Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Mozilla offers up $10K for bugs found in new certificate verification library

Mozilla will offer bug bounty hunters $10,000 if they dig up critical vulnerabilities in a new certificate verification library, which is on pace to be included in Firefox 31.

HMRC offers shaky explanation on plans to sell taxpayer data

The UK revenue agency is considering selling anonymized taxpayer data to third parties.

Cyber gang that stole $2 million from Barclays sentenced to 24 years

Nine men were sentenced this week, with the group's leader getting five-and-a-half years.

DDoS attack almost crashes children's hospital website

Officials haven't confirmed a DDoS scheme, but noted the attackers hit the hospital's website with large attacks designed to overwhelm it with traffic.

Feds warn health care sector of looming cyber attacks

The FBI believes that the lax security systems that the health care industry has in place make it a prime target for cyber attacks.

Report: Bank of England to helm pen-testing effort for UK's finance sector

The bank also oversaw last year's "Waking Shark II" simulated cyber attacks throughout London.

FBI arrests two members of Anonymous's Cambodia section

The men allegedly infiltrated 30 government websites in addition to private sector sites.

Apple's iOS 7.1.1 fixes Webkit bugs, encryption bypass issue

Released Tuesday, the update prevents exploit via "triple handshake" attacks, which could allow a bypass of encryption safeguards.

'Unauthorized' media contact a fireable offense for U.S. intel employees

The new media policy states that U.S. intelligence employees who have "unauthorized" contact with the media could lose their jobs.

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.

Man pleads guilty to Comcast scam

A Philadelphia man entered an open guilty plea to a scam that lowered the monthly bills of 5,790 Comcast customers who each paid between $75-$100.

Privacy groups urge NIST to be more transparent

In an open letter to the NIST, a group comprised of a dozen privacy groups urged the agency be more transparent.

Security concerns shutter educational database inBloom

Parents and educators questioned data privacy and security at the startup, which was financed in part by the Bill and Melinda Gates Foundation.

Report: Google looks to integrate PGP with Gmail

Pretty Good Privacy, or PGP, is an encryption method that was created in the early '90s.

Heartbleed bug exploited to bypass multifactor auth, hack VPN

Security firm Mandiant detailed the heartbleed exploit, which was used on one of its clients.

U.S. and Russia both look to extradite hacker

A Dutch minister of justice will decide where Vladimir Drinkman will land to face charges related to his involvement in the cyber crime collective responsible for the Heartland Payment breach.

Hacktivist claims Facebook is vulnerable to DNS attacks, Facebook says it's not

Facebook debunked a reported claim by Mauritania Attacker, the alleged leader of hacktivist collective AnonGhost, that the social media website is vulnerable to DNS attacks.

Heartbleed prompts HealthCare.gov to reset passwords

After reviewing government websites for Heartbleed exploits, HealthCare.gov changed users' passwords.

Mysterious iOS malware campaign has Chinese origins

The threat, dubbed "Unflod Baby Panda," was discovered by Reddit users and analyzed by researchers at the German-based security firm, SektionEins.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Investors aim to 'save' bitcoin exchange Mt. Gox

After suffering a massive bitcoin theft, the exchange faces liquidation of its assets in Japan.

Pittsburgh hospital employees hit by tax fraud following breach

A University of Pittsburgh Medical Center spokeswoman announced that at least 788 employees were victims of tax fraud as a result of a February attack.

Donation campaign launched, aimed at OpenSSL audit

Bugcrowd, an Australian security start-up, will organize the funding drive in hopes to further secure the open source software.

New VOICE website a resource tool for cyber crime victims

A new website created to aid consumers in quickly reporting cyber crime is now available.

Phishing scam targets Michigan public schools

Unknown attackers used the finance director's email account to request wire transfers from the school district's accounting department.

Darknet gets its first search engine

Grams Darknet Market Search is patterned after Google and can only be accessed through the Tor browser.

Virgin Media email blunder leads to breach, may affect 130k

The message snafu affected only customers with a Virgin.net account.

German Aerospace Center discovers spy malware on network

The possibly foreign malware affected all computer systems and left little for investigators to work from because it was designed to self-destruct.

A Starbucks scam is brewing, phishing emails contain Zeus attachment

Emails purporting to come from Starbucks actually come attached with a modified version of the Zeus banking trojan, but numerous spelling and grammar mistakes should give the scam away.

WhatsApp bug allows for interception of shared locations

Researchers identified a vulnerability in WhatsApp that could enable an attacker to intercept shared locations using a man-in-the-middle attack, or a rogue access point.

Google tweaks its terms of service for clarity on Gmail scanning

The company is currently dealing with a lawsuit that challenges its email scanning practices.

Competition challenges students to think like IT professionals

An upcoming college competition will test students' abilities to defend a simulated small company's servers against possible security threats and attacks while keeping the servers running.

Most Heartbleed detection tools have bugs of their own, firm finds

London-based CNS Hut3 warns that flaws in many Heartbleed detection tools could give companies a "false sense of security."

Two plead guilty for roles in separate Android app piracy groups

Two members of different Android app piracy groups pleaded guilty this week to conspiracy to commit criminal copyright infringement.

Study: Eighteen percent of online adults have had personal info stolen

About 18 percent of online adults have had personal information stolen, and more than 20 percent had an email or social networking account compromised.

Tech manufacturer's online payment system breached

LaCie confirmed an unauthorized party used malware to access its online payment system for almost a year and could have stolen customer information.

Feds to roll out face recognition database by summer

The Next Generation Identification database currently has more than 16 million face images, and is expected to house more than 52 million images by next year.

FTC warns Facebook on changing WhatsApp privacy policies

Both companies publicly stated that messaging service's privacy policy wouldn't be affected by the acquisition, but if they were, Facebook would have to receive users' consent.

Karpeles won't appear in U.S. deposition, cites Treasury subpoena

Lawyers for Mark Karpeles told a federal judge the Mt. Gox founder must first secure legal counsel to represent him in a Treasury Department subpoena.

UK cosmetic surgery group extorted by hacker that stole data on 500K

An attacker stole information on 500,000 individuals that submitted inquiries on the Harley Medical Group website, and then attempted to extort the UK-based cosmetic surgery group for money.

Google considers boosting rankings of websites that encrypt

The head of Google's Webspam team would like to see the company reward developers for encryption in an attempt to better protect Web users.

Texas man receives 14 more charges for brute-force attack

Fidel Salinas allegedly attempted to access the Hidalgo County server multiple times between November 2011 and January 2012.

New Wisconsin law restricts employer access to personal accounts

The law, Wis. Stat. Section 995.55, was enacted last week.

Yahoo quickly fixes Flickr SQL injection, remote code execution flaws

A quick fix was issued to Flickr SQL injection flaws that could open the door for remote code execution after a researcher identified the issues and reported it to Yahoo.

Revenue Canada: Heartbleed exploit used in taxpayer breach

The social insurance numbers of 900 taxpayers were accessed in the breach, according to the agency.

Kentucky becomes 47th state to pass data breach notification laws

After a Kentucky bill passed on Thursday, only three states remain that do not have any data breach notification laws.

Online poker sites slow to fix Heartbleed, have other security issues

An online poker news site tested dozens of sites and found numerous vulnerabilities.

Phishing attack targets FIFA video game players

A Twitter account attempting to mask itself as part of an EA Sports official support team sent video game players a malicious link that could have handed over hundreds of logins.

Authorities search for suspect using credit cards from Target breach

Surveillance video released in Lakewood, Colo., shows a suspect known as Steve Locke carrying purchases made with stolen cards.

Federal appeals court overturns conviction of AT&T hacker "weev"

A federal appeals court determined that New Jersey was the wrong venue to convict and sentence AT&T hacker Andrew "weev" Auernheimer.

Bank of America target of class-action suit for 2012 breach

Plaintiffs claim that stolen personal information was sold and used for fraud and identity theft.

200,000 South Korean credit card users' information stolen

The personal information was used to create fake cards and create charges worth at least $115,000.

Card skimming device found on NYC subway station machine

The device was found attached to a MetroCard machine at the Columbus Circle 1 train station.

FTC, Justice Dept. say antitrust laws shouldn't block cyber threat disclosure

In the wake of uneven disclosure of the Heartbleed bug among companies affected, a joint agency statement outlined a framework for information sharing.

Google Chrome bug enables stealthy tapping of microphones

A vulnerability in Google Chrome can allow an attacker to stealthily listen in on someone, even if microphone access is blocked.

'Heartbleed bug' leads Canada Revenue Agency to suspend tax efiling

The Heartbleed Bug is a critical OpenSSL flaw said to leave online information, including payment card data, vulnerable to being exposed.

Facebook ups privacy measures, tests new user settings

On Tuesday, the company unveiled the coming changes.

Man pleads guilty for involvement in $50M scam

A Georgia man has plead guilty to racketeering charges related to a credit card trafficking ruse that resulted in more than $50 million being lost globally.

JPMorgan Chase CEO details company's cyber threats in annual letter

Jamie Dimon wrote that the bank will have spent more than $250 million annually by the end of the year on cyber security and faces increasingly complex and more dangerous" attacks.

Canadian privacy bill floats $100k fine per breach victim not notified

Introduced Tuesday, the Digital Privacy Act includes stiff penalties for organizations that fail to adequately respond to breaches.

Battelle announces this year's CyberAuto Challenge

The July event allows students to work alongside professionals to learn about car IT security and then participate in challenges to apply their knowledge practically.

More states look into Experian co. breach exposing 200 million records

Efforts are now reportedly underway in Iowa and North Carolina as part of a multistate probe.

Critical Adobe Flash Player vulnerabilities addressed in Tuesday update

A Tuesday update addresses critical Adobe Flash Player vulnerabilities that could allow an attacker to take control of Windows, Macintosh and Linux systems.

Blackberry issues update for remote code execution vulnerability

Blackberry issued an advisory yesterday warning Blackberry 10 customers that a remote code execution vulnerability could threaten their phones' security.

Anonymous may be targeting educational institutions in 'OpSafeEdu'

Educational institutions may be the target of Anonymous in its latest 'OpSafeEdu' campaign, according to an alert issued by the Center for Internet Security.

FTC files complaint against website that labeled users "jerks"

The Federal Trade filed a complaint against the operators of "Jerk.com" for breaking the FTC Act by misleading consumers.

Utah law shields electronic device locations and communication content

Under the reforms, state and local law enforcement must obtain search warrants to access electronic devices' location information and electronic communications content.

Phishers use fake voting campaign to steal Facebook credentials

Experts have uncovered a phishing ruse that leverages a fake voting campaign to trick users into giving up their Facebook login credentials.

Yahoo changes tune, fixes Flickr invite disclosure bug

A Flickr flaw that Yahoo initially would not recognize as a bug has now been fixed, and the internet corporation is compensating the bug bounty hunter that brought it to attention two months ago.

Android app vulnerabilty puts Chinese users at-risk

The vulnerability allows fake apps to hijack real app updates then uses them to steal stored information.

Supreme Court won't take on constitutionality of NSA metadata program

After a favorable lower court ruling, a political activist tried to bypass the federal appeals process by directly petitioning the Supreme Court.

Another 170K L.A. county health clients impacted in Sutherland breach

An additional 170,200 Los Angeles County Department of Health Services clients were identified as having been impacted in the February theft of computers from Sutherland Healthcare Solutions.

Barrett Brown pleads guilty to two federal charges

A public face of the hacktivist collective Anonymous reaches plea deal with federal prosecutors but still faces a charge for threatening a federal agent.

Google pays $1 million fine for Street View privacy violations

Google paid more than $1 million to Italy after a regulator found the company's Street View cars violated citizens' privacy by taking photos without their knowledge and permission.

Cable modem flaw leaves Optus subscribers vulnerable to hackers

A default "admin" password left in place by Optus for remote administration can allow hackers to access subscribers' home phones and networks.

Facebook doled out $1.5 million to researchers in 2013 for bug bounties

The social media giant received close to 15,000 submissions, 687 of which were valid.

Five-year-old discovers Xbox bug, accesses dad's account to play mature games

A five-year-old figured out a bug in Xbox One that allowed him to log into his dad's account and have fun with games he was told not to play.

Regulator alerts banks of mounting ATM attacks, DDoS threat

The Federal Financial Institutions Examination Council (FFIEC) notified the industry on Wednesday.

Yahoo enhances data security through encryption efforts

On Wednesday, Yahoo's CISO Alex Stamos announced the security measures.

Singapore's NTUC resident members get two-factor authentication devices

Added security and no longer having to memorize increasingly difficult passwords are some of the benefits resident members of Singapore's NTUC will get by activating their new OneKey two-factor authentication devices.

Target customer satisfaction levels drop

Target customers aren't as happy as they were at this time last year after the company's massive data breach, according to new research.

Former Microsoft employee accused of leaking software pleads guilty

A former Microsoft employee has pleaded guilty to charges related to sharing software code for looming company products.

iOS 7.1 bug enables iCloud account deletion, disabling Find My iPhone, without password

A bug demonstrated by a YouTube user on Wednesday may enable a thief to delete an iCloud account, disable Find My iPhone, and ultimately restore the device, without the need of a password.

Mortgage software provider Ellie Mae suffers DDoS attack

Ellie Mae had its services shut down yesterday after a suspected distributed denial-of-service (DDoS) attack.

FTC vigilant on data security, Ramirez tells Senate committee

The FTC Chairwoman cites 50 cases the commission has settled, including recent agreements with Fandango and Credit Karma.

Bankruptcy judge orders Mt. Gox CEO to U.S. for questioning

A U.S. Bankruptcy judge ordered Mt. Gox CEO Mark Karpeles to appear for a deposition on April 17 at the offices of the Bitcoin exchange's law firm.

24,000 computers worldwide infected by Middle Eastern malware

Experts have discovered a piece of malware that has infected 24,000 computers worldwide, and has been used by up to 487 criminal groups.

Apple's Safari update addresses 27 vulnerabilities

Apple's Tuesday update to Safari 7.0.3 and 6.1.3 fixes 27 vulnerabilities, most of which can enable arbitrary code execution.

Database of more than 150K Boxee.tv accounts posted on Tor Network

A database of more than 158,000 Boxee.tv accounts was posted anonymously on the Tor Network, according to a security company.

LinkedIn identifies company that used bots to scrape profile data

HiringSolved, a start-up recruiting company, was named in an amended complaint, as well as its founder. The social networking service claims they violated its terms of agreement, as well as copyright and hacking laws.

Attorney of alleged Silk Road operator files for dismissal of charges

Ross Ulbricht's attorney argued that Bitcoin isn't money in its legal definition.

Fake Google apps removed from Window Phone Store by Microsoft

Five phony Google apps appeared in the app store, each with a $1.99 price tag, before being removed by the company.

Anonymous DDoS attack dismantles Albuquerque Police website

The hacktivist collective Anonymous organized a DDoS attack that made good on its promise to shut down the Albuquerque Police Department's website.

NSA spying on German broader than expected, Snowden docs show

In addition to tapping German Chancellor Merkel's cell phone, the NSA included her and more than 100 foreign leaders in a surveillance database.

CryptoDefense rakes in $34K in bitcoin ransom

In the month since its discovery, CryptoDefense has been profitable for its authors who have targeted Windows users, Symantec says.

Wi-Fi Alliance contacts Philips after researchers hack smart TVs

After researchers showed how they could take control of and take data off recent Philips Smart TVs, the Wi-Fi Alliance has contacted the technology company over its passphrase implementation relating to Miracast.

Canada gov't reports breaches soar, CRA hit hardest

Canada's government was plagued by more data breaches in a recent 10-month period than in the 10 years prior with nearly 80 percent occurring at the CRA.

S&P lowers Target's credit rating following breach

Poor sales and a drop in income in the wake of a high-profile breach prompt Standards & Poor to downgrade Target's credit rating one level.

Pinterest accounts hacked, display weight loss spam and butt pictures

Hacked Pinterest accounts began posting weight loss spam, and pictures of butts too.

Sign up to our newsletters