Phishing scam tricks users by acting as fake child sex offender alert

The newly identified attack disguises itself as a warning to parents about a new child predator who has moved into their neighborhood.

StealthGenie spyware goes kaput following court ruling

A U.S. district judge has decided to permanently end the advertising, marketing and sales tied to the spyware application.

New Chinese cybersecurity policies require U.S. companies to hand over source code

The Chinese government will begin requiring companies who sell computer equipment to the country's banks to comply with a range of intrusive policies.

GitHub raises max bug bounty award to $10K

The source code sharing website will up its maximum payout from $5,000 to $10,000 in its bug bounty program's second year.

FCC warns businesses: Wi-Fi blocking prohibited

In an attempt to put the issue to rest, the agency warned businesses against blocking guests' personal hotspots.

Dutch judge OKs alleged Russian hacker extradition to U.S.

Vladimir Drinkman, who was arrested in the Netherlands in 2012 and has been fighting extradition since, will face hacking charges in a New Jersey court.

Researcher commandeers drone through Maldrone backdoor

A security engineer from Citrix demonstrated the Maldrone malware that he built as a backdoor to control drones.

CyLon aims to help London-based security startups

The Cyber London program will kick off in April and feature small security companies from the health, defense, retail and telecom sectors.

Marriott fixes Android app issue that may have exposed personal data

The hotel chain has addressed a weakness in its Marriott International Android app that could have allowed attackers to access customer data, including credit card information.

Adobe releases another Flash zero-day fix

The use-after-free vulnerability was being exploited in drive-by-download attacks, Adobe warned.

Sony begins accepting claims in proposed PSN settlement

PlayStation Network (PSN), Qriocity, or Sony Online Entertainment accountholders affected by a 2011 Sony hack could qualify for benefits from a class action settlement.

Apple readies Thunderstrike fix for upcoming OS X release

The Yosemite 10.10.2 release will address the vulnerability that can be exploited via a Mac's Thunderbolt port, in addition to three recently disclosed Project Zero vulnerabilities.

Insurer sues web designer in bank breach

Travelers Casualty and Surety Co. claims Ignition Studio failed to take basic security precautions, allowing hackers to gain access to Alpine Bank's website.

Spoof page credits 'Official Cyber Caliphate' with Malaysia Airlines hack

Visitors to the Malaysia Airlines website were redirected to a spoof page displaying a lizard wearing a tux, monocle and top hat.

20 million users' information compromised on Russian dating site

Easy Solutions, a fraud-detection software provider, found addresses and usernames of 20 million users on a Russian dating site for sale on an online forum.

Report: Most U.S. weapons programs contain 'significant vulnerabilities'

The head weapons tester at the Pentagon has released a report that indicates a slew of vulnerabilities affecting Department of Defense networks.

Eleventh Circuit dismisses LabMD motion questioning FTC authority

LabMD can challenge the FTC's enforcement authority in federal court once the agency comes to a final decision on the exposure of patient data.

Changes made to regarding personal data sent to third parties

The Obama administration has scaled back the amount of personal information of users it sends to third parties.

Fuel tank gauges vulnerable to attackers

More than 5,000 ATGs nationwide are vulnerable to attack through exposed serial port interfaces.

Due to hack, Sony requests financial filing extension

The entertainment giant must delay filing its third quarter earnings, since its networks still haven't recovered from a major cyberattack.

Man receives jail time for Bitcoin operation on Silk Road

Robert Faiella would sell Bitcoins to Silk Road users looking to make illegal purchases on the marketplace after using BitInstant to exchange cash for the digital currency.

HITRUST, Deloitte slate cyber town halls for health care orgs

The HITRUST Alliance and Deloitte will coordinate cyber town hall meetings in major U.S. cities.

Congress to hold first data breach legislation hearing

The 114th Congress will meet on Tuesday, Jan. 27 to discuss potential national breach notification legislation that might require companies to notify affected customers within 30 days.

Israeli police arrest alleged hacker who leaked Madonna's music

The alleged hacker behind attacks on multiple international artists' computers, including Madonna's, was arrested in Tel Aviv on Wednesday.

Study: 11 percent of banking-related Android apps flagged suspicious

Apps were flagged for containing malware or suspicious binaries, a RiskIQ study found.

Judge gives Home Depot till July to respond to class-action lawsuit allegations

A Georgia judge ordered Home Depot respond to class-action lawsuit allegations surrounding the retailer's major data breach this past summer by July 2015.

Man pleads guilty for involvement in international hacking ring

The value of the information stolen by the cyber criminal collective, which had members both in the United States and abroad, is between $100 and $200 million.

Two Illinois teenage students reportedly face felony charges for hacking

Authorities say that the 16-year-old Bartlett High School students in Illinois hacked into their school's computer system.

DOJ settles fake Facebook page case, awards plaintiff $134K

A woman accused a federal agent of using her cellphone data to create a fake Facebook page.

Alleged assistant to Silk Road 2.0 operator arrested

Brian Richard Farrell, an alleged "key player" on the dark web marketplace Silk Road 2.0, was arrested in Washington on Tuesday.

Insecure dongle reportedly puts more than two million U.S. vehicles at risk

The dongle that is used by Progressive Insurance and is deemed insecure is used in more than two million vehicles in the U.S.

Over 870K personal records leaked following Australian insurer breach

A teenage hacker known as Abdilo claimed responsibility for the hack via Twitter and provided a link to the stolen information.

Most common passwords of 2014 released; '123456' tops list, again

SplashData analyzed more than 3 million leaked passwords to determine the most popular, and therefore, the least secure.

GCHQ collected emails of journalists at major media orgs

One of the affected media outlets, the Guardian, revealed the news.

FiOS mobile app vulnerability put all Verizon email accounts at risk

Verizon has fixed a critical vulnerability in its My FiOS app that made it possible to read and send messages from any Verizon user's email account.

False malware alerts cost organizations $1.27M annually, report says

Research from The Ponemon Institute and Damballa found that of an average 17,000 alerts a company fields weekly, only 19 percent are reliable.

RAT infects League of Legends, Path of Exile gamers in Asia

Attackers compromised gaming platform provider Garena to infect legitimate releases of popular games.

GoDaddy patches CSRF bug discovered by security researcher

After discovering the bug, security researcher Dylan Saccomanni reached out to the domain registrar, which updated its CSRF protection on Monday.

U.S. and U.K. to team up in cyber defense exercises

The coordinated effort includes a newly formed cyber cell comprised of officials from the NSA, FBI and Britain's GCHQ and MI5.

HITRUST forms working group for medical device, health system security

The mission of the working group will be to enhance health information technology (HIT) security.

About 19K French websites attacked since last week, report says

Since last week's attacks in France, hacking attempts have been made against roughly 19,000 French websites, the AP reported on Thursday.

National Research Council finds no alternative for bulk data collection

The National Research Council conducted a study to look into bulk data collection and whether an alternative technology could be more effective.

After FCC fine, Marriott says it won't block guests' Wi-Fi networks

Last October, the FCC came after Marriott with a $600,000 fine.

Judge caps Schnucks's liability to payment-processing partners in breach case

First Data Management Services Corp. and Citicorp Payment Services Inc. have been ordered to return any funds held in excess of $500,000 to the supermarket chain.

States pen letter to JPMorgan chief privacy officer requesting further info on breach

States investigating JPMorgan's massive breach from this past summer are requesting more information on the type of information that was stolen and the steps taken to protect data.

Data security firm Ionic raises $40 million in funding

The latest round of funding is led by Meritech Capital Partners, but includes contributions from current investors Kleiner Perkins Caufield & Byers, in addition to others.

IC3 warns of payroll scam targeting university employees

The ongoing scam involves university employees receiving phony emails and ends with their credentials being compromised.

Phishing scam uses LinkedIn 'security update' to steal credentials

Symantec warns of a phishing campaign that fools victims with fake emails from LinkedIn Support.

KL-Remote toolkits let criminals 'virtually mug' unsuspecting users

A previously unpublished remote overlay toolkit offers an easy-to-use GUI and can be embedded in most common banking malware.

Head of Marine Forces Cyber Command to lead DIA

Maj. Gen. Vincent Stewart will be the first African-American and Marine to head the Defense Intelligence Agency.

Man sentenced to 10 years over $1.2M website domain scam

In addition to serving prison time, John Boone has been ordered to pay $1,219,138 in restitution for scamming website investors.

DOE to support cybersecurity ed at HBCUs with $25M in grants

The grants, provided over the next five years, will support training at historically black colleges and universities.

U.K.'s Cameron hints at ban on end-to-end encryption

The U.K. prime minister contends there should be no "safe space" for terrorists to communicate on the internet.

Lawyers request to consolidate suits of former Sony employees

A motion was filed to consolidate seven proposed class actions against SPE.

Heartland Payment Systems begins offering payment card breach warranty

The payment system company launched the industry's first credit/debit card information breach warranty earlier this week.

Researcher builds $10 spy tool disguised as wall charger

The KeySweeper device leverages a vulnerability in Microsoft wireless keyboards and can sniff, decrypt and log all keystrokes.

Google drops security updates for WebKit in Android 4.3, below

Google has killed security updates for WebKit in earlier Android versions, leaving nearly a billion users at risk.

American Airlines says 10K AAdvantage accounts may have been accessed

American Airlines has only identified two specific instances where miles were used without the customer's authorization.

Adobe update patches nine vulnerabilities, critical bugs in Flash Player

Adobe Flash Player and AIR users are urged to update to the latest versions of the software after a total of nine flaws have been patched.

TorrentLocker infections surge in Australia, New Zealand

A new phishing campaign making the rounds is spreading the malware that asks victims to pay a ransom in Bitcoins to decrypt their files.

Justice Dept. asks court to dismiss bulk of Twitter suit

The Justice Department said the federal government has not violated Twitter's First Amendment rights by limiting disclosure of user data requests.

NJ law requires health insurance carriers to encrypt sensitive data

New Jersey Governor Chris Christie signed the legislation last Friday.

Chinese police department purchased spyware

A police department in Wenzhou bought a coding machine and software used to plant trojans in jail-broken iPhones and Androids.

'Windigo' malware campaign spreads to porn websites

An ESET malware analyst previewed a speech he'll give later this week and said 'Operation Windigo' perpetrators changed their tactics to infect adult websites.

Anonymous launches #OpCharlieHebdo, targets terrorist Twitter accounts

The hacktivist collective's new campaign is in response to the recent attack on Charlie Hebdo and aims to target and report terrorist Twitter accounts.

Steam gets CAPTCHA for trading verification

On Friday, the gaming and social networking platform Steam announced the changes.

Manhattan District Attorney speaks out against default device encryption

Manhattan District Attorney Cyrus Vance said in a speech earlier this week that he thinks device-makers should be required to give law enforcement access to their users' data.

SnoopSnitch Android app notifies users of IMSI catchers, SS7 attacks

SnoopSnitch requires a rooted device with a Qualcomm chipset that runs stock Android 4.1 or higher.

Snowden: Cyber attack defenses weakened by U.S. policies

Whistleblower Edward Snowden believes that U.S. policy regarding cyber security is creating a system of incentives for researchers to sell vulnerabilities to secret government agencies.

Congressman presses KeyPoint for answers following data breach

Rep. Elijah Cummings requested information related to the KeyPoint Government Solutions breach, including records of previous intrusions, forensic analysis and suspected identities.

Zappos must pay $106K post-breach

Online shoe retailer Zappos must pay $106,000 to nine states after a 2012 breach exposed data on 24 million customers.

White House passes on petitions to fire Swartz prosecutors

The petitions called for the firing of federal prosecutors in Aaron Swartz's case.

Sam Curry, previously of MicroStrategy, joins Arbor Networks

Sam Curry has joined Arbor Networks as its chief technology & security officer, a newly created position.

United notifies members of access gained to MileagePlus accounts

United said it has not been breached, but that an unauthorized party attempted to access their accounts using usernames and passwords obtained from a third-party source.

Former CBS reporter claims gov't hacked computer, sues for $35M

Journalist Sharyl Attkisson claims the federal government secretly monitored her personal and work computer due to her coverage on controversial topics.

HITRUST adds privacy controls to Common Security Framework

The privacy controls will be added to version 7 of HITRUST's CSF due out later this month.

NY Jets linebacker charged with revenge porn

After police responded to a domestic dispute they arrested NY Jet Jermaine Cunningham on three counts, including revenge porn and gun transport.

Dutch DPA investigating Facebook

After slapping Google with a significant fine in December for violating the data protection act, the Dutch DPA has turned its attention to Facebook's new privacy policy.

Facebook acquires voice recognition company

With the acquisition of, Facebook has fast-tracked the voice recognition's vision to build an open community-based platform for developers.

Silent Circle names new CEO

Silent Circle has appointed William Conner as CEO while founder Mike Janke becomes chairman of the board.

Pro-Russian group claims it hacked German Chancellor website

A pro-Russian organization has claimed credit for a distributed denial-of-service attack made several German government websites unavailable to visitors.

Moonpig vulnerability exposes customers' personal information

Moonpig, a customizable greeting card company, had 3 million customers' personal information exposed after a developer detailed a security vulnerability online.

AP report: North Korea cyber army has 6,000 members, South Korea says

South Korea revealed that North Korea has amassed a "cyber army" made up of 6,000 members, and the team is dedicated to targeting South Korea's military and government.

Researchers teach security master class at Oregon State

McAfee Labs researchers will teach the class, covering malware, forensics, exploits and more.

Call center suspends workers in Northern Ireland over possible breach

First Source has launched an internal investigation into possible breaks in procedures and policies at a call center in Northern Ireland.

iSIGHT Partners raises $30M in equity financing

The company will use the funds to expand its intelligence capacity, enhance ThreatScape products and grow partnerships.

Sony CEO finally addresses cyber attack

Kazuo Hirai addressed the recent cyber attack on the company at the Consumer Electronic Show (CES) in Las Vegas, describing the incident as "vicious and malicious."

H4LT hacking team leaks secret Xbox One SDK, accesses unreleased games

The account believed to have been compromised by the group contains files uploaded by 343 Industries, which produced the highly anticipated game Halo 5.

Apple patches iCloud vulnerability exploited by iDict hacking tool

Apple apparently has patched a vulnerability that could be easily exploited by the iDict hacking tool released on New Year's Day.

Bitcoin exchange Bitstamp goes offline following possible breach

The major Bitcoin exchange believes a breach occurred on January 5 that might have affected one of its operational wallets.

Android malware rises 300 percent, report says

Quick Heal's annual threat report found a marked increase in Android malware between 2011 and the end of 2014.

Lizard Squad begins selling DDoS tool for commercial use

Lizard Squad, the group behind attacks on Sony's Playstation Network and Microsoft's Xbox Live systems, is now selling a distributed denial-of-service (DDoS) tool online that customers can use to attack any online entity.

Chick-fil-A investigates possible POS breach

Fraudulent activity on payment cards may trace back to Chick-fil-A purchases.

UGA computer network hacked, Georgia Tech student indicted

A Georgia Tech student has been indicted after allegedly hacking into the University of Georgia computer network.

Firm analyzes Havex infections on 64-bit Windows systems

According to Trend Micro, a 64-bit version of the malware has been detected infecting Windows 7 users.

Gmail service possibly restored in China following four-day outage

China-based Gmail users reported issues accessing their accounts via third-party email services, but service may have since been restored.

German government says Regin malware not on Merkel staffer's laptop

A spokesperson for the German government has refuted reports that the Regin spyware made its way onto the laptop of the chancellor's top aide.

FBI searching for cyber experts to become special agents

Recruits would have the opportunity to become the lead agent in counterterrorism or counterintelligence investigations.

Steam chat being used to distribute malicious .SCR file

Clicking on a certain link being spammed in Steam chat will result in a malicious screensaver file being downloaded.

U.S. uses TiSA talks to seek breach investigation immunity for American companies

Leaked documents show the U.S. lobbying for major companies to be pursued in American courts rather than in host countries where they operate.

Sign up to our newsletters