FTC launches 'Start With Security' initiative

The Federal Trade Commission will share lessons learned from the 54 data security cases it has brought as part of its "Start With Security" program.

Tech firms fear vague language in Chinese security law could be used to force backdoors

Vague language in a new Chinese security law has multinational tech firms concerned that China may use it to force them to build backdoors or provide encryption keys and source code.

Attackers use fake British Gas site to spread TorrentLocker

Researchers have seen an uptick in TorrentLocker infections in the U.K. and Turkey.

MasterCard testing facial recognition technology to verify online purchases

MasterCard has announced that it will begin using facial recognition and other biometric measures to verify payments in an effort to replace passwords.

Skimmer on Santander Bank ATM vestibule door leads to fraud

A magnetic stripe skimming device had been placed on the ATM vestibule door at a Santander Bank location in Woburn, Mass.

FISC judge gives NSA go-ahead to resume surveillance

A surveillance court judge ruled Monday that the NSA could temporarily resume its bulk data collection program during the transition period to the reforms of the USA Freedom Act signed into law June 2.

Trump Hotel Collection investigating potential payment card breach

According to a statement, Trump Hotel Collection has been alerted to potential suspicious credit card activity and is determining if it involves any of its properties.

JPMorgan reassigns CISO a year after major data breach

JPMorgan Chase reassigned the executive in charge of network security a year after he was criticized for his handling of a major data breach.

Unencrypted GoPro updates leave users vulnerable to attack

GoPro Studio sends update requests and receives updates over unencrypted connections leaving users vulnerable to attack.

FBI investigates physical attacks on San Francisco internet cables

The attacks reportedly date back a year, and happened as recently as Tuesday morning.

Cisco intends to acquire OpenDNS for $635 million

The acquisition is expected to close in the first quarter of the fiscal year 2016.

NYC private investigator sentenced for hiring hackers

Eric Saldarriaga was sentenced to three months in prison after he hired hackers to access victims' email accounts.

GAO issues report on Department of Treasury bureau

The U.S. Government Accountability Office identified nine new deficiencies in the Department of Treasury's Bureau of Fiscal Service's information systems.

Health orgs asking third party associates to get CSF certification

Recognizing the increased risk of breach from the interconnectedness of healthcare systems, some healthcare organizations will require third parties to obtain CSF certification.

DOJ investigates ATF official in possible data breach

An ATF official is under investigation by the DOJ for allegedly improperly accessing and downloading ATF employee data.

Europol, Interpol, and Ameripol arrest 130 suspected of airline fraud

Europol, Ameripol and Interpol collaborated to arrest 130 individuals across 49 countries between June 16 and 17 as part of a global initiative targeting criminals using stolen credit card information to purchase airline tickets,

FAA panel to focus on top cybersecurity risks to aircrafts

An FAA advisory committee aims to develop international design and testing standards that will thwart cyberattacks, a Wall Street Journal report reveals.

Apple to block advertisers from getting app data in iOS 9, reports say

Apple announced that the iOS 9 will block advertisers and other companies from scanning devices for app-download data.

Report: Florida call center hit by insider breach

The company in question, Advanced Tech Support, was previously sued by the FTC during a 2014 tech support scam investigation.

Damballa appoints Stephen Newman as CTO

Damballa announced the promotion of Stephen Newman to chief technology officer.

Checkmarx receives $84M investment

Application security firm Checkmarx announced on Thursday it received an $84M investment from Insight Venture Partners.

SINET panel sees uptick in bad actors, expanding attack surface

A panel at the SINET Innovation Summit agreed that while threats aren't more advanced they are persistent.

Indiana town judge says attackers gained access to classified court records

Access was gained to Clarksville Town Court classified records on June 23, potentially compromising information such as Social Security numbers.

Yahoo's Alex Stamos to join Facebook as CSO

Alex Stamos, who was appointed CISO at Yahoo last year, will join Facebook as CSO next Monday.

Hershey Park investigates potential payment card breach

The theme park is working with an external computer security firm to investigate its system for signs of an issue.

Coalfire co-founder and CEO Rick Dakin passes away

Dakin was a graduate of the United States Military Academy at West Point before going on to start Coalfire as a three-person operation in 2001.

In economic forum, U.S. talks gov't sponsored theft with Chinese officials

During the Washington meetings, cybersecurity affairs were discussed, though officials tiptoed around the subject of the OPM breach.

SEC asks firms for data breach details linked to insider trading

The Securities and Exchange Commission (SEC) is asking hacked firms to provide details on their breaches where stolen information from emails may have been used for insider trading.

Blackshades creator sentenced to 57 months in prison

The owner and co-creator of the Blackshades remote administration tool (RAT) was sentenced to 57 months in prison in a U.S. federal court on Tuesday.

National Archvies and Records Administration computers possibly accessed in connection to OPM breaches

NARA indicated the attackers, possibly the same as those involved in the OPM data breaches, accessed three desktop computers.

Researchers design device to collect laptop encryption keys

Israeli researchers have designed a device that picks up on laptops' radio emanations to then determine the individual users' decryption keys.

Google releases Chrome update

Google Chrome was updated to address multiple vulnerabilities, including two that were classified as 'high' severity.

Germany agrees to extradite Turkish hacker to U.S.

A Turkish man accused of stealing nearly $60 million in ATM heists and cyber attacks will be extradited to the U.S. after a custody battle.

Reports tie together Anthem and OPM data breaches

Evidence seems to indicate that the Anthem data breach and OPM data breaches were carried out by the same Chinese actors.

Georgia Dept. of Education names CPO

The Georgia Department of Education has named its Technology Management Director Levette Williams as chief privacy officer.

Attackers compromise email accounts using password recovery scam

Gmail, Hotmail and Yahoo Mail accounts are being compromised as part of a highly targeted social engineering scam involving text messages.

Secret Service agent pleads guilty for pocketing $820K from Silk Road

U.S. agent charged accused of stealing $820,000 worth of Bitcoin has reached a plea agreement.

Revenge porn images to be removed from Google Search results upon request

Google announced Friday that it will take steps to make revenge porn images inaccessible through its search engine.

Three NM teens indicted for cyberattack on baby formula website

Three New Mexico teens were indicted after prompting a cyber attack against the Enfamil baby formula website from their school computer.

Purdue to open STEM-focused high school aimed at inner city youth

Purdue Polytechnic Indianapolis High School, set to open in Indianapolis, will focus curriculum on STEM and help inner city students prepare for college.

Canadian police arrest nine men in 'romance fraud' scheme

Canadian police arrested nine suspects in connection to a romance fraud ring that cost victims $1.5 million earlier this week.

Drupal patches multiple vulnerabilities in versions 6 and 7

Four bugs were addressed Wednesday a critical vulnerability allowing user impersonation, two open redirect flaws and an information disclosure bug.

Ellen Pao told to pay more than $200K in defense reimbursement

A California judge ordered Ellen Pao to pay Kleiner Perkins $275,996.93 for its successful gender discrimination case win against the former employee.

Senators propose bill to ban warrantless federal aerial surveillance

Lawmakers proposed "Protecting Individuals from Mass Aerial Surveillance Act" on Wednesday to require federal authorities to obtain warrants to conduct aerial surveillance.

'Lotus Blossom' cyberattacks hit military, gov't targets in Southeast Asia

A cyberespionage dubbed "Lotus Blossom" has carried out more than 50 cyber attacks against military and government targets in Hong Kong, Taiwan, Vietnam, the Philippines, and Indonesia.

Magazine publisher loses $1.5 million in phishing attack

Bonnier Publications was targeted in a phishing attack that tricked an employee to transfer $3 million to a Chinese bank. Only half of the money has been recovered.

Study: 86.2M consumer calls scams, enterprise incidents up 30 percent

A study by Pindrop Security showed a 30 percent rise in enterprise phone scams with consumers hit with 86.2 million scam calls monthly.

Nuclear operators work to stiffen exploit kit competition

Cisco's Talos Group found that Nuclear EK picked up malicious tricks, like 302 cushioning and domain shadowing, to infect victims.

North Dakota Workforce Safety Institute experiences a breach

Incident and payroll reports were compromised in a breach of a North Dakota Workforce and Safety Institute (WSI) server, last Wednesday.

Amazon releases first transparency report

Amazon issued its first transparency report on Friday with an accompanying blog post on its privacy policies.

Man gets 135 months in federal prison for child exploitation offenses

A 45-year-old man used the internet to attempt to entice minors to engage in unlawful sexual conduct with him, and possessed child pornography.

Attackers stole data in Bundestag breach

A breach of Germany's lower house of parliament was worse than originally believed and yields the attackers data from multiple agencies.

OpenSSL patches and releases new versions

The OpenSSL Project released OpenSSL 1.0.2b, 1.0.1n, 1.0.0s and 9.9.8zg, which patched five security issues, including the Logjam vulnerability.

Malware spams Facebook pages with porn in India

Porn malware is spamming Facebook timelines and news feeds across India. Authorities say its part of the Kilim malware family.

Bug identified in WooCommerce plugin for WordPress websites

Sucuri identified an object injection vulnerability in the WooCommerce plugin, which it deemed dangerous because it could lead to a full site compromise.

SC Congress Toronto: IoT requires thorough security plans

Ted Harrington, executive partner at Independent Security Evaluators, discussed the Internet of Things (IoT) and how companies need to consider security throughout the production process.

SC Congress Toronto: Assess business risk before entering cyber insurance market

A speaker advised attendees to have a clear understanding of the risk management side of their business, to choose a tailored plan that meets their needs.

'Celebgate' nude photo leaker accessed more than 500 accounts

Emilio Herrera reportedly accessed more than 500 iCloud accounts and attempted to log into hundreds of others.

Adobe settles class action lawsuit in 2013 breach

Adobe has agreed to improve security and pay nearly $1.2 million in legal fees plus $5,000 per named plaintiff in the settlement of class action lawsuit over a 2013 breach.

Mozilla updates Firefox bug bounty program

As part of its updated Firefox bug bounty program, Mozilla is offering increased rewards and payouts for bugs rated moderate in severity.

49 arrested in Europe for phishing, MitM scheme that netted millions of euro

Europol arrested a total of 49 suspects Tuesday as the result of a joint investigation into a cybercrime gang that defrauded victims out of six million euro.

SC Congress Toronto: The worst of ransomware is yet to come

During a panel at SC Magazine's Toronto conference, a panel of IT security professionals discussed ransomware and its possible future iterations.

Apple to require iOS 9 users to use six-digit passwords and two-step authentication

Apple will require iOS 9 users to use six-digit passwords and two-factor authentication when signing into Apple services from a new device or browser.

OMB mandates federal sites to use HTTPS connections

All publicly accessible federal websites and web services will soon be required to provide all services through secure HTTPS connections to better protect data and to establish a consistent government-wide privacy policy.

SEA claims hack on Army website

Attackers claiming to be with the SEA compromised the official website for the U.S. Army, posting

Uber simplified privacy policies, specifies data use

Uber has updated its privacy policies to use less legal jargon, be more concise and easier to understand.

Vawtrak banking malware found to use Tor2Web

Banking malware Vawtrak, also known as Neverquest, is now using Tor2Web to steal banking credentials and stay hidden.

Tesla bug bounty program offers rewards of up to $1,000

As far as vehicles and products are concerned, vulnerabilities must be reported directly to Tesla and will be assessed on a case-by-case basis.

Silk Road creator appeals case

Ross Ulbricht, the creator of dark web marketplace the Silk Road, is appealing his recent conviction and sentencing.

NYC man robbed at gunpoint for $1,100 in Bitcoin

A New York man was robbed at gunpoint for $1,100 worth of Bitcoin in a Craigslist deal gone bad.

NEWS ALERT: Eataly NYC confirms data breach

Eataly's Retail Marketplace in New York City confirmed that it was the victim of a data breach earlier this year.

House bill would give DOJ $4 million to fight cyber harassment

A bill introduced in the House of Representatives would give the Justice Department $4 million hire and train additional FBI agents to enforce existing cybercrime laws.

Calif. Senate approves bill requiring warrant before electronic device search

Despite some police groups' opposition to the bill, the legislation was approved Wednesday by the state's Senate.

Garage doors vulnerable to hacking from children's toy

Samy Kamkar, a security researcher, modified a discontinued children's toy to open up any garage door that uses a fixed code system.

NEWS ALERT: U.S. Office of Personnel Management suffers major breach

The Associated Press reported on Thursday that the White House administration and other government entities are investigating a massive breach at the U.S. Office of Personnel Management.

Connecticut lawmakers unanimously OK changes to strengthen data breach bill

Connecticut Governor Dannel Malloy is expected to sign a bill that updates existing law to include data breach notification deadlines and requires one year of identity theft protection for those whose SSNs have been compromised.

Visa, FireEye team to help retailers, issuers fight cyber attacks

Visa and FireEye formed a partnership aimed at helping merchants and card issuers access threat intelligence and combat cyber attacks.

Twin brothers arrested in Russia over suspected bank fraud operation

International law enforcement, with the help of security firm Group-IB, arrested alleged members of the criminal group in late May.

Florida teacher suspended without pay for using cell phone jammer in class

A Florida high school teacher was suspended without pay for keeping a signal jammer in his class to prevent students from using their cell phones.

PCI Council releases PA-DSS 3.1, nixes SSL, early TLS

The PCI Security Standards Council revisions to PA-DSS addresses SSL vulnerabilities.

Three Adobe Flash Player zero-days profiled in case study

Three Adobe Flash Player zero-day vulnerabilities discovered this year were distributed through exploit kits and used malvertising as their primary infection vector.

Yahoo CISO Stamos, security pro Troy Hunt to keynote AppSecUSA 2015

Not-for-profit organization OWASP has named two security veterans to speak at the AppSecUSA 2015 Conference.

Card skimming at Virginia Credit Union ATMs

Card skimming occurred on several Virginia Credit Union ATMs and roughly 2,000 debit cards have been determined to be vulnerable to potential fraud.

Google takes small steps toward diversity

Google released its workforce demographics Monday and the company has not made a lot of headway in diversifying its ranks.

NEWS ALERT: USA Freedom Act passes Senate

After weeks of debate, the USA Freedom Act passed the Senate on Tuesday and now awaits President Barack Obama's signature.

UN watchdog group warns of cyberattacks on nuclear facilities

Nuclear facilities around the world are facing daily cyberattacks on its systems, a United Nations nuclear watchdog group said.

Report: MasterCard's biggest card issuers rebuffed Target breach deal

The Wall Street Journal reports that some of MasterCard's biggest issuers refused to back the breach settlement.

Computers stolen, Heartland Payment Systems notifies 2,200 individuals

Four of 11 Heartland Payment Systems computers stolen in a burglary are believed to have contained personal information.

After email blunder, Woolworths cancels $1M worth of gift cards

Australian supermarket chain Woolworths cancelled more than $1.3 million (AU) worth of e-gift cards, following an email blunder.

After breach, credit bureaus, Maine AG reach settlement

Shortly after Equifax sent out more than 300 envelopes containing confidential credit information to a Maine woman, three nationwide credit reporting agencies agree to make changes to their business processes.

Japan's national pension fund breach affects 1.25M

More than one million people were affected when Japan's national pension system was compromised after employees opened a malicious email.

Ross Ulbricht sentenced to life in prison

Ross Ulbricht, the owner and operator of Silk Road, was sentenced to life in prison on Friday.

NEWS ALERT: Silk Road operator Ross Ulbricht sentenced to life in prison

Ross Ulbricht, the mastermind behind Silk Road, was sentenced to life in prison on Friday afternoon.

20 N.J. students charged in 'sexting' investigation

Twenty New Jersey high school and middle school students are facing invasion of privacy charges following a "sexting" scandal.

Websites redirect Congressional users to protest page, groups call for end of surveillance

A protest led by Fight for the Future gained steam as 14,000 websites included code that would redirect Congressional users to a protest page; while a coalition penned a letter to Senate leaders urged the rejection of a pair of FISA bills.

Man charged with creating counterfeit coupons, selling them on Silk Road

The Louisiana man was charged with conspiracy to commit wire fraud and conspiracy to commit trademark counterfeiting.

Chrome extension creates map of Facebook users' precise locations

Aran Khanna, a Harvard College student, created a Google Chrome extension to highlight the location data Facebook's Messenger app collects about users.

IRS attack may have originated in Russia

An IRS breach may have been instigated by attackers in Russia, a U.S. Congressman said.

North Dakota, Nevada amend data breach notification laws

North Dakota and Nevada have amended their breach notification laws as well as clarified specified what counts as personal information.

Vulnerability in Cordova Android platform allows for app behavior modification

A vulnerability in the Android platform of Cordova could allow attackers to modify apps' behavior by clicking a URL.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US