Phishing scam targets Michigan public schools

Unknown attackers used the finance director's email account to request wire transfers from the school district's accounting department.

Darknet gets its first search engine

Grams Darknet Market Search is patterned after Google and can only be accessed through the Tor browser.

Virgin Media email blunder leads to breach affecting 130k

The message snafu affected only customers with a Virgin.net account.

German Aerospace Center discovers spy malware on network

The possibly foreign malware affected all computer systems and left little for investigators to work from because it was designed to self-destruct.

A Starbucks scam is brewing, phishing emails contain Zeus attachment

Emails purporting to come from Starbucks actually come attached with a modified version of the Zeus banking trojan, but numerous spelling and grammar mistakes should give the scam away.

WhatsApp bug allows for interception of shared locations

Researchers identified a vulnerability in WhatsApp that could enable an attacker to intercept shared locations using a man-in-the-middle attack, or a rogue access point.

Google tweaks its terms of service for clarity on Gmail scanning

The company is currently dealing with a lawsuit that challenges its email scanning practices.

Competition challenges students to think like IT professionals

An upcoming college competition will test students' abilities to defend a simulated small company's servers against possible security threats and attacks while keeping the servers running.

Most Heartbleed detection tools have bugs of their own, firm finds

London-based CNS Hut3 warns that flaws in many Heartbleed detection tools could give companies a "false sense of security."

Two plead guilty for roles in separate Android app piracy groups

Two members of different Android app piracy groups pleaded guilty this week to conspiracy to commit criminal copyright infringement.

Study: Eighteen percent of online adults have had personal info stolen

About 18 percent of online adults have had personal information stolen, and more than 20 percent had an email or social networking account compromised.

Tech manufacturer's online payment system breached

LaCie confirmed an unauthorized party used malware to access its online payment system for almost a year and could have stolen customer information.

Feds to roll out face recognition database by summer

The Next Generation Identification database currently has more than 16 million face images, and is expected to house more than 52 million images by next year.

FTC warns Facebook on changing WhatsApp privacy policies

Both companies publicly stated that messaging service's privacy policy wouldn't be affected by the acquisition, but if they were, Facebook would have to receive users' consent.

Karpeles won't appear in U.S. deposition, cites Treasury subpoena

Lawyers for Mark Karpeles told a federal judge the Mt. Gox founder must first secure legal counsel to represent him in a Treasury Department subpoena.

UK cosmetic surgery group extorted by hacker that stole data on 500K

An attacker stole information on 500,000 individuals that submitted inquiries on the Harley Medical Group website, and then attempted to extort the UK-based cosmetic surgery group for money.

Google considers boosting rankings of websites that encrypt

The head of Google's Webspam team would like to see the company reward developers for encryption in an attempt to better protect Web users.

Texas man receives 14 more charges for brute-force attack

Fidel Salinas allegedly attempted to access the Hidalgo County server multiple times between November 2011 and January 2012.

New Wisconsin law restricts employer access to personal accounts

The law, Wis. Stat. Section 995.55, was enacted last week.

Yahoo quickly fixes Flickr SQL injection, remote code execution flaws

A quick fix was issued to Flickr SQL injection flaws that could open the door for remote code execution after a researcher identified the issues and reported it to Yahoo.

Revenue Canada: Heartbleed exploit used in taxpayer breach

The social insurance numbers of 900 taxpayers were accessed in the breach, according to the agency.

Kentucky becomes 47th state to pass data breach notification laws

After a Kentucky bill passed on Thursday, only three states remain that do not have any data breach notification laws.

Online poker sites slow to fix Heartbleed, have other security issues

An online poker news site tested dozens of sites and found numerous vulnerabilities.

Phishing attack targets FIFA video game players

A Twitter account attempting to mask itself as part of an EA Sports official support team sent video game players a malicious link that could have handed over hundreds of logins.

Authorities search for suspect using credit cards from Target breach

Surveillance video released in Lakewood, Colo., shows a suspect known as Steve Locke carrying purchases made with stolen cards.

Federal appeals court overturns conviction of AT&T hacker "weev"

A federal appeals court determined that New Jersey was the wrong venue to convict and sentence AT&T hacker Andrew "weev" Auernheimer.

Bank of America target of class-action suit for 2012 breach

Plaintiffs claim that stolen personal information was sold and used for fraud and identity theft.

200,000 South Korean credit card users' information stolen

The personal information was used to create fake cards and create charges worth at least $115,000.

Card skimming device found on NYC subway station machine

The device was found attached to a MetroCard machine at the Columbus Circle 1 train station.

FTC, Justice Dept. say antitrust laws shouldn't block cyber threat disclosure

In the wake of uneven disclosure of the Heartbleed bug among companies affected, a joint agency statement outlined a framework for information sharing.

Google Chrome bug enables stealthy tapping of microphones

A vulnerability in Google Chrome can allow an attacker to stealthily listen in on someone, even if microphone access is blocked.

'Heartbleed bug' leads Canada Revenue Agency to suspend tax efiling

The Heartbleed Bug is a critical OpenSSL flaw said to leave online information, including payment card data, vulnerable to being exposed.

Facebook ups privacy measures, tests new user settings

On Tuesday, the company unveiled the coming changes.

Man pleads guilty for involvement in $50M scam

A Georgia man has plead guilty to racketeering charges related to a credit card trafficking ruse that resulted in more than $50 million being lost globally.

JPMorgan Chase CEO details company's cyber threats in annual letter

Jamie Dimon wrote that the bank will have spent more than $250 million annually by the end of the year on cyber security and faces increasingly complex and more dangerous" attacks.

Canadian privacy bill floats $100k fine per breach victim not notified

Introduced Tuesday, the Digital Privacy Act includes stiff penalties for organizations that fail to adequately respond to breaches.

Battelle announces this year's CyberAuto Challenge

The July event allows students to work alongside professionals to learn about car IT security and then participate in challenges to apply their knowledge practically.

More states look into Experian co. breach exposing 200 million records

Efforts are now reportedly underway in Iowa and North Carolina as part of a multistate probe.

Critical Adobe Flash Player vulnerabilities addressed in Tuesday update

A Tuesday update addresses critical Adobe Flash Player vulnerabilities that could allow an attacker to take control of Windows, Macintosh and Linux systems.

Blackberry issues update for remote code execution vulnerability

Blackberry issued an advisory yesterday warning Blackberry 10 customers that a remote code execution vulnerability could threaten their phones' security.

Anonymous may be targeting educational institutions in 'OpSafeEdu'

Educational institutions may be the target of Anonymous in its latest 'OpSafeEdu' campaign, according to an alert issued by the Center for Internet Security.

FTC files complaint against website that labeled users "jerks"

The Federal Trade filed a complaint against the operators of "Jerk.com" for breaking the FTC Act by misleading consumers.

Utah law shields electronic device locations and communication content

Under the reforms, state and local law enforcement must obtain search warrants to access electronic devices' location information and electronic communications content.

Phishers use fake voting campaign to steal Facebook credentials

Experts have uncovered a phishing ruse that leverages a fake voting campaign to trick users into giving up their Facebook login credentials.

Yahoo changes tune, fixes Flickr invite disclosure bug

A Flickr flaw that Yahoo initially would not recognize as a bug has now been fixed, and the internet corporation is compensating the bug bounty hunter that brought it to attention two months ago.

Android app vulnerabilty puts Chinese users at-risk

The vulnerability allows fake apps to hijack real app updates then uses them to steal stored information.

Supreme Court won't take on constitutionality of NSA metadata program

After a favorable lower court ruling, a political activist tried to bypass the federal appeals process by directly petitioning the Supreme Court.

Another 170K L.A. county health clients impacted in Sutherland breach

An additional 170,200 Los Angeles County Department of Health Services clients were identified as having been impacted in the February theft of computers from Sutherland Healthcare Solutions.

Barrett Brown pleads guilty to two federal charges

A public face of the hacktivist collective Anonymous reaches plea deal with federal prosecutors but still faces a charge for threatening a federal agent.

Google pays $1 million fine for Street View privacy violations

Google paid more than $1 million to Italy after a regulator found the company's Street View cars violated citizens' privacy by taking photos without their knowledge and permission.

Cable modem flaw leaves Optus subscribers vulnerable to hackers

A default "admin" password left in place by Optus for remote administration can allow hackers to access subscribers' home phones and networks.

Facebook doled out $1.5 million to researchers in 2013 for bug bounties

The social media giant received close to 15,000 submissions, 687 of which were valid.

Five-year-old discovers Xbox bug, accesses dad's account to play mature games

A five-year-old figured out a bug in Xbox One that allowed him to log into his dad's account and have fun with games he was told not to play.

Regulator alerts banks of mounting ATM attacks, DDoS threat

The Federal Financial Institutions Examination Council (FFIEC) notified the industry on Wednesday.

Yahoo enhances data security through encryption efforts

On Wednesday, Yahoo's CISO Alex Stamos announced the security measures.

Singapore's NTUC resident members get two-factor authentication devices

Added security and no longer having to memorize increasingly difficult passwords are some of the benefits resident members of Singapore's NTUC will get by activating their new OneKey two-factor authentication devices.

Target customer satisfaction levels drop

Target customers aren't as happy as they were at this time last year after the company's massive data breach, according to new research.

Former Microsoft employee accused of leaking software pleads guilty

A former Microsoft employee has pleaded guilty to charges related to sharing software code for looming company products.

iOS 7.1 bug enables iCloud account deletion, disabling Find My iPhone, without password

A bug demonstrated by a YouTube user on Wednesday may enable a thief to delete an iCloud account, disable Find My iPhone, and ultimately restore the device, without the need of a password.

Mortgage software provider Ellie Mae suffers DDoS attack

Ellie Mae had its services shut down yesterday after a suspected distributed denial-of-service (DDoS) attack.

FTC vigilant on data security, Ramirez tells Senate committee

The FTC Chairwoman cites 50 cases the commission has settled, including recent agreements with Fandango and Credit Karma.

Bankruptcy judge orders Mt. Gox CEO to U.S. for questioning

A U.S. Bankruptcy judge ordered Mt. Gox CEO Mark Karpeles to appear for a deposition on April 17 at the offices of the Bitcoin exchange's law firm.

24,000 computers worldwide infected by Middle Eastern malware

Experts have discovered a piece of malware that has infected 24,000 computers worldwide, and has been used by up to 487 criminal groups.

Apple's Safari update addresses 27 vulnerabilities

Apple's Tuesday update to Safari 7.0.3 and 6.1.3 fixes 27 vulnerabilities, most of which can enable arbitrary code execution.

Database of more than 150K Boxee.tv accounts posted on Tor Network

A database of more than 158,000 Boxee.tv accounts was posted anonymously on the Tor Network, according to a security company.

LinkedIn identifies company that used bots to scrape profile data

HiringSolved, a start-up recruiting company, was named in an amended complaint, as well as its founder. The social networking service claims they violated its terms of agreement, as well as copyright and hacking laws.

Attorney of alleged Silk Road operator files for dismissal of charges

Ross Ulbricht's attorney argued that Bitcoin isn't money in its legal definition.

Fake Google apps removed from Window Phone Store by Microsoft

Five phony Google apps appeared in the app store, each with a $1.99 price tag, before being removed by the company.

Anonymous DDoS attack dismantles Albuquerque Police website

The hacktivist collective Anonymous organized a DDoS attack that made good on its promise to shut down the Albuquerque Police Department's website.

NSA spying on German broader than expected, Snowden docs show

In addition to tapping German Chancellor Merkel's cell phone, the NSA included her and more than 100 foreign leaders in a surveillance database.

CryptoDefense rakes in $34K in bitcoin ransom

In the month since its discovery, CryptoDefense has been profitable for its authors who have targeted Windows users, Symantec says.

Wi-Fi Alliance contacts Philips after researchers hack smart TVs

After researchers showed how they could take control of and take data off recent Philips Smart TVs, the Wi-Fi Alliance has contacted the technology company over its passphrase implementation relating to Miracast.

Canada gov't reports breaches soar, CRA hit hardest

Canada's government was plagued by more data breaches in a recent 10-month period than in the 10 years prior with nearly 80 percent occurring at the CRA.

S&P lowers Target's credit rating following breach

Poor sales and a drop in income in the wake of a high-profile breach prompt Standards & Poor to downgrade Target's credit rating one level.

Pinterest accounts hacked, display weight loss spam and butt pictures

Hacked Pinterest accounts began posting weight loss spam, and pictures of butts too.

Google researchers shed light on state-sponsored attacks targeting news orgs

The security engineers presented the findings at the Black Hat conference in Singapore.

Sony's insurer not required to back company over PlayStation hack, court rules

Sony and its insurer Zurich were embroiled in an immunity lawsuit for years.

Gov't snooping drives companies away from cloud adoption, study finds

Of the respondents participating in a just released survey, 33 percent indicated that they are less likely to adopt the cloud due to fears of government surveillance.

Security expert resurrects Full Disclosure mailing list

Gordon Lyon, who runs Seclists.org, will now manage the forum.

Cryptocurrency-mining apps discovered on Google Play store

At least two apps have been discovered on the official Google Play store that mine for cryptocurrencies, but overheating mobile devices and decreased performance may tip off Android users.

French consumer watchdog sues tech giants over data privacy

One of the top consumer watchdogs in France has sued social media giants Twitter, Facebook and Google over their data-collection policies.

Attacker obtains credentials of nearly 100K users of Cerberus app

An attacker was able to gain unauthorized access to credentials for nearly 100,000 users of Android anti-theft app Cerberus.

Gameover variant of Zeus trojan targets Monster and CareerBuilder

The Gameover variant of the Zeus trojan is targeting employment sites Monster and CareerBuilder, according to F-Secure researchers.

New Mexico breach notification bill goes to the House

New Mexico may become the 47th state with a breach notification law as a newly introduced bill is headed for a vote in the House Judiciary Committee.

Turkish court rules to end ban on Twitter

On Wednesday, a court in Ankara, Turkey overturned the government's ban on Twitter, according to a report by The New York Times.

CryptoLocker ransomware hits Vermont chamber of commerce

The infamous CryptoLocker ransomware made its way into the computer systems of a Vermont chamber of commerce, costing it $5,000 to replace computers, servers and hard-drives.

Feds tip off more than 3k companies about hacks in 2013

Federal officials notified more than 3,000 U.S. companies in 2013 that their computer networks were compromised, according to a report by the Washington Post.

Members of mobile app piracy group Appbucket plead guilty

Two Florida men face jail time after pleading guilty to criminal charges related to illegally distributing copyrighted Android mobile device apps.

Researchers demo drone that intercepts smartphone data

Experts have developed a flying drone that secretly siphons smartphone data.

About $4M may settle class-action for 2010 Stanford hospital breach

California-based Stanford Hospital & Clinics and billing contractor Multi-Specialty Collection Services LLC may end up paying a more than $4 million settlement for a 2010 breach, according to a report.

FTC and Calif. AG dispute Facebook's stance on teen privacy

The Federal Trade Commission (FTC) and California Attorney General Kamala Harris have each filed amicus briefs with a court of appeals disputing the interpretation of child privacy law in a federal case involving Facebook.

California DMV investigates possible data breach

The California Department of Motor Vehicles (DMV) has launched an investigation into a possible data breach of its credit card processing services.

Obama and tech executives discuss privacy

The CEOs of Netflix, Dropbox, Facebook, Palantir and Boxs, as well as the executive chairman of Google, met with President Obama to vent concerns over government surveillance efforts and their repercussions in the tech industry.

Revenge porn site operators forced to pay $385,000

A federal judge in Ohio ordered the two men to pay one of their victims.

Exploit identified that takes advantage of Adobe vulnerability

A new exploit in the wild takes advantage of a disclosed Adobe vulnerability, according to ThreatTrack Security Labs.

Twitter banned in Turkey

According to reports, the Turkish Prime Minister vowed in a speech to "eradicate Twitter."

University of Maryland breached again

The second attack affected only one university staff member's personal information.

Microsoft charge gov't for data requests, SEA says

The Syrian Electronic Army has released emails and invoices that it says prove Microsoft charged the FBI's DITU for lawful data requests.

About 200,000 Mt. Gox Bitcoins, $115 million, found in old-format wallet

About 200,000 Mt. Gox Bitcoins have been recovered in an obsolete old-format wallet, bringing the total amount of the virtual currency allegedly pilfered down to 650,000 Bitcoins.

Malicious Tor Browser iOS app still in App Store three months later

Anonymity seekers will only compromise their Apple mobile devices if they download the 99-cent Tor Browser app that is still available in the App Store.

Sign up to our newsletters

POLL