Security News 

Chipotle Hit by Credit Card Breach

All customers who paid with a credit or debit card at a Chipotle location between March 24, 2017 and April 18, 2017 may be affected.

87 Percent of Companies Plan to Invest in Security-as-a-Service in the Next 12 Months

40 percent expect their network security spending to increase by 10 to 20 percent over the next year, a recent survey found.

Russian Hacker Sentenced to 27 Years in U.S. Prison

Roman Seleznev, the son of a Russian MP, caused over $169 million in damages by installing malware on point-of-sale machines.

Twistlock Raises $17M for Container Security

The funds will help the application container security startup expand into more markets and grow its product.

Almost 40 Percent of Industrial Computers Were Hit by Cyber Attacks in 2H 2016

And a quarter of all targeted attacks were aimed at industrial targets, a recent study found.

Securing Docker, One Patch at a Time

The open-source Docker container project integrates many different security approaches, but like every other software project, it still has to deal with reported software vulnerabilities.

Lacework Emerges from Stealth with Polygraph Cloud Security

The startup's "zero-touch" cloud workload security platform eliminates the need to fine-tune policies and pore over logs to secure cloud environments.

64 Percent of Security Pros Can't Stop a Mobile Data Breach

And 51 percent believe the risk of mobile data loss is equal to or greater than that for PCs, a recent survey found.

Check Point Unifies Security Management

The company consolidates network, mobile and cloud security into a single architecture called Check Point Infinity.

Hajime Malware Infects Tens of Thousands of IoT Devices

The malware's peer-to-peer IoT device network numbers in the tens of thousands, according to Symantec.

How Docker Swarm Uses Transparent Root Rotation to Improve Security

Docker's swarmkit integrates multiple secure mechanisms including one known as Transparent Root Rotation.

Shoney's Restaurants, IHG Hotels Hit by Credit Card Breaches

Customer names, card numbers, expiration dates and verification codes were accessed by malware.

BlueCat DNS Edge Pounces on Insider Threats

The solution uses DNS data to detect suspicious behavior within enterprise networks.

Just 41 Percent of Enterprises Have a Consistent Encryption Strategy

And 37 percent turn over complete control of keys and encryption processes to cloud providers, a recent survey found.

86 Percent of Financial Services Firms to Increase Cyber Security Spend in 2017

That's far higher than 2016, when less than 60 percent said they planned to do so.

Twistlock 2.0 Sharpens Its Focus on Container Security and Compliance

The latest version offers improved visibility into their application container environments and helps organizations ensure that they take security and compliance into consideration from the start.

At 95 Percent of Enterprises, Employees Are Actively Working to Bypass Security Protocols

The use of VPNs and other tools to bypass security restrictions doubled from 2015 to 2016, a recent survey found.

Data Breach at U.K. Payday Lender Exposes 270,000 People's Personal Information

Names, email addresses, home addresses, phone numbers, bank account numbers and sort codes were exposed.

Thycotic Keeps a Close Eye on Privileged Accounts

A new feature in the company's Secret Server helps IT security teams detect suspicious behavior on high-value accounts.

Targeting the Weak Link in the Supply Chain: Amazon Third-Party Sellers Hacked

Tens of thousands of dollars have been stolen from seller accounts, and fake items have been listed for sale in an effort to steal even more money.

Hackers Activate 156 Emergency Sirens Across Dallas

'We had people asking if we were being attacked,' a city spokeswoman said.

Ethical Hacker Startup Synack Raises $21.25 Million

The startup that enlists ethical hackers to combat cybersecurity threats attracts millions in funding from Microsoft and HPE.

GameStop Investigating Possible Credit Card Breach

Credit card data from online purchases made between September 2016 and February 2017 may have been accessed.

Ransomware Attack on Pediatric Practice Exposes 55,447 Patients' Information

While the company was able to avoid falling victim to the ransomware, the attackers may have been able to access patient data.

Scottrade Hit by Third-Party Data Breach

An employee at third-party vendor Genpact mistakenly left customer information exposed online.

Anti-Ransomware Decryption Toolkit Grows

The No More Ransom project gains 15 more decryption tools and dozens of new partner organizations.

86 Percent of SMEs Are Underfunding Cyber Security

And three quarters of SMEs have two or fewer IT security staff members, a recent survey found.

NeuVector and Rancher Labs Partner on Container Security

The companies team up to head off the inevitable rise in security threats targeting application container environments.

Major Security Flaws Uncovered in Samsung's Tizen Operating System

The OS is in use on a wide range of devices, including Galaxy Gear smartwatches and Z1, Z2 and Z3 phones.

Corsa Appliance Spells a Quick End to DDoS Attacks

The company's NSE7000 appliance can deflect DDoS attacks under a minute with a negligible impact on network performance.

20 Percent of Users Have Never Changed Their Social Media Passwords

And 53 percent haven't done so in more than a year, a recent survey found.

49 Percent of Organizations Don't Know if They've Experienced Insider Attacks

And 74 percent feel vulnerable to such attacks, a recent survey found.

Nearly a Third of All Malware Qualifies as 'Zero Day'

An analysis of data collected from over 24,000 Firebox appliances from WatchGuard reveals the daunting security landscape businesses face today. 

U.S. Congress Removes ISP Privacy Rules

The NCTA called the repeal 'an important step toward restoring consumer privacy protections that apply consistently to all Internet companies.'

1.4 Billion Data Records Exposed in 2016

That's an increase of 86 percent over the previous year, according to Gemalto.

Radware Floats Cloud DDoS Protection Service

Like today's craftier attackers, Radware's new offering takes a targeted approach to blocking DDoS attacks on AWS and Azure applications.

Cybercriminals See 95 Percent Profit from DDoS Attacks

DDoS-as-a-service providers can launch attacks for as little as $7 an hour, according to a recent report.

Cybersecurity Pros Brace for Non-Malware Attacks

Today's IT security experts are wary about much more than dangerous viruses and other malware, finds a new survey from Carbon Black.

Massive Data Breach Exposes 4.8 Million Job Seekers' Personal Info

Names, Social Security numbers and birthdates were accessed.

Apple Attributes Alleged iCloud Hack to Password Reuse

The allegedly compromised account information may have come from the LinkedIn breach.

Security Flaws Found in LastPass Extensions for Chrome, Firefox

The vulnerabilities, uncovered by security researcher Tavis Ormandy, were patched quickly.

Saks Fifth Avenue, Three U.K. Mistakenly Expose Customer Data

In both cases, the information appears to have been exposed by mistake, not by an external or internal attack.

MajikPOS Malware Currently Infecting U.S. Point-of-Sale Systems

The malware began infecting businesses across North America in late January.

63 Percent of Enteprises Use Advanced Tech Without Securing Sensitive Data

59 percent of senior security executives are concerned about security breaches due to attacks hitting cloud service providers, a recent survey found.

Women Comprise Just 11 Percent of Global Cyber Security Workforce

And men are nine times more likely than women to hold managerial positions, a recent survey found.

Security Pros Brace for Industrial IoT Cyber Attacks

The vast majority of IT security professionals are expecting in an increase in attacks targeting Industrial Internet of Things deployments, finds a Tripwire survey.

Russian FSB Officers Charged with Involvement in Yahoo Breach

'The indictment unequivocally shows the attacks on Yahoo were state-sponsored,' Yahoo's assistant general counsel said.

Anti-Virus Solutions Fail to Protect Against Ransomware

33 percent of respondents to a recent survey experienced a ransomware attack in the past year.

Misconfigured Backup Drive Exposes Sensitive U.S. Air Force Data

The exposed data included information on open investigations, as well as completed applications for national security clearances.

Barracuda and Zscaler Team for Cloud-Delivered User Security

The companies float a new cloud-based security service aimed at helping SMBs keep their users and data safe wherever they roam.

One-Third of Ransomware Victims End Up Paying the Ransom

Another 54 percent refuse to pay but are able to recover their data anyway, a recent survey found.

More Than Half of SIEM Users Are Frustrated with Results

And 70 percent want their SIEM to generate fewer alerts that are more meaningful, a recent survey found.

RiskSense Raises $14 Million for Intelligent Vulnerability Management

The company's machine-learning technology helps enterprises focus their security efforts on high-priority threats. 

Payment Provider Verifone Suffers Data Breach

All employees and contractors have been blocked from installing software on their computers, and have been told to change their passwords. 

WikiLeaks Dumps CIA Hacking Docs

The organization claims the files were already circulating among former U.S. government hackers and contractors.

Check Point vSEC Locks Down Google Cloud

The company's latest offering offers integrated security services for enterprises moving their workloads to Google's cloud.

Russian Hackers Hit U.S. Progressive Organizations

The organizations have been targeted with ransom demands ranging from $30,000 to $150,000.

Half of All Phishing Attacks in 2016 Targeted Financial Data

And just under a third of financial phishing was detected on Mac OS computers, according to a recent report.

Over 153,000 Users Were Hit by Mobile Ransomware in 2016

Last year saw a volume of mobile malware equivalent to half of all the malware detected over the previous 11 years, according to a recent report.

Symantec Establishes Startup Fund

The company is on the lookout for cybersecurity startups to invest in and help grow using the company's own technical resources and threat intelligence. 

82 Percent of IT Pros Say Hiring and Retaining Qualified Staff is a Key Challenge

And 43 percent have an IT team of less than 10, a recent survey found.

CloudPets Breach Exposes 2 Million Children's and Parents' Private Messages

Customer credentials were stored in a database that wasn't password-protected or behind a firewall.

Informatica Enhances Big Data Security with Behavioral Analytics

Secure@Source bulks up its data security intelligence offering to better identify risks to a business' sensitive data.

Fully 84 Percent of Hackers Leverage Social Engineering in Cyber Attacks

And 50 percent change their attack methodologies with every target, a recent survey found.

Cloudflare 'Cloudbleed' Flaw Leaks User Data from Millions of Websites

The exposed data ranges from password manager data to hotel bookings and private messages.

New York Intros New Cyber Security Rules for Financial Companies

The regulations, requiring companies to establish and maintain cyber security programs, take effect on March 1.

How Cisco DNA Fights Network Threats

The networking giant's DNA technology does more than deliver automated network management, it also helps protect against today's sneakier threats.

950,000 Coachella User Accounts Being Sold Online

Email addresses, user names and hashed passwords are being offered for sale for $300.

76 Percent of Healthcare Organizations Plan to Increase Security Spending in 2017

90 percent of U.S. healthcare organizations feel vulnerable to data threats, a recent survey found.

62 Percent of Companies Store Sensitive Customer Data in the Public Cloud

And almost 40 percent of cloud services are commissioned without the involvement of IT, a recent survey found.

Where Do Venture Capitalists See Security Opportunities?

VCs from Trident Capital Cybersecurity, Elephant, Glasswing Ventures and Ten Eleven Ventures discuss where they see the opportunity to profit.

Ransomware Dips but Remains 'Evolving Menace'

Microsoft detects a drop in ransomware encounters toward the end of 2016 but warns against growing complacent.

26 Percent of IT Pros Admit Sharing Passwords

And just 55 percent believe their company's current technology investment is sufficient to ensure security, a recent survey found.

74 Percent of Companies that Suffer a Data Breach Don't Know How It Happened

And just two thirds of IT pros say their current IT security budget is sufficient, a recent survey found.

RSA 2017: Business-Driven Security, Defending the IoT and a Digital Switzerland

The IT security industry responds to a growing cloud ecosystem, IoT's expanding reach and a rise in nation-state cyberattacks.

Global Shortfall of 1.8 Million Cyber Security Pros Expected by 2022

45 percent of companies say the cyber security skills shortage is causing breaches, a recent survey found.

Over 75 Percent of Ransomware Comes from Russian Speakers

More than 1,445,000 users were hit by ransomware in 2016, according to a recent report.

Skycure Brings Mobile Threat Intelligence to Microsoft EMS

A new integration allows Microsoft Enterprise Mobility + Security customers to protect their mobile devices against sophisticated threats.

PIP Printing Breach Exposes 400 GB of Highly Sensitive Data

The exposed data ranges from former NFL players' Social Security numbers and medical information to confidential files from Hustler Hollywood stores.

Centrify Adds Intelligence to Identity and Access Management

A new add-on for the Centrify Identity Services Platform uses machine learning to spot and block suspicious access attempts.

RSA Conference Security Panel Isn't Worried about GDPR

Lawyers from Google, Cisco and Microsoft talk about privacy and why they're confident they're all moving in the right direction.

RSA 2017: IT Security Teams Face an Uphill Battle

Today's businesses are journeying into treacherous territory with too few security professionals behind the wheel.

Arby's Hacked, Credit Card Data Compromised

More than 335,000 credit and debit cards may have been compromised.

69 Percent of Companies' Security Solutions Are Outdated, Inadequate

70 percent have invested in IT security technology that wasn't successfully deployed a recent survey found.

SS8 BreachDetect Uses 'Time Machine' to Unravel Cyber Kill Chains

No forensics experience? No problem. BreachDetect uses new timeline views and plain-language explanations to unmask breach attempts. 

Vizio Fined $2.2 Million for Tracking 11 Million Users' Behavior without Consent

The company aggregated viewing data, attached demographic information to it, and sold it to third parties for use in targeted advertising.

InterContinental Hotels Group Suffers Credit Card Breach

Bars and restaurants at 12 IHG properties across North America were affected.

Container-Aware Security Startup Capsule8 Emerges from Stealth

Striking while the iron's hot, Capsule8 makes its official debut to help enterprises guard their container-filled Linux infrastructures.

Threat Surge: 2016 Saw 167 Times as Much Ransomware as 2015

Reasons for the surge include the rise of ransomware as a service, easier access in the underground market, and the low cost of conducting an attack.

Just 21 Percent of Banks and Insurers Are Confident They Can Detect a Data Breach

Still, 83 percent of consumers say they trust banks and insurers to maintain strong cyber security, a recent survey found.

Children's Medical Center of Dallas Pays $3.2 Million Fine for HIPAA Violations

The organization failed to encrypt patient data after an unencrypted, non-password protect BlackBerry containing PHI was lost in 2009.

Tenable Launches Vulnerability Management Service for Elastic IT Environments

The company's new cloud-based offering helps businesses better asses the risks of their dynamic IT workloads.

Hackers Disable Door Locks at Four-Star Hotel, Demand Ransom

The hackers demanded 2 Bitcoins in payment to return control of the systems back to the hotel -- and the hotel says it had no choice but to pay.

HPE Acquires Niara for Intelligent Network Threat Protection

The buy will help strengthen the company's Aruba ClearPass network access control and management platform.

Hacker Compromises 2.5 Million Xbox 360, PSP ISO Forum Accounts

Email addresses, passwords and IP addresses were exposed.

30 Percent of IT Pros Admit Their Organizations Are Very or Extremely Vulnerable to Attack

And 26 percent said their organizations were breached in the past year, a recent survey found.

Ransomware App Found in Google Play Store

The app demanded 0.2 Bitcoins in payment from infected users.

IBM to Raise Security Visibility in the C-Suite with Agile 3 Buy

The deal is expected to help put (and keep) data security on radars of corporate business leaders. 

4,419 Data Breaches Exposed Over 4.2 Billion Records in 2016

94 of those breaches exposed a million or more records each, according to a recent report.

F5 Networks Defends Applications with New Herculon Appliances

The company debuts new appliances that help businesses keep cyber-attackers away from their critical applications.

Ongoing Shamoon Malware Attacks Linked to Greenbug Cyber Espionage Group

The attacks continued to hit organizations in Saudi Arabia earlier this week.

62 Percent of Data Security Pros Don't Know Where Their Most Sensitive Unstructured Data Resides

And 93 percent say they face persistent challenges in protecting data, a recent survey found.

All-Time High of 1,093 Data Breaches Reported in U.S. in 2016

The number represents a 40 percent increase over the previous year, according to a recent report.

Secret Double Octopus Raises $6M Series A

Multi-factor security firm gets new financial backing as it takes aim at growing share in the authentication market.

Three Medical Data Breaches Expose 242,600 Patients' PHI

The exposed data includes names, Social Security numbers, birthdates, contact details, medical record numbers and/or clinical information.

Ukraine Blackout Was Caused by ‘Premeditated and Multi-Level' Cyber Attack

The country's national power company hasn't said whether it was able to link the attack to any specific group or nation state.

Just Eight Percent of IT Pros Say Most of Their Staff Have the Skills They Need

More than three times as many IT pros would prefer to grow their staff's skills than grow the number of people on their team, a recent survey found.

McDonald's Website Flaw Exposes User Passwords

'If there's one thing you shouldn't do, it's decrypting passwords client side,' researcher Tijme Gommers noted.

Researchers Warn of Highly Effective New Gmail Phishing Scam

The attack has already caught several technical users, according to Wordfence CEO Mark Maunder.

95 Percent of Enterprise Cloud Services Aren't Enterprise Ready

82 percent don't encrypt data at rest, according to a recent report.

Report: Anthem Breach Was Caused by a Foreign Government

CrowdStrike analysts determined the identity of the attacker, and concluded that the attacker was acting on a foreign government's behalf.

UK Government Cyber Accelerator Announces Support for Seven Startups

The seven companies will begin a three-month program providing mentoring, contact with investors, office space and access to GCHQ personnel.

74 Percent of Organizations Using Two-Factor Authentication Face User Complaints

Nine percent of organizations using two-factor authentication say their users simply 'hate it,' a recent survey found.

ESEA Hacker Demands $100,000, Exposes 1.5 Million User Records

The hacker provided the records to LeakedSource after ESEA refused to pay the ransom.

69 Percent of Companies Have Suffered Data Loss Due to Employee Turnover

28 percent of organizations don't wipe corporate data from employee-owned devices when they leave, a recent survey found.

Almost a Fifth of Companies Have No DDoS Protection At All

And 39 percent are unclear on how to protect against DDoS attacks, a recent survey found.

New California Law: Deploy Ransomware, Face Four Years in Prison

The law went into effect on January 1, 2017.

Hospital Patient Posts 15,000 People's Protected Health Information on Social Media Site

The exposed data includes names, addresses, Social Security numbers and Medicaid identification numbers.

Topps Data Breach Exposes Months of Credit Card Data

Customers who shopped at the company's website between July 30 and October 12 of 2016 may be affected.

90 Percent of IT Pros Worry About Password Reuse

And 94 percent have implemented two-factor authentication for at least one application, a recent survey found.

Chinese Hackers Charged with Breaching U.S. Law Firms, Trading on Stolen Information

The hackers are alleged to have made over $4 million in illegal profits from the trades.

74 Percent of IT Pros Work Unpaid Overtime Every Week

Over a third work more than 15 extra hours per week, a recent survey found.

66 Percent of U.S. Consumers Have Given Their Phone Passcodes to Others

One in four said something embarrassing has popped up on their phone while someone else was holding it, a recent survey found.

55 Percent of Consumers Would Respond to a Retailer Breach by Switching to Cash

And 20 percent would just stop shopping at the affected merchant, a recent survey found.

Lynda.com, L.A. County Acknowledge Massive Data Breaches

9.5 million Lynda.com users and 756,000 L.A. County residents may be affected.

44 Percent of Organizations Miss Data Breach Investigating and Reporting Deadlines

And seven percent said a missed deadline had resulted in serious consequences, a recent survey found.

Researchers Find Russian Hacker Selling Access to U.S. Election Assistance Commission

The hacker claimed to be accessing the system via an unpatched SQL injection vulnerability.

More Than One Billion Yahoo User Accounts Exposed in Massive Breach

Over a billion names, email addresses, phone numbers, birthdates, hashed passwords and security questions and answers may may have been accessed.

New Amazon Phishing Campaign Targets Holiday Shoppers

Thousands of victims worldwide have already been hit by the scam.

Hackers Steal Trade Secrets in 'Massive Cyber Attack' on German Manufacturer

The company said the attack involved 'organized, highly professional hacker activities.'

Hackers Expose Info on 87 Million Dailymotion User Accounts

In 18.3 million cases, the exposed data includes hashed passwords.

60 Percent of Enterprises Were Breached by Social Engineering Attacks in 2016

And 65 percent of those attacks compromised employees' login credentials, a recent survey found.

Half of IT Pros Are More Worried About Insider Threats Than External Ones

The leading concern regarding insider threats is malware installed by careless employees, a recent survey found.

900,000 Deutsche Telekom Routers Disabled by Massive Cyber Attack

The routers were 'affected by an attack from outside,' the company said.

36 Percent of IT Pros Say Loss of Data in the Cloud Would be Catastrophic

And 14 percent said it would cost them their jobs, a recent survey found.

Hackers Hit Madison Square Garden, Radio City Music Hall, Beacon Theater, Chicago Theater, Michigan State University

The data potentially accessed ranges from students' names and Social Security numbers to credit card numbers and expiration dates.

Almost a Third of Americans Won't Shop Online Due to Security Concerns

And another 14 percent said they're unlikely to do so, a recent survey found.

Over 97 Percent of All Phishing Emails Deliver Ransomware

And 82 percent of email servers are misconfigured, recent research discovered.

Over 18 Percent of Docs in File Sharing Apps Contain Sensitive Data

And 9.3 percent of files shared externally contain sensitive data, a recent survey found.

38 Percent of Mobile Professionals Have Never Used a VPN

And 42 percent access corporate data over public Wi-Fi, a recent survey found.

Researchers Demo Citywide Bricking Attack via IoT Malware

The proof-of-concept worm could jump from one smart bulb to another via ZigBee wireless connectivity.

77 Percent of Ransomware Attacks Successfully Bypass Email Filtering

And 95 percent bypass firewalls, a recent survey found.

40,000 Tesco Bank Accounts Accessed by Cyber Thieves

In 20,000 cases, the bank says, the breaches resulted in 'money being withdrawn fraudulently.'

Massive DDoS Attacks Disable Internet Access Throughout Liberia

The attacks exceeded 500 Gbps.

43 Percent of IT Pros Say Cyber Attacks That Hit Their Companies Were Preventable

21 percent say the breaches could have been prevented if security policies were better communicated to employees.

73 Percent of Security Pros Aren't Using Threat Intelligence Data Effectively

Just 46 percent say they're using threat data at all in deciding how to respond to malicious activity.

Australian Red Cross Data Breach Exposes 550,000 Blood Donors' Personal Information

Names, genders, email addresses, phone numbers and birthdates were exposed by a third party vendor.

Schneider Electric Patches Major ICS Vulnerability

The flaw was discovered almost six months ago by researchers at Indegy Labs.

Two-Thirds of Americans Think They're Tech Savvy... But They're Not

64 percent of U.S. consumers think they're always safe sharing personal data on a major retail or social networking site.

Major DDoS Attack Disables Websites Across the U.S.

The attack on Dyn's managed DNS services hit sites ranging from CNN to Twitter.