Texas man ordered to pay $40.4M for Bitcoin Ponzi scheme

Trendon T. Shavers pocketed more than $101 million after convincing Bitcoin owners to invest in his phony firm.

IBM opens cloud resiliency center in N.C.

The center will help enterprises avoid costly disruptions caused by cyber incidents and natural disaster.

Google to encrypt data by default on Android L devices

The mobile operating system, Android L, is expected to be released later this year.

EFF Tor Challenge yields more than 1600 relays

The privacy group said the response to the Challenge exceeded its projections threefold.

Home Depot ignored security employees' vulnerability warnings

The New York Times reported that the retailer's security team warned of possible system vulnerabilities but managers never followed through.

Reddit, 4chan shut down another round of celeb nude photos

Another wave of celebrity nude photos were released Saturday and sites like 4chan moved quickly to remove them.

Beazley: employee errors root of most data breaches, but malware incidents cost more

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.

Info on 282K Wisconsin Home Depot cards for sale on black market

A Milwaukee Journal Sentinel investigation found customer payment card information from all 26 Wisconsin stores on sale.

Malvertising campaign targets Israeli news outlets

The recently discovered campaign is using The Times of Israel and The Jerusalem Post to expose users to the Zemot Trojan.

Two Russian cybercriminals nabbed in Android malware scheme

Two men were arrested for stealing money from victims' bank accounts after sending malicious emails offering a romantic gift.

TorrentLocker developers patch error

Victims had been able to restore encrypted files without paying a ransom.

Home Depot: breach risks 56M payment cards, 'unique' malware used

Home Depot confirmed that approximately 56 million payment cards may have been compromised as result of a malware attack.

eBay addresses XSS issue affecting auction page visitors

Due to the flaw, iPhone bidders were vulnerable to being redirected to a phishing page.

Apple cannot comply with search warrants on iOS 8 devices

The new operating system protects the device's personal information with a passcode that Apple will not be able to bypass.

Singaporean karaoke bar members' info compromised

K Box was targeted in an attack that was supposed to express unhappiness over a toll fare hike.

Analysts spot 'Critolock,' ransomware claims to be CryptoLocker

Trend Micro noted several differences between Critolock and CryptoLocker, however.

Apple implements two-factor authentication

The company followed through on its promise to up iCloud security by implementing two-factor authentication earlier this week.

C&K apologizes for unauthorized access that led to Goodwill breach

A web hosting service apologized for intermittent unauthorized access of its hosted environment over 18 months that led to the Goodwill breach.

Adobe makes delayed updates for Reader, Acrobat available

The Reader and Acrobat fixes were delayed a week due to issues found during testing.

Nigerian police search for ringleader in major bank heist

The suspect, Godswill Oyegwa Uyoyou, conspired with others to hack bank systems and divert 6.28 billion Naira to mule accounts.

Congressman asks Issa for hearing on CHS breach

The top Democrat on the House Oversight and Government Reform Committee asked for a hearing to investigate the CHS breach.

Google reveals 150 percent jump in gov't requests for user data

Google indicated in its most recent transparency report that it also saw a 15 percent jump in government requests for user data since the end of last year.

Researcher discovers flaw in Amazon Kindle Library

A security expert discovered a vulnerability in Amazon's Kindle Library that could lead to cross-site scripting attacks and account compromises.

JPMorgan Chase might struggle to patch vulnerabilities quickly enough

This summer's attack on the bank's network might have helped hackers detect subtle vulnerabilities they could exploit in the future.

WikiLeaks makes FinFisher surveillance software available to public

Copies of controversial surveillance software, called "FinFisher," were made available for public scrutiny by WikiLeaks.

Researcher challenges reports that BlackPOS variant struck Home Depot

Nuix believes the malware found on Home Depot's systems belongs to a different threat family.

Documents reveal NSA plans to map every internet connected device in the world

Documents provided by Edward Snowden reveal that the NSA is looking to build a near real-time map of every single internet-connected device in the world.

Dropbox releases biannual transparency report

Dropbox issued its transparency report that shares the company had received 268 government requests for users' information, and in some cases, account files.

FBI facial recognition system ready for use

The Federal Bureau of Investigation has announced that it is prepared to roll out its new fully operational facial recognition system.

U.S. under cyber attack, losing ground to adversaries

In testimony to a Senate committee, cyber experts said the U.S. has fielded 600,000 attacks this year.

Researchers in China work on facial recognition payment app

The app is expected to be launched next year.

Temple University patients impacted by possible breach

The unencrypted desktop computer was stolen from a university physician's office in July.

Survey: a third of respondents improved security following celeb photo hack

In a survey of more than 1,000 Americans, 35 percent of respondents said that they improved security following the celebrity photo hacking incident.

Yahoo, other tech giants faced pressure from feds to join PRISM, court docs reveal

Federal officials compelled American tech companies to participate in the NSA's PRISM program or face huge fines.

Canadian computer dealer claims Ernst & Young breach

A computer dealer in Canada said that a server he bought contained the firm's client data and he is asking for payment to delete it.

Veracode receives $40M in late-state funding

The Burlington, Vt.-based web and mobile application security firm announced that it closed on $40 million in a late-stage funding round.

Retail trade association appoints new VP of cybersecurity

The Retail Industry Leaders Association announced the appointment of Nicholas Ahrens as the new head of cybersecurity for the trade group.

U.K. man, who obtained bank details of 28K, pleads guilty to blackmail

The 22-year-old man, Lewys Martin, pleaded guilty in London last week.

Home Depot is sued following payment card breach

An Illinois resident sued the home improvement retailer and claimed the company failed to comply with security standards.

Payment card breach possibly tied to Florida Beef 'O' Brady's locations

Unauthorized payment card purchases made in Massachusetts, New York and Texas may be tied to four Beef 'O' Brady's sports bar locations in Florida.

Researchers analyze phishing campaign spreading 'vawtrak' malware

Experts have discovered a phishing campaign that targets users with a phony PDF attachment that leads to the vawtrak malware.

Merchant Financial Cybersecurity Partnership hosts security summit

The "Cybersecurity: Protecting the Payments Systems" summit will encourage coordination between all cybersecurity and industry entities.

Adobe addresses 12 security vulnerabilities in latest bulletin

Adobe has issued security fixes addressing 12 vulnerabilities affecting its Flash Player and AIR for Windows, Macintosh and Linux platforms.

Markey, Blumenthal pen letter to FTC over Home Depot breach

In a letter to the FTC chairwoman, Sen. Markey and Sen. Blumenthal urged the agency to use its authority if Home Depot had failed to protect consumer data.

Phishing campaign exploits fear of stolen iCloud data

A new phishing campaign popped up last week and lures victims into handing over their Apple ID login credentials.

Researchers reveal security issues in Android apps

On Monday, the University of New Haven revealed its first video in a series of security findings.

Home Depot confirms payment data systems breach

After nearly a weeklong investigation, Home Depot confirmed on Monday that its payment data systems have been breached.

CMS administrator to testify before committee on HealthCare.gov hack

Administrator Marilyn Tavenner will have to testify in front of the House Committee on Oversight and Government Reform on Sept. 18.

Privacy groups urge Senate leaders to pass USA Freedom Act

More than 40 civil liberties groups are urging Senate leaders to pass legislation that would put a halt to the NSA's data collection practices.

New Zealand ISP says DDoS attack caused weekend internet issues

Customers of New Zealand communications service provider Spark experienced internet connectivity issues over the weekend due to a distributed denial-of-service attack.

McAfee and Symantec join Cyber Threat Alliance

Fortinet and Palo Alto Networks founded the alliance in May, and McAfee and Symantec are the first companies to join.

Social engineering campaign leads to malicious Chrome extension

Security experts have discovered a social engineering ruse that installs a malicious Google Chrome extension to lure victims in a click fraud campaign.

iCloud beefs up security in wake of celebrity nude photo scandal

Apple's CEO said the company will begin using email and push notifications to alert users to passwords changes in any iCloud account.

FTC orders Google to refund $19M for in-app purchases

The FTC said Google must refund parents whose children made in-app purchases without their permission.

Namecheap.com reveals attack on login systems

Late last month a group of attackers targeted the web hosting company's login portal to try and access users' accounts.

CMS says no consumer data exposed in Healthcare.gov test server hack

A server used to test new code was hacked in July to drop malware intended for DDoS attacks.

Researchers discover two SQL injection flaws in WordPress security plugin

High-Tech Bridge discovered two SQL injection vulnerabilities in All In One WordPress Security and Firewall plugin and notified the vendor.

Healthcare orgs prepare for cyber threat readiness test

More than 750 healthcare organizations will test their cyber attack responses in October as part of a HITRUST initiative.

Twitter announces launch of bug bounty program

The social media giant recently announced its new bug bounty program, rewarding researchers that find security vulnerabilities in its web services.

Researchers will compete to win up to $425,000 at Mobile Pwn2Own 2014

The third annual Mobile Pwn2Own competition will feature new devices to crack and a $425,000 prize pool, which has gone up $125,000 from last year's.

ACLU's suit against NSA for phone data collection before appeals court

ACLU is currently arguing its case against NSA's spying program before the U.S. Circuit Court of Appeals.

Firm explores attack methods allowing possible Home Depot breach

Research from Bidefender found that Home Depot's payment interface could have a vulnerability that would allow attackers into the company's systems.

Agora edges past Silk Road 2.0 as Darknet leader, report says

DDoS attacks on Silk Road 2.0 and a hack at the Pandora Openmarket have paved the way for Agora to become largest Darknet marketplace.

Researchers observe more than a hundred connections to 'Backoff' sinkhole

Researchers with Kaspersky Lab were able to sinkhole two command-and-control servers used by certain Backoff point-of-sale malware samples.

Judge lifts stay but Microsoft won't hand over emails during appeal

A judge has lifted a suspension of a previous order compelling Microsoft to hand over customer emails stored on a server in Ireland.

Security foundation also warns of Netis router backdoor

Trend Micro first alerted the public to the backdoor affecting Netis and Netcore brand routers.

New international cybercrime unit, J-CAT, launches pilot program

The group will bring countries together to address major cyber security threats, including malware and botnets.

IEEE Computer Society shares top security design flaws

The group's Center for Secure Design released a report detailing how to avoid common design flaws.

FTC seeks public comment on adult verification company AgeCheq

Under the agency's COPPA ruling, website that collect personal information on its young users must receive parental consent before doing so.

Experts discover variant of BIFROSE backdoor in targeted attack

A variant of the BIFROSE backdoor which is more evasive than its predecessor has been discovered by experts.

Apple health app protocol bars developers from selling user info

Under its new protocol, app developers are prohibited from selling users' personal health information.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach goes undisclosed

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.

At 10 years old, NetTraveler works much the same, few changes

Researchers at Kaspersky Labs analyzed the evolution, slight as it might be, of the NetTraveler toolkit.

Microsoft reissues problematic update

The MS14-045 update caused some users' systems to crash, and in response, Microsoft pulled the update.

PCI Council urges retailers to defend against Backoff POS attacks

The warning comes soon after the Secret Service and DHS issues a warning on the threat.

Racing Post website SQL injection attack compromises 677K accounts

The website of Racing Post was hit by a SQL injection attack in October 2013, enabling an attacker to access a database including information on 677,335 customers.

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

California Assembly passes first student online privacy bill

The bill would prevent companies from selling students' data and profiting from it.

Community Health Systems faces lawsuit related to data breach

The suit claims the hospital operator failed to meet security standards to protect the personal information belonging to patients.

Norwegian oil companies targeted in string of attacks

More than 300 companies are being warned to check their systems after at least 50 oil companies confirmed that their systems were attacked.

Possible payment card breach at Dairy Queen stores

Several financial institutions are reporting payment card fraud activity on credit and debit cards used at various Dairy Queen stores around the country, according to Brian Krebs.

Phishing campaign lures victims with models' photos

Two nude models' photos reeled in unsuspecting victims who handed over their Facebook logins to gain access to adult material.

Singapore hacker, 'The Messiah,' hit with 105 computer misuse charges

James Raj Arokiasamy, known as "The Messiah," now faces a total of 162 charges stemming from a string of attacks he conducted.

NSA's ICREACH search engine shares billions of records, The Intercept reports

More than 1,000 analysts at 23 U.S. government agencies have had access to more than 850 billion records courtesy of NSA's ICREACH, a search engine similar to Google.

Twitter patent may lead to blocking mobile malware

A patent that has recently been granted to Twitter reveals how the social media giant plans to block mobile malware from affecting its users.

Researchers warn of backdoor in Netis, Netcore routers

The routers are sold in China under the Netcore brand name, and elsewhere as Netis products.

Calif. passes law requiring smartphone kill switch technology

Starting July 2015, all smartphones sold in the state must come with the anti-theft technology.

FTC asks court to shut down debt relief scam

Claiming funding from the federal government and an endorsement by President Obama, a debt relief program coerced private data from consumers.

AdThief malware infects 75K iOS devices, steals revenue

A researcher at Fortinet has revealed more details about iOS/AdThief, which hijacks revenue through jailbroken iPads and iPhones.

Hack exposes Secret app confessions

Anonymous confessions posted on a popular app, called "Secret," were susceptible to being exposed via a hack.

At least 25k gov't workers impacted by USIS data breach

The personal information of up to 25,000 government workers may be at risk after U.S. Investigations Services (USIS) was breached.

South Korean data breach impacts 27 million

Up to seventy percent of the population aged between 15 and 65 might have had their names, resident registration numbers, account usernames and passwords stolen.

Report: UK police push for required mobile phone PWs

The Metropolitan Police have reportedly lobbied for two years to enact the standard.

Alleged Silk Road creator faces new charges

The man accused of creating Silk Road - a black market existing on the Deep Web and accessible through the Tor network - is facing new charges from federal prosecutors.

Carbon Grabber crimeware kit being distributed in spam campaign

A spam campaign involving the Carbon Grabber crimeware kit is ongoing against the automotive industry in Europe, according to Symantec.

Errors in ZeroLocker means paying ransom may not decrypt files

A piece of ransomware known as ZeroLocker contains various errors that may prevent files from being decrypted even if the ransom is paid.

Rogue AV scammers find success with new tactics

Although the number of rogue anti-virus malware campaigns have decreased overall, the threat isn't totally gone, according to researchers at Microsoft.

Medical transcription provider settles data security charges

GMR Transcription Services in California agreed to settle FTC charges related to its security practices.

Sign up to our newsletters