Security News 

Thomson Customer Data Exposed by Mistake

458 names, addresses, email addresses, phone numbers and flight dates were exposed.

Lost, Stolen Unencrypted Devices Expose PHI Nationwide

A hard drive, computer and thumb drive -- none of them encrypted -- exposed over 9,000 patients' personal information.

Court Ruling: FTC Can Sue Companies for Cyber Security Failures

'It is not only appropriate, but critical, that the FTC has the ability to take action,' said FTC chairwoman Edith Ramirez.

Dating Website PlentyofFish Hit by Malvertising Attack

According to Cyphort Labs, the number of malvertising attacks carried out by hackers increased by 325 percent in the past year.

Employee Errors Expose PHI, PII, Social Security Numbers

Both the Illinois Department of Corrections and the Colorado Office of Information Technology recently released personal information by mistake.

Web.com Hacked

The names, addresses and credit card information of approximately 93,000 customers may have been exposed.

Hackers Leak 10 GB of User Data from Adultery Site

The leaked data includes 36 million customer records, listing names, addresses, user names, passwords and the last four digits of credit card numbers.

IRS Data Breach Exposed 334,000 Taxpayer Accounts

The new number is more than three times the estimate the IRS had given in May.

Kaspersky Responds to 'Fake Malware' Allegations

'They forgot to add that we conjure all this up during steamy banya sessions, after parking the bears we ride outside,' Eugene Kaspersky wrote.

Theft of Unencrypted Laptop Exposes 100,000 Social Security Numbers

70 percent of U.S. adults think it's riskier to trust a company with their Social Security number than to carry their Social Security card with them.

Corvette Hacked via Text Message

UCSD researchers were able to both activate and disable the car's brakes and control the car's windshield wipers, all via SMS.

32 Charged with $100 Million Hack of Newswire Services

The group is alleged to have earned over $100 million by stealing and trading on corporate earnings announcements before they were made public.

U.K. Government Investigates Massive Carphone Warehouse Data Breach

As many as 2.4 million customers' names, addresses, birthdates and bank information may have been exposed.

American Airlines, Sabre Allegedly Breached by Chinese OPM Hackers

The same hackers who hit Anthem, United Airlines and the Office of Personnel Management may have added American and Sabre to the list.

FBI Details Takedown of Gameover Zeus Botnet

FBI agent explains how law enforcement worked with security vendors to bring down a major botnet operation.

HP ZDI Finds 100 Vulnerabilities in Adobe Reader

HP details how an attacker could potentially abuse Adobe Reader's JavaScript APIs.

U.S. Joint Chiefs of Staff Breached by State-Sponsored Hackers

Massive amounts of data were stolen in a short period of time, according to news reports.

FDA Warns of Cyber Security Flaws in Hospira Infusion Pump

The FDA is urging health care facilities to switch to alternative infusion systems 'as soon as possible.'

Certifigate Flaw Exposes Android Users to Risk [VIDEO]

Remote diagnostic tools from OEMs that are supposed to help Android users, could instead be used to hurt them.

Bitdefender Acknowledges Data Breach

Usernames and passwords were exposed in plain text.

Google Doubles Down on Android Security at Black Hat

Google's Android security chief discusses Stagefright and more in Black Hat address.

Yahoo Ads Serve Malware for Second Time in Two Years

Malicious ads were found to be redirecting victims to the Angler Exploit Kit, according to Malwarebytes researchers.

Half of C-Level Execs See CISOs Primarily as Scapegoats for Data Breaches

Only 25 percent think CISOs should be part of an organization's leadership team, according to a recent survey.

Medical Record Breach Impacts 3.9 Million People Nationwide

The data potentially exposed includes names, birthdates, Social Security numbers, lab results, medical conditions and health insurance information.

Ziften Digs Deep for Security Visibility

Fresh off a $24 million funding round, security startup debuts ZFlow technology to connect the dots of security incidents.

Employee Negligence Exposes Massachusetts Hospital Patients' Personal Data

70 percent of U.S. IT and IT security practitioners say more security incidents are caused by uninentional mistakes than by malicious acts.

Planned Parenthood Hacked

Over 300 employees' names, email addresses and hashed passwords were published online.

Anonymous Hackers Hit U.S. Census Bureau, Canadian Government

The hackers say the attacks were launched to protest the TTIP and TPP, and to retaliate for the shooting of James Daniel McIntyre by Candian police.

Flash Malware Surges, Finds Cisco

While Flash exploits are up, Java is going the other way, according to Cisco's MidYear Security Report.

Car Hacking Arms Race Starts: Chrysler Recalls 1.4 Million Vehicles

The recall was issued in response to a recent demonstration showing that a Jeep Cherokee can be hacked remotely via the Uconnect system.

Five Men Charged in Connection with JPMorgan Hack

The five allegedly used the stolen data to promote a pump-and-dump stock scheme.

Costco, CVS, Rite Aid, Tesco Photo Sites Shuttered by Third-Party Data Breach

A breach at Staples subsidiary PNI Digital Media has impacted photo processing sites for major vendors across the U.S. and the U.K.

Ashley Madison Hack Exposes Data on 37 Million Users

The hackers are threatening to release all of the stolen data if the site isn't shut down.

Data Breach at UCLA Health Exposes 4.5 Million People's Personal Information

The data potentially stolen includes names, birthdates, Social Security numbers and medical information.

Darkode Cybercrime Forum Shut Down

The operation was a coordinated effort between law enforcement authorities in 20 countries.

Walmart Canada Hacked

An unidentified source told The Globe and Mail that as many as 60,000 customers may be affected.

UPMC Suffers Fourth Data Breach in Three Years

A file containing 722 members' protected health information was mistakenly sent to the wrong email address.

Employee Error Causes Army National Guard Data Breach

All current and former National Guard members since 2004 may be affected.

FS-ISAC Warns of Remote Access PoS Attacks

An advisory suggests changing login credentials on a regular basis and implementing multi-factor authentication, among other recommendations.

OPM Breach Hits 22 Million People, Director Resigns

Two separate breaches exposed highly sensitive information, including Social Security numbers and fingerprints.

NYSE, WSJ, UA Downed by Technical Glitches

All three organizations said the failures were not the result of cyber attacks.

Nine Zoos Nationwide Suffer Point-of-Sale Breaches

Customer names, credit or debit card numbers, expiration dates and CVV codes were accessed.

Orlando Health, Cuesta College, Firekeepers Casino Acknowledge Data Breaches

More than 92,000 people's personal information may have been exposed.

Hacking Team Hacked

Documents were leaked indicating the company provided hacking tools to the governments of Azerbaijan, Kazakhstan, Uzbekistan and Russia, among others.

Plex Hacked

The hacker is demanding 9.5 Bitcoins in ransom to protect the stolen data.

Harvard University Hacked

University login credentials used to access computers and email accounts may have been exposed.

Trump Hotels Suffer Apparent Credit Card Breach

The breach, which appears to date back to at least February 2015, affects hotels in Chicago, Honolulu, Las Vegas, Los Angeles, Miami and New York.

Samsung to Stop Disabling Windows Update

After security reseacher Patrick Barker publicized the issue, the company says it plans to issue a patch soon.

U.S. Government Login Credentials Found Online

47 different U.S. government agencies are affected, according to Recorded Future.

Advanced Tech Support Suffers Insider Breach

A former employee apparently leveraged customer data to trick victims into providing remote access to their computers.

Hersheypark Investigates Possible Credit Card Breach

Cards used at Hershey locations between mid-March and late May 2015 may be affected.

SEC Investigates FIN4 Hacker Group

The Securities and Exchange Commission has been contacting public companies to gather information on the group's activities and methods.

OPM Breach May Affect 18 Million People

A new estimate more than four times greater than the previous one was recently provided to U.S. Senators.

Polish Airline LOT Hacked

Ten flights were canceled, and more than 1,400 passengers impacted.

New Spear Phishing Attack Bypasses Two Factor Authentication

The attack is simpler and cheaper to launch than traditional spear phishing attacks, and it can be dangerously effective.

Researcher Uncovers Major Security Flaw in Samsung Galaxy Devices

While the vulnerability could provide an attacker with an enormous amount of access to an affected device, it's extremely difficult to exploit.

FBI Investigates St. Louis Cardinals for Houston Astros Hack

According to the New York Times, Cardinals officials allegedly tried a series of passwords until they successfully accessed the Astros' network.

Computers Seized in Connection with Celebrity Nude Photo Hack

Recently unsealed documents indicate that a Chicago residence was searched in connection with the breach in October 2014.

LastPass Password Manager Hacked

Email addresses, password reminders, server per user salts and authentication hashes were compromised.

U.S. Army Website Defaced by Syrian Hackers

The hackers claim the defacement was enabled by targeting the Limelight Networks content delivery network.

Exabeam Advances User Intelligence Security Efforts

Exabeam 1.7 makes use of stateful user tracking to keep user credentials in line.

Cybercriminals Use Man-in-the-Middle Attacks to Steal 6 Million Euros

Europol recently announced 49 arrests in connection with the fraud campaign.

CISOs Say Hackers Could Gain Upper Hand By 2020

The majority of CISOs say they would spend any additional cyber security funds on human-centric solutions.

Trend Micro Warns of New MalumPoS Point-of-Sale Malware

The malware currently targets Oracle MICROS and other point-of-sale systems.

Stolen Computers Lead to New Heartland Payment Systems Breach

The unencrypted computers were stolen from an office that had recently been acquired by Heartland.

Chinese Hackers Steal All U.S. Federal Employees' Personal Data

Approximately 4 million current and former federal employees may be affected.

Japan Pension Service Hacked, 1.25 Million Records Leaked

The leaked data included names, birthdates, identification numbers and addresses.

Woolworths Mistakenly Leaks $1 Million in Gift Cards

A spreadsheet containing the data was sent to over 1,000 people due to a 'technical fault,' the company said.

Sally Beauty Details Malware Attack That Led to Recent Data Breach

The company says malware was 'effectively deployed' on some of its point of sale systems between March 6 and April 17, 2015.

Apple Bug Crashes Macs, iPhones, iPads, Apple Watches

A specific series of characters displayed in a notification can cause a device to crash and reboot.

Hacker Breaches Database, Gets Job Offer

'We've asked Makman if he'd be willing to work with us," Times Internet CEO Satyan Gajwani tweeted.

3,867,997 Adult FriendFinder Account Details Released

The leaked data includes user name, birthdates, email address, gender, location, relationship status and sexual orientation.

100,000 IRS Taxpayer Accounts Compromised

The Internal Revenue Service says the accounts were breached using 'taxpayer-specific data acquired from non-IRS sources.'

Target Data Breach Settlement Falls Through

Not enough banks signed on to the $19 million settlement, which would have required them to drop any further claims against Target.

Federal Reserve Bank of St. Louis Hit by Cyber Attack

The bank says its domain name servers were hijacked last month.

Insider Data Breach at Medical Billing Company Hits Patients at Several Hospitals

A call center employee at billing company Medical Management, LLC stole thousands of patients' names, birthdates and Social Security numbers.

CareFirst BlueCross BlueShield Data Breach Impacts 1.1 Million People

Names, user names, birthdates, e-mail addresses and subscribed identification numbers were exposed.

FBI Claims Security Researcher Hacked Airplane Mid-Flight

'Over last 5 years my only interest has been to improve aircraft security,' Chris Roberts tweeted recently.

Telstra Acknowledges Massive Pacnet Data Breach

Company chief security officer Mike Burgess says the hackers 'had complete access to the corporate network.'

Penn State University Hacked

The College of Engineering's computer network was disconnected from the Internet in response to the breach.

Sally Beauty Confirms Second Data Breach In As Many Years

The company says it won't 'speculate on the scope of the intrusion,' since the investigation is ongoing.

CrowdStrike Warns of VENOM Vulnerability

The flaw could allow an attacker to escape a VM environment and access the host system.

Hackers Target Starbucks Accounts

'Criminals are learning how to turn rewards programs, points, and prepaid cards into cash,' notes Gartner's Avivah Litan.

Former Nuclear Regulatory Commission Employee Charged with Attacking DoE Computers

Charles Eccleston allegedly designed and sent spear phishing emails targeting more than 80 computers at the U.S. Department of Energy.

91 Percent of Healthcare Organizations Suffered Data Breaches in the Past Two Years

Forty percent have experienced more than five data breaches, according to the Ponemon Institute.

Firekeepers Casino Hotel Acknowledges Possible PoS Breach

It's not yet clear how many customers may have been affected.

UC Berkeley, Auburn U, Metro State Acknowledge Data Breaches

The breaches exposed more than 530,000 people's personal information.

New Rombertik Malware Destroys Master Boot Record If Debugged

If it doesn't have permission to overwrite the MBR, the malware destroys all files in the user's home folder.

82 Percent of IT Pros Want to Quit Due to Stress

27 percent say they're experiencing stress-related illness due to work demands, according to GFI Software.

Hard Rock, Sally Beauty Acknowledge Data Breaches

In both cases, customer payment card information appears to have been accessed.

CareerBuilder.com Leveraged to Launch Phishing Attacks

The website's own functionality was used to deliver malware to job posters.

Hackers Steal $5 Million from Ryanair

The airline says the funds have now been frozen, and it expects them to be repaid.

Three Quarters of U.S. Execs Say a Cyber Attack Could Seriously Disrupt Business

And 59 percent said a breach of one company's network can lead directly to attacks on different networks in connected sectors of the economy.

SendGrid Acknowledges Data Breach

An employee's account was compromised and used to access several internal systems.

Survey Finds CEOs, Boards Getting Increasingly Involved in Security Policy

Netskope also recently found that almost a quarter of all logins to CRM apps come from compromised credentials.

For Many U.S. Enterprises, DDoS Attacks Can Cost Over $100,000 Per Hour

And for 11 percent of U.S. enterprises, hourly losses can exceed $1 million.

Pentagon Unveils New Cyber Strategy

'The cyber threat is one we all face as institutions and individuals," Defense Secretary Ash Carter said.

Researchers Warn of Wi-Fi Vulnerability in iOS 8

A specially crafted SSL certificate can be used to crash iOS apps, and even the entire operating system.

Virginia Voting Machines Easily Hacked

The machines had been in use in more than 560 precincts since 2002.

Researcher Uncovers Match.com Security Flaw

A server configuration error appears to be redirecting all HTTPS traffic to HTTP.

HSBC Acknowledges Data Breach

Mortgage customers' names, Social Security numbers and account numbers were exposed.

GAO: In-Flight Wi-Fi Could Be Used to Hack Airplanes

'Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world,' a GAO report states.

Los Angeles Streetlights to Be Controlled via Cellular Network

City workers will be able to turn lights on and off remotely, and will be able to dim them or brighten them as needed.

Google Chrome 42 Gets Galactic Security Update

No towel required for 45 security fixes in Google's Chrome 42 browser.

74 Percent of IT Security Pros Worry About Insider Threats

Still, 32 percent told the SANS Institute they have no ability to prevent an insider breach.

Tailoring Security Info for the C-Suite

SurfWatch Labs' SaaS platform makes security information intelligible to business execs.

International Operations Take Down Beebone, Simda Botnets

Both operations required coordination between government agencies and private sector partners.

Four Episodes of 'Game of Thrones' Leaked Online

The episodes were downloaded over a million times in less than a day.

AT&T Hit With Record-Breaking $25 Million Data Breach Fine

The company will also provide almost 280,000 customers with free credit monitoring services, and will improve its privacy and security practices.

Russia Blamed for White House Data Breach

The attack appears to have been launched in retaliation for sanctions, according to CNN.

Police Department Pays Cybercriminals Following Ransomware Infection

A recent survey found that 55 percent of organizations that have been hit by such attacks recommend negotiating with cybecriminals to restore data.

IBM Warns of New 'Dyre Wolf' Malware Campaign

The campaign targets organizations with a combination of social engineering and DDoS attacks.

Researchers Warn of Volatile Cedar APT Campaign

The target distribution 'strongly aligns with nation-state/political-group interests,' according to Check Point researchers.

Florida Department of Elections Acknowledges Data Breach

15 CDs containing high-risk professionals' personal information were mistakenly sent to people requesting voter registration records.

U.S. Targets Foreign Hackers with Sanctions

'Starting today, we're giving notice to those who pose significant threats to our security or economy,' President Obama said.

Google Strikes Back Against Chinese Certificate Authority

Both Google and Mozilla are taking aggressive measures against Chinese certificate authority CNNIC.

New Trojan Targets Petroleum, Gas, Helium Companies

The attack exploits an old ActiveX vulnerability, according to Symantec researchers.

Hackers Breach British Airways Frequent Flyer Accounts

The airline says tens of thousands of accounts were accessed.

Slack Hacked

User names, emails addresses and hashed passwords were exposed.

Security Flaw Found in Hotel Wi-Fi Systems

The vulnerability could enable a remote attacker to read or modify any file on an ANTlabs InnGate device, according to Cylance researchers.

15,435 Vulnerabilities Found in 3,870 Applications in 2014

That's an 18 percent increase over the previous year in vulnerabilities found, according to Secunia.

Twitch Hacked

An undisclosed number of users were told their passwords 'could have been captured in clear text by malicious code.'

Cisco Warns of PoSeidon Point-of-Sale Malware

The malware installs a keylogger and scans the infected device's memory for credit card data.

Google Hit Again by Unauthorized SSL/TLS Certificates

The SSL/TLS certificate authority system's frailty is again exposed, as an unauthorized certificate is issued for Google.

Massive Security Flaw Found in Hilton HHonors Website

The vulnerability allowed attackers to access any HHonors account simply by knowing or guessing the account number.

90 Percent of IT Pros Worry About Public Cloud Security

One third of IT professionals surveyed said they've experienced more security breaches with the public cloud than with on-premise applications.

Premera Blue Cross Hacked

The hackers may have accessed the personal, financial and medical information of as many as 11 million people.

North Korea Blamed for Nuclear Power Plant Data Breach

The North Korean government called the accusation 'a false judgement by an idiot.'

Data Breach at Dental Practice Exposes 151,000 Patients' Personal Info

Names, Social Security numbers, birthdates, phone numbers and home addresses were accessed.

Hackers Demand Ransoms to Protect Blood Test Results, Nuclear Power Info

Two separate hacker groups recently threatened to release sensitive data unless ransoms were paid.

Survey Finds IT Security Pros Under Increasing Pressure

And 64 percent of enterprise respondents said they expect that pressure to grow in the coming year.

57 Arrested in Cybercrime Clampdown

Among those arrested is a 23-year-old man suspected of involvement in a June 2014 cyber attack on the U.S. Department of Defense.

IBM Exposes Critical Dropbox Vulnerability

Dropbox patches flaw that could have exposed users to risk.

Nurses Leverage Privileged Access to Commit Identity Theft

From Texas to North Carolina, several cases have demonstrated the challenge of protecting patient and employee information.

Anthem Refused Security Audit Before and After Data Breach

The company repeatedly refused to allow the OIG to conduct vulnerability scans of its systems.

Enterprises Seek Third-Party Compliance with Security Requirements

79 percent of respondents to a recent survey said ensuring that partners comply with their security requirements is a top priority in the coming year.

Natural Grocers Hacked

An undisclosed number of customers' payment card data may have been accessed.

Mandarin Oriental Hotels Hacked

Hotels in Boston, Las Vegas, Miami, New York and Washington, D.C., are likely affected.

Security Flaws Found in U.S. Air Traffic Control System

Among the issues uncovered by the GAO is 'significant interconnectivity' between the National Airspace System (NAS) and non-NAS systems.

Ponemon, 3M Warn of Low-Tech Visual Hacking Threat

A recent study found that white hat hackers were successful in 88 percent of attempts to visually hack sensitive information.

TalkTalk Acknowledges Massive Data Breach

The company says 'some limited information we have about some of our customers could have been accessed in violation of our security procedures.'

Target Breach Has Cost the Company $162 Million So Far

HyTrust president Eric Chiu suggests the total cost could eventually exceed $1 billion.

Study Finds Disconnect Between IT, Leadership on Cyber Security

Two thirds of CIOs and CISOs say senior leaders in their organization don't view cyber security as a strategic priority.

Stolen Laptops, Hard Drives Expose Over 100,000 People's Personal Data

The data potentially exposed includes names, addresses, phone numbers and Social Security numbers.

How Much Does Business AV Cost? Try Free

Avast debuts free Business Anti-Virus, but what's the catch?

Gemalto Responds to Alleged SIM Hack

The company says it had no knowledge of any access, and believes its products are secure.

Hackers Still in State Department Network Three Months After Breach

It's not yet clear how much data the attackers have taken.

Lenovo Computers Shipped with Pre-Installed Malware

The company says it has investigated the software and hasn't found 'any evidence to substantiate security concerns.'

Kaspersky Warns of 'Outstandingly Professional' Equation Group Cyber Attacks

The group's tools are capable of reprogramming hard drive firmware, allowing infections to survive disk formatting and OS reinstallation.

Centrify Offers Identity Management for Hadoop

Software allows users to leverage their existing Active Directory infrastructures to enhance Hadoop security.