Roughly 1.16 million payment cards may have been affected in Staples breach

Malware infected Staples' point-of-sale systems at 115 of its 1,400 U.S. retail stores, mostly between Aug. 10 and Sept. 16.

Git client discloses critical security vulnerability

An advisory is warning all users of GitHub for Windows and GitHub for Mac to update their clients as soon as possible.

Obama promises U.S. response to Sony attack, says company made mistake

Pointing out that North Korea had inflicted considerable damage in its Sony hack, President Obama said the U.S. would respond.

New ransomware named 'CryptoLocker' being spread via phishing emails

Individuals in Australia are being targeted with emails that claim to come from the State Debt and Recovery Office.

40,000 federal employees impacted by contractor breach

Federal contractor KeyPoint Government Solutions, which conducts background checks on federal employees, has been impacted by a data breach.

Sony investigation reveals North Korea behind cyber attack, FBI says

Following an investigation which involved other U.S. government departments and agencies, the agency concluded that the North Korean government conducted the Sony Pictures Entertainment cyber attack.

Barrett Brown sentencing delayed until January

Barrett Brown appeared in federal court in Dallas Tuesday for sentencing, but will now have to wait until January to hear his fate.

Spearfishing campaign compromises ICANN systems

Staff member credentials were used to access ICANN systems after spearphishing campaign that began in November.

After hack, Ars Technica asks subscribers to change passwords

An intruder initially gained access to an Ars Technica web server and was then able to access a more central machine using information from a "poorly located" backup file.

Researchers find 'CoolReaper' backdoor in CoolPad devices

Palo Alto Networks Unit 42 researchers have identified the backdoor on numerous devices, so far leaving more than 10 million users vulnerable.

RSA details new Boleto malware family

The new "Onyx" family of Boleto malware is altering its tactics to infect victims' transactions and possibly cause billions of dollars in losses.

Jeans and blazers will feature RFID blocking fabric

Produced by Norton and Betabrand, the READY Active jeans and Work-It blazer feature pockets lined with RFID blocking material.

Apple wins class-action lawsuit over iPod copyright management

Apple won a class-action lawsuit that alleged they had used a software update to ensure iPod owners could only play songs sold in the iTunes Store or downloaded from CDs.

NIST drafts new cloud metrics guide

The publication, called "Cloud Computing Service Metrics Description," is currently in a public comment phase.

Dutch DPA fine over privacy violations could cost Google $18.6M

The DPA warned Google that by gathering personal information on internet users to personalize ads, it has violated a Dutch privacy act.

Experts discover TorLocker variant targeting Japanese speakers

The newly discovered malware is the first ransomware variant to go after Japanese speakers, demanding ransom fees that range from $500 to $3600.

Sony warns employees of potential fraud

In a letter to employees, Sony warned against fraudsters and offered free identity theft protection.

Firefox, IE11 zero-day bugs possibly targeted in 'SoakSoak' WordPress malware attacks

Attackers exploiting a bug in the Slider Revolution plugin to compromise WordPress websites with malware may also be targeting zero-day vulnerabilities in Firefox and Internet Explorer 11.

URL flaw discovered for airline mobile boarding passes

A URL flaw that impacts mobile boarding passes for airlines, such as Southwest and Delta, was discovered on Tuesday.

Witnesses against Silk Road creator to be kept under wraps until days before trial

Witnesses against Ross Ulbricht are being kept under wraps after New York district court judge Katherine Forrest determined their safety could be at-risk.

FBI op, leading to child porn convictions, used Metasploit

Several were arrested in Operation Torpedo, including former acting HHS cyber director DeFoggi.

Senate and House pass cybersecurity bill

The U.S. House of Representatives and the Senate passed to the CyberSecurity Enhancement Act of 2014, giving NIST the go-ahead to develop voluntary cyber standards for critical infrastructure.

Researcher identifies XSS vulnerability affecting Citibank website

A researcher identified a cross-site scripting vulnerability affecting the Citibank website, which has yet to be patched.

Ursnif malware variant detected in global spike

A new Ursnif malware variant has been detected in the wild, and the U.S. and United Kingdom are being particularly targeted.

New report sheds light on National Research Council breach

The organization alerted partner companies of a breach that took place in July, in which attackers attempted to glean sensitive information.

London teen pleads guilty to SpamHaus DDoS attack

Sean Nolan McDonough, also known as 'Narko,' pleaded guiltycomputer misuse and money laundering in connection to the massive denial-of-service attack (DDoS) on SpamHaus and Cloudflare.

ICS-CERT: BlackEnergy may be infecting WinCC systems lacking recent patch

BlackEnergy malware may be exploiting a vulnerability in Siemens SIMATIC WinCC software that was patched in early November.

Microsoft pulls Exchange update from December Patch Tuesday release

The issue was found in Microsoft's Exchange Server 2010 SP3 Update Rollup 8, which was part of the MS14-075 bulletin.

Sands Las Vegas hackers used wiper malware

Hackers that felled Sands Las Vegas websites exploited a weak link in the casino's networks to launch a wiper malware attack.

Sony Pictures exec apologizes after remarks about Obama leak

Emails between movie producer Scott Rudin and Sony co-chairman Amy Pascal leaked as a result of a cyber attack on the entertainment company.

St. Louis Parking Company says customer card info breached

Customers who used the St. Louis Parking Company's public parking lot at Union Station between October 6 and October 31 could be affected.

$8.25M raised by Nok Nok Labs to bolster biometric authentication

The security firm which specializes in authentication, is also a founding member of the FIDO Alliance, which recently published its Universal Authentication Framework.

Cybercriminals leverage new tactic to spread Dyre malware

Users who are duped and open up an attachment that claims to be a voice message become infected with the info-stealing malware.

Neiman Marcus asks court to deny data breach suit appeal

A lower court had granted Neiman Marcus's motion for dismissal of a suit but the plaintiffs are trying to revive it on appeal.

Malware signed with Sony certificate now thought to be researcher prank

Kaspersky initially thought the malware signature might be the work of malicious attackers.

Destover malware updated to carry Sony's digital signature

Hackers linked to the Sony Pictures attack could now use the malware to dupe new targets, Kaspersky revealed.

Numerous flaws discovered in Google App Engine

Security researchers believe there are more than 30 vulnerabilities present in the development and hosting platform.

POODLE back to bite TLS connections

Google has taken steps to diminish the POODLE threat by "killing off SSLv3," but now the flaw threatens Transport Level Security.

New Turla sample targets Linux operating systems

Kaspersky Lab researchers detailed the new "Penquin" Turla in a recent blog post.

The Pirate Bay knocked offline following Swedish police raid

Local police seized servers, computers and additional equipment in the raid that took place in greater Stockholm and The Pirate Bay is still offline.

LusyPOS more closely related to Dexter

Dexter and LusyPOS, a malware variant revealed earlier this month, share traits, researchers at Trend Micro have discovered.

XSS vulnerabilities found on TripAdvisor and Uber websites

Researchers have uncovered XSS vulnerabilities at the travel and car service sites.

FIDO Alliance publishes UAF, U2F specs

The alliance defined specifications for devices, servers and client software that will help usher in the "post password" era.

Report: Hackers tried to extort Sony execs before attack

In an email sent to Sony Pictures' CEO and co-chairman hackers requested "monetary compensation."

Former Anonymous member 'Sabu' warns U.S. gov't on critical infrastructure

Hector Monsegur remembered his arrest during an interview with Charlie Rose and went on to elaborate on security threats the U.S. faces.

Hacker collective targets PlayStation Network, causes service outage

Lizard Squad kept its promise that more attacks were on the horizon after taking down another gaming service following its Xbox Live DDoS attack last week.

Poll: IT leaders forecast security staff salary increase in 2015

In an annual forecast report, 54 percent of IT leaders said their budgets would accommodate increased salaries for security staff.

Singaporean hacker to serve six months after hacking prime minister's website

Mohammad Azhar Tahir used a XSS attack to hack into and deface the prime minister's website.

ELO rocker sentenced to 10 days in Anonymous attack

Geoffrey Commander was sentenced to 10 days in jail by a federal judge in Virginia for a DDoS attack on MasterCard.

Former Apple exec receives one year in prison, $4.5M fine, for leaking information

Paul Shin Devine, the company's former global supply manager, admitted to being a part of a scheme where he received kickbacks from suppliers for providing them with product forecasts.

Health billing co., former CEO settle with FTC over data collection

PaymentsMD and its former CEO will have to destroy all information collected related to its Patient Health Report service.

German courts blocks extradition of top hacker

Ercan Findikoglu's extradition to the U.S. was blocked by a German court because his possible sentence was deemed too extreme.

Report: NSA operation to identify cell phone network weaknesses, exploit for surveillance

The NSA intercepted communications from hundreds of email accounts from major cell phone network operators to exploit network weaknesses for surveillance purposes.

Bill introduced, bans government mandates to build weaknesses into technologies

U.S. Senator Ron Wyden introduced the Secure Data Act on Thursday to prohibit federal agencies from mandating that backdoors and other security vulnerabilities be built into U.S. software and electronics.

Michael Fey, former Intel Security CTO, heads to Blue Coat

On Thursday, Fey was named president and COO of Blue Coat.

Upcoming Adobe release to address critical Reader, Acrobat bugs

Upon its release, Windows and Microsoft users are urged to update the software to address the vulnerabilities that have been given a priority rating of "1".

Bebe confirms breach, says data exposed

The women's clothing retailer said a November breach of its store payment system exposed account numbers and other payment card information.

Kenyan authorities arrest 77 Chinese hackers

Police responding to a fire at an estate in Nairobi found a sophisticated cyber command center likely to be used for cyber attacks in Kenya.

Retailer Bebe suffers breach, stolen cards sold online

Financial institutions discovered fraudulent activity on customer credit cards recently used at Bebe stores, Brian Krebs reported.

First California man sentenced under 'revenge porn' law

Noe Iniguez posted a nude photo and derogatory remarks about his ex-girlfriend on her employer's Facebook page.

Judge says negligence case against Target can move forward

The case, which alleges negligence, failture to provide adequate security and claims a violation of Minnesota's Plastic Security Act, has been given the green light to move forward.

House passes critical infrastructure protection bill

The U.S. House of Representatives unanimously approved three bills, including the Critical Infrastructure Protection Act.

Asprox spammers use timely, but malicious, emails to trick holiday shoppers

Phishing emails are made to look like order confirmations from major retailers, like Best Buy, Target and Walmart, security firm Malcovery warns.

Vulnerability found in Infinite WP Wordpress client

A Sucuri researcher found a vulnerability that could allow a malicious attacker to take over a user's sites and put them into maintenance mode.

LusyPOS malware appears on black market

The new POS malware shares traits with Dexter and Chewbacca, CTBS researchers said.

Increased nation-state threat included in predictions report

The endpoint security provider foresees a variety of threats in 2015, including OS X malware and more coordinated ransomware attacks.

Report: PlayStation servers used to share Sony Pictures data

Security researcher Dan Tentler revealed the findings to Forbes.

Anonymous takes down Fort Lauderdale city websites in "Operation Lift the Bans"

The hacktivist collective released a video on Monday expressing their disagreements with recent ordinances aimed at the homeless of the city.

Google fixes Lollipop 5.0 reset flaw

Google issued a Lollipop 5.0.1 update that addresses a bug that could prompt an Android device to reset, deleting files and data.

Police arrest 118 suspected of airline ticket fraud

The international crackdown effort, led by Europol, included the help of airlines and credit card companies.

Microsoft begins answering 'right to be forgotten' requests

Four months after its Bing removal request form went online, Microsoft has begun responding to users.

Lizard Squad takes credit for DDoS attack on Xbox Live

The hacker collective hit the gaming service with a DDoS attack that interrupted the connection for users in the United States and Canada on Monday.

Doctoral student finds XSS vulnerability on

Wang Jing wrote that the The Weather Channel's site used URLS to create its tags without filtering malicious script codes, which left them vulnerable to attack.

Sony Pictures films leaked online following cyber attack

Nearly a week after its network was hacked, Sony had some of its major films leak before their release dates and the company brought in FireEye's Mandiant forensics unit to investigate.

Phishing campaign spoofs emails from Costco, Home Depot

The latest ruse leverages the uptick in holiday shopping in order to lure victims into giving up personal information.

Mobile spyware app creator fined $500,000

Hammad Akbar, the CEO of companies that sold and advertised mobile spyware app StealthGenie, will pay the fine in what's considered a landmark criminal conviction.

Malware installed at 17 parking facilities, payment cards at risk

Parking facility service provider SP+ announced that customer payment cards used at 17 locations may be at risk.

Shutterfly Inc. websites have user data compromised

The cardstock vendor said it saw suspicious activity on its systems earlier this week and immediately began investigating.

Anonymous reportedly publishes KKK wizard's personal data

Protesting the grand jury decision not to indict the police officer who shot Michael Brown, the hacktivists' post links to wizard's personal data on pastebin.

Canada Revenue Agency sends taxpayer info to CBC

Tax and donation information was revealed on hundreds of Canadians, some of them prominent.

Authorities eye foreign operatives in Target breach

A year after the massive breach at the retailer, authorities are keeping mum, but security pros say signs point to Ukrainian man.

E-cigarette from China distributes malware to systems

An executive's system was reportedly infected by malware after he charged an e-cigarette purchased on eBay through his system's USB port.

Credit unions urge Congress to enforce security standards for retailers

The National Association of Federal Credit Unions is asking Congress to establish national data breach and notification standards for retailers.

NSA civil liberties and privacy officer addresses concerns in virtual Q&A

Rebecca Richards took to Tumblr to address concerns about the NSA's activities and Edward Snowden's leaks.

Beth Israel medical center to pay $100K over data breach

The Boston-based hospital agreed to the fine related to its 2012 data breach which left information on thousands of patients vulnerable to compromise.

Home Depot faces 44 lawsuits post-breach

The company disclosed the lawsuits as part of its quarterly earnings report.

Google launches security dashboard and wizard

The technology company launched a new dashboard to keep users aware of devices that are linked up to their accounts.

DroidJack RAT hits hacker forums, comes from legitimate app developers

A researcher at Symantec traced DroidJack's origins back to legitimate Android app developers and previous RATs.

Sony attacked, investigating 'an IT matter,' according to reports

The potential issue began on Monday when an image of a skeleton appeared on employee computers along with a message stating, "Hacked By #GOP."

Unofficial Starbucks Instagram account aims to scam followers

A phony Starbucks Instagram account is potentially being leveraged by miscreants to steal personal information.

Malwarebytes forum hacked, users forced to change passwords

In a message to members, Malwarebytes CEO Marcin Kleczynski said no personal data was stolen when a forum server was hacked.

Adobe updates Flash Player, further addresses old vulnerability

The latest update of the software provides futher hardening against a vulnerability that was mitigated in the Oct. 14, 2014 release.

Five arrested in UK for using RATs

Police nabbed five suspects in a series of raids, all for being suspected of using Remote Access Trojans to compromise computers.

Judge unseals documents related to police dept. stingray use

A judge made public documents related to 529 requests by police in Charlotte, N.C. as part of their cellphone surveillance efforts.

EFF, others urge NIST to develop stronger encryption

In a letter to NIST, privacy organizations and companies called for secure encryption standards.

DHS, FBI sound alert on holiday cyber scams

The FBI and Homeland Security's US-CERT team have both warned that online scams, taking advantage of the holiday shopping frenzy, will be plentiful this season.

International commission to create recommendations on internet governance

The 29-member Global Commission of Internet Governance Innovation features political leaders, global academics and business leaders that will explore pressing topics in the digital world.

Stuxnet-like espionage tool discovered by researchers

Experts at Symantec have come across a sophisticated cyber espionage tool that exhibits a rare complexity of features similar to past cyberespionage malware.

NSA director states China can shut down U.S. electric grids, report indicates

The director of the NSA stated that China, as well as "one or two" other countries, is capable of launching cyberattacks to shut down electric grids and other critical infrastructure in parts of the U.S.

Brigham Young University-Idaho student hacks transcript, earns $7k in scholarships

Jacob Mahonri Espinal hacked into his school's computer system to bring his grades up from academic probation status to straight As.

Sign up to our newsletters