Fake Safari update leads to potentially unwanted installations

Malwarebytes observed websites pushing a fake Safari update that leads to the installation of MacKeeper and ZipCloud.

AT&T asks FCC to drastically reduce $100M fine

AT&T asked the Federal Communications Commission (FCC) to limit its fine to no more than $16,000 and to delay non-monetary sanctions until they could undergo judicial review.

Yahoo bug bounty program pays out more than $1 million to researchers

Yahoo's Interim CEO Ramses Martinez detailed the company's bug bounty program's successes since its creation in 2013.

Researchers hack into self-aiming rifle through Wi-Fi

A pair of security researchers discovered a way to hack into a TrackingPoint self-aiming rifle through its Wi-Fi network.

Darkode allegedly up and running again

Two weeks after an international law enforcement effort shut it down and led to charges, indictments and arrests, reports say online crime forum Darkode is back.

Researchers find vulnerability in Skoda vehicles

Researchers at Trend Micro discovered a security flaw in Skoda automobiles that could allow an attacker to spy on vehicle data.

NSA to lose telephone metadata database access in November

The White House detailed its plans for after the 180-day transition period covered under the USA Freedom Act.

Researchers analyze faulty new Linux backdoor

Researchers at Dr. Web have discovered a faulty trojan designed as a backdoor for Linux that could also target Windows systems.

NYMag.com hit with DDoS attack from man who hates NYC

NYMag.com was hit with a DDoS attack that lasted about 12 hours and was executed by a man with a vendetta against all things having to do with New York City.

Steam flaw fixed, Valve resetting passwords

A flaw in the "forgot my login details" function, if exploited, could have allowed hackers to hijack Steam users' accounts.

CIA may pull spies from China after OPM hacks

After data on 21.5 million former and current OPM workers was exposed, U.S. officials are concerned that hackers can use the information to determine the identity of spies operating in China.

Planned Parenthood investigates breach amid claims its systems were accessed

Planned Parenthood is investigating a data breach following reports that attackers released sensitive data on Sunday night.

DMCA requests overwhelm WordPress transparency report

WordPress issued its first transparency report of 2015, which covers the first six months of the year.

Court says Facebook can't challenge warrants from Manhattan prosecutors

An appeals court in New York ruled that Facebook can't challenge Manhattan prosecutors' warrants seeking information on 381 users as part of an investigation into Social Security fraud.

UCLA target of class-action suit after breach

A lawsuit filed in a federal court in California accused UCLA Health System of not adequately protecting the personal data of 4.5 million individuals affected by a 2014 breach.

Researchers present system for high-speed anonymous browsing

Five researchers developed HORNET in order to provide a more high-speed anonymous browsing experience.

FBI director says terrorist interest in cyberattacks against the U.S. on the uptick

FBI Director James Comey, speaking at the Aspen Security Forum, said that terrorists are mulling strategies for launching cyberattacks against the U.S.

Senators introduce bill to expand DHS oversight of federal .gov domain

A bipartisan group of senators introduced legislation, that would increase the Department of Homeland Security's role in protecting federal the .gov domain.

Vulnerability in OpenSSH allows for brute force attack

A vulnerability in OpenSSH could allow an attacker to make up to 10,000 password entries during the open source tools' "login graced time."

Neiman Marcus class action data breach lawsuit revived

A federal appeals court has breathed new life into a class action lawsuit against Neiman Marcus regarding the data breach the retailer experienced in 2013.

Security firm details vulnerabilities in two WordPress plugins

High-Tech Bridge released advisories on Wednesday that detail medium risk vulnerabilities in two WordPress plugins.

Duke APT group devises new campaigns to maintain detection evasion

The Duke APT group continues to change up its tactics with the new "SeaDuke" and "CloudDuke" malware.

FTC alleges LifeLock violated 2010 settlement by lying about security measures

LifeLock is being investigated by the FTC for the second time after allegedly making false claims about security measures.

Chrome 44 promoted to stable channel, includes 43 security fixes

The Google Chrome team promoted Chrome 44 to the stable channel for Windows, Mac and Linux on Tuesday.

Stephen Scharf named DTCC's first CSO

As Stephen Scharf moves into newly created CSO position at DTCC, global CISO Mark Clancy assumes helm as CEO at Soltra.

Former Senator says Edward Snowden should be publicly executed

During a speech earlier in July, retired Sen. Saxby Chambliss (R-Ga.), drew parallels between breaches at the Office of Personnel Management (OPM) and Edward Snowden's actions.

OPM rewrites privacy policy to allow for system investigations

The Office of Personnel Management (OPM) rewrote its privacy regulations to allow legislators and outside entities to look through its databases for signs of data breaches.

DHS employees found using private web-based email on gov't PCs

Certain employees at the Department of Homeland Security were exempted from the ban on private web-based email use on work computers.

Microsoft addresses critical RCE vulnerability in all versions of Windows

If successfully exploited, the remote code execution vulnerability can enable an attacker to take full control of the affected system

Morrisons employee receives eight years for leaking data of 100K workers

A Morrisons supermarket auditor was sentenced to eight years in prison after leaking the personal information of more than 100,000 staff.

Israel and U.S. issue joint statement on cybersecurity coordination

The U.S. Deputy Secretary of Homeland Security traveled to Israel to discuss the two countries' coordination on cybersecurity.

Rep. McCaul says U.S. should target ISIS social media influence

Rep. Michael McCaul (R-TX) said the U.S. should target the social media influence that the Islamic State uses to inspire domestic attacks.

Ohio inmate caught with prison administrative login credentials

An Ohio inmate was caught with administrative login credentials for the computer systems at Lebanon Correctional Intuition.

UCLA Health attacked, data on up to 4.5 million individuals at risk

UCLA Health announced that attackers accessed parts of its network containing personal and medical information on as many as 4.5 million individuals.

CVS investigating possible payment card breach, shuts down photo website

Customer credit card information collected by an independent vendor may have been compromised.

Every Child Achieves Act requires DOE to submit cybereducation report

An amendment to the Every Child Achieves Act takes on cybersecurity education in an effort to address worker shortage.

Cisco addresses denial-of-service vulnerability in Videoscape products

The updates address a denial-of-service vulnerability in Videoscape Distribution Suite for Internet Streaming and Videoscape Distribution Suite Service Broker.

Lauri Love rearrested in U.K.

Lauri Love, an Englishman accused of hacking into the U.S. Army, NASA and the Federal Reserve, was rearrested on Wednesday on an extradition warrant.

Thousands of vulnerabilities identified in government system

The U.S. Department of the Interior received an Inspector General report that pointed out nearly 3,000 vulnerabilities in its system.

Siemens energy automation bug could have allowed unauthorized control over device

A recently patched vulnerability in Siemens energy automation systems could have allowed an attacker to gain unauthorized control of the device.

Epic Games forums compromised, passwords to be reset

Members of the forums, which were still down on Thursday, will be required to change their password when the site reopens.

Army National Guard breach affects 850K, not related to OPM

The Army National Guard said a data breach that may have impacted more than 850,000 current and former members.

Hershey provides additional information on payment card breach

Payment cards used at certain Hershey Entertainment & Resorts Company properties between Feb. 14 and June 2 may have been compromised.

UPMC Health Plan compromises personal data of 722 patients

University of Pittsburgh Medical Center (UPMC) Health Plan announced its third breach in two years, information of 722 patients compromised.

Legislators call for lifetime identity protection for OPM data breach victims

Nearly seven percent of the U.S. population was impacted in the OPM data breaches, and nine legislators are now calling for lifetime identity theft protection for them.

Iran deal prompts concerns over country's growing cyber program

A diplomatic agreement that restricts Iran's nuclear program, may indirectly shift its focus towards cyber warfare efforts.

Vietnamese man sentenced to 13 years for scheme that affected 200M

A Vietnamese man was sentenced to 13 years in a U.S. prison for stealing and selling the personal information for identify theft.

Recovered USB stick contains Barclays data, customers offered compensation

The data on the USB stick is from 2008 or earlier, and is part of the same theft of data that was reported last year.

Walmart Canada's Online Photocentre down after potential breach

Walmart Canada has taken down its online photo site and is investigating a compromise that may have impacted 60,000 people.

Google invests in cybersecurity firm and university IoT project

Google Capital funded Crowdstrike during a funding round, and also granted Carnegie Mellon University $500,000.

United Airlines pays researcher bug bounty of 1M air miles

United Airlines paid a security researcher one million air miles for finding vulnerability and submitting it to the airline's bug bounty program.

Minerva Tantoco brings tech solutions to NYC

As the city's first CTO, Minerva Tantoco wants tech to solve some of the city's pressing issues, including what to do with old phone booths.

Canadian court allows expansion of student loan breach lawsuit

A Canadian federal court will allow students more options to pursue damages in a class action lawsuit against the government.

London teen hacker sentenced in Spamhaus DDoS attacks

Instead of jail time, Seth Nolan McDonagh, a.k.a. Narko, was sentenced to 240 hours of community service for his part in one of the the biggest cyber attacks in history.

NYC investigator convicted for hiring hackers, fears retaliation from clients

A NYC private investigator who was convicted of hiring hackers to assist in his work now fears retaliation from his clients after collaborating with authorities.

APT28 uses leaked Hacking Team exploits in custom EK

According to ESET researchers, APT28 started using the Flash exploit on Wednesday, the same day Adobe released a patch for the issue.

OPM Director Katherine Archuleta resigns

OPM Director Katherine Archuleta resigned from her post following the release of details about the agency's second data breach.

TerraCom, Yourtel America fined $3.5M for storing customer data on unsecured severs

TerraCom and Yourtel America have been ordered to pay a $3.5 million in civil penalties to the FCC for failing to adequately store customer data.

VMware issues updates to address host privilege escalation vulnerability

VMware Workstation, VMware Player and VMware Horizon View Client for Windows have received updates that address the vulnerability.

21.5 million SSNs stolen in second OPM breach, along with fingerprints and background info

OPM released the details of its second data breach on Thursday and said personal information, SSNs and fingerprints were all stolen.

Seven teams to compete for nearly $4M in 2016 DARPA Cyber Grand Challenge Final

Seven out of 104 teams have made it into the 2016 DARPA Cyber Grand Challenge Final Competition to be held August 2016 in Las Vegas.

Foreign hackers briefly commandeer German missile systems

Although a report indicated that a German missile system was taken over by hackers, a military spokesperson denied the claims.

OpenSSL patches high severity bug allowing certificate forgery

As promised earlier this week, the patch addresses a high severity bug impacting several OpenSSL versions.

Encryption hearing focuses on retaining access to users' devices

FBI Director James Comey brought his case against encryption to the Senate Judiciary Committee on Wednesday and said it hampers terrorism investigations.

Researchers say education sector end users more prone to risky behavior

End users in the education sector are twice as likely to be impacted by spyware and adware, and are equally as likely to visit malicious websites

Computer glitch grounds all United Airlines flights

United Airlines flights were temporarily grounded Wednesday morning due to a glitch in the computer software that manages automated operations.

Revenge porn hacker pleads guilty to felony charges

Charles Evens, 26, who hacked into victims' Gmail accounts to obtain nude photos for a revenge porn website, pleaded guilty last week.

Comey again denounces default encryption in editorial

While James Comey continues to argue that encryption will harm Americans, a group of security experts, including Susan Landau and Bruce Schneier, released a paper on Tuesday saying otherwise.

OpenSSL says patch for high severity bug to come soon

OpenSSL announced that it will release updates to patch a "high severity vulnerability" on Thursday, July 9.

EFF to host DefCon 23 badge hacking contest

The Electronic Frontier Foundation (EFF) has announced its first DEF CON 23 Badge Hack Contest.

Nearly all Japanese pension system files kept unprotected pre-breach

An investigation into the compromising of Japan's national pension system found that 99 percent of the accessed files were without any sort of password protection.

Dino spyware targeted 'sensitive centers' in Iran for 18 months

Masoud Biglarian, head of the CERT Coordination Center, said Iran shored up its security to protect against Dino spyware.

Feds recommend charges against Cardinals staff in Astros hack

Federal investigators have recommended charges be brought against at least one Cardinals employee for the Astros cyber attack.

DHS, FBI lead 'Cyber Guard' exercise in Virginia

From June 8 through June 26 more than 100 organizations participated in the fourth annual Cyber Guard exercise.

FTC launches 'Start With Security' initiative

The Federal Trade Commission will share lessons learned from the 54 data security cases it has brought as part of its "Start With Security" program.

Tech firms fear vague language in Chinese security law could be used to force backdoors

Vague language in a new Chinese security law has multinational tech firms concerned that China may use it to force them to build backdoors or provide encryption keys and source code.

Attackers use fake British Gas site to spread TorrentLocker

Researchers have seen an uptick in TorrentLocker infections in the U.K. and Turkey.

MasterCard testing facial recognition technology to verify online purchases

MasterCard has announced that it will begin using facial recognition and other biometric measures to verify payments in an effort to replace passwords.

Skimmer on Santander Bank ATM vestibule door leads to fraud

A magnetic stripe skimming device had been placed on the ATM vestibule door at a Santander Bank location in Woburn, Mass.

FISC judge gives NSA go-ahead to resume surveillance

A surveillance court judge ruled Monday that the NSA could temporarily resume its bulk data collection program during the transition period to the reforms of the USA Freedom Act signed into law June 2.

Trump Hotel Collection investigating potential payment card breach

According to a statement, Trump Hotel Collection has been alerted to potential suspicious credit card activity and is determining if it involves any of its properties.

JPMorgan reassigns CISO a year after major data breach

JPMorgan Chase reassigned the executive in charge of network security a year after he was criticized for his handling of a major data breach.

Unencrypted GoPro updates leave users vulnerable to attack

GoPro Studio sends update requests and receives updates over unencrypted connections leaving users vulnerable to attack.

FBI investigates physical attacks on San Francisco internet cables

The attacks reportedly date back a year, and happened as recently as Tuesday morning.

Cisco intends to acquire OpenDNS for $635 million

The acquisition is expected to close in the first quarter of the fiscal year 2016.

NYC private investigator sentenced for hiring hackers

Eric Saldarriaga was sentenced to three months in prison after he hired hackers to access victims' email accounts.

GAO issues report on Department of Treasury bureau

The U.S. Government Accountability Office identified nine new deficiencies in the Department of Treasury's Bureau of Fiscal Service's information systems.

Health orgs asking third party associates to get CSF certification

Recognizing the increased risk of breach from the interconnectedness of healthcare systems, some healthcare organizations will require third parties to obtain CSF certification.

DOJ investigates ATF official in possible data breach

An ATF official is under investigation by the DOJ for allegedly improperly accessing and downloading ATF employee data.

Europol, Interpol, and Ameripol arrest 130 suspected of airline fraud

Europol, Ameripol and Interpol collaborated to arrest 130 individuals across 49 countries between June 16 and 17 as part of a global initiative targeting criminals using stolen credit card information to purchase airline tickets,

FAA panel to focus on top cybersecurity risks to aircrafts

An FAA advisory committee aims to develop international design and testing standards that will thwart cyberattacks, a Wall Street Journal report reveals.

Apple to block advertisers from getting app data in iOS 9, reports say

Apple announced that the iOS 9 will block advertisers and other companies from scanning devices for app-download data.

Report: Florida call center hit by insider breach

The company in question, Advanced Tech Support, was previously sued by the FTC during a 2014 tech support scam investigation.

Damballa appoints Stephen Newman as CTO

Damballa announced the promotion of Stephen Newman to chief technology officer.

Checkmarx receives $84M investment

Application security firm Checkmarx announced on Thursday it received an $84M investment from Insight Venture Partners.

SINET panel sees uptick in bad actors, expanding attack surface

A panel at the SINET Innovation Summit agreed that while threats aren't more advanced they are persistent.

Indiana town judge says attackers gained access to classified court records

Access was gained to Clarksville Town Court classified records on June 23, potentially compromising information such as Social Security numbers.

Yahoo's Alex Stamos to join Facebook as CSO

Alex Stamos, who was appointed CISO at Yahoo last year, will join Facebook as CSO next Monday.

Hershey Park investigates potential payment card breach

The theme park is working with an external computer security firm to investigate its system for signs of an issue.

Coalfire co-founder and CEO Rick Dakin passes away

Dakin was a graduate of the United States Military Academy at West Point before going on to start Coalfire as a three-person operation in 2001.

Sign up to our newsletters