Lawsuits in Sutter Health breach to be rolled into one

Following the theft of a computer at Sutter Health in October that put the personal information of more than 4.2 million patients at risk, 11 class-action lawsuits were filed against the Sacramento, Calif.-based nonprofit.

Android botnet may net millions yearly for its operators

Researchers from Symantec and North Carolina State University may have stumbled upon one of the largest and most lucrative mobile botnets yet.

Spam with QR code targets mobile users

Spam with QR code targets mobile users

Researchers have revealed a new type of spam campaign that appears to be a test run to find out how mobile users will respond to social engineering attempts on their smartphones and tablets.

"Significant" security threats found in Android devices

Android phones from leading manufacturers -- including HTC, Motorola and Samsung -- contain pre-loaded applications that do not properly enforce the platform's permission-based security model.

Twitter buys Whisper Systems for Android security

Twitter has acquired a start-up that makes security and management solutions for Android devices.

HTC working with carriers to push Android bug fix

Users of HTC-made Android devices are receiving software security updates to correct a vulnerability that could be exploited by a third-party to steal personal information.

Apple releases OS X, iOS, Safari updates

Apple on Wednesday issued much-anticipated updates for its Mac OS X and iOS mobile operating system, adding support for its new iCloud service, and fixing a bevy of security flaws.

HTC confirms hole in its Android phones

HTC plans to release a patch after a "short" testing period, the company said Tuesday.

HTC investigating flaw in its Android phones

A new mobile phone bug stems from an insecure program, called HTCLoggers.apk, which was recently added to some HTC Android devices.

FTC settles with SMS marketer over spam allegations

A California man is barred from delivering unsolicited text messages after he sent "a mind-boggling" amount for many months, under a settlement with the Federal Trade Commission.

Apple delivers iOS patch for jailbreak flaw

Apple on Friday issued an update for its iOS mobile operating system, addressing a security flaw being used to jailbreak iPad, iPhone and iPod Touch devices.

Risky mobile behaviors routine in business

A survey of more than 1,500 individuals from 14 countries found that half of device users keep passwords, PIN codes or credit card details on their mobile devices.

Google fixing Android Wi-Fi snooping flaw

Google on Wednesday began distributing a patch to address a security flaw in all but the latest versions of its Android mobile operating system.

Apple issues iOS update to cool off tracking issue

Apple this week issued an update to address rampant concerns that its iPhone and iPad devices are collecting and storing information about users' locations.

Apple responds to data collection concerns

Apple has denied logging users' locations and promised to release a software update to change the way it stores data on iPhones.

Google remotely killing Android malware

Google is now using a remote security tool to remove malicious applications from affected Android devices after a malware outbreak hit its official app store.

RSA Conference 2011: Smartphone threats imminent, security lacking

Most users are not aware of the risks in smartphones and the security industry is struggling to develop tools to defend these devices, a panel of experts said on Wednesday at RSA Conference in San Francisco.

AT&T iPad hackers arrested, facing federal charges

Federal prosecutors in New Jersey have filed charges against two individuals believed to have stolen the personal information of 120,000 iPad users from AT&T's network this past June.

Android trojan sign of mobile malware evolution

A new trojan targeting Google Android users, mostly in China, could be a sign that mobile malware is getting sophisticated in a hurry.

Class-action lawsuit brought against AvMed over breach

A Florida-based health insurance provider has been hit with a class-action lawsuit after it revealed earlier this year that thieves had stolen two company laptops containing the personal information of members.

McAfee CEO: Get ready for tidal wave of mobile attacks

2011 promises to deliver a major influx of mobile application attacks, plus other sophisticated digital assaults, said Dave DeWalt, CEO of McAfee, during a keynote address Wednesday at SC Congress Canada in Toronto.

Mobile application threat not here yet, but it's on the way

The mobile application threat space still is in its infancy, but organizations should be planning for the possibility of things heating up in the near future, said the security director of a major bank in Canada.

Dangers of personal device use in the workplace

A lot of threats already seen on PCs and laptops will move to mobile systems, a panelist said at SC World Congress in New York.

Zeus moves to mobile devices to sniff out text messages

The insidious Zeus trojan is now being leveraged in mobile device attacks, particularly in Europe, to steal codes used to authenticate banking transactions.

Pentagon official reveals "most significant" military breach

Observers believe a Pentagon official's recount of a major breach can help others from making the same mistake, while some think the incident calls into question the U.S. military's IT security preparedness.

Apple updates iPhone, iPad for "jailbreak" flaw

Apple on Wednesday issued updates for its iOS mobile operating system to fix a vulnerability that was used by many to jailbreak the latest iPhone.

Citi urges iPhone app update due to data storage risk

The security of seemingly trusted mobile phone applications is being called into question after Citigroup urged customers to upgrade to a new version.

Hospital: files with personal, medical data on 800,000 gone

A Massachusetts hospital disclosed this week that records containing sensitive information, ranging from names and Social Security numbers to medical diagnoses and bank account data, was lost by a third-party contractor.

Microsoft looks into malware spreading via USB

Microsoft is investigating new reports that malware is propagating through USB devices, which may be linked to an unpatched vulnerability in Windows.

Weak web application could be to blame for iPad breach

A vulnerability on the AT&T website resulted in the exposure of email addresses belonging to some 114,000 Apple iPad users, including a number of A-list celebrities and politicians.

Symantec buys encryption firms PGP, GuardianEdge

Symantec on Thursday announced the acquisition of encryption firms PGP and GuardianEdge Technologies for $370 million total.

iPhone, IE 8, Firefox succumb to exploits in Pwn2Own

The iPhone and the latest versions of Internet Explorer, Safari and Firefox were "pwned" this week at an annual hacker conference in Vancouver, British Columbia.

Professors highlight threat of mobile device rootkits

Two Rutgers University computer science professors are calling for more research into the detection of smartphone rootkits, which cannot be found in the same as they are on desktops.

Military ban against USB drives partially lifted

After more than a yearlong ban, USB drives and other removable media devices may now used on military networks under "very specific circumstances and guidelines."

Apple resolves five iPhone bugs with update

Apple on Tuesday pushed out an iPhone and iPod Touch security update.

Connecticut attorney general sues over breach

The Connecticut attorney general, using new authority granted under the HITECH Act, is suing a managed health care provider over a data breach that potentially exposed the personal data of 446,000 state residents.

Malicious apps found in Google's Android online store

The malicious apps were disguised as a legitimate mobile banking apps and were designed to steal user's online banking credentials.

Flaw could allow attacker to decrypt protected USB drives

Several flash drive manufacturers recently issued warnings about a flaw which could allow an attacker to access encrypted data on a secure USB drive.

Encryption protecting most mobile phones cracked

With a few thousand dollars and widely available open-source tools, the encryption algorithm used to protect most cell phone communications can be cracked, allowing an attacker to listen in on phone calls, researchers revealed Sunday at a security conference.

U.S. House to toughen internal cybersecurity policy

For the first time, the U.S. House of Representatives will require its staff and members to take part in an annual IT security training program -- one of the mandates under new policy set to take effect next year.

RIM patches BlackBerry Enterprise Server

The vulnerabilities could allow an attacker to execute arbitrary code or cause a denial-of-service condition.

New malware emerges for jailbroken iPhones

iBotnet.A attempts to steal online banking credentials and is capable of spreading across a network and hijacking the iPhone and iPod Touch for use in a botnet. However, experts do not perceive the threat to be widespread.

Attack tool can hijack data off unlocked iPhones

On the heels of what is believed to be the first-ever iPhone worm, hackers now have devised a way to steal data off jailbroken versions of the popular Apple device.

Remote repair for infected phones in development

Georgia Tech researchers are hoping to develop a remote repair method that would enable cellular service providers to clean malicious code off an infected mobile device without requiring the device be brought into a service center.

iPhone worm plays prank, but signals danger ahead

The first known iPhone worm leverages a vulnerability in jailbroken devices to propagate.

BlackBerry snooping application released

A snooping application, called PhoneSnoop, allows an attacker to remotely activate a BlackBerry microphone and listen in on surrounding conversations.

Microsoft server failure causes Sidekick data loss

A server failure hit Microsoft's Danger last Thursday and affected all Sidekick owners, causing them to likely lose any data stored on their phones.

Blue Cross Blue Shield Association affirms laptop breach

An unencrypted personal laptop, carrying the personal information of hundreds of thousands of doctors nationwide, was stolen over the weekend.

Apple updates iPhone, iPod touch, QuickTime for security

Apple on Wednesday issued updates for the iPhone, iPod touch and QuickTime video player to address numerous security vulnerabilities, some of which could allow an attacker to execute arbitrary code.

Apple patches iPhone text message vulnerability

A much hyped SMS vulnerability in the Apple iPhone has been fixed -- one day after details of the bug were presented at the Black Hat conference in Las Vegas.

Black Hat: SMS bug can disable iPhone usage

One single malicious text message can knock an iPhone offline, a pair of researchers disclosed Thursday.

iPhone hacker reveals SMS vulnerability

A security researcher on Thursday unveiled a new iPhone SMS vulnerability, according to reports out of the SyScan Conference in Singapore.

Mac trojan targets game sites to infect users

Researchers have spotted a new variant of the RSPlug Mac trojan in the wild.

It's official: Microsoft to offer free anti-malware service

It's official: Microsoft to offer free anti-malware service

Next week, Microsoft will make available to consumers a new, free anti-malware service to replace its subscription model.

New security standards for mobile payments coming

A financial services technology group is developing standards for making secure mobile payment transactions.

Criminal network to trade botnets and malware uncovered

Researchers at a web security firm have discovered what they term the latest milestone in the evolving cybercriminal underground: a one-stop-shop for hackers.

URL shortening site hacked to redirect millions of links

The Cligs URL shortening site was hacked during the weekend to cause 2.2 million links to redirect to the same site.

Spam king Wallace could be jailed

Sanford Wallace, the so-called spam king who has been sued on multiple occasions, may finally face prison time.

Three charged with hijacking corporate phone systems

Three Filipino residents have been charged with hacking into the telephone systems of U.S. companies, enabling callers to run up some $55 million in charges.

Google updates Chrome security; withdraws crashing development browser

Google updates Chrome security; withdraws crashing development browser

Google Chrome was updated Wednesday to fix security issues in the WebKit web browser engine. Meanwhile, Google withdrew updates for a development Chrome version soon after release.

Heartland, RBS WorldPay lawsuits consolidated

A federal court body ruled this week on where lawsuits against RBS WorldPay and Heartland Payment Systems will be heard.

Apple references security in Snow Leopard announcement

Apple appears to now be addressing security threats that could impact its Mac OS X.

Safeguarding your mobile networks

Safeguarding your mobile networks

SC Magazine's eConference: Mobile Security offers advice on dealing with the rising tide of mobile threats from experts like Patrick Traynor of the Georgia Institute of Technology.

T-Mobile confirms hack but doubts crooks have the goods

T-Mobile has confirmed that hackers were able to swipe data from its systems, but the wireless carrier is downplaying the threat to customers.

Defendant pleads guilty in brokerage keylogger case

One of three conspirators in a computer-fraud scheme that used trojans to steal funds from brokerage accounts has pleaded guilty to federal charges in New York..

DHS appoints former hacker, Black Hat founder to council

DHS appoints former hacker, Black Hat founder to council

Jeff Moss, a former hacker who founded the Black Hat and DEFCON conferences, was one of 16 people appointed to the U.S. Department of Homeland Security Advisory Council.

Chrome for Mac, Linux is out, but Google warns of its dangers

Chrome for Mac, Linux is out, but Google warns of its dangers

Google has released versions of its Chrome browser for the Mac OS X and Linux but is warning users not to download either of them.

ISP Pricewert shuttered for distributing spam

An internet service provider accused of violating federal law by hosting malicious sites and working with cybercriminals has been shut down, but the California-based company plans to appeal.

Cybercriminals targeting Twitter "trending topics"

Cybercriminals are using Twitter to propagate malicious links in an attack that's easier to mount than black-hat search-engine optimization (SEO), according to PandaLabs.

DHS appoints new director of National Cybersecurity Center

The U.S. Department of Homeland Security has appointed Philip Reitinger as the new director of the National Cybersecurity Center, a post left in March by Rod Beckstrom, DHS Secretary Janet Napolitano announced on Monday.

Software crack site hides malware repository

A website found by a security research organization serves malicious files to people who are looking for cracks to software applications.

Hackers hit U.S. Army websites

A group of computer hackers based in Turkey breached the sites of two U.S. Army facilities, leveraging SQL injection attacks.

Nonprofit releases security configuration standards for iPhone

Organizations issuing iPhones to their employers can now apply security configuration best practices, which were introduced this week by the Center for Internet Security.

Industry reacts to Obama's cybersecurity speech

The cybersecurity industry was abuzz Friday after President Obama, speaking before public and private sector leaders, announced a federal "cyber coordinator" will be appointed and unveiled a five-part digital infrastructure protection plan for the country.

Identity theft ring busted in New York

Using financial information purchased from crooked bank insiders, a ring of thieves stole millions of dollars.

Another round of phishing hits Twitter

After last week's phishing attacks on social networking sites, yet another round has struck Twitter.

Spam accounted for 90 percent of all email in May

Spam levels rose again in May -- and there is no sign of a slowdown, according to a new report.

New cyberattack technologies developed for U.S. military

The U.S. military is developing and testing several new offensive and defense cyberdevices, including a system that would enable non-expert military personnel to launch a cyberattack, a defense and aerospace industry publication reported last week.

Google's new Chome browser comes with privacy option

Google has introduced its latest version of Chrome, and claims to have enhanced speed and privacy features.

Experts offer tips to deal with Gumblar malware

A number of security organizations are offering tips to deal with the Gumblar drive-by exploit, which is growing ever more pervasive.

Clinton White House data on missing National Archives drive

The National Archives and Records Administration (NARA) has lost an external hard drive that contained copies of sensitive data belonging to the Clinton administration, the agency confirmed Wednesday.

Netbook comes with factory-sealed malware

In a rare occurrence, a brand-new factory-sealed netbook has been found to contain malware, according to researchers at Kaspersky Lab.

"Chain of Trust" initiative launched to fight malware

A group of cybersecurity advocacy organizations have teamed up to fight malware on the web.

PCI appoints new board of advisers

A roster of new organizations will make up the second Payment Card Industry Security Standards Council (PCI SSC) board of advisers, including Bank of America, Wal-Mart and PayPal, the industry standards body announced Monday.

Website risks highlighted in two new studies

Two reports released this week confirmed the tidal shift in the type of websites into which cybercriminals are injecting malware.

Google's traffic jam was not a DDoS attack

Google has apologized after it suffered a huge traffic jam that left millions of users unable to access the site Thursday.

Study: Majority of adolescents online have tried hacking

A new study from Panda Security found that 67 percent of teenagers surveyed admitted to having tried to hack into friends' instant messaging or social network accounts.

California water company insider steals $9 million, flees country

An insider at the California Water Service Co. in San Jose broke into the company's computer system and transferred $9 million into offshore bank accounts and fled the country.

Scam sites increasingly masquerading as Facebook, MySpace

Cybercriminals are tapping into the popularity of social networking to more effectively craft their scams.

Survey: Downturn in spending risks future information security

The downturn in security investments and vulnerabilities in social networking are regarded as major threats to corporate information security, according to research from Deloitte Touche Tohmatsu.

Nearly half of IT security budgets deemed insufficient

It's no news that the current economic situation has put a strain on companies' finances, but a recent survey aimed to quantify the toll the recession has taken on IT budgets.

Obama's 2010 budget calls for heavier cybersecurity spending

The U.S. Department of Homeland Security has asked Congress for $918 million to support its infrastructure protection programs.

Bogus versions of Microsoft Windows 7 infected with malware

The final release candidate for Microsoft's newest version of Windows was made available Tuesday, and already infected pirated versions of the software are making the rounds.

Computer bot profusion swells dramatically

In the past three months, twelve million new computers have joined botnets worldwide.

Researchers hijack control of Torpig botnet

A group of researchers at the University of California, Santa Barbara, have infiltrated the Torpig botnet, which was found to be in control of hundreds of thousands of computers that were volunteering gigabytes of sensitive information.

Prolific spammers busted in the Midwest

A federal grand jury in Kansas City has indicted four people, including two Missouri brothers, in a nationwide email spamming case.

Adobe releases update for server-side security flaw

In a second acknowledgement of security vulnerabilities this week, Adobe has released an update to address a potential vulnerability in versions of its Flash Media Server.

Federal CISO poll indicates high concern for external threats

A new survey of federal CISOs indicates that external threats resulting in data loss are seen as the biggest risk to the federal government, followed by insider threats and software vulnerabilities.

Trend Micro goes shopping for virtualization security

In one of its first major moves in acquiring virtual security technology firms, Trend Micro bought Third Brigade, a virtualization security and compliance software company based in Ottawa, Canada.

"Online 911" created to diagnose and deal with cybercrime

McAfee has launched a free Cybercriminal Response Unit (CRU), meant to be an "online 911" where cybercrime is diagnosed and treated.


Sign up to our newsletters