IEEE Computer Society shares top security design flaws

The group's Center for Secure Design released a report detailing how to avoid common design flaws.

FTC seeks public comment on adult verification company AgeCheq

Under the agency's COPPA ruling, website that collect personal information on its young users must receive parental consent before doing so.

Experts discover variant of BIFROSE backdoor in targeted attack

A variant of the BIFROSE backdoor which is more evasive than its predecessor has been discovered by experts.

Apple health app protocol bars developers from selling user info

Under its new protocol, app developers are prohibited from selling users' personal health information.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach goes undisclosed

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.

At 10 years old, NetTraveler works much the same, few changes

Researchers at Kaspersky Labs analyzed the evolution, slight as it might be, of the NetTraveler toolkit.

Microsoft reissues problematic update

The MS14-045 update caused some users' systems to crash, and in response, Microsoft pulled the update.

PCI Council urges retailers to defend against Backoff POS attacks

The warning comes soon after the Secret Service and DHS issues a warning on the threat.

Racing Post website SQL injection attack compromises 677K accounts

The website of Racing Post was hit by a SQL injection attack in October 2013, enabling an attacker to access a database including information on 677,335 customers.

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

California Assembly passes first student online privacy bill

The bill would prevent companies from selling students' data and profiting from it.

Community Health Systems faces lawsuit related to data breach

The suit claims the hospital operator failed to meet security standards to protect the personal information belonging to patients.

Norwegian oil companies targeted in string of attacks

More than 300 companies are being warned to check their systems after at least 50 oil companies confirmed that their systems were attacked.

Possible payment card breach at Dairy Queen stores

Several financial institutions are reporting payment card fraud activity on credit and debit cards used at various Dairy Queen stores around the country, according to Brian Krebs.

Phishing campaign lures victims with models' photos

Two nude models' photos reeled in unsuspecting victims who handed over their Facebook logins to gain access to adult material.

Singapore hacker, 'The Messiah,' hit with 105 computer misuse charges

James Raj Arokiasamy, known as "The Messiah," now faces a total of 162 charges stemming from a string of attacks he conducted.

NSA's ICREACH search engine shares billions of records, The Intercept reports

More than 1,000 analysts at 23 U.S. government agencies have had access to more than 850 billion records courtesy of NSA's ICREACH, a search engine similar to Google.

Twitter patent may lead to blocking mobile malware

A patent that has recently been granted to Twitter reveals how the social media giant plans to block mobile malware from affecting its users.

Researchers warn of backdoor in Netis, Netcore routers

The routers are sold in China under the Netcore brand name, and elsewhere as Netis products.

Calif. passes law requiring smartphone kill switch technology

Starting July 2015, all smartphones sold in the state must come with the anti-theft technology.

FTC asks court to shut down debt relief scam

Claiming funding from the federal government and an endorsement by President Obama, a debt relief program coerced private data from consumers.

AdThief malware infects 75K iOS devices, steals revenue

A researcher at Fortinet has revealed more details about iOS/AdThief, which hijacks revenue through jailbroken iPads and iPhones.

Hack exposes Secret app confessions

Anonymous confessions posted on a popular app, called "Secret," were susceptible to being exposed via a hack.

At least 25k gov't workers impacted by USIS data breach

The personal information of up to 25,000 government workers may be at risk after U.S. Investigations Services (USIS) was breached.

South Korean data breach impacts 27 million

Up to seventy percent of the population aged between 15 and 65 might have had their names, resident registration numbers, account usernames and passwords stolen.

Report: UK police push for required mobile phone PWs

The Metropolitan Police have reportedly lobbied for two years to enact the standard.

Alleged Silk Road creator faces new charges

The man accused of creating Silk Road - a black market existing on the Deep Web and accessible through the Tor network - is facing new charges from federal prosecutors.

Carbon Grabber crimeware kit being distributed in spam campaign

A spam campaign involving the Carbon Grabber crimeware kit is ongoing against the automotive industry in Europe, according to Symantec.

Errors in ZeroLocker means paying ransom may not decrypt files

A piece of ransomware known as ZeroLocker contains various errors that may prevent files from being decrypted even if the ransom is paid.

Rogue AV scammers find success with new tactics

Although the number of rogue anti-virus malware campaigns have decreased overall, the threat isn't totally gone, according to researchers at Microsoft.

Medical transcription provider settles data security charges

GMR Transcription Services in California agreed to settle FTC charges related to its security practices.

Phishing campaign targeting users of Bitcoin wallet Blockchain.info

More than 12,000 messages have been sent to more than 400 companies as part of a phishing campaign targeting users of Bitcoin wallet Blockchain.info.

AOL announces that it does not follow 'Do Not Track' requests

Eight months after the enactment of a new California privacy law, AOL clarified that it does not respond to web browsers' "Do Not Track" requests.

Experts discover history of malware infections on network of Community Health Systems

Following a major breach at the hospital provider, security experts analyzed its network and discovered malware infections dating back to January.

With Black Hat and DefCon comes spike in Vegas-based attacks

A recent study found that the number of attacks during the two conferences increased to about 130 times the usual amount.

UPS announces breach impacting 51 U.S. locations

The shipping and printing provider said malware has been present on some stores' computer systems since mid-January.

'Machete' espionage campaign targets orgs in Venezuela, Ecuador

The campaign targets Spanish speaking victims, which also appears to be the native language of attackers.

Health care breaches continue to rise, over 30M affected

As breaches hitting the health care industry continue to ramp up, more than 30 million individuals have been affected by these incidents thus far.

'Backoff' malware compromises POS devices in New Orleans restaurant

Anyone that used a credit or debit card at Mizado Cocina between May 9 and July 18 may have had their data compromised.

FBI begins investigation into 1.2 billion stolen credentials

A couple weeks after Hold Security's initial discovery of the stolen logins, the Federal Bureau of Investigation is conducting its own review.

CryptoLocker copycat, TorrentLocker, discovered by researchers

Yet another clone of the nefarious ransomware CryptoLocker has been detected by security experts.

Russian hacker Seleznev ordered to remain in custody

Roman Seleznev's attorneys requested that the hacker be released on bond, but their pleas were rejected this past week.

Bug in iOS Instagram app fixed, impacts Facebook accounts

The vulnerability comes into play when Instagram users search for Facebook friends to "follow."

Proofpoint announces plans to hire 94 IT professionals in Northern Ireland

After acquiring SaaS email security provider Maildistiller, Proofpoint is ready to expand its European team.

Symantec rolls Norton solutions into single suite

In a move to keep up with the evolution of connected devices, Symantec has announced that its Norton security software will be rolled into one suite.

Nuclear Regulatory Commission's computers hacked three times in three years

The separate attacks were carried out by at least two foreign entities, who might have been able to access sensitive documents and details on U.S. critical infrastructure.

New website calls out sites, apps, lacking security

HTTP Shaming was created by a security consultant to call out apps and web services that put user information at risk.

Attackers leverage Ebola virus fear to spread malware

Phishing campaigns are being leveraged by attackers to reach victims and collect email logins, as well as infect their machines with malware.

Microsoft removes Windows 8.1 Patch Tuesday update link

After some users noted issues with this month's update, Microsoft opted to remove the links while it investigates the problems further.

Chrome to warn users when downloaded software will make unexpected changes

Google's Safe Browsing service will be expanded to protect Chrome users from downloading and installing software that makes unexpected changes to a computer.

Iranian hackers take over IDF Twitter account

Coordinated attacks on Israeli websites were confirmed this weekend, but none of the attacks caused serious damage.

Android RAT spreading through modified legitimate apps

An Android RAT known as Krysanec, which can take photos, record audio and steal data, is being spread through modified legitimate apps.

Former college student pleads guilty to cyberstalking faculty member

A former student of the University of Missouri-Kansas City has pleaded guilty of harassing a faculty member for months through threatening emails.

Bugat malware variant uses Gameover Zeus techniques

Researchers have discovered a variant of one of the most active banking trojans, Bugat, that features new attack techniques taken from the Gameover Zeus malware.

Five charged for roles in massive bank fraud scheme

Five individuals were charged on Wednesday for their roles in a scheme that resulted in a financial institutions reporting millions of dollars in losses.

Weak password trend persists in the enterprise, study says

Trustwave's "2014 Business Password Analysis" indicates that strong authentication policies have yet to be implemented at organizations.

Phishing campaign lures victims with offer of IRS refund

A phishing campaign that mirrors earlier attacks lets victims choose the amount of an IRS refund.

Russian Prime Minister's Twitter account hacked

The Twitter account of Russian Prime Minister Dmitry Medvedev was hacked on Thursday to state, among other things, that he was resigning.

Email spammer settles for $350K with FTC

Yair Shalev and his company, Kobeni Inc., sent deceptive emails to consumers that led to advertisements for insurance providers.

Facial recognition software helps FBI snag fugitive 15 years later

New facial recognition software aided the FBI in arresting a fugitive who was on the run for nearly 15 years.

Ransomware crooks claim private key database is for sale

SynoLocker attackers said the database of keys was available for $100,000.

Vulnerability exploited by Stuxnet still a threat

Despite a patch issued four years ago, a vulnerability in XP, Vista, WIndows 7 and Windows Server 2001/2008 is still a threat.

Apple's Safari browser updates available following bug fixes

Apple has released version 6.1.6 and 7.0.6 of its Safari browser following patched vulnerabilities recently discovered by its researchers.

SOHOpelessly contest at DefCon yields 15 router flaws

In a multi-challenge contest security researchers uncovered vulnerabilities and hacked into routers at the DefCon conference in Las Vegas.

Skimming con drains pension of retired officer in Philippines

The National Bureau of Investigation (NBI) warned that the incident showcases the growing incidence of ATM skimming fraud.

DEA paid $850K for Amtrak passenger info that was available for free

The DEA paid an unnamed Amtrak secretary more than $850,000 for passenger information that it could have attained for free.

Adobe plugs critical Flash Player vulnerabilities

On Tuesday, Adobe released fixes for seven critical bugs in its Flash Player plug-in.

Lookout raises $150 million in financing

The mobile security vendor will use the funds to extend its security platform to the enterprises.

Tennessee company sues its bank for cyberheist losses

TEC Industrial, a Tennessee-based electrical company, has sued TriSummit Bank following a cyberheist that stole $327,804 from the firm.

Chinese teen arrested 17 hours after creating malicious 'Heart App'

The teenage student know as "Li," created an app that has already infected at least 100,000 phones.

Hacked Canadian ISP leads to virtual currency theft

A hacker that gained privileged access to a Canadian ISP's network hijacked net traffic from foreign networks to steal more than $83,000 in virtual currency.

Schnucks reaches data breach settlement

A court has approved a plan for Schnucks to reimburse shoppers affected by a 2013 data breach.

White House charges elite tech team with improving websites

After a disastrous rollout of healthcare.gov, the White House has put together a team of private sector gurus to improve federal websites.

Report: Hacker posts Gamma International data exposing FinFisher concerns

Gamma International distributes FinFisher, spyware allegedly used to target dissidents in nations overseas.

Google announces use of HTTPS as ranking signal

In an effort to bolster security on the web, Google has announced that it will boost the search engine ranking of sites that use HTTPS encryption by default.

Chinese gov't drops 10 Apple products from approved list

In a continuing effort to move away from U.S. products in favor of homegrown technology, China has removed Apple products from its procurement list.

SMU program fasttracks health care security, risk pros to leadership roles

SMU will offer the first graduate level program aimed at closing the skills and competencies gaps for senior security and risk professionals.

IBM acquires cloud security provider, Lighthouse Services Group

IBM continues to beef up its security portfolio by acquiring cloud security services provider Lighthouse Security Group.

DefCon: Bug bounty programs continue to evolve

At DefCon 22 in Las Vegas, Nir Valtman discussed how far bug bounty programs have come in nearly 20 years.

Black Hat: SAP systems vulnerable to payment card theft, rerouting payments

At Black Hat 2014, Ertunga Arsal demonstrated how he can gain admin access to SAP systems, steal payment card data and reroute payments.

Gemalto acquires SafeNet for $890 million

The acquisition is predicted to help grow Gemalto's operating profit by 10 percent in 2017.

Google implements HTTPS signal into search engine algorithm

Websites using HTTPS will be given higher priority in searches.

Vulnerabilities in WordPress and Drupal enable DoS attacks

A researcher has discovered vulnerabilities in WordPress and Drupal that enable XML denial-of-service attacks.

Black Hat: Yahoo to implement end-to-end mail encryption by next year

Yahoo will implement end-to-end mail encryption for its users by next year, according to an announcement made by its CISO.

Australian whistleblower charged after leaking information on prime minister's daughter

Freya Newman leaked information that proved that Frances Abbott, the prime minister's daughter, was receiving a large scholarship to a private school.

Breach of USIS believed to be state-sponsored, DHS reportedly impacted

Two USIS clients, the Department of Homeland Security and the Office of Personnel Management, have suspended their contracts as a result of the incident.

Man arrested in Utah university breach affecting 1,200

Joseph W. Langford is suspected of breaking into a Webster State University computer lab and accessing computers to steal test materials.

Man pleads guilty to role in identity theft and credit card fraud ring

Olanrewaju Abiola pleaded guilty to conspiracy to commit access device fraud and faces a maximum prison sentence of five years.

Wikimedia Foundation lists removed links under 'right to be forgotten'

The nonprofit group which run Wikipedia was notified by Google of links removed from its search results.

Twitter link shortening service hit by pharma spammer

Experts have caught on to a pharma spam campaign that leverages Twitter's link shortening service to send users to pages touting bootleg drugs made in India.

Decryption tool released to aid those impacted by CryptoLocker

FireEye and Fox-IT have teamed up to create a free decryption tool that offers keys to those whose files have been encrypted by the ransomware.

Report: June phishing attacks account for over $400M in losses

A spike in phishing attacks has been identified by security experts in the month of June, which resulted in more than $400 million is global losses.

Researchers still find iOS apps to be riskier than Android apps

A report reveals that 87 percent of the top paid iOS apps exhibit at least one risky behavior, whereas only 77 percent of the top paid Android apps did the same.

Google tips off Texas police, leading to arrest of sex offender

John Henry Skillern was arrested this past week after Google found an explicit image of an underage girl in his email.

Retailer Target expects data breach to cost $148 million

The massive data breach of Minneapolis-based Target may end up costing the company $148 million.

P.F. Chang's update says 33 restaurant locations affected

The company elaborated on it June breach and said that 33 of its locations around the U.S. were affected.

"Poweliks" downloads additional malware, abuses PowerShell

Poweliks abuses Windows PowerShell to try to remain undetected.

Two more sessions pulled on eve of Black Hat

The Black Hat conference schedule no longer includes sessions on home insecurity and dissecting the Snake malware campaign.

Free streams of 22 Jump Street, Transformers lead to adware, malware

Clicking on links to free streams of summer flicks such as 22 Jump Street and Transformers: Age of Extinction could lead to adware and malware.

Sign up to our newsletters

POLL