More than 90,000 IP addresses were used to crack admin accounts on the blogging platform.
In a report released this week, the federal Government Accountability Office (GAO) found that the EPA, which just announced a server breach resulting in the personal information compromise of 7,800 people, is falling short in several areas.
Both companies strengthened identity verification policies for customers after a tech writer's online accounts were hacked.
August 08, 2012
Considering the endless march of breaches, it may be time to scrap the belief that adequate passwords -- or even passphrases -- can prevent hackers from breaking into corporate environments. Instead, security pros should focus their efforts on gaining visibility into their networks.
Another day, another major company is hacked of its members' passwords. This time it is Billabong, the Australia-based surfwear manufacturer, and the credentials reportedly were publicly posted and unencrypted.
Another password compromise has befallen a major company. This time Yahoo confirmed Thursday that its Contributor Network was raided of the usernames and passcodes of 400,000 members.
Formspring joins LinkedIn and others as the latest web property to lose member passwords to hackers. But it turns out Formspring was using a stronger cryptographic function than the business social networking giant.
June 15, 2012
Yes, LinkedIn failed to have the proper technology in place to protect its users' passwords, but as we share more information with websites, some of the burden is on the users to safeguard their personal data.
Business-networking site LinkedIn is looking into the possibility of a data breach which may have led to the theft of nearly 6.5 million user passwords.
A new development in the criminal underground is to peddle trojans that steal credit card data from hotels.
April 12, 2012
Be wary of vendor messaging in light of today's threats, as it may be misguided. Organizations can cope with the latest concerns by applying tried-and-true security best practices.
Hackers, believed to be operating out of Eastern Europe, breached a server at the Utah Department of Health (UDOH) to access thousands of Medicaid records.
April 02, 2012
Imagine a mobile device falling into the wrong hands - resulting in the draining of bank accounts co-opting of identities.
March 01, 2012
The massive fallout from the breaches of Gawker, Sony and others involving weak password authentication schemes show that the current password system is dead.
Hackers may have accessed the personal health data belonging to patients of Denver area-based Metro Community Provider Network, a nonprofit health care provider for low-income individuals and families.
The feature, which is currently available for users in the U.S. Canada, India, and the Philippines, requires a second form of verification beyond a password for any "suspicious" login attempt.
Tuesday's baker's dozen of security patches from Microsoft includes a fix for a vulnerability that helped spread the dangerous information-stealing Duqu trojan, which targets industrial control systems.
Hackers over the weekend accessed Microsoft's YouTube channel to swap out videos with their own. It is unclear what the intruders' motive was, but they may have been able to access the account by stealing its login credentials from a Microsoft employee, Graham Cluley, senior technology consultant at anti-virus firm Sophos, said in a blog post Sunday. One of the unauthorized videos posted was titled "Bingo" and featured an animated video game character shooting another character. By Monday morning, the channel was operating normally. The incident followed hackers last week taking over the Sesame Street YouTube channel to display pornographic videos.
The YouTube channel for the long-running television series "Sesame Street" was back operating normally on Monday after hackers briefly gained access to swap out educational videos with X-rated pornography.
An Apple operating system flaw could allow any user to obtain stored password hash data through an openly readable directory.
Security firms have just spotted a new worm, but experts don't think it will run rampant because there is no vulnerability involved.
Microsoft is prepping a large security update for Tuesday, with plans to deliver 16 patches to fix 34 vulnerabilities across its product line.
With the tax filing deadline a month away, the IRS is feeling the heat from the U.S. Government Accountability Office over lax data security practices.
December 22, 2010
Poor authentication standards encourage bad passwords and enable the data breach at Gawker to harm security across the web.
The recent theft of approximately 1.3 million account details from the servers of Gawker has prompted password resets at a number of popular websites.
A massive spam campaign that has rapidly spread on Twitter has been linked to a recent security breach of online media company Gawker Media.
Google has created an 18-part checklist to help users better secure their computer, browser, Google account and Gmail settings. Among the tips Google suggests are that users choose unique passwords for their various online accounts, that they "periodically" change their passwords and that they never respond to messages or phone calls requesting their usernames or passwords. — DK
Microsoft on Tuesday pushed out four patches to address five vulnerabilities in Microsoft Windows and Office. It also marks the last security update for Windows 2000 and XP Service Pack 2.
A new campaign to hack WordPress websites and serve rogue anti-virus is underway, according to security researchers.
