Security News

---

We strive to provide our readers with information about current security threats, technologies, and practices to help them protect the information in their care and lower the risk of a data breach.

PCWorld: "Safari Browser Hack Reveals AutoFill Security Concerns"
"A security researcher has revealed a weakness in Apple's Safari Web browser which can be exploited by an attacker to extract sensitive personal information. The Safari vulnerability is a little more severe, but the issue illustrates the underlying privacy and security concerns with AutoFill in general."

Chicago Tribuine: "Beat dumpster divers — with a simple shredder"
"When he worked in the garbage industry, Stan Ciesla saw all manner of personal information thrown away. Bank statements, credit card bills, health insurance letters, you name it."

Boston Globe: "Hospital says 800K records may be missing"
"South Shore Hospital in Weymouth says computer files containing personal information for about 800,000 people were lost when they were being shipped to a contractor for destruction."

Network World: "IBM device secures online banking"
"IBM this week rolled out a security device it says will protect online banking and keep cyber-criminals from being able to make fraudulent funds transfer even from a compromised PC. The IBM technology, called Zone Trusted Information Channel (ZTIC), is a UBS device that uses X.509 certificate-based encryption to set up a trusted channel with bank servers that routinely handle funds transfers and payments requests to make sure these requests are real."

Computer World: "Colorado warns of major corporate ID theft scam"
"Colorado's Secretary of State and other officials are warning the state's 800,000 or so registered businesses to watch out for scammers who have been forging business identities to make fraudulent purchases from several big-box retailers in recent months. ... According to the Colorado Bureau of Investigation (CBI), the scammers so far have made at least $750,000 in fraudulent purchases from Home Depot alone after opening up lines of credit there using forged corporate identities."

CNET News: "What to do with passwords once you create them"
"An informal survey of a dozen or so security experts reveals that some of them still rely on the paper and pen method. One respondent even admitted to succumbing to the post-it-note under the keyboard cliche! (If you do choose to write the passwords down you should avoid including the Web site or other identifying information, obviously.)"

New York Times: "New Menace in the War Against Online Crime"
"The new Zeus tactic, described by Dasient in a June blog post, allows criminals to detect when an infected PC visits one of the specific online banking sites. Then, in place of the real site, it displays a fake site created to filch account numbers, login names and passwords."

SC Magizine: "Banking trojan theft: stopping the bleeding of American business accounts"
"... CIOs and IT managers nationwide are realizing that their company's payroll could be pilfered by a malware-controlling criminal loafing at a cybercafe somewhere in the Ukraine, Romainia or even enjoying free stateside Starbucks Wi-Fi. And the bank won't even reimburse it."

Boston Globe: "State's error unveiled Social Security numbers"
"The Massachusetts secretary of state's office, which is charged with enforcing financial rules for investment companies, accidentally released confidential personal information earlier this year on 139,000 investment advisers registered with the state."

New York Times: "Credit Card Hackers Visit Hotels All Too Often"
"A study released this year by SpiderLabs, a part of the data-security consulting company Trustwave, found that 38 percent of the credit card hacking cases last year involved the hotel industry. The sector was well ahead of the financial services industry (19 percent), retailing (14.2 percent), and restaurants and bars (13 percent)."

Associated Press: "Security glitch exposes WellPoint data again"
"WellPoint Inc. has notified 470,000 individual insurance customers that medical records, credit card numbers and other sensitive information may have been exposed in the latest security breach of the health insurer's records. The Indianapolis company said the problem stemmed from an online program customers can use to track the progress of their application for coverage"

SCMagazine: "FTC: Scammers Stole Millions Using Micro Charges to Credit Cards"
"A gang of unknown thieves has stolen nearly $10 million using micro charges made to more than a million credit and debit cards in an elaborate multiyear scam, according to a lawsuit filed by the Federal Trade Commission in March."

SC Magazines: "Personal data exposed on Anthem Blue Cross website"
"Indianapolis-based health insurance company WellPoint, which runs Blue Cross plans in 14 states, recently revealed that it has notified a total of 470,000 individuals potentially affected by this breach, including the 230,000 customers of its Anthem Blue Cross subsidiary in California."

ABC News: "700-Plus Credit Cards Stolen from Hotel"
"Destination Hotels & Resorts had its computer system hacked and the credit card data of more than 700 guests across the country was stolen, according to Austin, Texas, police. The Englewood, Colo., company manages more than 30 upscale hotels, resorts and conference centers in places such as Washington, D.C., Denver, San Diego, Santa Fe, Aspen, Colo., Los Angeles, Palm Springs, Calif., Houston and Lake Tahoe"

Americal Medical News: "Data breaches affect patients in 3 states"
"More than a million Florida residents lost personal information in one of several security breaches reported in recent weeks."

Syracuse (WSYR-TV): "Phone scam: The Real Deal"
"The FBI is warning people about a new phone scam. They say the criminals behind it purposely tie up your phone line to get you confused while they raid your bank account."

The Daily Times [Farmington, NM]: "FBI investigates credit card scam"
"A Durango restaurant unknowingly served up some very expensive ribs two months ago. More than 270 credit card accounts were used in purchases across the country after the computer systems at two Serious Texas Bar-B-Q restaurants in Durango were breached between February and April, FBI Special Agent Darrin Jones said."

NETWORKWORLD: "3.7 billion phishing emails were sent in the last 12 months"
"Cybercriminals sent 3.7 billion phishing emails over the last year, in a bid to steal money from unsuspecting web users, says CPP. Research by the life assistance company revealed that 55 percent of phishing scams are fake bank emails, which try and dupe web users into giving hackers their credit card number and online banking passwords."

ABC News: "10 of the Top Data Breaches of the Decade"
"The Internet cried foul last week when news broke that an AT&T security breach exposed the e-mail addresses of at least 100,000 owners of Apple's iPad 3G. But industry observers are quick to point out that this is hardly the first -- and hardly the worst -- data breach that the tech world has ever seen."

ZDNet: "Linux infection proves Windows malware monopoly is over; Gentoo ships backdoor?"
"Every time I write about Windows security software, I get a predictable flood of responses from Linux advocates who claim that they don't need any such protection. Today comes a shining example of why they're wrong."

NBC40.NET: "DOCUMENTS CONTAINING PERSONAL INFO FROM CITY HALL FOUND IN PUBLIC DUMPSTER"
"Authorities in Middle Township [NJ] are investigating how documents from Municipal Hall containing personal information like social security numbers, landed in a public dumpster. The information, which was handed over to officials, could've easily landed in the wrong hands."

SC Magazine: "Wall Street Journal, others, hit in mass SQL attack"
"Security researchers have discovered a widescale SQL injection attack that has compromised thousands of websites to spread malware, including pages belonging to the Wall Street Journal and the Jerusalem Post."

PCWorld: "AT&T Exposes Data on 114000 iPad Owners"
"AT&T has egg on its face after leaving sensitive information on 114,000 owners of the iPad 3G exposed on the Web. A group known as Goatse Security has published the personal e-mail addresses of the victims--many of whom are popular celebrities, prominent executives and high-ranking dignitaries--that it obtained by exploiting an automated script on an AT&T server."

Business Insider: "10 Essential Data-Security Measures Every Business Should Take"
"According to the most recent Verizon Data Breach Investigations Report [PDF], an estimated "285 million records were compromised in 2008." And 74% of those incidents were from outside sources."

iHealth Beat: "Florida Insurer Reports Data Breach Affecting About 1.2M Residents"
"Last week, Florida Attorney General Bill McCollum (R) announced that two laptops stolen from the offices of AvMed Health Plans in December contained personal information on 1.19 million state residents, the Miami Herald reports."

The Columbus Dispatch: "Documents you copy, fax can be trove for ID thieves"
"Copier security has been overlooked for years “because people have always looked at that as a piece of office furniture. They don't think of it as a data-storage device," said Bryan Fite, a Dayton-based digital-security consultant. Fite is working with Xerox Corp. to establish guidelines for businesses that want to protect their information."

Penn State Live: "University continues to battle malware"
"A computer in the Outreach Market Research and Data office recently was found to be communicating with a bot controller, exposing 15,806 Social Security numbers to possible compromise."

BankInfoSecurity: "ACH Fraud Sparks Another Suit"
"Patco, a Sanford, Maine-based construction company, had its corporate bank account raided over a six-day period last May by cyber thieves who were able to move over $588,000 to dozens of money mules throughout the country. The business was able to recover only $230,000 of the stolen funds and has sued its bank, Ocean Bank of Portsmouth, NH, for failing to detect and prevent the bogus transfers."

Fox Business.com: "10 ways to protect yourself from data breaches"
"Millions of consumers in the United States have already had their personal information compromised in data breaches. That includes the loss or theft of such sensitive data as credit card and debit card numbers and expiration dates, Social Security numbers and health records. Although word of such massive breaches can leave you feeling helpless, there are many things you can do to protect yourself and prepare for the worst. "

ZDNet: "Five tips for desktop malware first responders"
"The moments when malware is rifling through your process table are not conducive to lucid contemplation, but that's exactly when you must don your First Responder hat. Taking the right steps early on in the infection can save hours of later remediation. These steps may be routine for full time malware warriors, but network security is only one duty among many for the typical SMB network administrator."

SC Magazine: "Charlotte, N.C. notifies thousands of city workers of data loss"
"Two DVDs containing the sensitive information failed to arrive at the offices of Towers Watson & Co., the city's benefits consulting firm, based in Atlanta. The city of Charlotte was notified of the lapse on Feb. 23 and has blamed a mail-service provider working with Towers Watson."

dardReading: "Anti-Clickjacking Defenses 'Busted' In Top Websites"
"Turns out the most common defense against clickjacking and other Web framing attacks is easily broken: Researchers were able to bypass frame-busting methods used by all of the Alexa Top 500 websites. The new research from Stanford University and Carnegie Mellon University's Silicon Valley campus found that frame-busting, a popular technique that basically stops a website from operating when it's loaded inside a "frame," does not prevent clickjacking."

Computerworld: "Bank, customer settle suit over $800,000 cybertheft"
"An unusual legal dispute between a Texas bank and a business customer over the online theft of more than $800,000 from the latter's account at the bank has been quietly settled. Lubbock, Texas-based PlainsCapital Bank earlier this year sued Hillary Machinery Inc. after cybercrooks broke into Hillary's PlainsCapital accounts and wire-transferred about $801,000 to various bank in Europe."

InfoWorld: "Four-year-old rootkit tops the charts of PC threats"
"Microsoft just released its May Threat Report, and the results should give you pause. With nearly 2 million infected systems cleaned, the nefarious Alureon rootkit came out on top."

SC Magazine: "Microsoft plans to beef up security of Hotmail"
"Microsoft is set to improve the security of Hotmail with full-session SSL encryption and a number of other enhancements. The improved webmail service will support full session SSL encryption, which protects email as it travels between a user's browser and Hotmail servers, Microsoft announced this week. Previously, SSL encryption was only available for accounts during login."

The New York Times: "Five Ways to Keep Online Criminals at Bay"
"Criminals have found abundant opportunities to undertake stealthy attacks on ordinary Web users that can be hard to stop, experts say. Hackers are lacing Web sites - often legitimate ones - with so-called malware, which can silently infiltrate visiting PCs to steal sensitive personal information and then turn the computers into 'zombies' that can be used to spew spam and more malware onto the Internet."

consumeraffairs.com: "Digital Copiers Could Be an Identity Theft Threat"
"Similar to computers, hard drives have become routine for midsize to large photocopiers, especially those built since 2005. All images scanned on the machines are stored in the hard drive, including documents with personal data such as medical history, Social Security numbers and bank account numbers."

MarketWatch: "Tips to keep your business safe from online criminals"
"The top takeaway almost all panelists at a recent Federal Deposit Insurance Corp. symposium on cyber-crime stressed is that small-business owners need to be aware of the threats that exist and be educated on solutions. Here are eight ways to beef up your security system."

SC Magizine: "AutoRun worms most common malware during Q1 2010"
"Portable storage device threats, such as AutoRun worms, were the most prevalent type of malware worldwide during the first quarter of the year, according to a McAfee report issued Tuesday."

GovInfoSecurity: "VA Breach Blasted by Congressman"
"A Congressman is citing the recent theft of an unencrypted laptop containing "VA medical center data" on more than 600 veterans as evidence that the Department of Veterans Affairs is not doing enough to protect information. U.S. Rep. Steve Buyer, R-Ind., wrote a letter to VA Secretary Eric Shinseki May 12, citing "great concern about VA's continuing material weakness in protecting veterans' personal information from data breaches.""

KrebsOnSecurity: "Stolen Laptop Exposes Personal Data on 207,000 Army Reservists"
"The U.S. Army Reserve Command began alerting affected reservists on May 7 via e-mail. Col. Jonathan Dahms, chief public affairs for the Army Reserve, said the personal data was contained on a CD-Rom in a laptop that was stolen from the Morrow, Ga. offices of Serco Inc., a government contractor based in Reston, Va."

Mass High Tech: "Costs, stakes rise for data security standards"
"State officials estimated the required steps, which include encryption of data, a written security plan, password protection, protection from viruses and e-mail, and due diligence on third-party vendors, would cost a business with 10 employees about $3,000 up front, and another $500 a month. Firms that do not comply, no matter where they are based, could be held liable if Massachusetts residents' personal data is compromised."

Wall Street Journal: "FBI Targets Cyber 'Mules'"
"The Federal Bureau of Investigation is targeting the end of the criminal supply chain-the 'money mules' who receive transfers of stolen funds in their banks accounts-to raise public awareness and dissuade people from becoming mules, said Patrick Carney, acting chief of the FBI's Cyber Criminal Section."

THE NEW MEXICO INDEPENDENT: "Stolen laptop puts thousands of New Mexicans at risk for ID theft"
"In late March, an employee of a subcontractor for the company that processes claims and provides dental benefits for the State's Medicaid program, filed a stolen car report for a vehicle whose trunk contained an "unencrypted" laptop loaded with patient information. That stolen car has prompted the New Mexico Human Services Department start notifying nearly 10,000 users of the government's low-income health insurance program of a potential for ID theft."

BankInfoSecurity: "24 Tips to Avoid ACH Fraud"
"These recommendations were developed by the FS-ISAC and NACHA for business customers that want to protect their online banking credentials and strengthen ACH and wire security procedures."

CBS News: "Five Hidden Dangers of Facebook"
"Facebook came under fire this week, when 15 privacy and consumer protection organizations filed a complaint with the Federal Trade Commission, charging that the site, among other things, manipulates privacy settings to make users' personal information available for commercial use. Also, some Facebook users found their private chats accessible to everyone on their contact list - a major security breach that's left a lot of people wondering just how secure the site is. "

ZD net: "UC Davis scraps Gmail pilot: Privacy levels 'unacceptable'"
"Google has been hit with a major blow in regards to privacy by a leading US university, which this week ended their pilot of the outsourced Google Apps email system. ... Peter Siegel, the University of California Davis chief information officer, sent a letter with support from senior staff to employees stating that the Gmail pilot to supply 30,000 students and staff would end before a full roll-out across its entire network, due to doubts in keeping the students' email and content secure and private."

Computerworld: "Update: Facebook bug exposes private chats"
"IDG News Service - A bug allowed Facebook users to view their friends' chat sessions on the site, prompting the social-networking company to disable its internal instant-messaging service. The bug also let people see their friends' pending friend requests."

Computerworld: "US Treasury Web sites hacked, serving malware"
"IDG News Service - Three Web sites belonging to the U.S. Department of the Treasury have been hacked to attack visitors with malicious software, security vendor AVG says. AVG researcher Roger Thompson discovered the issue Monday on three Web domains associated with the home page of the U.S. Bureau of Engraving and Printing."

SC Magizine: "Kentucky psychiatric hospital loses sensitive flash drive"
"A flash drive containing personal patient information recently went missing from Our Lady of Peace, a 278-bed psychiatric hospital in Louisville, Ky."

Computerworld: "PDF exploits explode, continue climb in 2010"
"According to Toralv Dirro, a security strategist at McAfee Labs, the percentage of exploitative malware targeting PDF vulnerabilities has skyrocketed. In 2007 and 2008, only 2% of all malware that included a vulnerability exploit leveraged an Adobe Reader or Acrobat bug. That figure jumped to 17% in 2009 and to 28% during the first quarter of 2010."

Arlington, VA: "BBB "Secure Your ID" Day Attracts 15,000 Participants"
"Better Business Bureau helped more than 15,000 individuals and small business owners fight identity theft by shredding a record-breaking 480 tons of sensitive paper documents for free at "Secure Your ID" Day community events across North America on April 17."

Datamation: "Engaging Your Staff in Data Protection"
"Bottom line: you need the data to run your business and the potential for loss is great, so you need everyone's help to protect it. But is anyone really listening? You face a Sisyphean task - you repeat your message ad nauseum, only to have the victims of the next incident profess total ignorance."

ABC Action News: "INVESTIGATION: Your documents in the dumpster"
"... why did we find stacks of carelessly discarded files containing federal tax returns simply tossed out by an accountant? Canceled checks with account and routing numbers and a homeowner's warranty deed were tossed out by another business just down the street."

ZDNET: "Can switching to Linux protect your online identity?"
"When it comes to operating systems I'm an agnostic, and see the OS as a platform or a tool, as opposed to a religion or a sports team I have to get behind. With more and more people making the shift to the cloud, the OS that you use no longer matters, it's the browser that matters."

South Carolina News: "DHEC notifying South Carolina clients of personal information breach"
"... private information of more than 1,800 people was included on DHEC documents that were discovered by a third party in a public, paper recycling container behind the DHEC building on Bull Street in Columbia. This third party gave the documents to another person, who returned them to DHEC."

KrebsOnSecurity: "Hiding from Anti-Malware Search Bots"
"Niels Provos, principal software engineer at Google, said cyber crooks frequently try to play both sides, by attempting to block search bots from finding malware stitched into hacked sites, while simultaneously gaming the search engine bots."

KrebsOnSecurity: "Fire Alarm Company Burned by e-Banking Fraud"
"On Wednesday, Apr. 7, Ft. Smith based JE Systems Inc. received a call from its bank stating that the company needed to move more money into its payroll account, chief executive Melanie Eakel said. Over the course of the previous two days, someone had approved two batches of payroll payments - one for $45,000 and another for $67,000."

DarkReading: "70% Of IT Security Pros Favor A Federal Data Breach Law"
"The online survey of 257 security professionals was conducted between February 4 and March 12, 2010, and covered a range of security topics including smartphones, healthcare, cloud computing and social media."

SC Magazine: "New Zeus version targeting Firefox users for bank fraud"
"A new version of the data-stealing trojan Zeus is for the first time able to successfully exploit Mozilla's Firefox browser to commit sophisticated online banking fraud ... The newest Zeus incarnation targets Firefox browsers with techniques called HTML injection and transaction tampering, which can effectively bypass strong authentication and transaction signing."

TheStreet.com: "Sun National Bank Offers ID Vault To Its Users Free Of Charge To Protect Their Identities When They Shop, Bank & Invest Online"
"ID Vault provides single-click, secure sign-on to financial sites, eliminating exposure to online fraud through its end-to-end, continuous protection, regardless of whether or not the anti-virus software or browser is able to identify a threat. ID Vault creates a secure chain from the PC to the website no matter what compromise may have occurred on the PC or the network."

New York Times: "Cyberattack on Google Said to Hit Password System"
"Ever since Google disclosed in January that Internet intruders had stolen information from its computers, the exact nature and extent of the theft has been a closely guarded company secret. But a person with direct knowledge of the investigation now says that the losses included one of Google's crown jewels, a password system that controls access by millions of users worldwide to almost all of the company's Web services, including e-mail and business applications."

Bank Info Security: "Hancock Breach Reveals New Trend"
"The lesson here: It is relatively easy for fraudsters to tamper with or even swap out POS PIN Entry Device (PED) pads, and these types of incidents are likely to increase, putting retailers, consumers and banking institutions at risk of future card-related fraud."

Boston Globe: "State finds easy access to Social Security numbers of deceased"
"A provision in federal law that reformed welfare in the 1990s also created a loophole that could allow swindlers to obtain the Social Security numbers of the recently deceased, according to a recent finding by the state auditor's office. The provision, which took effect in 1998 in Massachusetts, requires that the state's Registry of Vital Records and Statistics include Social Security numbers on all certified death certificates."

SC Magazine: "Brokerage firm fined $375,000 over breach"
"The Financial Industry Regulatory Authority (FINRA) announced Monday it has fined Montana-based brokerage firm D.A. Davidson & Co. over a December 2007 breach that exposed the personal information of approximately 192,000 customers."

ZDNet: "Apache.org hit by targeted XSS attack, passwords compromised"
"Combining a cross-site scripting (XSS) vulnerability with a TinyURL redirect, hackers successfully broke into the infrastructure for the open-source Apache Foundation in what is being described as a 'direct, targeted attack'. The hackers hit the server hosting the software that Apache.org uses to it to track issues and requests and stole passwords from all users. "

New York Times: "Taxes and Personal Data: 5 Tips to Avoid ID Theft"
"The Identity Theft Resource Center, a nonprofit organization providing consumer information about data theft, says more than 220 million consumer records were leaked last year in nearly 500 separate breaches. There are several steps you can take to help you determine whether just one account was misused or you have a bigger problem."

Government Computer News: "Guidelines take stab at guarding personal information"
"Agencies still struggle with protecting confidential personal information, the data that can allow thieves to steal identities. Now the National Institute of Standards and Technology has released new guidelines to help agencies safeguard the information."

Computerworld: "Researcher warns of impending PDF attack wave"
"The bug, which is not strictly a security vulnerability but actually part of the PDF specification, was first disclosed by Belgium researcher Didier Stevens last week. Stevens demonstrated how a multistage attack using the PDF specification's "/Launch" function could successfully exploit a fully-patched copy of Adobe Reader."

Computerworld: "Scam Facebook page attracts 40,000 victims seeking Ikea gift card"
"Friday's scam page had taken in more than 37,000 users by 11:30 a.m. Pacific Time, offering them a $1,000 gift certificate in exchange for promoting Ikea to their friends. At that time, the page was gaining new fans at the rate of about 5,000 per hour."

The Washington Post: "Nursing home patient information found in residents' yards"
"Montgomery County's Department of Health and Human Services is looking into how numerous Wheaton nursing home papers containing sensitive patient information have made their way into nearby neighbors' yards over the past few months."

Computerworld: "1-in-10 Windows PCs still vulnerable to Conficker worm"
"According to Qualys, a security risk and compliance management provider, about 10% of the hundreds of thousands of Windows systems it monitors for customers have not yet applied Microsoft's MS08-067 security update. MS08-067, an out-of-band release that shipped in October 2008, patched a bug in the service Windows uses to connect to file and print servers."

Krebs On Security: "Computer Crooks Steal $100,000 from Ill. Town"
"A rash of home foreclosures and abandoned dwellings had already taken its toll on the tax revenue for the Village of Summit, a town of 10,000 just outside Chicago. Then, in March, computer crooks broke into the town's online bank account, making off with nearly $100,000."

Bank Info Security: "2010 Data Breach Timeline"
"...list of data breaches that have affected U.S. financial institutions in 2010. The information was compiled from the 2010 Data Breach Report by the Identity Theft Resource C enter (ITRC), based in San Diego, CA."

Bank Info Security: "New Guide for Businesses to Defend Against Cyber Attacks"
"The Financial Management of Cyber Risk: An Implementation Framework for CFOs lays out a well-thought out cyber security plan framework ... a practical, easy to understand framework developed by a cross-sector taskforce of more than 60 industry and government experts."

Middletown Journal: "Private papers found in trash"
"MIDDLETOWN [OHIO] - For several weeks, a mound of city documents containing Social Security numbers, phone numbers and carbon copies of checks filled a Dumpster at Smith Park, where they were accessible to anyone."

Washington Post: "Navy took more than a year to announce personal data breach"
"E-mails obtained by The Washington Post indicate that Navy officials quickly realized employees should be informed. But that was not done until October 2009. The names of those sending and receiving the messages were blocked out, but their offices, and in some cases their positions, were not."

Computerworld: "Norton Internet Security 2010 [review]"
"Norton Internet Security 2010 ($70 for 3 users as of 3/10/2010) took the top spot in our 2010 roundup of security suites, edging out Kaspersky's offering. Norton has a comprehensive set of features, top-notch malware detection, and reasonable speed."

New York Times: "Questions to Ask Before Buying a Shredder"
"Simply throwing away sensitive documents leaves them out for someone else to rummage through. A paper shredder can help, but with several types and dozens of models to choose from, it is easy to become paralyzed by confusion."

KrebsOnSecurity: "Online Thieves Take $205,000 Bite Out of Missouri Dental Practice"
"Businesses do not enjoy the same protections afforded to consumers hit by online fraud. With credit cards, consumer liability is generally capped at $50. Consumers who report suspicious or unauthorized transactions on their ATM or debit card, or against their online banking account within two days of receiving their bank statement that reflects the fraud also are limited to $50 in losses. But waiting longer than that can costs consumers up to $500 (the liability is unlimited if a consumer waits more than 60 days to report the fraud)."

NJ.com: "Online theft of $100K from N.J. town brings focus on rise of cyber scams during tough economy"
"Last week, Egg Harbor Township officials reported international cyber-thieves had stolen $100,000 from a municipal bank account. Officials declined to say whether money mules were involved, but the township's mayor told reporters the money was transferred in increments under $10,000 to people with no connection to the town."

The Wall Street Journal: "Data Theft Hits 3.3 Million Borrowers"
"Company and federal officials said they believed last week's theft of identity data on 3.3 million people with student loans was the largest-ever breach of such information and could affect as many as 5% of all federal student-loan borrowers. Names, addresses, Social Security numbers and other personal data on borrowers were stolen from the St. Paul, Minn., headquarters of Educational Credit Management Corp., a nonprofit guarantor of federal student loans, during the weekend of March 20-21, according to the company."

US-CERT: "Cyber Security Tip ST04-014 - Avoiding Social Engineering and Phishing Attacks"
"In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. ... Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization."

The Columbian: "Former student pleads guilty to hacking school payroll data ... Vancouver district employees put at risk"
"A 21-year-old former Evergreen Public Schools student has pleaded guilty to criminal charges in connection with a computerized payroll security breach in November that put more than 5,000 past and current Vancouver Public Schools employees at risk of identity theft."

The Beaufort Gazette: "USCB warns alumni that their personal info might have been stolen with laptop"
"Letters were sent last week to more than 480 former University of South Carolina Beaufort students whose personal information might have been on a school-owned laptop stolen last month in the Atlanta area."

BankInfoSecurity.com: "22 Banking Breaches So Far in 2010"
"There have been 173 reported data breaches so far in 2010, and 22 of these involve financial services companies ... This means that in less than one quarter of the year, we already have seen more than one-third of the 62 banking-related breaches reported in all of 2009."

FOX News Network: "Protect Yourself Against Social-Network Scams"
"After years of harassing the teeming masses of computer users who run Windows PCs, cybercrooks have recently turned their attention to the big social sites. They're attractive targets because they're rife with potential victims--Facebook alone has more than 400 million members--and the threats are still new enough that many folks haven't given much thought to how to defend themselves."

KrebsOnSecurity: "Organized Crooks Hit NJ Town, Ark. Utility"
"An Arkansas public water utility and a New Jersey town are the latest victims of an organized cyber crime gang that is stealing tens of millions of dollars from small to mid-sized organizations via online bank theft."

toledoBlade.com: "National City debit-card accounts are penetrated"
"CHARLOTTE - PNC Financial Services Group Inc. said yesterday it is investigating a breach of accounts affecting former National City Bank customers and their debit card accounts."

PressDemocrat.com: "Mary's Pizza hit by hackers"
"Patrons of Mary's Pizza in downtown Sonoma will be alerted this week that their credit card numbers may have been stolen by an international computer hacker. ... The breach was first discovered by the restaurant's in-house technology expert on Feb. 10 after friends and customers called to complain about errant charges on their credit cards, Albano said."

Burlington FreePress: "Credit card servers hacked at Small Dog Electronics"
"The day after an earthquake leveled Port-au-Prince, Haiti, Small Dog Electronics began collecting and matching donations to aid the relief effort. As the fundraiser got under way, a hacker accessed the company's security system and started stealing donors' credit card information. ... "This is probably the worst thing that's ever happened to Small Dog," Shepard said. The company, based in Waitsfield with a store in South Burlington, specializes in Apple computer products and has been online since 1996."

USA Today: "States give inmates access to personal data of others"
"WASHINGTON - Prisons in eight states let convicts work in jobs that give them access to Social Security numbers and other personal information for the public, despite years of warnings that the practice should end, a federal audit finds."

WSMV-TV Nashville: "Stolen Computer Puts Vanderbilt Students At Risk"
"NASHVILLE, Tenn. -- University officials said someone broke into a locked campus office Feb. 6 and stole a professor's desktop. The computer contained the names, Social Security numbers and the grades of 7,147 current and former students."

Boston Globe: "New data laws affect all businesses"
"Local business owner Paul Murphy, President of Paul T. Murphy Insurance, is offering a free one-hour workshop led by Paul Troisi of Troy Security Solutions to business owners who want to learn more about the regulations, known as 201 CMR 17.00. The law, which went into effect on March 1, requires all businesses that handle personal information to develop and implement a data security plan to safeguard the information from theft."

FOX News: "Cybercriminals Target Local Governments"
"A new trend has local governments on guard: global computer hackers stealing their money. It is happening across the country, local municipalities, town and village governments, school districts and counties becoming victims of cybercrime."

KrebsOnSecurity: "eBanking Victim? Take a Number."
"Over the past nine months, I have spent a substantial amount of time investigating and detailing the plight of dozens of small businesses that have had their bank accounts cleaned out by organized criminals. One of the most frequent questions I get from readers and from my journalist peers is, 'How many of these stories are you going to tell?' The answer is simple: As many as I can verify. The reason is just as plain: I'm finding that most small business owners have no clue about the threats they face or the liability they assume when banking online, even as the frequency and sophistication of attacks appears to be increasing."

New York Times: "How Privacy Vanishes Online, a Bit at a Time"
"Technology has rendered the conventional definition of personally identifiable information obsolete," said Maneesha Mithal, associate director of the Federal Trade Commission's privacy division. "You can find out who an individual is without it."

LoanSafe.org: "FDIC Offers 10 Tips for Safe Online Banking, Bill Paying and Shopping"
"The Winter 2009/2010 issue of FDIC Consumer News, published by the Federal Deposit Insurance Corporation, offers 10 ways to protect against theft and errors online. Other timely articles discuss overdraft costs, medical debts and small business financing. Here are examples of the tips and information in the latest newsletter."

PR Newswire: "First Annual Top Journalist of 2010 Awards Announced"
"Ten distinguished cyber security reporters received the 2010 Top Journalist Award at the RSA Conference in San Francisco. The winners, in order of most votes received, included Brian Krebs, formerly of washingtonpost.com, Robert McMillan of International Data Group, Kevin Poulsen of Wired, Tim Wilson of Dark Reading, Kim Zetter of Wired, Byron Acohido of USA Today, Keith Epstein of the Huffington Post, Dan Goodin of The Register, Siobhan Gorman of the Wall Street Journal and Robert Lemos."

Boston Globe: "New reports of data breaches - Thousands are left at risk in Mass."
"A number of companies, including Boston insurance giant John Hancock Financial Services, have in recent months reported stolen laptops and other breaches of data security, potentially exposing personal information about thousands of Massachusetts residents."

US_CERT: "Cyber Security Tip ST05-003 - Securing Wireless Networks"
"Because wireless networks do not require a wire between a computer and the internet connection, it is possible for attackers who are within range to hijack or intercept an unprotected connection. A practice known as wardriving involves individuals equipped with a computer, a wireless card, and a GPS device driving through areas in search of wireless networks and identifying the specific coordinates of a network location. This information is then usually posted online. Some individuals who participate in or take advantage of wardriving have malicious intent and could use this information to hijack your home wireless network or intercept the connection between your computer and a particular hotspot."

Internet Crime Complaint Center: "IC3 2008 Annual Report on Internet Crime Released"
"The Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Center (NW3C), released the 2009 Annual Report about fraudulent activity on the Internet today. Online crime complaints increased substantially once again last year, according to the report. The IC3 received a total of 336,655 complaints, a 22.3 percent increase from 2008. The total loss linked to online fraud was $559.7 million; this is up from $265 million in 2008."

CSO Online: "HSBC: Data Theft Incident Broader Than First Thought"
"HSBC said Thursday about 15,000 accounts of its Swiss private banking unit were compromised after an employee allegedly stole data, some of which ended up in the hands of French tax authorities."

SFGate: "LifeLock to pay $12 million to settle FTC, states' complaint"
"LifeLock, an Arizona company promising customers protection from identity theft, has agreed to pay US$12 million to settle charges that the company overstated its benefits and used "scare tactics" to gain subscribers. LifeLock, an Arizona company promising customers protection from identity theft, has agreed to pay US$12 million to settle charges that the company overstated its benefits and used "scare tactics" to gain subscribers."

Techworld: "How to protect your banking online - Practical steps to defend your transactions"
"Perhaps exacerbated by the global recession and shocks to the financial markets, cybercriminals have been targeting business bank accounts at increasing frequencies over the last year, catapulting the conversation about online banking security into corporate realms. With cybercriminals readjusting their focus from individual to much more lucrative business accounts, this disturbing trend is now getting the attention of authorities such as the FBI, FDIC, and Department of Homeland Security, and has been described by many as a leading cybercriminal trend for 2010."

SC Magazine: "Wyndham Hotels suffers another data breach"
"Wyndham Hotels and Resorts (WHR) recently revealed that it was the victim of another data breach after hackers broke into its computer systems and stole customer payment card data and other sensitive information."

eSchool News: "Netop Takes Affordable Endpoint Protection for Networked Computers to the Next Level; Updates to Netop ProtectOn Pro Include Enhanced Ease of Use, Support for Windows 7"
"With Netop ProtectOn Pro, network managers, particularly at schools and libraries, can be confident that their networks will run reliability and free from modifications and virus damage, no matter how many users log on every day," said Kurt Bager, CEO, Netop. "We developed these updates to our already popular endpoint protection software in response to specific requests from our customers who rely on it to keep their networks protected and up and running."

IDG News Service: "FDIC: Hackers stole more than $120M in three months from small businesses"
"Almost all of the incidents reported to the FDIC "related to malware on online banking customers' PCs," he said. Typically a victim is tricked into visiting a malicious Web site or downloading a Trojan horse program that gives hackers access to their banking passwords. Money is then transferred out of the account using the Automated Clearing House (ACH) system that banks use to process payments between institutions."

Bank Systems & Technology: "Most Banks Lack Key Data Privacy, Security Controls"
"According to the study, Privacy & Data Protection Practices: a Benchmark Study of the Financial Services Industry (which was sponsored by Compuware), the six areas of greatest vulnerability to privacy and data protection threats in financial organizations are: risk of a data breach, diminishment of customer loyalty and trust, malicious or negligent insiders, the risk of outsourcing sensitive and confidential data to third parties, and compliance with regulations (especially the Red Flags Rule)."

eSchool News: "Botnets continue to threaten campus networks"
"Web security experts say campus IT officials should stop using students' Social Security numbers as identifications, because about 5,900 known botnets have stolen valuable information from computers in many sectors, including higher education... Shadowserver, an organization that tracks botnet incidents in governments, education, and the private sector, unveiled the running tally of botnets days before security firm Symantec released a report March 2 showing a 5.5 percent hike in spam eMail last month, spurred mostly by botnets. Spam now accounts for 90 percent of all eMail sent within the U.S., Symantec said."

San Francisco Chronicle: "Five Tips to Keep Your Smartphone Safe"
"... as a BlackBerry smartphone owner, you need to do your part to keep your device, and all the information on it, secure; whether you're a corporate BlackBerry user on a BES or a BlackBerry Internet Service (BIS) customer, you can manage a number of quick and easy security safeguards on your own...and you'd be wise to do so if you'd prefer that personal and/or sensitive data on your device remains 'for your eyes only.'"

POUGHKEEPSIE JOURNAL: "Town's $378,000 cyber theft prompts city to insure funds"
"After computer hackers raided a Town of Poughkeepsie bank account and stole $378,000 in town funds, the City of Poughkeepsie will obtain cyber risk insurance to better protect its assets. ... The Common Council on Monday night at City Hall authorized the purchase of cyber insurance, with minimum coverage of $500,000."

FA News: "NEW LAW COULD MEAN ADDED SECURITY BURDEN FOR ADVISORS"
"The law, Massachusetts 201 CMR 17.00, establishes minimum standards for safeguarding personal information contained in both paper and electronic records. The law applies to any business or entity that owns or licenses, receives, stores, maintains, processes or otherwise has access to personal information. ... And that includes any broker-dealer or RIA with one or more clients in Massachusetts."

News & Record: "Hacker broke into Bennett College office computer"
"A Bennett College official said today that someone hacked a computer in the business office the weekend of Feb. 13, accessing personal information of potentially 1,100 employees and students."

PC World: "Data Theft Creates Notification Nightmare for BlueCross"
"Over the past five months, the company has employed a small army of workers to sort through the aftermath of what has proved to be a large and complex breach. Late last year, BlueCross and forensics company Kroll OnTrack employed 500 full-time workers and 300 part-time employees, working in two shifts, six days a week, to piece together what happened, the company said in a letter posted to the Maryland attorney general's Web site over the weekend."

The Courier: "NCISD student data exposed to public access"
"The personal information of dozens, possibly hundreds of New Caney Independent School District students was compromised when a technical support worker at GradeSpeed, a service provider contracted by the district to allow parents access to students' grades online through a program called GradeBook, accidentally posted a .cvs file containing student information on a server publicly accessible on the Internet."

eSecurity Planet: "Data Security Breach at Valdosta State University"
"Students and faculty members at Georgia's Valdosta State University joined the ranks of thousands of other colleges and university communities victimized by hackers in the past year when the school's IT department discovered someone broke into a server storing the personal data of more than 170,000 people."

eSchool News: "FCC survey shows need to teach internet basics"
"The federal government's plan to provide fast internet connections to all Americans will have to include some basic instruction in Web 101, a new survey reveals. According to the survey, nearly half of adults who don't subscribe to broadband say the internet is too dangerous for children-a finding that suggests policy makers and educators face a steep challenge in convincing much of the public of the benefits of broadband access."

Bank Systems & Technology: "IronKey Offers Device to Secure Corporate Online Banking"
"IronKey Trusted Access for Banking is a purpose-built application of the IronKey multifunction security device. Corporate banking customers plug it into a computer and enter their device password. Once the IronKey device is unlocked, its virtualized operating system automatically runs and a secure Web browser launches and goes directly to the bank's website. The locked-down Web browser is protected against malware from the host PC, and may also be configured to allow users to visit only specific websites."

KrebsOnSecurity: "[NH] IT Firm Loses $100,000 to Online Bank Fraud"
"A New Hampshire-based IT consultancy lost nearly $100,000 this month after thieves broke into the company's bank accounts with the help of 10 co-conspirators across the United States."

Washington Post: "Federal Trade Commission links wide data breach to file sharing"
"The consumer protection agency said it sent nearly 100 letters to organizations where information on customers and employees -- including health and financial data and Social Security and driver's license numbers -- leaked through peer-to-peer Web services. It warned that the security breaches could lead to identity fraud or theft, and it recommended that the groups review their policies and inform affected users."

CNNMoney.com: "Symantec 2010 State of Enterprise Security Study Shows Frequent, Effective Attacks on Worldwide Business"
"The study found that 42 percent of organizations rate security their top issue. This isn't a surprise, considering that 75 percent of organizations experienced cyber attacks in the past 12 months. These attacks cost enterprise businesses an average of $2 million per year. Finally, organizations reported that enterprise security is becoming more difficult due to understaffing, new IT initiatives that intensify security issues and IT compliance issues. The study is based on surveys of 2,100 enterprise CIOs, CISOs and IT managers from 27 countries in January 2010."

Bank Info Security: "Customer Vs. Bank: Who is Liable for Fraud Losses?"
"At first this court case was a curiosity: Experi-Metal Inc. (EMI), a Michigan-based metal supply company, sued Comerica Bank, claiming that the bank exposed its customers to phishing attacks. ... "It will establish who is liable in the U.S. - the bank or the customer - for fraud losses that result from phishing," says Tom Wills, Senior Analyst, Security, Fraud & Compliance, Javelin Strategy & Research. "

Boston Herald: "State to firms: Protect data"
"What we're trying to do is create a culture of security around personal information," said Barbara Anthony, undersecretary of the Office of Consumer Affairs and Business Regulation. "The information in our personnel files needs to be protected just as well as information in customer files, and Massachusetts' new law does that."

EarthTimes: "ColoSpace Announces Full Compliance with the New Massachusetts Data Security Regulations (201 CMR 17.00) Which Take Effect March 1, 2010"
"ColoSpace Announces Full Compliance with the New Massachusetts Data Security Regulations (201 CMR 17.00) which Take Effect March 1, 2010"

Valdosta State University News: "Valdosta State Issues Notification of Computer Breach"
"Joe Newton, director of Information Technology, said the breech was first detected on Dec. 11, 2009; however, unauthorized access dated back to Nov. 11, 2009. On Dec. 11, the university posted a news release that communicated the extent of the breach. http://www.valdosta.edu/news/releases/computer.121109 "

Bank Systems & Technology: "Botnet Affecting 2,500 Organizations Discovered"
"Analysts at NetWitness (Herndon, VA) announced today that they have discovered a new ZeuS botnet affecting 75,000 systems in 2,500 organizations around the world. The newly-discovered infestation, dubbed the "Kneber botnet" after the username linking the infected systems worldwide, gathers login credentials to online financial systems, social networking sites and email systems from infested computers and reports the information to miscreants who can use it to break into accounts, steal corporate and government information, and replicate personal, online and financial identities."

Bank Systems & Technology: "Fraud and ID Theft: Are One-Time Password Bank Cards the Answer?"
"Over the past few years, fraud and theft of corporate and consumer information have escalated dramatically, reaching devastating proportions worldwide. ... Simply put, the banking industry must quickly evolve its security practices to thwart unscrupulous fraud, and that evolution can only come by dramatically updating security methods to stronger, more current forms of authentication."

KrebsOnSecurity: "Hackers Steal $150,000 from Mich. Insurance Firm"
"Port Austin, Mich. based United Shortline Insurance Service Inc., an insurance provider serving the railroad industry, discovered on Feb. 5 that the computer used by their firm's controller was behaving oddly and would not respond. The company's computer technician scoured the system with multiple security tools, and found it had been invaded by "ZeuS", a highly sophisticated banking Trojan that steals passwords and allows criminals to control infected hosts remotely."

Computerworld: "Rogue PDFs account for 80% of all exploits, says researcher"
"Just hours before Adobe is slated to deliver the latest patches for its popular PDF viewer, a security firm announced that by its counting, malicious Reader documents made up 80% of all exploits at the end of 2009. ... According to ScanSafe of San Bruno, Calif., vulnerabilities in Adobe's Reader and Acrobat applications were the most frequently targeted of any software during 2009, with hackers' PDF exploits growing throughout the year."

Computerworld: "Update: Adobe issues emergency PDF patches"
"Researcher questions Adobe's patch delivery consistency"

Network Computing: "Enterprises Need to Pay More Attention to Data Privacy"
"Many enterprises are still under the delusion that they can do more or less what they want with individuals' personal information. The European Union, many states (including California with its data breach law), and now Massachusetts are attempting to disabuse them of that notion. But this situation is not only about how to achieve compliance with disparate laws; it should also be a wakeup call informing enterprises that they now have to manage information for more than what they consider to be their primary business processes."

Telegram.com: "[Massachusetts] ID security deadline draws near"
"Businesses large and small have only two weeks to comply with state anti-identity theft standards imposed after massive breaches and thefts of personal information and credit card and Social Security numbers. The new state regulations require businesses to encrypt sensitive personal information of employees and customers before it is transmitted over the Internet or put on portable computers, thumb drives or cell phones that can be lost or stolen."

CBS MoneyWatch: "Online Robbery: Hackers Steal $50,000. Bank Says 'Tough Luck'"
"It's every technophobe's nightmare, but this time its true. Some $50,000 was stolen from Fan Bao's online bank account by Croatian computer hackers and the bank told him that the loss is not their problem."

DarkReading: "New Banking Trojan Discovered Targeting Businesses' Financial Accounts"
"The new Bugat Trojan, which was discovered by researchers at SecureWorks, appears to be aimed at mostly business customers of large and midsize banks. It's built for attacks that hack automated clearinghouse (ACH) and wire transfer transactions for check and payment processing -- attacks in which U.S.-based SMBs and state and local governments are losing an average of $100,000 to $200,000 per day, according to data from Neustar."

SC Magizine: "Payroll processing firm Ceridian Corp. hacked"
"A hacker recently attacked the payroll processing firm Ceridian Corp. of Bloomington, Minn. and gained access to sensitive information of employees working at 1,900 companies nationwide. "

finextra.com: "Bank slammed after hackers steal $378,000 from Poughkeepsie"
"Officials from Poughkeepsie have criticised TD Bank after hackers broke into the US town's account, stole $378,000 and transferred it to the Ukraine."

Poughkeepsie Journal: "Town unsure if insurance will cover theft"
"Town Supervisor Patricia Myers said it appears insurance could cover some of the town's losses, "but it's minimal in this sort of thing." She said it is unclear if the town has data-breach insurance that might cover some of the losses."

Washington Post: "Commerce breach of personal data just the tip of the iceberg"
"Commerce Secretary Gary Locke, addressing the worries of department employees whose personal information was released on the Internet, told them Thursday, "These failures are simply unacceptable." "

eWeek.com: "House Passes Cyber-Security Act"
"The U.S. House of Representatives approved the Cyber-Security Enhancement Act Feb. 4 by a 422-5 vote. The bill reauthorizes several National Science Foundation cyber-security programs, providing $396 million in research grants over the next four years and calls for $94 million in cyber-security scholarships."

NY Daily News: "Cyber thieves swipe Columbia laptops, get info on 1,400"
"A break-in at Columbia University has put personal information - including Social Security numbers - of 1,400 students and alumni at risk, officials said Sunday. Three laptops carrying the vital information were swiped from a locked campus office Jan. 18."

Chicago Tribune: "Social Security numbers found lying in street"
"Hundreds of sensitive, intact documents including W-2 forms, investment account balances and job applications were inexplicably swirling around Touhy Avenue and Eastview Drive on Thursday afternoon. After being tipped to the airborne paper trail, the Tribune contacted some of the people and companies listed on the documents."

SearchSecurity.com: "MA 201 CMR 17 enforcement less likely with prompt reporting, cooperation"
"Any company that's broken into and there's potential access to personal information, regardless if it was stolen, should notify us." Scott D. Schafer, chief of the consumer protection division, Massachusetts Office of the Attorney General

Bank Systems & Technology: "Heartland Shares Lessons Learned from Its Data Breach"
"Heartland Payment Systems has gone from data breach victim to card data security expert. Although the card payment processor suffered a data breach in late 2008, lost 50 percent of its market cap shortly thereafter, and spent more than $32 million in legal fees, forensic costs, reserves for potential card brand fines and other related settlement costs, it has since designed and implemented an end-to-end encryption system that puts it ahead of many of its peers in terms of data security."

KrebsOnSecurity: "The Rise of Point-and-Click Botnets"
"According to Team Cymru, the number of Web-based botnets has continued to climb, doubling in number over the last six months. "This trend could be explained by the low cost of entry into the HTTP based botnet field: the kits are becoming more accessible and the easier user interface for HTTP botnets means that they are generally favored over more traditional control mechanisms." "

SC Magazine: "New attack against IE could expose all files on a victim's PC"
"Microsoft's popular Internet Explorer web browser suffers from several minor flaws, which, when combined, can allow an attacker to read all the files on a user's computer, according to researchers at penetration testing vendor Core Security Technologies. This new security issue came to light just days after Microsoft delivered an emergency patch to correct several other IE vulnerabilities, including at least one that was used in the recent attacks against more than 30 brand companies."

Computerworld: "Bank sues victim of $800,000 cybertheft"
"A Texas bank is suing a customer hit by an $800,000 cybertheft incident in a case that could test the extent to which customers should be held responsible for protecting their online accounts from compromises."

The Register: "StopBadware morphs into standalone non-profit"
"StopBadware, the anti-malware project started four years ago at Harvard University's Berkman Center for Internet and Society, has spread its wings and become a standalone nonprofit corporation. Google, PayPal and Mozilla provided initial (unspecified) funding to get StopBadware Inc up and running."

Bank Systems & Technology: "Three Ways to Deter Cyber Crime"
"The global economic costs of cyber crime are estimated at more than one trillion dollars and costs to the U.S. at about $8 billion ... products with built-in security are absolutely essential."

PC World: "Beware the Botnets"
"The cyber attacks against Google, Adobe and a raft of other top U.S. corporations late last year were by most accounts sophisticated and targeted attempts to steal proprietary data. But lost in all of the resulting media hoopla over who the remaining victims were and whether Chinese hackers or indeed the Chinese government itself were responsible is the simple, terrifying truth that individual hackers now have access to the same arsenal of cyber weapons once reserved only for nation states."

PC World: "'Trivial' Passwords Enabled Huge Hack"
"According to a new analysis of the hacked passwords, the most popular password used on the Rockyou site was '123456'. Ridiculously, the second most popular password was '12345' closely followed (in order) by '12345687', 'Password', 'iloveyou', 'princess', and the imaginative 'rockyou'."

10TV.com: "Personal Info Stolen From Columbus Health Workers"
"Hundreds of Columbus Public Health employees were notified Friday that personal information pertaining to some of them was stolen... Police said Friday afternoon they have a suspect who is an employee of Columbus Public Health, but no charges have been filed, 10TV's Lindsey Seavert reported."

Poughkeepsie Journal: "Myers: Town funds secure, investigation continuing"
"Supervisor Patricia Myers on Thursday assured residents the Town of Poughkeepsie's funds are secure - nine days after a computer hacker apparently breached a town bank account and stole an undetermined amount of money."

The Register: "Targeted attacks replace botnet floods in telco nightmares"
"Only one in five of the 132 senior telco security experts quizzed by DDoS security and network management specialists Arbor Networks reported the largest attacks they observed as lying within the one-to-four Gbps range last year, compared to 30 per cent in 2008. The most potent DDoS attacks recorded in 2009 hit 49Gbps, a relatively modest 22 per cent rise from the 40Gbps peak reached in 2008."

Insurance Business Review: "Philadelphia Insurance Launches New Cyber Security Liability product"
"Philadelphia Insurance Companies (PHLY) has introduced a new cyber security liability product for small and middle-market customers, which offers both first and third party coverages in one package."

Sag Harbor Express: "Online Security Breach at Suffolk County National Bank"
"On Monday, January 11, the company revealed the breach in a press release. According to the bank, Suffolk County National Bank (SCNB) "discovered through an internal security review that an unauthorized intruder accessd certain customers' Log In information via the computer server hosting SCNB's Online Banking system."

Los Angeles Times: "Chase bank seems a bit too loose with clients' data"
"One customer recently discovered that her information had not only been shared with another company but also that the file containing the information was inadvertently posted online for all to see."

Computerworld: "User Authentication No Longer Thwarts Online Bank Thieves"
"A Gartner analyst says banks need to take more steps to prevent online fraud, because cybercrooks are outmaneuvering current authentication techniques..."

KrebsOnSecurity: "Would You Have Spotted the Fraud?"
"This particular skimmer was found Dec. 6, 2009, attached to the front of a Citibank ATM in Woodland Hills, Calif. Would you have been able to spot this?"

The Tech Herald: "SCNB hit by breach - over 8,000 clear text credentials stolen"
"Suffolk Bancorp said that the 8,378 records accounted for less than ten percent of their customer base at SCNB, but failed to explain the reasoning for leaving such information on a server in the clear."

Wired News: "Google Hack Attack Was Ultra Sophisticated, New Details Show"
"We have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack," says Dmitri Alperovitch, vice president of threat research for McAfee. "It's totally changing the threat model."

Examiner.com: "Local [Shreveport] finance company throws personal documents in dumpster"
"Police say the documents came from SouthTrust Advisor's off Airline Road. The financial planning company has offices in Bossier City, Monroe and Slidell. SouthTrust would not comment on the documents."

HealthImaging: "Connecticut AG uses HITECH to sue over patient data breach "
"Connecticut Attorney General (AG) Richard Blumenthal announced Wednesday that he is suing Health Net of Connecticut for failing to secure private patient medical records and financial information involving 446,000 Connecticut enrollees and promptly notify consumers exposed by the security breach. Blumenthal also is seeking a court order blocking Health Net from continued violations of the Health Insurance Portability and Accountability Act (HIPAA) by requiring that any protected health information contained on a portable electronic device be encrypted."

Office Of Inadaquate Security: "FINRA notifies Lincoln National of security vulnerability"
"A vulnerability in the portfolio information system for broker-dealer subsidiaries of Lincoln National Corporation potentially exposed the records of 1,200,000 people, 18,900 of whom are New Hampshire residents."

abcNews.com: "Personal information of 15,000 Kaiser members leaked"
"Kaiser Permanente is warning 15,000 patients in Northern California that a laptop computer containing their personal information has been stolen. The theft happened in Sacramento on December 1st -- but the HMO didn't go public with details until this week."

Computerworld: "DDoS Attacks Are Back (and Bigger Than Before)"
"Distributed denial-of-service (DDoS) attacks are certainly nothing new. Companies have suffered the scourge since the beginning of the digital age. But DDoS seems to be finding its way back into headlines in the past six months, in thanks to some high-profile targets and, experts say, two important changes in the nature of the attacks."

The Register: "Hackers pluck 8,300 customer logins from bank server"
"Hackers have stolen the login credentials for more than 8,300 customers of small New York bank after breaching its security and accessing a server that hosted its online banking system. The intrusion at Suffolk County National Bank happened over a six-day period that started on November 18, according to a release (PDF) issued Monday."

InfoSecurity: "Massive cyber-fraud ring exposed"
"Nineteen individuals have been charged with conspiracy to commit wire fraud after the FBI alleged a cybercrime conspiracy costing victims more than $15 million. The fraud, said to run between March 2003 and July 2009, also targeted financial institutions, leasing companies, and power companies, insurance firms, and even web developers."

SC Magizine: "Malicious apps found in Google's Android online store"
"Rogue applications developed to steal banking credentials from users were discovered late last month in Google's Android Market online software store. The malicious programs were disguised as a legitimate mobile banking apps and were designed to steal users' online banking credentials, according to Oregon-based First Tech Credit Union, which posted a fraud alert about the threat on Dec. 22."

Chattanooga Times Free Press: "Customers alerted to BlueCross data breach"
"This week, BCBS will provide updated data to the public on exactly how many customers were exposed when 57 hard drives were pilfered in October from a storage closet at the insurer's Eastgate Town Center branch, said company spokeswoman Mary Thompson."

Campus Technology: "Penn State Malware Infections Expose Data on 30,000 People"
"Pre-Christmas malware infections have led Pennsylvania State University offices to notify nearly 30,000 people by mail about privacy breaches that may have exposed their personal information. The infections hit university computers in the Eberly College of Science (7,758 records), the College of Health and Human Development (6,827 records), and the Penn State Schuylkill campus (about 15,000 records)."

Couputerworld: "Chrome sets browser security standard, says expert"
"Dino Dai Zovi, a security researcher and co-author of The Mac Hacker's Handbook, believes that the future of security relies on "sandboxing," the practice of separating application processes from other applications, the operating system and user data."

KMTR.com: "Eugene [Oregon] School Dist. computers compromised"
"The Eugene 4J School District is trying to determine how hackers got into its servers and got access to staff records and personal information. The district's computer staff found the problem Monday, but they think the breach happened last week."

January 6, 2010
January 5, 2010
January 3, 2010
December 31, 2009
December 30, 2009
December 29, 2009
December 28, 2009
December 27, 2009
December 24, 2009 December 23, 2009 December 21, 2009 December 19, 2009 December 18, 2009 December 17, 2009 December 16, 2009 December 15, 2009 December 14, 2009 December 11, 2009 December 10, 2009 December 9, 2009 December 8, 2009 December 7, 2009 December 4, 2009 December 3, 2009

Gartner: "Where Strong Authentication Fails and What You Can Do About It"
"Fraudsters have been raiding user accounts by beating strong two-factor authentication methods. A layered fraud prevention approach can mitigate these attacks."

December 2, 2009 December 1, 2009 November 30, 2009 November 26, 2009 November 25, 2009 November 24, 2009 November 23, 2009 November 19, 2009 November 18, 2009 November 17, 2009 November 16, 2009 November 12, 2009 November 10, 2009 November 9, 2009 November 6, 2009 November 4, 2009 November 3, 2009 November 2, 2009 October 28, 2009 October 27, 2009 October 26, 2009 October 23, 2009 October 22, 2009 October 20, 2009 October 16, 2009 October 15, 2009 October 12, 2009 October 8, 2009 October 5, 2009 October 1, 2009 September 30, 2009 September 28, 2009 September 25, 2009 September 23, 2009 September 20, 2009 September 22, 2009 September 16, 2009 September 14, 2009 September 12, 2009 September 8, 2009 August 25, 2009 August 24, 2009 August 18, 2009 August 17, 2009 August 14, 2009 August 12, 2009 August 11, 2009 August 7, 2009 August 6, 2009 August 5, 2009 July 29, 2009 July 27, 2009 July 25, 2009 July 22, 2009 July 21, 2009 July 20, 2009 July 17, 2009 July 15, 2009 July 14, 2009 July 8, 2009 July 7, 2009 June 27, 2009 June 19, 2009 June 19, 2009 June 12, 2009 June 6, 2009 June 3, 2009 May 29, 2009 May 15, 2009 May 4, 2009 April 21, 2009 April 6, 2009 March 31, 2009 October 20, 2008 March 3, 2008 Sept 10, 2007 August 13, 2007 May 14, 2007 Apr 16, 2007 Mar 14, 2007 Feb 12, 2007 Jan 15, 2007 October 20, 2006

Site Search >>