Security News 

Park 'N Fly Investigates Possible Credit Card Breach

A significant number of credit cards that were recently used at Park 'N Fly locations are now being offered for sale online.

Survey: 20 Percent of Employees Have Stolen Corporate Data

A SailPoint survey also found that 66 percent of employees still had access to corporate data via cloud apps after leaving their jobs.

UC Berkeley Hacked

Social Security numbers and credit card numbers may have been accessed.

Mandiant CEO Calls Sony Data Breach 'Unprecedented'

Kevin Mandia said no company 'could have been fully prepared' for the attack.

Comcast Faces Class Action Lawsuit Over Xfinity Wi-Fi Hotspots

The lawsuit alleges that Comcast's new wireless routers increase electricity costs, degrade performance, and subject customers to security risks.

Charge Anywhere Acknowledges Five-Year-Long Data Breach

Cardholder data may have been exposed in plain text from November 5, 2009 to September 24, 2014.

LastPass, Dashlane Can Now Change Your Passwords For You

Both password managers recently added functionality that automates the process of changing your passwords on popular websites.

Lizard Squard Hackers Hit Sony PlayStation Network

The same group launched a similar attack on Sony just over three months ago.

U.S. Department of Justice Launches Cybersecurity Unit

The new unit will operate within the department's Computer Crime and Intellectual Property Section.

Bebe Stores Hit By Credit Card Breach

It's not yet clear whether the breach is still ongoing, or how long it lasted.

Canada Revenue Agency Exposes Affluent Taypayers' Financial Data

Details on charitable donations and home addresses were sent to a reporter by mistake.

FBI Warns of Destructive Malware Attacks on U.S. Companies

The FBI warning appears to refer to last week's cyber attack on Sony Pictures Entertainment.

FIN4 Hacker Group Steals Insider Info from Public Companies

The group has targeted more than 100 leading companies since mid-2013, according to FireEye.

Syrian Electronic Army Hackers Deface Western News Sites

Victims included the Chicago Tribune, CNBC, the Dallas Morning News, the Los Angeles Times, the Guardian and the Independent.

Home Depot Breach Has Already Cost $43 Million

The company also says it 'expects to incur significant legal and other professional services expenses associated with the data breach' in the future.

Virgin Islands Banks Hit by Massive Security Breach

Debit card accounts at Scotiabank, Banco Popular and FirstBank were compromised.

Sony Pictures Entertainment Disabled by Cyber Attack

The company's corporate networks and email were taken offline following the attack.

Regin Malware Likely Came From Western Intelligence Agency

According to the Guardian, the leading suspects are the U.S., the U.K., or Israel.

Google Brings Open Source Security Gifts

Google isn't just about search anymore. In recent weeks it has announced multiple security projects including Santa for Mac.

Verisign Warns of Surge in Large-Scale DDoS Attacks

The number of attacks exceeding 10 Gbps grew by 38 percent from Q2 to Q3 2014.

Citadel Malware Now Targets Password Managers

The Trojan looks for processes linked to KeePass, Password Safe, and the neXus Personal Security Client.

Australian Government Data Breach Linked to Poor Security Training

Data from an Excel spreadsheet containing 9,250 asylum seekers' personal information was mistakenly embedded in a Word document published online.

HSBC Acknowledges Massive Payment Card Breach

2.7 million Turkish cardholders' names, HSBC account numbers, card numbers and expiration dates were exposed.

U.S. State Department Hacked

In response to the breach, the department's entire unclassified email system was shut down, with duty officers using Gmail accounts to communicate.

AT&T Stops Using 'Permacookies' to Track Customer Activity

Verizon, however, is continuing to insert the tracking data into its customers' Web traffic.

IBM Boosts Cloud Data Protection, Compliance

IBM has patented an invention that will help global businesses navigate complex regulatory landscape for cloud data.

Chinese Hackers Breach NOAA

NOAA didn't acknowledge the breach until weeks after the fact, according to the Washington Post.

Microsoft Buys Aorato to Boost Active Directory Security

Microsoft buys Aorato, the company that earlier this year disclosed a critical vulnerability in Microsoft's security.

Darkhotel APT Campaign Targets Traveling Executives

The campaign targets corporate executives via hotel Wi-Fi networks.

BrowserStack Hacked via Shellshock

The hacker leveraged his access to send an email to customers claiming the service was shutting down.

U.S. Postal Service Hacked, Over 800,000 Affected

The Washington Post reports that Chinese government hackers are believed to have been responsible for the attack.

Home Depot Breach Also Exposed 53 Million Email Addresses

The company has also acknowleged that the attackers leveraged a third-party vendor's user name and password to access Home Depot's network.

WireLurker Malware Infects Mac OS X, iOS Devices

The malware has already been downloaded more than 350,000 times.

Researchers Hack Contactless Visa Cards

'With just a mobile phone, we created a PoS terminal that could read a card through a wallet,' says lead researcher Martin Emms.

Capital One Acknowledges Insider Breach

An employee improperly accessed an undisclosed number of customers' names, account numbers and Social Security numbers.

Drupal Acknowledges Major SQL Injection Vulnerability

'You should proceed under the assumption that every Drupal 7 website was compromised,' a security advisory warns.

Hackers Hit Mobile Payment Solution CurrentC

The email addresses of an undisclosed number of participants in CurrentC's pilot program were stolen.

White House Network Hacked

While the unclassified network was breached, officials say there's no indication at this point that any data on the classified network was accessed.

18.5 Million Californians' Personal Data Exposed in 2013

That's an increase of more than 600 percent from 2012, according to state attorney general Kamala Harris.

Survey Finds Enterprises Struggling to Secure Data in the Cloud

Just 19 percent of IT pros are confident they know about all cloud computing applications, platforms or infrastructure in use in their organizations.

Backoff PoS Malware Infections Rising Steadily

The number of Backoff infections increased by 57 percent from August to September 2014, according to Damballa.

Verizon Wireless Uses 'Permacookies' to Track Customer Web Activity

The Electronic Frontier Foundation's Jacob Hoffman-Andrews says AT&T and Sprint may be using similar headers as well.

Oregon Employment Department Notifies 851,322 People of Data Breach

Those affected were notified two weeks after the breach was discovered.

Employee Error at Touchstone Medical Imaging Exposes 307,528 Patients' Personal Data

A folder containing billing information was mistakenly left accessible online.

Staples Investigates Possible Data Breach

Potentially affected locations include seven in Pennsylvania, three in New York City, and one in New Jersey.

Chinese Government Targets iCloud Users with MITM Attack

All Chinese visitors to iCloud.com are being directed to a fake page designed to steal login credentials.

Cost of Cybercrime in U.S. Reaches $12.7 Million per Organization

The number of cyber attacks per week surged by 176 percent over the past five years, according to the Ponemon Institute.

Forgotten Passwords Cost Companies $200,000 a Year

'Bottom line, it's time to kill passwords,' says Centrify CEO Tom Kemp.

Google Researchers Warn of POODLE SSL Vulnerability

Twitter immediately disabled SSL 3.0 support following the disclosure.

Hackers Claim Breach of 7 Million Dropbox Accounts

Dropbox says it wasn't hacked, and that any stolen login credentials came from breaches at other sites.

Kmart Stores Infected with Point-of-Sale Malware

The company says the infection came from 'a new form of malware that was undetectable by current anti-virus systems.'

Dairy Queen Acknowledges Major Credit Card Breach

Almost 400 locations are affected, exposing customer names, payment card numbers and expiration dates.

Keeping SCADA Systems Secure

FireEye Turns Its Attention to SCADA industrial control systems.

JPMorgan Hackers Also Hit Over a Dozen Other Financial Firms

Additional targets included Citigroup, HSBC, E*Trade, Regions Financial, ADP and Bank of the West, though it appears that no data was stolen.

Misconfigured Server Causes Massive Data Breach at MBIA

Account numbers and balances were exposed, along with detailed instructions on how to authorize new bank accounts for deposits.

FDA Issues Cyber Security Guidance for Medical Devices

The guidance is intended to help device manufacturers mitigate security risks.

Veracode Gears up for Security IPO

Veracode CEO explains what his company is doing now as he heads toward a public offering.

AT&T Acknowledges Another Insider Breach

An employee inappropriately accessed Social Security numbers, driver's license numbers, and Customer Proprietary Network Information (CPNI).

JPMorgan Data Breach Impacts 76 Million Households, 7 Million Businesses

'You were affected if you used the following Web or mobile services: Chase.com, JPMorganOnline, Chase Mobile or JPMorgan Mobile,' the company says.

Android, iOS Malware Targets Hong Kong Protesters

Lacoon researchers describe the iOS version of the malware as the 'first iOS Trojan linked to Chinese government cyber activity.'

Supervalu Hacked Again

Payment card account numbers may have been accessed, along with some cardholder names and expiration dates.

General Motors Appoints First Product Cybersecurity Officer

Mark Reuss, GM's vice president of global product development, says it's crucial to look at vehicle technology 'on a critical systems level.'

Japan Airlines Breach Exposes 750,000 People's Personal Data

Malware was installed on 23 company computers, seven of which were found to be sending data to a server in Hong Kong.

Jimmy John's Credit Card Breach Affects 216 Locations

Point-of-sale systems vendor Signature Systems says 108 independent restaurant locations are also affected.

Shellshock Bash Vulnerability: Worse Than Heartbleed

The flaw could 'allow a remote attacker to execute arbitrary code on an affected system,' according to US-CERT.

FBI, DHS Warn of Surge in Insider Threats from Disgruntled Employees

Attacks by disgruntled employees have cost companies as much as $3 million, according to a recent alert.

Data Breach at TripAdvisor's Viator Impacts 1.4 Million Users

880,000 customers' credit card information may have been exposed, along with another 560,000 customers' email addresses and encrypted passwords.

Employee Error Exposes Over 10,000 Patients' Personal Data

The data was mistakenly made accessible via Google searches between December 2013 and April 2014.

Home Depot Breach Affects 56 Million Credit Cards

The company says the cybercriminals had 'unique, custom-built malware' in place from April to September 2014.

Chinese Hackers Breached U.S. Military Contractors 20 Times in One Year

According to a recent Senate report, the U.S. Transportation Command was aware of only two of those breaches.

IT Employee Charged With $37 Million Bank Heist

Godswill Oyegwa Uyoyou allegedly provided a group of co-conspirators with access to Skye Bank's computer systems.

JPMorgan Hackers Accessed Info on 1 Million Customer Accounts

According to the New York Times, more than 90 of the bank's servers were affected by the breach.

Over 41 Percent of Healthcare Organizations Still Aren't Encrypting Endpoints

That's true despite the fact that a third of healthcare employees work outside the office or clinic at least once a week, according to Forrester.

Insider Credit Card Breach Leads to $400,000 Saks Shopping Spree

Six former Saks Fifth Avenue employees have been charged with grand larceny and identity theft.

Hacker Publishes 5 Million Gmail Addresses, Passwords

Google says the leaked credentials were not the result of a breach of its systems, and less than two percent of them would have worked for Gmail.

Phishing Attacks Target iCloud Users Following Celebrity Photo Breach

A recent McAfee study found that 80 percent of business users fell for at least one in seven phishing emails.

Dyreza Malware Now Targeting Salesforce.com Users

The company says it was recently alerted to the threat by one of its security partners.

Goodwill Data Breach Linked to Third-Party Vendor

Almost 900,000 payment cards appear to have been affected.

IBM Brings Bare Metal Intel TXT Security to Cloud

The cloud isn't just about virtual servers. The physical layer and its security still matter, which is why IBM is using Intel's Trusted Execution Technology.

Unencrypted Laptop Thefts Expose Personal, Medical, Financial Data

'The benefits of encryption have been known for some time, but companies just aren't doing it,' says SafeNet chief strategy officer Tsion Gonen.

Home Depot Credit Card Breach May Affect All U.S. Locations

The breach may have lasted for several months, making it potentially far more damaging than last year's three-week-long Target breach.

Apple Admits Celebrity Accounts Were Hacked, But Denies iCloud Breach

The company says the breaches were the result of 'a very targeted attack on user names, passwords and security questions.'

Mozilla Exposes 97,000 Bugzilla User Passwords

The users' email addresses and encrypted passwords were posted on a publicly accessible server for approximately three months.

Most Enterprises Can't Detect or Deter Insider Threats

In a recent survey, 61 percent of IT professionals said they can't deter or respond to insider attacks.

Dairy Queen Acknowledges Possible Credit Card Breach

The company hasn't yet determined how many locations may be affected.

Russian Hackers Breach JPMorgan Chase, Four Other U.S. Banks

The hackers stole gigabytes of sensitive data, though it's not clear whether the attacks were aimed at financial gain or cyber espionage.

Over 1,000 U.S. Businesses Infected with Backoff PoS Malware

A DHS advisory urges companies to work with IT, anti-virus vendors, managed service providers and PoS system vendors to check for vulnerabilities.

Three Quarters of South Korean Population Affected by Massive Data Breach

27 million names, resident registration numbers, account names and passwords were allegedly accessed by a Chinese hacker.

Sony Networks Taken Down by DDoS Attack

'We have seen no evidence ... of any unauthorized access to users' personal information,' the company stated.

Community Health Systems Breach Linked to Heartbleed Bug

Recent research by Venafi found that 97 percent of Global 2000 organizations' public servers remain vulnerable to Heartbleed.

U.S. Colleges and Universities Are Failing at Cyber Security

According to a recent BitSight report, the higher education sector is less secure than retail or healthcare.

UPS Store Acknowledges Credit Card Breach

Customer names, mailing addresses, email addresses and payment card information may have been accessed at 51 stores in 24 states.

Nuclear Regulatory Commission Hacked Three Times

At least two of the attacks were launched from overseas.

Chinese Hackers Breach Community Health Systems, 4.5 Million Affected

The hackers stole about 4.5 patients' names, addresses, birthdates, phone numbers and Social Security numbers.

Supervalu Admits Massive Supermarket Credit Card Breach

Potentially affected stores include Acme Markets, Cub Foods, Farm Fresh, Horbacher's, Jewel-Osco, Shaw's, Shop 'n Save, Shoppers and Star Markets.

Bank Faces Lawsuit Over $327,000 in Losses from Cyber Attack

Hackers stole the funds from TEC Industrial in 55 separate ACH drafts on May 10, 2012.

Password Manager LastPass Suffers Outage

A data center outage left the popular password management service inaccessible for several hours.

Computer Thefts Expose Over 45,000 Patients' Personal Data

Unencrypted computers containing the data were stolen from three different medical facilities.

Hackers Stole 2 Million Customer Records Per Day in Q2 2014

More than 175 million customers records were stolen in the second quarter of the year, according to SafeNet.

Breach at USIS Exposes Government Employees' Data

The company says the breach 'has all the markings of a state-sponsored attack.'

Cancer Clinic Employee Charged with Theft of Patient Data

More than 2,000 current and former patients may be affected.

Gambling Site Acknowledges Four-Year-Old Data Breach

649,055 customers' names, user names, mailing addresses, email addresses, phone numbers and birthdates were exposed.

CyberVor Breach Exposes 1.2 Billion User Names, Passwords

A Russian gang of fewer than a dozen hackers has collected more than 4.5 billion user records from over 400,000 websites and FTP sites.

Mozilla Exposes 4,000 Passwords by Mistake

A data sanitization process failed for 30 days, exposing 76,000 email addresses and 4,000 encrypted passwords.

US-CERT Warns of New Backoff Malware

The malware appears to have been responsible for several recent high-profile breaches, including those at Target, Neiman Marcus and Goodwill.

Chinese Hackers Hit Canada's National Research Council

The NRC says it'll take a year to develop a new secure IT infrastructure.

Tor Hacked

'Users who operated or accessed hidden services from early February through July 4 should assume they were affected,' says the project's co-founder.

IBM Expands Security Portfolio with CrossIdeas Acquisition

CrossIdea technology will give IBM more capabilities to evaluate and access risks.

Sony Settles Data Breach Lawsuit for $15 Million

The money will be paid to customers in the form of games and memberships.

Travel Agent Fined $255,000 for Data Breach

More than 1.1 million debit and credit card records were stolen from former Thomas Cook subsidiary Essential Travel.

New ThreatStream CEO Wants to Solve SIEM Challenge

ArcSight founder joins security vendor to fill gaps that SIEM doesn't solve.

European Central Bank Hacked

The hackers demanded a ransom after stealing 20,000 email addresses.

Six Charged in Connection with $1 Million StubHub Breach

Over 1,000 customer accounts were compromised and used to purchase more than 3,500 e-tickets, which were then resold.

New Phishing Campaign Targets LinkedIn Users

Recipients who click on links in the emails are redirected to a fake login page designed to steal email addresses and passwords.

Goodwill Industries Hit by Credit Card Breach

The breach may date back as far as the middle of 2013.

Hackers Leverage Russian Government Malware

Sentinel Labs researchers say the malware is so hard to detect it's 'virtually invisible.'

68 Percent of Employees Expose Critical Corporate Data by Mistake

That's happening even though 65 percent say it's their responsibility to protect that data.

IT Pros Report Surge in Concern About Ransomware

73 percent of respondents to a recent survey said they're very or extremely concerned about the impact of ransomware, up from 48 percent in January.

73 Percent of IT Staff Currently Have Unresolved Network Events

Forty-five percent of IT staff say they monitor network and application performance manually instead of using network monitoring tools.

Trusteer Warns of New Kronos Banking Trojan

The malware is currently being offered for sale online for $7,000 -- or $1,000 for a one-week trial.

LastPass Acknowledges Two Security Flaws

Researchers at UC Berkeley alerted the company to the flaws, and also found vulnerabilities in three competing solutions.

NCA, FBI, Europol Take Down Shylock Banking Malware

The malware, which was first uncovered in 2011, has infected more than 30,000 Windows PCs worldwide.

67 Percent of Critical Infrastructure Providers Were Breached Last Year

Still, only 28 percent say security is one of their organization's top five strategic priorities.

Laptop Thefts Expose Personal, Medical, Financial Data

A brokerage firm, a health district, a retirement community, a hospital and an oil change franchisee were all recently hit.

HotelHippo Shuts Down In Response to Vulnerability Disclosure

Site owner HotelStayUK says the security flaws were 'obviously completely unacceptable.'

Physical Location of Data Will Be Irrelevant By 2020

'The future will be hybrid,' says Gartner research vice president Carsten Casper.

Tutanota Encrypted Email Service Launches

'Email encryption is the best tool to stop mass surveillance on the Internet,' says company co-founder Matthias Pfau.

Most IT Pros Don't Know Where All Corporate Data Resides

Just 16 percent of IT and IT security professionals know the location of all of their sensitive structured data.

Dragonfly Cyber Attacks Breach Western Energy Companies

Symantec researchers say the campaign 'bears the hallmarks of a state-sponsored operation.'

163,000 Affected by Butler University Data Breach

Names, birthdates, Social Security numbers and bank account information may have been accessed.

World Cup Security Team Accidentally Reveals Wi-Fi Password

A photo published in a Brazilian newspaper clearly showed the network's SSID and password.

File Sharing Apps Pose a Significant Data Breach Threat

Forty-six percent of senior IT pros say data is leaking from their companies due to the use of file sharing services.

IT Managers Are Overconfident About Insider Breaches

While 63 percent think it's easy to govern access rights, 42 percent admit they aren't able to monitor or prevent insider breaches.

Researchers Uncover Crucial Security Flaw in Google Play

Columbia University's Jason Nieh and Nicolas Viennot found thousands of secret keys being stored in app software.

Yo Hacked, Hires Hacker

While the attack exposed some flaws in the app, Yo has exploded in popularity since the breach.

Code Spaces Destroyed by Cyber Attack

A hacker deleted most of the company's data, backups, machine configurations and offsite backups.

Security Researchers Warn of New Dyre Banking Trojan

The malware, also called Dyreza, is designed to bypass SSL and steal login credentials.

Email Breaches Expose Over 37,000 People's Data at California Colleges

Names, Social Security numbers and birthdates were exposed, along with a variety of other information.

Hackers Breach Domino's Pizza, Demand Ransom

The hackers claim to have stolen more than half a million customers' names, addresses, phone numbers, email addresses and passwords.

ATT Customer Info Exposed by Third Party Data Breach

An undisclosed number of customers' Social Security numbers and birthdates were accessed.

How to Avoid FIFA World Cup Cyber Threats

From phishing scams to mobile malware, there's a lot to watch out for if you're a soccer fan these days.

FAA Orders Boeing to Protect Airplanes from Cyber Attacks

Proposed special conditions require Boeing to 'ensure that the airplanes' electronic systems are protected from access by unauthorized sources.'

ICS-CERT Warns of Highway Sign Security Vulnerability

Daktronics' configuration software comes with a default password that's too often left unchanged.

Stolen USB Drive Exposes 33,702 Calif. Patients' Data

Patients' names, genders, medical record numbers, birthdates and dates and times of service may have been exposed.

HP Atalla Tackles Encryption in the Post-Snowden Era

The need for encryption now is greater than ever.

TweetDeck Briefly Shuts Down in Response to Security Flaw

The service was shut down for an hour as TweetDeck fixed an XSS vulnerability.

Evernote, Feedly Hit by DDoS Attacks

The attackers who hit Feedly demanded money to make the attacks stop.

P.F. Chang's Suffers Credit Card Breach

Thousands of new credit and debit cards, all of which were recently used at P.F. Chang's locations, are being offered for sale online.

Mailroom Employee Exposes 3,675 Highmark Members' Data

The affected members' names, addresses, birthdates, medical information and member identification numbers were sent to other members by mistake.

U.K. Considers Life Sentences for Hackers

The sentence could be applied to hackers who cause loss of life, serious illness or injury, or serious damage to national security.