More than 90,000 IP addresses were used to crack admin accounts on the blogging platform.
In a report released this week, the federal Government Accountability Office (GAO) found that the EPA, which just announced a server breach resulting in the personal information compromise of 7,800 people, is falling short in several areas.
Both companies strengthened identity verification policies for customers after a tech writer's online accounts were hacked.
Considering the endless march of breaches, it may be time to scrap the belief that adequate passwords -- or even passphrases -- can prevent hackers from breaking into corporate environments. Instead, security pros should focus their efforts on gaining visibility into their networks.
Another day, another major company is hacked of its members' passwords. This time it is Billabong, the Australia-based surfwear manufacturer, and the credentials reportedly were publicly posted and unencrypted.
Another password compromise has befallen a major company. This time Yahoo confirmed Thursday that its Contributor Network was raided of the usernames and passcodes of 400,000 members.
Yes, LinkedIn failed to have the proper technology in place to protect its users' passwords, but as we share more information with websites, some of the burden is on the users to safeguard their personal data.
Business-networking site LinkedIn is looking into the possibility of a data breach which may have led to the theft of nearly 6.5 million user passwords.
A new development in the criminal underground is to peddle trojans that steal credit card data from hotels.
Be wary of vendor messaging in light of today's threats, as it may be misguided. Organizations can cope with the latest concerns by applying tried-and-true security best practices.
Hackers, believed to be operating out of Eastern Europe, breached a server at the Utah Department of Health (UDOH) to access thousands of Medicaid records.
Imagine a mobile device falling into the wrong hands - resulting in the draining of bank accounts co-opting of identities.
The massive fallout from the breaches of Gawker, Sony and others involving weak password authentication schemes show that the current password system is dead.
Hackers may have accessed the personal health data belonging to patients of Denver area-based Metro Community Provider Network, a nonprofit health care provider for low-income individuals and families.
The feature, which is currently available for users in the U.S. Canada, India, and the Philippines, requires a second form of verification beyond a password for any "suspicious" login attempt.
Hackers over the weekend accessed Microsoft's YouTube channel to swap out videos with their own. It is unclear what the intruders' motive was, but they may have been able to access the account by stealing its login credentials from a Microsoft employee, Graham Cluley, senior technology consultant at anti-virus firm Sophos, said in a blog post Sunday. One of the unauthorized videos posted was titled "Bingo" and featured an animated video game character shooting another character. By Monday morning, the channel was operating normally. The incident followed hackers last week taking over the Sesame Street YouTube channel to display pornographic videos.
The YouTube channel for the long-running television series "Sesame Street" was back operating normally on Monday after hackers briefly gained access to swap out educational videos with X-rated pornography.
An Apple operating system flaw could allow any user to obtain stored password hash data through an openly readable directory.
Security firms have just spotted a new worm, but experts don't think it will run rampant because there is no vulnerability involved.
Microsoft is prepping a large security update for Tuesday, with plans to deliver 16 patches to fix 34 vulnerabilities across its product line.
What might a hacker do with the Sony PlayStation Network database?
With the tax filing deadline a month away, the IRS is feeling the heat from the U.S. Government Accountability Office over lax data security practices.
Poor authentication standards encourage bad passwords and enable the data breach at Gawker to harm security across the web.
The recent theft of approximately 1.3 million account details from the servers of Gawker has prompted password resets at a number of popular websites.
A massive spam campaign that has rapidly spread on Twitter has been linked to a recent security breach of online media company Gawker Media.
Google has created an 18-part checklist to help users better secure their computer, browser, Google account and Gmail settings. Among the tips Google suggests are that users choose unique passwords for their various online accounts, that they "periodically" change their passwords and that they never respond to messages or phone calls requesting their usernames or passwords. — DK
Microsoft on Tuesday pushed out four patches to address five vulnerabilities in Microsoft Windows and Office. It also marks the last security update for Windows 2000 and XP Service Pack 2.
A new campaign to hack WordPress websites and serve rogue anti-virus is underway, according to security researchers.
The Financial Industry Regulatory Authority (FINRA) announced Monday it has fined Montana-based brokerage firm D.A. Davidson & Co. over a December 2007 breach that exposed the personal information of approximately 192,000 customers. The company's database was compromised via SQL injection, allowing attackers to steal the names and Social Security numbers of customers. Prior to the breach, D.A. Davidson did not have adequate safeguards, such as encryption, to protect customer information, FINRA said. A company spokeswoman told SCMagazineUS.com that no clients have fallen victim to ID theft, but the company settled to put the matter behind it. — AM
The Apache Software Foundation is advising users to change their passwords after hackers launched a successful attack against its infrastructure.
Sign up to our newsletters
SC Magazine Articles
- Nearly 90 percent of Android devices vulnerable to endless reboot bug
- Women in IT Security: 10 Power Players
- Scanner identifies thousands of malicious Android apps on Google Play, other markets
- Report: Phishing costs average organization $3.7 million per year
- Women in IT Security: Women of influence
- DOJ issues new 'stingray' policies and begins requiring a warrant
- Outdated websites deliver TeslaCrypt via Neutrino Exploit Kit: Heimdal
- Scammers and schemers look to cash in on Ashley Madison breach
- ACLU asks DOJ to withhold funds for LAPD body cams
- A question of balance between security solutions and the people who use it