who controls that dongle has full control of the vehicle,' says Digital Bond Labs' Corey Thuen.
Dell SecureWorks has outlined a list of steps for organizations to take to mitigate the threat.
The bill would expand the definition of private data, and would require all entities that collect and/or store such data to have safeguards in place.
Both companies recently began notifying customers of the breaches, which took place late last year.
The hackers briefly posted threats on Twitter before the accounts were suspended and returned to CENTCOM's control.
Affected customers had apparently reused their passwords on other sites that had been breached.
The Personal Data Notification and Protection Act would require that consumers be notified of all breaches within 30 days.
The company will pay a fine of $106,000, and will comply with a list of improved security requirements.
The websites of the German chancellor and foreign ministry were both attacked by the CyberBerkut hacker group.
Over $5 million in bitcoins appear to have been stolen.
A former financial adviser allegedly stole 10 percent of the company's 3.5 million Wealth Management customers' account information.
'After this talk, politicians will presumably wear gloves when talking in public,' Jan Krissler said.
The breach may have lasted from December 2, 2013 to September 30, 2014.
Credit cards used on the airport parking service's website were recently found for sale online.
The aim, according to the Bureau, is to 'protect our nation and the American people from the rapidly evolving cyber threat.'
The researchers say a former employee or employees may have joined forces with pro-piracy hacktivists to attack the company.
FireEye CTO Dave Merkel details his firm's latest additions and offers some security predictions for 2015.
The attack caused 'massive damage to the whole system,' according to Germany's BSI.
The bank's security team had failed to implement two-factor authentication on one of its network servers.
While Apple introduced the technology to do so two years ago, this was the first time it was used.
The vulnerability has been in place since 2002.
Centralized Zone Data System users' names, addresses, email addresses, phone numbers, usernames and hashed passwords may have been accessed.
An NSC spokesperson says the U.S. is 'considering a range of options in weighing a potential response.'
A significant number of credit cards that were recently used at Park 'N Fly locations are now being offered for sale online.
A SailPoint survey also found that 66 percent of employees still had access to corporate data via cloud apps after leaving their jobs.
Social Security numbers and credit card numbers may have been accessed.
Kevin Mandia said no company 'could have been fully prepared' for the attack.
The lawsuit alleges that Comcast's new wireless routers increase electricity costs, degrade performance, and subject customers to security risks.
Cardholder data may have been exposed in plain text from November 5, 2009 to September 24, 2014.
Both password managers recently added functionality that automates the process of changing your passwords on popular websites.
The same group launched a similar attack on Sony just over three months ago.
The new unit will operate within the department's Computer Crime and Intellectual Property Section.
It's not yet clear whether the breach is still ongoing, or how long it lasted.
Details on charitable donations and home addresses were sent to a reporter by mistake.
The FBI warning appears to refer to last week's cyber attack on Sony Pictures Entertainment.
The group has targeted more than 100 leading companies since mid-2013, according to FireEye.
Victims included the Chicago Tribune, CNBC, the Dallas Morning News, the Los Angeles Times, the Guardian and the Independent.
The company also says it 'expects to incur significant legal and other professional services expenses associated with the data breach' in the future.
Debit card accounts at Scotiabank, Banco Popular and FirstBank were compromised.
The company's corporate networks and email were taken offline following the attack.
According to the Guardian, the leading suspects are the U.S., the U.K., or Israel.
Google isn't just about search anymore. In recent weeks it has announced multiple security projects including Santa for Mac.
The number of attacks exceeding 10 Gbps grew by 38 percent from Q2 to Q3 2014.
The Trojan looks for processes linked to KeePass, Password Safe, and the neXus Personal Security Client.
Data from an Excel spreadsheet containing 9,250 asylum seekers' personal information was mistakenly embedded in a Word document published online.
2.7 million Turkish cardholders' names, HSBC account numbers, card numbers and expiration dates were exposed.
In response to the breach, the department's entire unclassified email system was shut down, with duty officers using Gmail accounts to communicate.
Verizon, however, is continuing to insert the tracking data into its customers' Web traffic.
IBM has patented an invention that will help global businesses navigate complex regulatory landscape for cloud data.
NOAA didn't acknowledge the breach until weeks after the fact, according to the Washington Post.
Microsoft buys Aorato, the company that earlier this year disclosed a critical vulnerability in Microsoft's security.
The campaign targets corporate executives via hotel Wi-Fi networks.
The hacker leveraged his access to send an email to customers claiming the service was shutting down.
The Washington Post reports that Chinese government hackers are believed to have been responsible for the attack.
The company has also acknowleged that the attackers leveraged a third-party vendor's user name and password to access Home Depot's network.
The malware has already been downloaded more than 350,000 times.
'With just a mobile phone, we created a PoS terminal that could read a card through a wallet,' says lead researcher Martin Emms.
An employee improperly accessed an undisclosed number of customers' names, account numbers and Social Security numbers.
'You should proceed under the assumption that every Drupal 7 website was compromised,' a security advisory warns.
The email addresses of an undisclosed number of participants in CurrentC's pilot program were stolen.
While the unclassified network was breached, officials say there's no indication at this point that any data on the classified network was accessed.
That's an increase of more than 600 percent from 2012, according to state attorney general Kamala Harris.
Just 19 percent of IT pros are confident they know about all cloud computing applications, platforms or infrastructure in use in their organizations.
The number of Backoff infections increased by 57 percent from August to September 2014, according to Damballa.
The Electronic Frontier Foundation's Jacob Hoffman-Andrews says AT&T and Sprint may be using similar headers as well.
Those affected were notified two weeks after the breach was discovered.
A folder containing billing information was mistakenly left accessible online.
Potentially affected locations include seven in Pennsylvania, three in New York City, and one in New Jersey.
All Chinese visitors to iCloud.com are being directed to a fake page designed to steal login credentials.
The number of cyber attacks per week surged by 176 percent over the past five years, according to the Ponemon Institute.
'Bottom line, it's time to kill passwords,' says Centrify CEO Tom Kemp.
Twitter immediately disabled SSL 3.0 support following the disclosure.
Dropbox says it wasn't hacked, and that any stolen login credentials came from breaches at other sites.
The company says the infection came from 'a new form of malware that was undetectable by current anti-virus systems.'
Almost 400 locations are affected, exposing customer names, payment card numbers and expiration dates.
FireEye Turns Its Attention to SCADA industrial control systems.
Additional targets included Citigroup, HSBC, E*Trade, Regions Financial, ADP and Bank of the West, though it appears that no data was stolen.
Account numbers and balances were exposed, along with detailed instructions on how to authorize new bank accounts for deposits.
The guidance is intended to help device manufacturers mitigate security risks.
Veracode CEO explains what his company is doing now as he heads toward a public offering.
An employee inappropriately accessed Social Security numbers, driver's license numbers, and Customer Proprietary Network Information (CPNI).
'You were affected if you used the following Web or mobile services: Chase.com, JPMorganOnline, Chase Mobile or JPMorgan Mobile,' the company says.
Lacoon researchers describe the iOS version of the malware as the 'first iOS Trojan linked to Chinese government cyber activity.'
Payment card account numbers may have been accessed, along with some cardholder names and expiration dates.
Mark Reuss, GM's vice president of global product development, says it's crucial to look at vehicle technology 'on a critical systems level.'
Malware was installed on 23 company computers, seven of which were found to be sending data to a server in Hong Kong.
Point-of-sale systems vendor Signature Systems says 108 independent restaurant locations are also affected.
The flaw could 'allow a remote attacker to execute arbitrary code on an affected system,' according to US-CERT.
Attacks by disgruntled employees have cost companies as much as $3 million, according to a recent alert.
880,000 customers' credit card information may have been exposed, along with another 560,000 customers' email addresses and encrypted passwords.
The data was mistakenly made accessible via Google searches between December 2013 and April 2014.
The company says the cybercriminals had 'unique, custom-built malware' in place from April to September 2014.
According to a recent Senate report, the U.S. Transportation Command was aware of only two of those breaches.
Godswill Oyegwa Uyoyou allegedly provided a group of co-conspirators with access to Skye Bank's computer systems.
According to the New York Times, more than 90 of the bank's servers were affected by the breach.
That's true despite the fact that a third of healthcare employees work outside the office or clinic at least once a week, according to Forrester.
Six former Saks Fifth Avenue employees have been charged with grand larceny and identity theft.
- Feb 2015
- Jan 2015
- Dec 2014
- Nov 2014
- Oct 2014
- Sep 2014
- Aug 2014
- Jul 2014
- Jun 2014
- May 2014
- Apr 2014
- Mar 2014
- Feb 2014
- Jan 2014
- Dec 2013
- Nov 2013
- Oct 2013
- Sep 2013
- Aug 2013
- Jul 2013
- Jun 2013
- May 2013
- Apr 2013
- Mar 2013
- Feb 2013
- Jan 2013
- Dec 2012
- Nov 2012
- Oct 2012
- Sep 2012
- Aug 2012
- Jul 2012
- Jun 2012
- May 2012
- Apr 2012
- Mar 2012
- Feb 2012
- Jan 2012
- Dec 2011
- Nov 2011
- Oct 2011
- Sep 2011
- Aug 2011
- Jul 2011
- Jun 2011
- May 2011
- Apr 2011
- Mar 2011
- Feb 2011
- Jan 2011
- Dec 2010
- Nov 2010
- Oct 2010
- Sep 2010
- Aug 2010
- Jul 2010
- Jun 2010
- May 2010
- Apr 2010
- Mar 2010
- Feb 2010
- Jan 2010
- Dec 2009
- Nov 2009
- Oct 2009
- Sep 2009
- Aug 2009
- Jul 2009
- Jun 2009
- May 2009
- Apr 2009
- Mar 2009
- Feb 2009
- Jan 2009
- Dec 2008
- Nov 2008
- Oct 2008
- Sep 2008
- Aug 2008
- Jul 2008
- Jun 2008
- May 2008
- Mar 2008
- Nov 2007
- Oct 2007
- May 2006
- Apr 2006
- Mar 2006
- Nov 2005
- Oct 2005
- Sep 2005
- Aug 2005
- Jul 2005
- Jun 2005
- May 2005
- Apr 2005
- Mar 2005
- Feb 2005
- Jan 2005
- Dec 2004
- Nov 2004
- May 2004
- Apr 2004
- Mar 2004
- Feb 2004
- Jan 2004
- Dec 2003
- Nov 2003
- Oct 2003
- Sep 2003
- Aug 2003
- Jul 2003
- Jun 2003
- May 2003
- Apr 2003
- Mar 2003
- Feb 2003
- Jan 2003
- Dec 2002
- Nov 2002
- Oct 2002
- Sep 2002
- Aug 2002
- Jul 2002
- Jun 2002
- May 2002
- Apr 2002
- Mar 2002
- Feb 2002
- Jan 2002
- What are the top Android security apps?
- What are the top Android security risks?
- What are today's top cyber threats?
- What's the most secure way to delete data?
- How does hard drive encryption work?
- Is old software inherently insecure?
- Are Macs immune to malware?
- How can BYOD risk be managed?
- Which web browser is the most secure?
- How do I protect my iOS device?
- What are the top iPhone security apps?
- How do I secure my wireless network?
- Are public Wi-Fi hotspots safe?