Security News 

69 Percent of Executives Would Bypass Security Controls to Close a Deal

Still, 41 percent believe security should be more important than business flexibility, a recent survey found.

Can Mobile Apps Defend Themselves? Yes, Says Bluebox

Bluebox's approach goes beyond providing just a security wrapper for mobile applications.

Starwood Hotels Hacked

The point-of-sale systems at 54 of the company's hotels were infected with malware.

6 Million Georgia Residents' Personal Data Exposed by Mistake

The information exposed includes Social Security numbers and birthdates.

40 Percent of Companies Expect an Insider Data Breach Next Year

But 72 percent of security professionals say their board doesn't treat insider threats as seriously as external threats, a recent survey found.

MetroPCS, Nutmeg Customer Data Exposed by Mistake

Both breaches appear to have been the result of coding errors.

Docker Container Security: What's Next

Docker aims to improve container security with application scanning, user namespaces and other capabilities.

90 Percent of Industries Have Suffered Breaches of PHI

Only the utilities and management industries had no reported PHI breaches, according to a recent report.

Android Tablets Sold on Amazon Infected with Cloudsota Trojan

The tablets have been sold and delivered to over 17,000 customers in more than 150 countries.

Breach at Securus Technologies Exposes 70 Million Prison Phone Calls

The 37 GB cache includes records of calls placed by more than 63,000 inmates.

90 Percent of Organizations Experience At Least One Insider Threat a Month

The average organization experiences 9.3 such threats every month, according to recent research.

One Fifth of Those Who Find Lost USB Drives Use Them, Despite Risk

A recent study also found that 45 percent of employees receive no cyber security training at all.

Adobe Patches 17 Flash Vulnerabilities in Latest Update

Adobe's Flash is still heavily favored as a top attack vector, so you'd better update ASAP.

Most Businesses Are Too Confident About Data Security

While 83 percent said they're either fairly or very confident that they're secure against a data breach, just 49 percent had not experienced one.

Touchnote Acknowledges Data Breach

The exposed data includes customers' names, email addresses, mailing addresses, order histories and the last four digits of credit card numbers.

U.S. Government Officials Targeted by Iranian Hackers

Iran's Revolutionary Guard allegedly has an army of hackers trained in Russia.

47 Percent of Companies Were Breached in the Past Two Years

And 65 percent believe threat intelligence could have prevented or minimized the impact of those breaches, according to a recent survey.

Ransomware Is Now the Leading Mobile Malware Threat

And porn sites are now the top mobile infection vector, according to Blue Coat.

Reused Passwords Expose 1,827 Vodafone Accounts

The accounts were accessed using email addresses and passwords acquired elsewhere, according to the company.

Half of IT Security Pros Don't Think Their Organization Will Be Attacked

At the same time, 61 percent aren't confident in their organization's ability to detect advanced threats, a recent survey found.

Data Breach at Web Host Exposes 13 Million Passwords in Plain Text

The data, which appears to have been stolen in March 2015, includes names, user names, plain text passwords, and email addresses.

U.S. Has World's Worst Gender Gap in Cyber Security Education

69 percent of U.S. women said no teacher or career counselor had ever suggested a cyber security career to them, compared to 55 percent of U.S. men.

U.S. Senate Approves Cybersecurity Information Sharing Act

The bill passed the Senate by a vote of 74 to 21.

Hackers Use 900 CCTV Cameras to Launch DDoS Attacks

Hundreds of infected cameras were used to attack an Incapsula client -- and one of those cameras was five minutes away from Incapsula's offices.

TalkTalk Hacked Again

Names, addresses, birthdates, email addresses, phone numbers, TalkTalk account data, and credit card and bank account details may have been accessed.

Sony Settles Data Breach Lawsuit For Up to $8 Million

The amount ultimately paid by Sony could range from $5.5 million to $8 million.

93 Percent of Office Workers Engage in Risky Behavior Online

And IT professionals are actually more likely to do so than the average employee, according to an Intermedia survey.

Cyber Insurance Premiums Surge in Response to High-Profile Data Breaches

Some companies are also finding their deductibles raised and their coverage limited, Reuters reports.

Trend Micro Broadens Security Offering with HP TippingPoint Buy

Trend Micro adds intrusion prevention to its security arsenal with HP TippingPoint acquisition.

High School Hacker Breaches CIA Director's Email Account

The hacker claims to have accessed Brennan's application for top secret security clearance, along with other sensitive data.

Dow Jones Allegedly Hit by Russian Hackers Seeking Inside Information

The company says it's investigating 'whether there is any truth whatsoever to this report by a competitor news organization.'

Alleged Hacker Charged With Providing Support to ISIL

Ardit Ferizi is accused of providing ISIL with the personal information of approximately 1,351 U.S. military and government personnel.

Suspected Iranian Hackers Leverage Fake LinkedIn Profiles to Target Victims

The 25 profiles appear to be tied to the Iranian hacker group TG-2889.

America's Thrift Stores Acknowledges Credit Card Breach

Customers who used credit or debit cards at any of the company's locations between September 1, 2015 and September 27, 2015 may be affected.

Dow Jones Hacked

The hackers appear to have been targeting customer contact information, though in fewer than 3,500 cases, payment card data may also have been stolen.

48 Percent of Used Hard Drives Sold Online Contain Residual Data

The same is true of 35 percent of used mobile devices, according to a recent study.

Codoso Group Hackers Breach Samsung Subsidiary LoopPay

The breach remained undetected for five months, according to the New York Times.

Amazon, Google Boost Cloud Security Efforts

Amazon and Google, two of the biggest cloud players, roll out new services in a bid to help cloud users be safer.

Cisco Disrupts Infrastructure Behind $60 Million Ransomware Campaign

The researchers found that 'an inordinate number of proxy servers' used by the Angler Exploit Kit were on servers belonging to Limestone Networks.

Cybercrime Now Costs the Average U.S. Organization $15 Million Per Year

The average cost to resolve a single attack is now more than $1.9 million, according to the Ponemon Institute.

Scottrade Acknowledges Two-Year-Old Data Breach

Approximately 4.6 million customers are affected.

Experian Data Breach Exposes 15 Million T-Mobile Customers' and Applicants' Personal Info

Names, addresses and birthdates were exposed, along with encrypted Social Security numbers, and/or driver's license or passport numbers.

84 Percent of IT Pros Have Moderate to No Confidence in Ability to Secure Files

Fully 80 percent of organizations have experienced file data leakage incidents, according to an Enterprise Management Associates survey.

Thousands of Critical Medical Devices Exposed Online

'These devices are getting owned repeatedly,' security researcher Mark Collao said.

Trump Hotels Confirms Credit Card Breach

Customers who used credit or debit cards at the Trump International Hotel & Tower Las Vegas between May 19, 2014 and June 2, 2015 may be affected.

Hilton Hotels Hacked

It's not yet clear which locations may be affected by the breach, which could date back as far as November 2014.

38 Percent of IT Security Pros Don't Participate in Their Own BYOD Programs

And 28 percent of enterprises do nothing at all about mobile security, a recent Bitglass survey found.

87 Percent of Business, IT Pros Expect Mobile Payments Breaches to Grow

But 42 percent have used mobile payments this year regardless of the risks, a recent ISACA survey found.

OPM Breach Exposed 5.6 Million People's Fingerprints

The new disclosure is a result of the government's ongoing effort to determine what data was impacted by the breach.

Former CVS Employee Steals Molina Healthcare Members' PHI

'This may put you at risk for identity theft,' Molina Healthcare told those affected.

Millions Infected by Malware in Apple App Store

The malware is capable of launching phishing attacks and stealing data from the user's clipboard.

Splunk Expands Security Tools with New Product Releases

Splunk Enterprise Security 4.0 and Splunk User Behavior Analytics debut.

Symantec Issues Fraudulent Google SSL Cert

Google's Certificate Transparency effort saves the day in case of improperly issued EV-SSL certificate.

Thefts of Unencrypted Laptops Expose 7,000 Patients' Medical Data

The information potentially exposed includes names, birthdates, Social Security numbers and treatment information.

Kremlin Hit by Cyber Attacks

'The defense system worked, even though it was not easy,' Vladimir Putin's press secretary said.

Judge Certifies Banks' Class Action Lawsuit Against Target

Target spokeswoman Molly Snyder said the company is 'disappointed' in the ruling.

Russian Hacker Pleads Guilty to Theft of 160 Million Credit Card Numbers

The scheme, which caused more than $300 million in losses, is the largest ever prosecuted in the United States.

Providers in California, Michigan, Mississippi Admit HIPAA Violations

Patient data was potentially exposed by insider breaches and phishing attacks.

Stolen Device Exposes Thousands of Lloyds Bank Customers' Data

The unencrypted device held names, addresses, account numbers and sort codes.

U.S. Department of Energy Hacked 159 Times

The DOE reported 1,131 cyber attacks between 2010 and 2014, 159 of them successful.

Hackers Compromise Cal State, Excellus BCBS Data

In Excellus BlueCross BlueShield's case, the breach dates back to December 23, 2013.

81 Percent of Healthcare Organizations Have Been Breached in Past Two Years

Still, 16 percent of organizations said they're unable to tell in real time if their systems are compromised.

Bugzilla Hacked for Over a Year

A single password reused from another site provided the attacker with privileged access.

Email Mistakes Expose HMRC, PTSB, WHSmith Data

As a result of technical glitches and human error, hundreds of contact details were shared by mistake.

Stolen Laptop Exposes 1,242 UCLA Health Patients' Medical Info

Data on the unencrypted laptop included patient names, medical record numbers and health information.

Cc: vs. Bcc: Email Blunder Exposes 780 HIV Patients' Identities

"I find it impossible to believe that in this day and age this can happen," one patient said.

225,000 Apple Credentials Stolen via New iOS Malware

It's the 'largest known Apple account theft caused by malware,' according to Palo Alto Networks researchers.

Avid Life Media CEO Resigns Following Data Breach

The decision was made 'in mutual agreement with the company,' according to a statement.

Thomson Customer Data Exposed by Mistake

458 names, addresses, email addresses, phone numbers and flight dates were exposed.

Lost, Stolen Unencrypted Devices Expose PHI Nationwide

A hard drive, computer and thumb drive -- none of them encrypted -- exposed over 9,000 patients' personal information.

Court Ruling: FTC Can Sue Companies for Cyber Security Failures

'It is not only appropriate, but critical, that the FTC has the ability to take action,' said FTC chairwoman Edith Ramirez.

Dating Website PlentyofFish Hit by Malvertising Attack

According to Cyphort Labs, the number of malvertising attacks carried out by hackers increased by 325 percent in the past year.

Employee Errors Expose PHI, PII, Social Security Numbers

Both the Illinois Department of Corrections and the Colorado Office of Information Technology recently released personal information by mistake. Hacked

The names, addresses and credit card information of approximately 93,000 customers may have been exposed.

Hackers Leak 10 GB of User Data from Adultery Site

The leaked data includes 36 million customer records, listing names, addresses, user names, passwords and the last four digits of credit card numbers.

IRS Data Breach Exposed 334,000 Taxpayer Accounts

The new number is more than three times the estimate the IRS had given in May.

Kaspersky Responds to 'Fake Malware' Allegations

'They forgot to add that we conjure all this up during steamy banya sessions, after parking the bears we ride outside,' Eugene Kaspersky wrote.

Theft of Unencrypted Laptop Exposes 100,000 Social Security Numbers

70 percent of U.S. adults think it's riskier to trust a company with their Social Security number than to carry their Social Security card with them.

Corvette Hacked via Text Message

UCSD researchers were able to both activate and disable the car's brakes and control the car's windshield wipers, all via SMS.

32 Charged with $100 Million Hack of Newswire Services

The group is alleged to have earned over $100 million by stealing and trading on corporate earnings announcements before they were made public.

U.K. Government Investigates Massive Carphone Warehouse Data Breach

As many as 2.4 million customers' names, addresses, birthdates and bank information may have been exposed.

American Airlines, Sabre Allegedly Breached by Chinese OPM Hackers

The same hackers who hit Anthem, United Airlines and the Office of Personnel Management may have added American and Sabre to the list.

FBI Details Takedown of Gameover Zeus Botnet

FBI agent explains how law enforcement worked with security vendors to bring down a major botnet operation.

U.S. Joint Chiefs of Staff Breached by State-Sponsored Hackers

Massive amounts of data were stolen in a short period of time, according to news reports.

HP ZDI Finds 100 Vulnerabilities in Adobe Reader

HP details how an attacker could potentially abuse Adobe Reader's JavaScript APIs.

FDA Warns of Cyber Security Flaws in Hospira Infusion Pump

The FDA is urging health care facilities to switch to alternative infusion systems 'as soon as possible.'

Certifigate Flaw Exposes Android Users to Risk [VIDEO]

Remote diagnostic tools from OEMs that are supposed to help Android users, could instead be used to hurt them.

Bitdefender Acknowledges Data Breach

Usernames and passwords were exposed in plain text.

Google Doubles Down on Android Security at Black Hat

Google's Android security chief discusses Stagefright and more in Black Hat address.

Yahoo Ads Serve Malware for Second Time in Two Years

Malicious ads were found to be redirecting victims to the Angler Exploit Kit, according to Malwarebytes researchers.

Half of C-Level Execs See CISOs Primarily as Scapegoats for Data Breaches

Only 25 percent think CISOs should be part of an organization's leadership team, according to a recent survey.

Medical Record Breach Impacts 3.9 Million People Nationwide

The data potentially exposed includes names, birthdates, Social Security numbers, lab results, medical conditions and health insurance information.

Ziften Digs Deep for Security Visibility

Fresh off a $24 million funding round, security startup debuts ZFlow technology to connect the dots of security incidents.

Employee Negligence Exposes Massachusetts Hospital Patients' Personal Data

70 percent of U.S. IT and IT security practitioners say more security incidents are caused by uninentional mistakes than by malicious acts.

Planned Parenthood Hacked

Over 300 employees' names, email addresses and hashed passwords were published online.

Anonymous Hackers Hit U.S. Census Bureau, Canadian Government

The hackers say the attacks were launched to protest the TTIP and TPP, and to retaliate for the shooting of James Daniel McIntyre by Candian police.

Flash Malware Surges, Finds Cisco

While Flash exploits are up, Java is going the other way, according to Cisco's MidYear Security Report.

Car Hacking Arms Race Starts: Chrysler Recalls 1.4 Million Vehicles

The recall was issued in response to a recent demonstration showing that a Jeep Cherokee can be hacked remotely via the Uconnect system.

Five Men Charged in Connection with JPMorgan Hack

The five allegedly used the stolen data to promote a pump-and-dump stock scheme.

Costco, CVS, Rite Aid, Tesco Photo Sites Shuttered by Third-Party Data Breach

A breach at Staples subsidiary PNI Digital Media has impacted photo processing sites for major vendors across the U.S. and the U.K.

Ashley Madison Hack Exposes Data on 37 Million Users

The hackers are threatening to release all of the stolen data if the site isn't shut down.

Data Breach at UCLA Health Exposes 4.5 Million People's Personal Information

The data potentially stolen includes names, birthdates, Social Security numbers and medical information.

Darkode Cybercrime Forum Shut Down

The operation was a coordinated effort between law enforcement authorities in 20 countries.

Walmart Canada Hacked

An unidentified source told The Globe and Mail that as many as 60,000 customers may be affected.

UPMC Suffers Fourth Data Breach in Three Years

A file containing 722 members' protected health information was mistakenly sent to the wrong email address.

Employee Error Causes Army National Guard Data Breach

All current and former National Guard members since 2004 may be affected.

FS-ISAC Warns of Remote Access PoS Attacks

An advisory suggests changing login credentials on a regular basis and implementing multi-factor authentication, among other recommendations.

OPM Breach Hits 22 Million People, Director Resigns

Two separate breaches exposed highly sensitive information, including Social Security numbers and fingerprints.

NYSE, WSJ, UA Downed by Technical Glitches

All three organizations said the failures were not the result of cyber attacks.

Nine Zoos Nationwide Suffer Point-of-Sale Breaches

Customer names, credit or debit card numbers, expiration dates and CVV codes were accessed.

Orlando Health, Cuesta College, Firekeepers Casino Acknowledge Data Breaches

More than 92,000 people's personal information may have been exposed.

Hacking Team Hacked

Documents were leaked indicating the company provided hacking tools to the governments of Azerbaijan, Kazakhstan, Uzbekistan and Russia, among others.

Plex Hacked

The hacker is demanding 9.5 Bitcoins in ransom to protect the stolen data.

Harvard University Hacked

University login credentials used to access computers and email accounts may have been exposed.

Trump Hotels Suffer Apparent Credit Card Breach

The breach, which appears to date back to at least February 2015, affects hotels in Chicago, Honolulu, Las Vegas, Los Angeles, Miami and New York.

Samsung to Stop Disabling Windows Update

After security reseacher Patrick Barker publicized the issue, the company says it plans to issue a patch soon.

U.S. Government Login Credentials Found Online

47 different U.S. government agencies are affected, according to Recorded Future.

Advanced Tech Support Suffers Insider Breach

A former employee apparently leveraged customer data to trick victims into providing remote access to their computers.

Hersheypark Investigates Possible Credit Card Breach

Cards used at Hershey locations between mid-March and late May 2015 may be affected.

SEC Investigates FIN4 Hacker Group

The Securities and Exchange Commission has been contacting public companies to gather information on the group's activities and methods.

OPM Breach May Affect 18 Million People

A new estimate more than four times greater than the previous one was recently provided to U.S. Senators.

Polish Airline LOT Hacked

Ten flights were canceled, and more than 1,400 passengers impacted.

New Spear Phishing Attack Bypasses Two Factor Authentication

The attack is simpler and cheaper to launch than traditional spear phishing attacks, and it can be dangerously effective.

Researcher Uncovers Major Security Flaw in Samsung Galaxy Devices

While the vulnerability could provide an attacker with an enormous amount of access to an affected device, it's extremely difficult to exploit.

FBI Investigates St. Louis Cardinals for Houston Astros Hack

According to the New York Times, Cardinals officials allegedly tried a series of passwords until they successfully accessed the Astros' network.

Computers Seized in Connection with Celebrity Nude Photo Hack

Recently unsealed documents indicate that a Chicago residence was searched in connection with the breach in October 2014.

LastPass Password Manager Hacked

Email addresses, password reminders, server per user salts and authentication hashes were compromised.

U.S. Army Website Defaced by Syrian Hackers

The hackers claim the defacement was enabled by targeting the Limelight Networks content delivery network.

Cybercriminals Use Man-in-the-Middle Attacks to Steal 6 Million Euros

Europol recently announced 49 arrests in connection with the fraud campaign.

Exabeam Advances User Intelligence Security Efforts

Exabeam 1.7 makes use of stateful user tracking to keep user credentials in line.

CISOs Say Hackers Could Gain Upper Hand By 2020

The majority of CISOs say they would spend any additional cyber security funds on human-centric solutions.

Trend Micro Warns of New MalumPoS Point-of-Sale Malware

The malware currently targets Oracle MICROS and other point-of-sale systems.

Stolen Computers Lead to New Heartland Payment Systems Breach

The unencrypted computers were stolen from an office that had recently been acquired by Heartland.

Chinese Hackers Steal All U.S. Federal Employees' Personal Data

Approximately 4 million current and former federal employees may be affected.

Japan Pension Service Hacked, 1.25 Million Records Leaked

The leaked data included names, birthdates, identification numbers and addresses.

Woolworths Mistakenly Leaks $1 Million in Gift Cards

A spreadsheet containing the data was sent to over 1,000 people due to a 'technical fault,' the company said.

Sally Beauty Details Malware Attack That Led to Recent Data Breach

The company says malware was 'effectively deployed' on some of its point of sale systems between March 6 and April 17, 2015.

Apple Bug Crashes Macs, iPhones, iPads, Apple Watches

A specific series of characters displayed in a notification can cause a device to crash and reboot.

Hacker Breaches Database, Gets Job Offer

'We've asked Makman if he'd be willing to work with us," Times Internet CEO Satyan Gajwani tweeted.

3,867,997 Adult FriendFinder Account Details Released

The leaked data includes user name, birthdates, email address, gender, location, relationship status and sexual orientation.

100,000 IRS Taxpayer Accounts Compromised

The Internal Revenue Service says the accounts were breached using 'taxpayer-specific data acquired from non-IRS sources.'

Target Data Breach Settlement Falls Through

Not enough banks signed on to the $19 million settlement, which would have required them to drop any further claims against Target.

Federal Reserve Bank of St. Louis Hit by Cyber Attack

The bank says its domain name servers were hijacked last month.

Insider Data Breach at Medical Billing Company Hits Patients at Several Hospitals

A call center employee at billing company Medical Management, LLC stole thousands of patients' names, birthdates and Social Security numbers.

CareFirst BlueCross BlueShield Data Breach Impacts 1.1 Million People

Names, user names, birthdates, e-mail addresses and subscribed identification numbers were exposed.

FBI Claims Security Researcher Hacked Airplane Mid-Flight

'Over last 5 years my only interest has been to improve aircraft security,' Chris Roberts tweeted recently.

Telstra Acknowledges Massive Pacnet Data Breach

Company chief security officer Mike Burgess says the hackers 'had complete access to the corporate network.'

Penn State University Hacked

The College of Engineering's computer network was disconnected from the Internet in response to the breach.

Sally Beauty Confirms Second Data Breach In As Many Years

The company says it won't 'speculate on the scope of the intrusion,' since the investigation is ongoing.

CrowdStrike Warns of VENOM Vulnerability

The flaw could allow an attacker to escape a VM environment and access the host system.