Progress on national breach notification law may stall

A bill, which would require a national reporting standard, has failed to make it before the Senate or House this year.

Apple OS X Yosemite contains bug fixes, Security Update also released

Apple OS X Yosemite includes fixes for more than 40 vulnerabilities, including POODLE and Shellshock.

JPMorgan Chase hackers missed fed gov't employee accounts

Information on half a million federal workers in the government's SmartBuy program went undetected by Chase hackers.

Google updates piracy-fighting report

The search engine company updates it piracy report to let users know how its adjusting search results to stop illegal piracy efforts.

Former RSA CISO named president and COO of White Ops

Eddie Schwartz has been appointed the new president of the New York City-based online fraud company. owner targeted in site hack

Mudit Grover's personal information was published online after a hacker, Team Danny, took control of the site.

FBI director warns of Apple and Google device encryption implications

After both companies said their new operating systems would come equipped with default encryption, FBI director James B. Coney used a speech to warn attendees of the repercussions those decisions could have.

FireEye pegs top Java exploits and EKs using them

A report details the three most commonly exploited Java bugs affecting users.

Two Detroit men arrested may be linked to Home Depot breach

A routine traffic stop in Texas resulted in two men being arrested for possession of criminal devices.

TD Bank reaches $850K breach settlement with states

The settlement brings some resolve to the 2012 breach, where the bank lost unencrypted backup tapes.

N.M. man, who intercepted governor's emails, sentenced to nine months

Jaime Estrada was sentenced to nine months in prison and was ordered to pay a $10,000 fine.

Hackers targeted Chase Corporate Challenge site to find infiltration route

The Corporate Challenge site was one of many avenues tested by persistent attackers, reports reveal.

South Korea mulls replacing nat'l ID cards after breach

Replacing the card would likely cost the South Korean government about $650 million and businesses would pay out billions to upgrade systems.

Google ordered to remove Japanese search results on man

A man claims his privacy was violated and that his life was threatened after search results indicated he might have been involved in a past crime.

Drupal core contains 'highly critical' SQL injection vulnerability

Upgrading to Drupal core 7.32 will address the vulnerability, which could lead to privilege escalation and arbitrary PHP execution if exploited.

Shellshock used to amass botnet and execute phishing campaign

Researchers found that the botnet contained 360 bots and was used to target Spanish-speaking Citibank customers.

ABA wants to automatically call and text mobiles regarding breach and fraud alerts

With data breach and fraud alerts in mind, the ABA filed a petition on Tuesday asking the FCC to remove "outdated regulatory restrictions" that prevent sending automated calls and texts to mobile devices.

Malicious ads on YouTube direct users to Sweet Orange exploit kit

The campaign targeted users running vulnerable versions of Internet Explorer.

Dropbox denies stolen credentials claim

The file hosting company refuted the recent news that more than seven million user login credentials were stolen and posted online.

Second class action suit filed against CHS

A class action suit filed in a New Mexico court accused the health system of failing to follow appropriate security measures.

Adobe fixes Flash Player, ColdFusion flaws

Adobe addressed nine Flash Player flaws in three CVEs, giving four bugs the company's highest priority rating. breach prompts Snapchat warning

After was breached, Snapchat warned users that third party applications could expose their data.

HP to remove digital signature that code-signed malware

Journalist Brian Krebs said the company is sending out advisories to clients saying it would remove the certificate after a 2010 security incident.

Suspected POS hacker Seleznev faces slew of new charges

Roman Seleznev is now charged in a 40-count indictment brought by a federal grand jury in Seattle.

JPMorgan hackers targeted 13 firms, including Fidelity, report reveals

Fidelity claims, however, that no customer data appears to have been stolen.

Symantec splits into two companies

As rumors swirled, Symantec announced that it would become two companies, one focused on security and the other on information management.

White House head of cybersecurity suggests selfies as password alternative

Rather than staying true to the password as the primary security method, Michael Daniel, White House cybersecurity coordinator, suggested biometrics or even selfies as an alternative.

Emma Watson Facebook scam infects users with malware

A new Facebook scam leverages the popularity of the British actress to infect users with a trojan that steals data and signs up victims to a premium SMS scam.

Google shells out $75K in bug bounties for Chrome 38 release

Google has paid more than $75,000 in bug bounties to security researchers who helped discover flaws patched in its recent release of Chrome 38.

Study finds reflection-based DDoS attacks still popular amongst attackers

The use of distributed denial-of-service (DDoS) reflection-based attacks continues to be on the rise, according to one recent study.

Bond insurer MBIA investigates potential breach of client data

MBIA says clients of its subsidiary, Cutwater Asset Management, were impacted.

Australian Broadcasting Company taken off air by ransomware attack

The company said it fell victim to a phishing email campaign that spread ransomware.

Apple iOS 8 bug reportedly deleting iWork docs

MacRumors forum users are reporting that the bug is deleting their iCloud documents, and in some cases, the docs could be permanently lost.

New system aims to automate threat intelligence in health care industry

A new system aimed at not only promoting threat intelligence in the health care industry, but automating it, was announced Wednesday.

New York City scraps transmitter beacons in Titan phone kiosks

Fearing they could be used to track phone users, New York officials told Titan to remove transmitter beacons from 500 phone kiosks.

Facebook fights back against spammers

The social media company in a blog post detailed its efforts to stop spammers and 'fake likes' businesses.

ISACA announces entry-level cybersecurity certificate

A new cybersecurity certificate has been launched by global IT association ISACA that's intended for those looking to break into the field.

Mozilla patches Bugzilla bug that revealed details on flaws

Mozilla has updated its Bugzilla tracking program to patch security holes, including a flaw that exposed bugs that security researchers are patching.

Marriott to pay $600K fine for blocking guests' Wi-Fi networks

The FCC launched an investigation last year after a consumer complained of the practice.

Unauthorized employee may have accessed AT&T customer info

The company informed victims in a letter that the employee no longer works there, and complementary credit monitoring services are being offered.

Apple updates XProtect, blacklists iWorm variants

After more than 18,000 Macs were infected with iWorm malware, Apple has updated its XProtect system to identify and block certain variants.

Google updates SafeSearch, adds HTTPs support

Google has updated SafeSearch to support HTTPs and will remove the older iteration in early December.

iCloud hacker releases new series of celebrity nude images

Another wave of celebrity nude images hit the internet on Sunday just days after Google took action to remove some of the previously leaked photos.

Google deletes hacked images of nude celebs

After being threatened with legal action by the victims of the headline-grabbing nude celebrity photo hacks, Google has made a move to delete them.

Phishing scam goes after AOL account credentials

The phishing email tells recipients that their mailbox has exceeded the storage limit and that they must click a link and enter their credentials to "re-validate" it.

Researchers discover Mac botnet

Doctor Web researchers have discovered a new malware that is being used to amass Macs into a giant botnet.

JPMorgan Chase security issues ongoing

The bank may have joined the ranks of companies that have been hit by two data breaches, or more, in fairly short order, according to a recent report.

Researchers release BadUSB code at Derbycon

Two months after SR Labs demonstrated that flaws allow malware to infect USB devices, two researchers have taken the code public.

Chinese iOS trojan targets jailbroken devices

The trojan is known as Xsser mRAT is targeting protesters in China, but devices have to be jailbroken in order to be infected.

Google threatened with $100M lawsuit over hacked celeb images

A lawyer representing more than a dozen of the women affected by the recent iCloud celebrity hacking scandal has threatened Google with a $100,000,000 lawsuit.

Malvertising still plaguing The Pirate Bay

The popular torrent site is still serving up malicious ads, two years after initial reports.

Pakistani man indicted over spyware app creation

Hammad Akbar created StealthGenie, which allowed the purchaser to secretly monitor a cell phone's communications.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.

Google bumps maximum Chrome bug bounty reward to $15K

A high-quality report with a functional exploit for a sandbox escape will earn a bug hunter $15,000, according to the new reward amounts.

Malware in Mexico, Ukraine ATM attacks may be culprit in Malaysia

Police are not naming the malware used, but speculation casts an eye on Backdoor.Ploutus or Backdor.PadPin.

FBI to open Malware Investigator portal to security researchers

The portal is a virus analysis tool that examines suspicious files and shares information about them.

Android bug allowing SOP bypass farther reaching than initially thought

Researchers found that 42 out of the top 100 apps in the Google Play store with 'browser' in their names were vulnerable.

Apple addresses Bash bug with new update

The tech company issued an update for OS X Mavericks, Mountain Lion and Lion earlier this week.

EPIC files complaint with FTC against Maricopa

The nonprofit organization alleges that the Maricopa County Community College District violated the FTC's "Safeguards Rule."

RSA fraud report examines August phishing trends

Phishing is down 22 percent from July to August, but U.S. banks experienced an increase in phishing volume.

Kevin Mitnick to sell zero-day exploits

Kevin Mitnick's new venture will develop and procure zero-day exploits, then sell them for $100,000 or more.

FBI warns of potential cyber attacks launched by ISIS hacktivists

Following U.S. military airstrikes in the Middle East, the FBI has issued a warning regarding possible cyber threats aimed at U.S. networks and critical infrastructure by hacktivists in support of ISIS.

Jimmy Johns' POS vendor confirms breaches at other restaurants

Signature Systems, Inc. confirmed that 108 other businesses were impacted by the malware installed on its systems.

Top websites deliver CryptoWall ransomware via malvertising

The CryptoWall ransomware being delivered comes with a valid digital signature and initial VirusTotal results showed zero detections.

Facebook privacy lawsuit moves forward

The social media company is arguing that it should be able to opt out of searching users' accounts when it feels it is being done illegally.

iThemes users asked to change passwords following attack

User passwords were being stored in cleartext, and are among the data that may have been compromised in the attack.

U.S. Bank ordered to refund $48M to customers

A Consumer Financial Protection Bureau campaign to curb deceptive banking activities has resulted in U.S. Bank being ordered to refund $48 million.

FBI director criticizes Apple, Google encryption moves

James Comey reportedly said the developments could put consumers "beyond the law."

NIST taps MITRE to support National Cybersecurity Center of Excellence

The contract includes initial tasks totaling $29 million, the U.S. Commerce Department's NIST said.

Mozilla addresses bug allowing signature forgery in NSS

On Wednesday, Mozilla patched the bug which could allow an attacker to forge RSA certificates.

Cyber attack on Japan Airlines impacts up to 750,000

A phishing attack may have resulted in the theft of personal information belonging to customers of Japan Airlines's frequent flier club.

Jimmy Johns confirms breach; 216 stores impacted

The sandwich store chain confirmed that customer card information was compromised at more than 200 of its stores.

Microsoft launches new bug bounty program

The new program will start with a focus on Office 365 with rewards starting at $500.

Fed court shutters Butterfly Labs at FTC's request

The Federal Trade Commission had asked a federal court to shut down the company, which marketed specialized computers to mine bitcoins.

Apple pulls iOS 8.0.1 after TouchID, cell service complaints

The update was issued only a week ago, and has now been yanked by the tech giant.

IT manager pleads guilty in Liberty Reserve case

Maxim Chukharev pleaded guilty in federal court to charges stemming from his role in Liberty Reserve's ascent to bank of choice for underworld criminals.

Insider threat cases on the rise, IC3 warns

Disgruntled and former employees have been increasingly engaging in computer network exploitation and disruption.

LogMeIn notifies users of fake emails claiming to be security update

Fake emails that appear to come from an authentic LogMeIn address state that the company has released a new security certificate.

Policy violation letters trick SMB workers into downloading malware

Bitdefender researchers detected an uptick in computers infected by Zbot via dozens of ARJ-compressed files.

Researcher hacks iPhone 6 Touch ID sensor

Little progress was made security wise, between the iPhone 5S and iPhone 6 sensor, a researcher found.

Blackphone and Silent Circle announce bug bounty programs

Both programs offer a standard reward of $128 per qualifying vulnerability, although it could change depending on the severity of the bug.

Dragonfly malware was designed to target pharmaceutical companies

Although initial reports said Dragonfly was targeting industrial control systems, a new white paper indicates that this might not be the case.

Texas man ordered to pay $40.4M for Bitcoin Ponzi scheme

Trendon T. Shavers pocketed more than $101 million after convincing Bitcoin owners to invest in his phony firm.

IBM opens cloud resiliency center in N.C.

The center will help enterprises avoid costly disruptions caused by cyber incidents and natural disaster.

Google to encrypt data by default on Android L devices

The mobile operating system, Android L, is expected to be released later this year.

EFF Tor Challenge yields more than 1600 relays

The privacy group said the response to the Challenge exceeded its projections threefold.

Home Depot ignored security employees' vulnerability warnings

The New York Times reported that the retailer's security team warned of possible system vulnerabilities but managers never followed through.

Reddit, 4chan shut down another round of celeb nude photos

Another wave of celebrity nude photos were released Saturday and sites like 4chan moved quickly to remove them.

Beazley: employee errors root of most data breaches, but malware incidents cost more

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.

Info on 282K Wisconsin Home Depot cards for sale on black market

A Milwaukee Journal Sentinel investigation found customer payment card information from all 26 Wisconsin stores on sale.

Malvertising campaign targets Israeli news outlets

The recently discovered campaign is using The Times of Israel and The Jerusalem Post to expose users to the Zemot Trojan.

Two Russian cybercriminals nabbed in Android malware scheme

Two men were arrested for stealing money from victims' bank accounts after sending malicious emails offering a romantic gift.

TorrentLocker developers patch error

Victims had been able to restore encrypted files without paying a ransom.

Home Depot: breach risks 56M payment cards, 'unique' malware used

Home Depot confirmed that approximately 56 million payment cards may have been compromised as result of a malware attack.

eBay addresses XSS issue affecting auction page visitors

Due to the flaw, iPhone bidders were vulnerable to being redirected to a phishing page.

Apple cannot comply with search warrants on iOS 8 devices

The new operating system protects the device's personal information with a passcode that Apple will not be able to bypass.

Singaporean karaoke bar members' info compromised

K Box was targeted in an attack that was supposed to express unhappiness over a toll fare hike.

Analysts spot 'Critolock,' ransomware claims to be CryptoLocker

Trend Micro noted several differences between Critolock and CryptoLocker, however.

Apple implements two-factor authentication

The company followed through on its promise to up iCloud security by implementing two-factor authentication earlier this week.

Sign up to our newsletters