Security News 

Credit Card Breach Hits All Eddie Bauer Stores in U.S., Canada

Names, card numbers, security codes and expiration dates were accessed.

Sage Employee Arrested for Insider Breach

The breach may have exposed the personal information of employees at 280 companies.

Point-of-Sale Breach Hits Hyatt, Marriott, InterContinental, Starwood Hotels

Customer names, account numbers, expiration dates and verification codes may have been accessed.

How to Hide Malware with a Digitally Signed Executable

Deep Instinct reveals flaw that could potentially enable a security certificate bypass in Microsoft applications.

MICROS Hackers Hit Five More POS Companies

The hackers targeted weaknesses in the vendors' servers, then attempted to steal login information and use it to access retailers' POS systems.

62 Percent of Employees Have Access to Data They Shouldn't Be Able to See

And 76 percent of organizations have experienced the loss or theft of data in the past two years, a recent survey found.

Russian Hackers Hit Oracle's MICROS POS

It's not yet clear how many customers may be affected.

Advocate Health Care to Pay Record-Breaking $5.55 Million Fine for Data Breach

'We hope this settlement sends a strong message,' OCR director Jocelyn Samuels said.

3.7 Million People Affected by Massive Data Breach at Banner Health

A wide range of information was exposed, from credit card numbers to patient data.

71 Percent of IT Pros Say Cyber Security Skills Shortage Causes Damage to Organizations

And 82 percent admit to a shortage of cyber security skills, a recent survey found.

88 Percent of All Ransomware Targets the Healthcare Sector

The education sector comes second at 6 percent, according to a recent report.

Authentic8 Advances Disposable Browser Security Model

Scott Petry, co-founder and CEO of Authentic8, talks about his past with Postini and how his new startup is the future of online security. [VIDEO]



Only a Third of All Sensitive Data Stored in Cloud Apps is Encrypted

And 54 percent of IT pros said it's more difficult to protect confidential or sensitive information when using cloud services, a recent survey found.

O2, Kimpton Hotels Investigate Data Breach Claims

The O2 breach appears to have been caused by password reuse, while the Kimpton breach leveraged point-of-sale malware.

Clash of Kings Data Breach Exposes 1.6 Million Accounts

The exposed data includes user names, email addresses, IP addresses, device identifiers, Facebook data, and hashed and salted passwords.

20 Percent of Organizations Fail to Change Default Passwords on Privileged Accounts

And 50 percent don't audit privileged account activity, a recent survey found.

U.S. Dept. of Health and Human Services Publishes New Guidance on Ransomware

'Organizations need to take steps to safeguard their data from ransomware attacks,' says Office for Civil Rights director Jocelyn Samuels.

External Cyber Attacks Cost the Average Enterprise $3.5 Million a Year

Still, 79 percent of companies lack comprehensive strategies to detect and mitigate such attacks, a recent survey found.

58 Percent of Businesses in the U.K. Were Breached in the Past Two Years

And just 25 percent are completely confident in their ability to handle security incidents, a recent survey found.

Omni Hotels, Noodles & Company, NC State Acknowledge Data Breaches

The three recent breaches exposed thousands of customers' personal and payment card information.

1,025 Wendy's Locations Impacted by Credit Card Breach

The attacks appear to have been enabled by the theft of third-party service providers' remote access credentials.

50 Percent of SMBs Were Breached in the Past Year

And just 14 percent of SMBs see their ability to mitigate cyber attacks as highly effective, a recent survey found.

Less Than a Third of Companies Have Cyber Security Experts in Their IT Departments

And 67 percent of IT professionals have no cyber security certifications, a recent survey found.

Massachusetts General Hospital Suffers Third-Party Data Breach

Approximately 4,300 patients' names, birthdates and Social Security numbers were exposed.

Massive IoT DDoS Attack Leverages 25,513 CCTV Cameras

The cameras, located in 105 countries, delivered as many as 50,000 HTTP requests per second.

Massive Ransomware Attack Hits Millions of Microsoft Office 365 Users

Approximately 57 percent of all organizations using Office 365 were hit by the attack.

Hacker Selling 655,000 Stolen Medical Records for $700,000

The stolen records include full names, Social Security numbers, birthdates, mailing addresses and insurance information.

Cisco Gets into CASB Tech with $293M Purchase of CloudLock

Cisco broadens its cloud security business with $293 million acquisition of CloudLock, a provider of cloud access security broker (CASB) technology.

Carbonite, GoToMyPC Hit by Password Reuse Attacks

Both attacks leveraged email addresses and password stolen from other sites.

Wendy's Hit By Class Action Lawsuit Over Massive Credit Card Breach

The suit was filed by Veridian Credit Union on behalf of all U.S. financial institutions whose customers were affected by the data breach.

Acer Hacked

Names, addresses, credit card numbers, expiration dates and CVV codes were accessed.

Cisco Intros $10 Million Global Cyber Security Scholarship Program

The program is intended to increase the pool of available talent with cyber security skills.

BluVector Takes Aim at Security Bug Hunting

[VIDEO] Former top IBM security exec, Kris Lovejoy, now president of BluVector by Acuity discusses what her new firm's tech is all about.

Russian Hackers Hit Republican, Democratic Presidential Campaigns

Hackers breached the DNC's network. and targeted Trump's and Clinton's campaigns along with some Republican PACs.

27 Percent of Cloud Apps Present Significant Risks to the Enterprise

And the average organization's users connect 733 third-party cloud apps to the corporate environment, according to a recent report.

66 Percent of U.S. Adults Say They're Likely to Stop Doing Business with a Breached Company

And 21 percent are very likely to do so, a recent survey found.

Mitsubishi Highlander Hacked via Wi-Fi

Pen Test Partners researchers were able to disable the car's alarm remotely.

Majority of NFL Players' Medical Exam Results Exposed by Laptop Theft

The unencrypted laptop held copies of the medical exam results for all NFL Combine attendees for the past 13 years.

Myspace, Tumblr, Fling Breaches Exposed 465 Million Accounts

The data, all of it dating back to 2013 or earlier, is being offered for sale online.

40 Percent of IT Pros Say C-Suite Poses Greatest Risk to Information Security

The same percentage admitted having retained access to sensitive data after leaving a job, a recent survey found.

Unencrypted Laptops Expose Over 400,000 Patients' Medical Data

Far too many unencrypted laptops containing vast amounts of sensitive data are still being left in employees' vehicles.

Phishing Attacks Steal W-2 Info from Milwaukee Bucks, Saint Agnes Medical Center, Rockhurst University

Thousands of employees' tax information may have been stolen.

Healthcare Data Breaches Expose 65,000 People's PHI

The potentially exposed data includes names, addresses, Social Security numbers, birthdates, treatment information and health insurance information.

TeslaCrypt Ransomware Shuts Down, Releases Master Key

ESET has made a free decryption tool available to those affected.

LinkedIn Breach Exposed 117 Million User Accounts

The stolen database holds 167 million records, of which 117 million include email addresses and passwords.

52 Percent of Consumers Would Pay More for Products or Services with Better Data Security

And 72 percent now share less personal information with companies than they used to, a recent survey found.

SWIFT Acknowledges Major Malware Attack on Second Bank

The attack is 'part of a wider and highly adaptive campaign targeting banks,' according to SWIFT.

89 Percent of Healthcare Organizations Were Breached in the Past Two Years

And 45 percent were breached five or more times in the same period of time, a recent survey found.

Kroger, Wendy's, Kiddicare Suffer Data Breaches

The exposed data ranges from employee tax information to customer credit card data.

Anonymous DDoS Attacks Hit Central Banks of Cyprus, Greece, Netherlands

'[O]ur target is the Global Banking Cartel,' the hackers stated.

50 Percent of North American Companies Believe They're More Secure Than a Year Ago

Just 12 percent think they're less secure, a recent survey found.

Michigan Utility, German Nuclear Plant Infected with Malware

The system used to monitor fuel rods at the nuclear plant was infected with several viruses, and the utility was hit by a ransomware attack.

Hackers Breach Goldcorp, Lifeboat, Qatar National Bank

A wide range of data, from login credentials to employee payroll information, was exposed.

31 Percent of Developers See Software as Greatest Threat to IoT Security

And 90 percent of IT professionals believe the influx of IoT devices creates security and privacy issues in the workplace, recent surveys have found.

22 Percent of Data Breaches Are Caused by Compromised Credentials

And 65 percent of companies expect to suffer a breach due to compromised credentials int the future, a recent survey found.

94 Percent of IT Pros See Free Wi-Fi Hotspots as a Significant Security Threat

Sixty-two percent ban their mobile workers from using free Wi-Fi hotspots, a recent survey found.

Healthcare Data Breaches Expose 23,000 Patients' Personal Information

The data exposed includes names, addresses, birthdates, insurance information and Social Security numbers.

58 Percent of Employees Haven't Been Taught How to Use Cloud Apps Safely

And 39 percent haven't been informed of the risks of downloading cloud apps without IT's knowledge, a recent survey found.

City of Baltimore Investigates Possible Data Breach

Dozens of city employees' personal information was used to file fraudulent tax returns.

IBM Researchers Warn of New GozNym Banking Trojan

The malware has already been used to steal $4 million from banks in the U.S. and Canada.

FDIC Suffers Insider Breach

A former employee mistakenly downloaded 44,000 customers' personal information.

Breaches in Turkey, Philippines Expose 100 Million Citizens' Personal Data

A wide variety of personally identifiable information was accessed in both cases.

FBI Warns of Massive Surge in CEO Fraud Scams

Losses from such scams exceeded $2.3 billion between October 2013 and February 2016.

34 Percent of C-Level Executives Are Never Updated on Security Incidents

And 36 percent are only updated on a need-to-know basis, a recent survey found.

Leading New York Law Firms Hacked

A recent American Bar Association survey found that one in four law firms with at least 100 attorneys have experienced a breach.

MedStar Health Infected with Ransomware

'You can't schedule patients, you can't access records, you can't do anything,' an employee told the Washington Post.

Grand Ole Opry, Sprouts, Seagate Breached by Phishing Attacks

Thousands of employees' W-2 tax forms were accessed by attackers.

Hackers Breach Water Treatment Plant, Alter Chemicals in Water Supply

The hackers 'modified application settings with little apparent knowledge of how the flow control system worked,' according to a Verizon report.

Four Hospitals Infected with Ransomware

Despite what Kentucky Methodist Hospital described as an 'internal state of emergency,' none of the hospitals paid the ransoms demanded.

27 Percent of U.S. Employees Would Sell Their Passwords

And 32 percent admit sharing passwords with co-workers, a recent survey found.

Hackers Hit Bailey's, 1-800-Flowers, Rosen Hotels and Resorts

Names, payment card numbers, expiration dates, CVV codes, mailing addresses, email addresses and more may have been accessed.

Major Ransomware Campaign Hits Leading Websites Including MSN, BBC, AOL

Tens of thousands of users may have been infected in a matter of hours.

Hackers Steal $81 Million from Federal Reserve

An additional request for $20 million was halted because the hackers misspelled the word 'foundation.'

Skyport Systems Funding Tops $67M to Build Secure Servers

New $30 million funding round for security startup Skyport Systems includes participation of Google Ventures.

UK Regulator Ofcom Suffers Massive Insider Breach

Six years of sensitive data on TV companies may have been stolen by a former employee.

21st Century Oncology Notifies 2.2 Million Patients of Data Breach

Names, Social Security numbers, physicians' names, diagnoses, and treatment and insurance information may have been copied and transferred.

New KeRanger Ransomware Targets Mac OS X

The malware was signed with a valid Mac app development certificate.

Mobile Access to Corporate Data Surged 43 Percent in 2015

Fifty-six percent of data accessible on PCs is now also accessible on mobile devices, a recent survey found.

Data Breaches at Cox, Mansueto Expose Employees' Personal Info

Thousands of employees' personal information was accessed, according to news reports.

75 Percent of Execs, Board Members Don't Prioritize Recruiting Skilled Security Pros

And 35 percent don't know or aren't sure what legally constitutes a data breach in their state, a recent survey found.

IBM Buys Resilient Systems for Incident Response

Famous security expert Bruce Schneier will join IBM as part of Big Blue's acquisition of incident response specialist Resilient Systems.

Snapchat Breached by Spear Phishing Attack

An undisclosed number of employees' payroll information was accessed.

IoT Vulnerabilities Found in Nissan LEAF and in Wireless Keyboards, Mice

The MouseJack vulnerability and the security flaws in the LEAF are just the tip of the iceberg, according to a recent Pwnie Express survey.

ServiceNow Merges Security with Service Management

Security teams will benefit from its service management platform's workflow, automation, orchestration and systems management capabilities, says ServiceNow.

Devices Running Insecure Software: Study

Study of two million devices reveals that more than half are running outdated, vulnerable software.

95 Percent of U.S. Consumers Share Passwords With Others

And 25 percent share work-related passwords, a recent survey found.

45 Percent of IT Personnel Knowingly Circumvent Their Own Security Policies

And 33 percent have hacked their own or another organization, a recent survey found.

32 Percent of Companies Don't Evaluate Their Third Party Vendors

And 11 percent don't even know how many third party vendors they work with, a recent study found.

83 Percent of U.S. IT Security Pros Feel Pressure to Unveil Projects Before They're Ready

And 65 percent of information security pros expect to feel more pressure in 2016 than they did last year, a recent survey found.

82 Percent of Energy Sector IT Pros Say a Cyber Attack Could Cause Physical Damage

And 78 percent see their organization as a potential target for a nation-state cyber attack, a recent survey found.

Over 113 Million Patient Records Were Breached in 2015

That's an 897 percent increase over the previous year, according to Redspin.

Vulnerabilities In Popular Software Surged by 60 Percent in 2015

And exploits rose by almost 40 percent, according to a recent Bromium report.

TaxSlayer, Alibaba Accounts Exposed by Password Reuse

Millions of accounts were accessed with username and password combinations stolen in unrelated breaches.

Neiman Marcus, UCF Acknowledge Data Breaches

Over 68,000 people are affected.

34 Percent of Security Pros Say Their Budgets Are Inadequate

And 37 percent don't have enough highly-skilled staff, a recent survey found.

HSBC Internet Banking Disabled by DDoS Attack

Although the bank says it 'successfully defended against the attack,' personal banking services were inaccessible for several hours.

Missing Hard Drives Expose 950,000 Centene Customers' PHI

The unencrypted drives held names, addresses, birthdates, Social Security numbers, member ID numbers and health information.

55 Percent of IT Pros Don't Know Where Their Company's Payment Data Is Stored

And 80 percent said that kind of uncertainty presents a high or very high risk to that data, a recent survey found.

91 Percent of IT Security Execs Say Their Company's Sensitive Data Is Vulnerable

And 39 percent have suffered a data breach or failed a compliance audit due to security issues in the past year alone, a recent survey found.

University of Virginia Breached by Phishing Attack

1,400 university employees' W-2 tax forms were accessed.

84 Percent of U.S., U.K. Organizations Have Been Breached by Spear Phishing Attacks

For U.S. businesses, the average cost of spear phishing was $1.8 million over the last 12 months alone, a recent survey found.

53 Percent of Oil and Gas Companies Report Surge in Cyber Attacks

Only 31 percent are confident in their ability to detect those attacks, a recent survey found.

Medical Data Breaches at Blue Shield, New West Expose 46,000 Customers' Info

A stolen laptop and a breach at a third-party vendor caused the data breaches.

Hyatt Breach Affected 250 Hotels Worldwide

Credit and debit card information was taken from hotel restaurants, spas, golf shops, parking, front desks and sales offices.

TaxAct Acknowledges Data Breach

The company says an undisclosed number of customers' tax returns 'may have been opened or printed.'

Missing Laptops, Drives Expose Thousands of Patients' Medical Data

Almost 60,000 patients' protected health information may have been exposed as a result of three incidents.

Carrier Pre-Loads Expand Keeper's Mobile Password Footprint

Mobile password manager app continues to expand user base, thanks to new carrier partnerships.

63 Percent of IT Pros Oppose Giving Governments Backdoor Access to Encrypted Data

And 83 percent support requiring companies to notify customers within 30 days of the discovery of a breach, according to a recent ISACA survey.

44 Percent of Enterprises Will Increase Security Budgets in Next 90 Days

Only 4 percent plan to decrease security spending over the same time period, a recent survey found.

User Passwords Exposed by Breaches at Time Warner, Linode

Linode has reset all user passwords, and Time Warner Cable says as many as 320,000 customers' email passwords may have been stolen.

Emsisoft Warns of New 'Ransom32' JavaScript Ransomware

The ransomware, which is the first to be programmed entirely in JavaScript, HTML and CSS, was developed using the NW.js platform.

Anti-ISIL Hackers Claim Responsibility for Massive Cyber Attack on BBC

The group, New World Hacking, claims the DDoS attack exceeded 600 Gbps.

91 Percent of Cyber Security Pros Say Passwords Won't Exist in 10 Years

66 percent already use authentication methods beyond passwords, a recent survey found.

93 Percent of Corporate Security Officials Say Human Behavior Presents Greatest Threat

Still, only 69 percent know what people do with their company's critical value data after accessing it, a recent survey found.

191 Million U.S. Voters' Personal Info Exposed by Misconfigured Database

'My immediate reaction was disbelief,' researcher Chris Vickery said.

Hyatt Hotels Hit by Credit Card Breach

It's not yet clear how many of the company's 627 properties worldwide are affected.

Hello Kitty Leak Exposes 3.3 Million Users' Data

186,261 minors are affected, according to Sanrio.

Iranian Hackers Breached New York Dam Two Years Ago

The hackers probed the system but didn't take control of it, the Wall Street Journal reports.

40 Percent of IT Pros Expect to Work on Christmas Eve and Christmas Day

And 50 percent worry that their company will suffer a data breach during the holidays, a recent survey found.

Landry's Restaurants Hit by Credit Card Breach

It's not yet clear which of the company's more than 500 properties may be affected.

Alleged VTech Hacker Arrested

It's not yet clear whether the person arrested was the same one who notified Motherboard about the breach.

80 Percent of Organizations Experienced a Cyber Security Incident in 2015

Still, 71 percent of IT pros expect their organizations to be more secure in 2016, a recent survey found.

One Third of CEOs Aren't Regularly Briefed on Cyber Security Issues

And 61 percent of global IT security pros think their CEOs don't know enough about cyber security, a recent survey found.

83 Percent of Tech Firms Say Excessive Sharing in the Cloud Is a Top Concern

Still, only 5 percent of organizations take active steps to protect credentials, a recent study found.

64 Percent of Consumers Would Stop Doing Business With a Company That Suffered a Financial Data Breach

49 percent said the same of breaches in which personal information was stolen, a recent survey found.

Hackers Hit Tunecore, JD Wetherspoon, Elephant Bar

The data potentially exposed includes full contact information, passwords, birthdates, and credit card data.

Two Thirds of SMB IT Decision Makers Aren't Fully Prepared to Deter Threats

And almost half believe their company is vulnerable to insider threats, a recent survey found.

Shevirah Moving Forward for Enterprise Mobile Pen Testing [VIDEO]

Security innovator Georgia Weidman discusses what her new startup is doing to help enterprise mobile security.

Over a Third of U.S. Retailers Don't Know Which Systems Their Temporary Workers Have Accessed

And over a quarter have no idea if those workers have ever accessed and/or sent data they shouldn't have, a recent survey found.

69 Percent of IT Pros Fear Migrating to Cloud Will Increase Data Breach Risk

And 43 percent worry about account hijacking after migrating to the cloud, a recent survey found.

Half of U.S. Enterprise Employees Reuse Work-Related Passwords

Almost two-thirds do the same for personal accounts, a recent survey found.

Australian Government Hit by Massive Cyber Attack

The 'intrusive and pervasive' attack dates back at least three months, the ABC reports.

Industry Experts Predict the Top Cyber Security Trends for 2016

From cloud services to the Internet of Things, the targets are shifting.

Only 28 Percent of Consumers Are Fully Confident in Mobile Device Security

Still, 32 percent use their mobile devices to send work-related emails, a recent study found.

Massive VTech Breach Affects 5 Million Customers, Including Children

4,833,678 parents and 227,622 children are affected.

LANDESK Hacked

Some employees' names and Social Security numbers were accessed, though it's not yet clear what other data, if any, may have been exposed.

Hilton Worldwide Admits Credit Card Breach

Cardholder names, payment card numbers, security codes and expiration dates may have been accessed.

Amazon Resets User Passwords in Response to Possible Breach

While there's no indication that the passwords were improperly accessed, Amazon says it has reset some passwords out of 'an abundance of caution.'

69 Percent of Executives Would Bypass Security Controls to Close a Deal

Still, 41 percent believe security should be more important than business flexibility, a recent survey found.

Can Mobile Apps Defend Themselves? Yes, Says Bluebox

Bluebox's approach goes beyond providing just a security wrapper for mobile applications.

Starwood Hotels Hacked

The point-of-sale systems at 54 of the company's hotels were infected with malware.

6 Million Georgia Residents' Personal Data Exposed by Mistake

The information exposed includes Social Security numbers and birthdates.

40 Percent of Companies Expect an Insider Data Breach Next Year

But 72 percent of security professionals say their board doesn't treat insider threats as seriously as external threats, a recent survey found.

MetroPCS, Nutmeg Customer Data Exposed by Mistake

Both breaches appear to have been the result of coding errors.

Docker Container Security: What's Next

Docker aims to improve container security with application scanning, user namespaces and other capabilities.

90 Percent of Industries Have Suffered Breaches of PHI

Only the utilities and management industries had no reported PHI breaches, according to a recent report.

Android Tablets Sold on Amazon Infected with Cloudsota Trojan

The tablets have been sold and delivered to over 17,000 customers in more than 150 countries.

Breach at Securus Technologies Exposes 70 Million Prison Phone Calls

The 37 GB cache includes records of calls placed by more than 63,000 inmates.

90 Percent of Organizations Experience At Least One Insider Threat a Month

The average organization experiences 9.3 such threats every month, according to recent research.

Adobe Patches 17 Flash Vulnerabilities in Latest Update

Adobe's Flash is still heavily favored as a top attack vector, so you'd better update ASAP.