Sony settles federal suit with former employees, avoids class action

Sony Pictures Entertainment sidestepped a class action suit by reaching a settlement with former employees whose information was exposed in a high-profile breach.

London clinic leaks HIV status of 780 patients in newsletter

A London sexual health clinic accidentally leaked the HIV status, names, and email addresses of 780 patients in a newsletter.

Mac malware installer automatically grants access to keychain

Malwarebytes is reporting that a new variant of the adware installer has surfaced that grants access to a user's keychain.

Government seals contract with identity fraud monitoring company

Following one of the largest data breaches in U.S. government history, the Office of Personnel Management (OPM) and the Department of Defense (DoD) awarded Identity Theft Guard Solutions a $133,263,550 contract.

Singtel completed $770M Trustwave acquisition

Trustwave announced Monday that it has been acquired by Singapore Telecommunication Limited for $770 million.

Rocket Kitten APT threat persists after its outing

Trend Micro and ClearSky published an updated report on Rocket Kitten, a state-sponsored group targeting Israeli and European organizations.

Chenxi Wang moves to Twistlock as chief strategy officer

After a stint at CipherCloud, former Forrester vice president and Intel Security exec Chenxi Wang has joined Twistlock to oversee corporate strategy and marketing.

Fraudsters using credentials harvested from massive breaches, study finds

Digital identities are being exploited on a routine basis by sophisticated cybercriminals, says a just released ThreatMetrix study.

Rebekah Brooks back at News Corp.?

In a story that could have been ripped from the pages from the now defunct News of the World, that newspaper's former editor Rebekah Brooks is reportedly in talks to return to News Corp.

New 'Pawn Storm' attack spoofs EFF website

A newly registered domain disguises itself as an official Electronic Frontier Foundation website and is being used in various spear phishing attacks.

Facebook building new video piracy software

Facebook is developing new technologies to help crack down on video piracy.

Uber hires Miller, Valasek after Jeep hack

The automotive hacking prowess of security researchers Charlie Miller and Chris Valasek caught the eye of car service Uber, which has hired them to join the team at the company's Advanced Technologies Center.

Virginia teen receives 11-year sentence for supporting ISIL

A Virginia teenager was sentenced to136 months in prison and will have his internet activity monitored for the rest of his life for conspiring with the Islamic State in Iraq and the Levant (ISIL).

Finland detains Russian citizen accused of computer fraud in U.S.

Finnish authorities nabbed Russian citizen Maxim Senakh, wanted in the U.S. on computer fraud charges for spreading malware.

Court overturns judge's decision, sides with NSA's phone metadata collection

The U.S. Court of Appeals for the District of Columbia Circuit overturned a judge's ruling on Friday, ultimately siding with the NSA's of phone metadata collection program.

Adobe issues security updates to address ColdFusion vulnerability

Successful exploitation of the ColdFusion vulnerability could result in information disclosure, Adobe said.

Illinois governor vetos amendment to breach notification bill

Illinois Gov. Bruce Rauner called a recent breach notification amendment a "significant departure from the data protection laws of other states."

Law firms file for class-action status in Target suit

Eleven law firms filed with a Minnesota court this past week to ask for class-action certification over Target's 2013 data breach.

CERT warns DSL router users of vulnerability

CERT issued a warning on Tuesday over a vulnerability in DSL routers that all contained the same hard-coded credentials.

German intelligence agency delivers data to NSA in exchange for software use

In exchange for the use of the NSA's XKeyscore software, Germany's intelligence agency gives information on its targets to the U.S. agency.

Car industry bands together to thwart hacking threats

Automakers are banding together to help guard against and mitigate a new breed of cyberattack targeting on-board computer systems.

Former video game exec accused of stealing trade secrets

Jing Zeng, a former Machine Zone exec was arrested on charges of stealing trade secrets while boarding a plane to China.

Windows 10 now on more than 70 million devices

Microsoft's VP of Marketing for Windows and Devices, Yusuf Mehdi, gave his Twitter followers updates on the new OS earlier this week.

LA man faces more than 150 charges for child porn

Cesar Mauricio Estrada-Davila, of Los Angeles, faces 150 charges relating to extorting young girls for naked photos.

Dropbox phishing scam uses compromised Wordpress site

Dropbox users may be the target of a new phishing scam that utilizes a compromised Wordpress site, according to a post by Dr. Johannes B. Ullrich on the SANS Internet Storm Center InfoSec Community Forums.

Researcher claims AT&T injecting ads into free Wi-Fi hotspot connections

Researcher Jonathan Mayer documented AT&T injecting ads over HTTP connections on its free Wi-Fi hotspot.

FireEye intern pleads guilty in Darkode case

Malware author Morgan Culbertson pleaded guilty on Tuesday in a Pittsburgh federal court.

'Spam King' pleads guilty to sending more than 27M Facebook messages

A Las Vegas man pleaded guilty to sending more than 27 million Facebook messages in a massive spam campaign.

Privacy issues spur torrent trackers to ban Windows 10 users

Torrent trackers are reportedly banning Windows 10 users due to concerns that the operating system is sharing user data with Microsoft.

Security researcher Charlie Miller leaving Twitter

Charlie Miller, a highly regarded security researcher, well known for demonstrating flaws on Apple products and in computer systems on vehicles, announced Monday he is leaving Twitter's security team.

Canadian privacy agency investigates Avid Life Media, Ashley Madison breach

Canada's primary privacy watchdog group and other international entities are investigating the Ashley Madison data breach after stolen data has continued to surface online.

Alabama group indicted for IRS scam involving ID theft

An Alabama man, along with several partners, have been indicted on ID theft and other tax-related charges for filing false income tax returns.

Federal appellate court confirms FTC authority in Wyndham case

The Third Circuit Court of Appeals Monday upheld a lower court decision confirming that the FTC had the authority to pursue enforcement action against Wyndham after a trio of breaches.

British teen faces jail time after boasting about gov site takedowns

British teen Charlton Floate faces jail time after boasting about his role in taking down U.S. and U.K. government websites.

Rutgers to spend several million dollars to strengthen cybersecurity

Rutgers hired three cybersecurity firms and plans to spend millions to protect its computer networks

Twitter blocks API access for Diplotwoops website

Twitter blocked API access for Diplotwoops, which collected deleted tweets from politicians, diplomats and embassies.

Pace University awarded $2.5M from NSF to train cybersecurity students

Pace University's Seidenberg School of Computer Science and Information Systems received a $2.5 million grant from the National Science Foundation.

Just patched Internet Explorer bug being exploited in watering hole attack

A Hong Kong-based website has been compromised to serve up malware through a just patched memory corruption vulnerability in Internet Explorer.

Indianapolis man pleads guilty in Darkode case

Phillip Fleitz of Indianapolis is the third person in the U.S. to plead guilty in the Darkode cybercrime case.

UK agency demands Google take down links under 'right to be forgotten'

The UK's Information Commissioner's Office ordered Google to remove links to webpages detailing a minor crime and the company's prior removal of links related to the offense.

Indiana man indicted for illicit 'Deep Web' drug sales

Lee Gray, aka Supremesmoke, was indicted in Indiana earlier this week on federal charges of drug trafficking and money laundering on the Deep Web.

Drupal 6.37 and 7.39 released, critical vulnerabilities addressed

Open source CMS platform Drupal has issued security patches to address several critical vulnerabilities affecting Drupal 6 and 7.

Impact Team releases another dump of Ashley Madison data

Impact Team has reportedly made a lot more Ashley Madison data available online and in the process teased the adultery site's CEO over the breach's validity.

Contractor that vetted Snowden settles with government for $30M

An investigations firm that vetted Edward Snowden agreed to a $30 million settlement with the U.S. government on Wednesday.

Google facility in Europe loses data due to lightning strikes

After lightning struck a local utility grid, one of Google's European data centers suffered a power outage that led to "some" permanent data loss.

Europol and FireEye join forces to fight cybercrime

Europol's European Cybercrime Center and FireEye will be sharing knowledge and expertise to fight cybercrime.

Darkode hacker "Phastman" pleads guilty in federal court

The FBI announced that Darkode hacker Eric Crocker, known as "Phastman," pleaded guilty on Monday for sending spam.

Convention center Wi-Fi provider settles with FCC over automatic hotspot blocking

The Federal Communications Commission (FCC) settled with Smart City Holdings, an internet and telecommunications provider, for its blocking of personal mobile hotspots.

Adobe patches flaw in LiveCycle Data Services

Adobe released a hotfix for LiveCycle Data Services, patching a vulnerability that could result in information being disclosed.

Target settles with Visa following 2013 breach

Target will fork over as much as $67 million to banks issuing Visa cards and $10 million to customers who were affected in its 2013 breach.

Report: Dark web marketplaces complete up to $500K in transactions daily

Carnegie Mellon University researchers analyzed 35 dark web marketplaces, including the Silk Road, to determine their daily sales.

Uber reportedly to quadruple its security team by year's end

Uber is looking to bump its security team from 25 to more than 100 members by the end of the year.

Mozilla looks to improve Firefox's private browsing feature

Mozilla has entered the pre-beta phase for testing an improved private browsing feature in Firefox.

China arrests 15,000 during cybercrime sweep

The Chinese Ministry of Public Security arrested 15,000 people for cybercrimes as part of a long-term operation dubbed "Cleaning the Internet."

E-ZPass users targeted in phishing scam

Drivers in the Washington, D.C. metro area are being targeted by a phishing scam that purports to come from E-ZPass.

BitTorrent protocol family vulnerable to DRDoS attacks

Researchers at WOOT '15 demonstrated how the BitTorrent protocol family is vulnerable to DRDoS attacks.

IRS breach may exceed 300K victims

The Associated Press is reporting today that the Internal Revenue Service (IRS) breach that took place in May could now affect more than 300,000 taxpayer accounts.

ALERT: Snowden docs show AT&T 'highly collaborative' in NSA spy program

AT&T provided access to emails and tech assistance to the NSA, the New York Times reported.

Nation-state attack likely, say two-thirds of Black Hat respondents

Nearly two-thirds of survey respondents believe their organization is a potential target for nation-state cyberattacks.

Adobe settles charges in data breach suit

Adobe ordered to pay $1.1 million in legal fees as well as an "undisclosed settlement" to users following breach that affected 38 million.

FAA: software upgrade, not ERAM, likely caused flight cancellations, delays

After the FAA issued a five-hour flight restriction Saturday, airlines canceled flights served by a busy Virginia air traffic control center.

Symantec spots tech support scammers using links on popular sites to lure victims

Researchers have spotted attackers using fake Facebook accounts to post malicious links in the comments of popular content.

Even after patch, Stagefright poses threat to Android devices

After a patch for the Stagefright flaw was discovered to be incomplete, leaving Android devices vulnerable to attack, Google has released a new patch to open source.

Facebook rescinds Harvard student's internship for creating map app

Facebook withdrew an internship offer from a Harvard student after her created an app to exploit a flaw in Facebook Messenger.

OpenSSH releases version 7.0

OpenSSH released version 7.0 this week, along with four security fixes and various new features.

Yahoo malvertising actors turn attention to AdSpirit

Researchers at Malwarebytes uncovered a malvertising campaign against, similar to the one used recently on Yahoo.

Imperva appoints Geraldine Elliot to board of directors

Geraldine "Gerri" Elliot was appointed by the cyber security solutions firm Impeva to the company's board of directors.

Android ransomware locks up devices, has additional features

The malware was detected by Fortinet as Android/Locker.CB!tr and is capable of receiving a variety of commands.

Apple releases OS update for security improvements

Security and performance issues addressed in latest update to Apple's Yosemite operating system.

Dropbox adds security key two-factor authentication

Dropbox is adding Universal 2nd Factor (U2F) security keys to its two-step verification process, the company announced in a Wednesday blog post.

Facebook awards Georgia Tech team $100K for security research

Facebook awarded $100K to a team of Georgia Tech researchers for discovering a new class of vulnerabilities and for creating a detection technique.

Corvette text vulnerability fix on the way

Mobile Devices said will soon distribute an update that will fix the security flaw in its On-Board Diagnostics II (OBD-II) dongle which was shown to allow a Corvette to be controlled through a text message.

John Kerry: 'Very likely' Russia and China are reading my emails

Secretary of State John Kerry told CBS that "it's very likely" that Chinese and Russian governments are reading his emails.

Adobe updates Flash Player and AIR, fixes 35 bugs

Adobe's Flash Player and AIR updates fix 35 bugs, the majority of which could lead to code execution.

Researchers use text to hack Corvette

Researchers at the University of California at San Diego have figured out how to control certain features on a car via text.

Black Hat 2015: Zero-Day found in old Intel Chips

A researcher discovered a zero-day vulnerability inside the x86 processor architecture that can allow attackers to install rootkits.

Symantec confirms $8 billion deal to sell Veritas

Symantec confirmed its $8 billion in cash agreement to sell its Veritas data-storage business to investors led by Carlyle Group LP, a private-equity firm.

Joint Chiefs of Staff's email system back online after phishing hack

The U.S. Joint Chiefs of Staff's unclassified email system was brought back online yesterday after being shut down for two weeks when a phishing scam, possibly by the Russian group Apt 29, was discovered.

Rep. Chaffetz calls for OPM CIO dismissal

House Oversight Committee Chairman Jason Chaffetz, R-Utah, renewed his call that the Federal Office of Personnel Management (OPM) chief information officer should be removed in light of a report made by the OPM Inspector General (IG).

U.K. ham radio operators spammed with malware

U.K. ham radio operators are the target of a phishing scam asking them to open a malware-infected attachment purportedly from Ofcom Spectrum Licensing.

Technology firm loses nearly $47 million in digital transfer fraud

Ubiquiti Networks, a wireless networking products provider, lost nearly $47 million in cyber fraud involving phony transfer requests.

DEF CON 23: Aerial Assault shows airborne network invader

Aerial Assault displayed a drone at DEF CON 23 equipped to fly to and then hack into a corporate network.

RAT AlienSpy found on phone of dead Argentinian prosecutor

Security Researcher Morgan Marquis-Boire revealed that RAT AlienSpy was used to spy on the phone of Alberto Nisman.

Researchers find electric skateboards prone to remote exploit

A pair of researchers developed an exploit that allows them to override the user controls of Boosted electric skateboards

Ransomware attack strikes Dayton, Ohio-area planning commission

The Miami Valley Regional Planning Commission just reported that last month it was the victim of a ransomware attack and was asked to pay 500 Bitcoins to release 15,000 impacted files.

Microsoft doubles bug bounty payoff max, expands program

Microsoft will double the payout maximum under its bug bounty program and up the ante for authentication vulnerabilities found during a bonus period.

ICANN hacked, emails and passwords stolen

ICANN has fallen victim to a hacker attack.

Zeus creator suspected to have spied for Russian interests

Evgeniy Bogachev allegedly conducted espionage on a Zeus botnet that was typically used for fraud purposes.

Black Hat 2015: Vulnerability enables complete takeover of any Android device

An Android vulnerability - dubbed Certifi-gate - can enable an attacker to take over practically any device running the popular mobile operating system.

Tesla quickly fixes security flaw in Tesla S

Tesla Motors has already patched the flaw that allowed researchers to turn off and stop a Tesla S when it is driving at slow speed.

Fed bid out to notify victims of OPM breach

NAVSEA seeks a vendor to provide data breach response services following breach of OPM.

China announces plans to install police units at internet companies

The Chinese government plans to embed cybersecurity police units into major Chinese internet companies.

Samsung will now release monthly security patches

Samsung will issue monthly Android patches through various agreements with carriers and partners around the world.

Fiat Chrysler, Harman hit with class action suit over uConnect

Fiat Chrysler and Harman International were hit with class action lawsuit brought by three Jeep owners over a security flaw found in Harman's uConnect infotainment system.

Aussies finger Russian in stock hack

A Russian hacker illegally manipulated over a dozen penny stocks generating more than $77,000 AUD in false profits, according to the Australian Securities & Investment Commission (ASIC).

Symantec calls Thunderstrike 2 dangerous, but controllable

Symantec researchers have concluded that the recently created Thunderstrike 2 Mac worm is a viable threat; however it should be easily fended off by taking a few simple precautions.

WordPress 4.2.4 released, includes fixes for a variety of flaws

WordPress released a security update to address several vulnerabilities that existed in all previous versions.

Businesses threatened with DDoS extortion attack

The Internet Crime Complaint Center (IC3) issued an alert about extortion campaigns that threaten businesses with a distributed denial-of-service (DDoS) attack unless a ransom is paid.

New Windows 10 phishing scam spotted, complete with faked antivirus scan message

Cisco detailed a new phishing campaign that's disguised as email recipients' complementary Windows 10 upgrade.

New Facebook security tool released to help users protect accounts

Facebook launched its "Security Checkup" tool to acquaint users with its security features.

Sign up to our newsletters