Security News

• 2009
• 2008
• 2007
• 2006

Archives 2009

December 2009

• RockYou hack compromises 32 million passwords
• Ten 2010 IT Security Predictions
• Report: Russian gang linked to big Citibank hack
• Restaurants sue vendors after point-of-sale hack
• FBI: Rogue antivirus scammers have made $150M
• Hot security predictions for 2010
• The 2009 data breach hall of shame
• Botnet continues massive H1N1 malware campaign
• McAfee uncovers riskiest domains
• Top five security trends of the next decade

November 2009

• Web application security is growing problem for enterprises
• Are nations paying criminals for botnet attacks?
• Web application security efforts fall short, report shows
• Flash flaw puts most sites, users at risk, say researchers
• Botnets: 4 Reasons It's Getting Harder to Find and Fight Them
• 3 Basic Steps to Avoid Joining a Botnet
• Web application security is growing problem for enterprises
• Are nations paying criminals for botnet attacks?
• Shadowserver to take over as Mega-D botnet herder
• Feds: Top e-tailers profit from billion-dollar Web scam
• Security Vulnerabilities of Web Applications
• Web-application errors pose danger to enterprises
• Cenzic Web Application Security Trends Report Shows Increase in Hacker Attacks on Web Sites Exploiting Faults in Popular Web Browsers and Software
• How a Botnet Gets Its Name
• Eight indicted for $9 million hack
• Web Application Vulnerabilities Rise, Customers Still Ignore Them
• Durham Police website hacked by SQL injection
• FBI warns of $100M cyber-threat to small business
• Botnet authors crash WordPress sites with buggy code

October 2009

• Facebook spammer's $711M fine won't stop problem, analysts say
• After one year, Conficker infects 7M computers
• The Guardian: Up to half a million users may have been compromised
• The Magic Triangle of IT Security
• CalOptima says data on 68,000 members may be compromised
• Botnets contributing more than ever to click fraud
• Hijacked Web sites attack visitors
• Bahama botnet said to steal traffic from Google
• Opinion: Why application-layer defenses belong in the applications
• Exposing Bad Actor Sites That Support Cybercrime
• How dangerous could a hacked robot possibly be?
• Cyber criminals find new ways to attack
• After a few months' rest, SQL Web attack spreads anew
• Hacker leaks thousands of Hotmail passwords, says site
• Integrating WAFs And Vulnerability Scanners
• FBI Director Nearly Hooked in Phishing Scam, Swears Off Online Banking
• With botnets everywhere, DDoS attacks get cheaper
• Large online payroll service hacked
• Express Scripts: 700,000 notified after extortion
• Texas governor blames Web campaign flop on hackers

September 2009

• Drudge, other sites flooded with malicious ads
• Russian cybergangs make the Web a dangerous place
• Web server attacks, poor app patching make for nasty mix
• Phony Web sites
• 7 Reasons Websites Are No Longer Safe
• Five indicted in long-running cybercrime operation
• Opinion: No more excuses for SQL injection attacks

August 2009

• Cloud Security: Time to Smoke Another One?
• Revised Bill Still Gives Obama Unprecedented Cyber-security Powers
• Stolen Credit Card Data Goes for Cheap on Cyber-Black Market
• The Art of Creating Strong Passwords
• 57,000 Websites Compromised in Mass Attack, ScanSafe Reports
• Opinion: Botnets must die
• Could Google be tricked into talking to botnets?
• Is Your PC Bot-Infested? Here's How to Tell
• Cybercrooks increasingly target small business accounts
• SQL injection attacks led to Heartland, Hannaford breaches
• Radisson Hotels: Data breach affected 'limited' number of sites, guests
• Symantec identifies 'Dirtiest Web Sites of Summer'
• Managed security services all the rage
• Cyber-attacks on Georgia Show Need for International Cooperation, Report States
• Yelling ‘WebApp Firewall’ in a Crowded Data Center
• Patching Security Holes Lags as Vulnerabilities Increase
• Miami man indicted for massive credit hack
• Georgia cyberattacks linked to Russian organized crime
• Twitter used to manage botnet, says security expert
• Attacks on U.S., Korea Web sites leave a winding trail
• Social Networking and cyber attacks - is this our future?
• Web Application Vulnerabilities
• Cyber attackers empty business accounts in minutes
• Cyxymu DDoS denies Twitter, Facebook, LiveJournal service
• Web Application Firewall Implementation Strategies

July 2009

• Cloud-based security services should start private
• The Business of Botnets
• Report says U.S. government ill-equipped in cybersecurity
• Network Solutions warns merchants after hack
• Network Solutions breach exposes nearly 600,000
• Web Application Security 101: Protecting the Enterprise against Hackers
• CEOs underestimate security risks, survey finds
• E-commerce Fraud: The Latest Criminal Schemes
• Amateurs to Blame for DDoS Attacks
• Probe into cyberattacks stretches around the globe
• Analysis: Was North Korea behind the DDOS attack?
• Stopping cyber attacks: When are we going to learn?
• Cyber attack hits South Korean Web sites
• Lessons for Your Website from US, S. Korean Attacks
• Online attack hits US government Web sites
• Well-honed Attacks Sneak Under the Radar
• Hackers exploit second DirectShow zero-day using thousands of hijacked sites
• We're serious about cybersecurity this time, says U.S. official

June 2009

• Mission Impossible? A Plan to Secure the Federal Cyberspace
• T-Mobile confirms stolen data is genuine
• SquirrelMail open source project's web server hacked
• Obama's Cybersecurity Push: What It Means for CIOs
• Security Manager's Journal: We've been blind to attacks on our Web sites
• Bruce Schneier on eBay fraud
• Heartland CEO says data breach was 'devastating'
• Man made $112,000 in bank account hacking scheme
• U.S. Defense Secretary Orders Creation of Cyber Command
• ISP hit by SQL attack to affect over 100,000 websites
• Web Application Firewalls: How to Evaluate, Purchase and Implement
• Thousands of Web sites stung by mass hacking attack
• Dasient helps Web sites avoid blacklists, malware
• Hackers Hit 40,000 Websites with Mass Compromise
• Batteries.com, insurance firm report data breaches

May 2009

• Webmaster Security Threats for 2009
• Obama's Cyber-Security Plan: Deja Vu All Over Again
• Obama Says He Will Name National Cybersecurity Adviser
• Review: Malware-fighting firewalls miss the mark
• U.S. Cyberattack Console Aims to Turn Grunts into Hackers
• How Much Does Google Know About You
• Two critical XSS bugs on Barclays bank website
• UCSB researchers hijack Torpig botnet
• Update: 160,000 accounts breached at UC Berkeley
• DNS attack downs Internet in parts of China
• In China, $700 puts a spammer in business
• Little-Known Botnets Can Pose Biggest Threat
• Swedish Hacker Indicted for Attacking Cisco, NASA
• Web site offline as police, FBI investigate $10M extortion bid
• 'Hacker' threatens to expose health data, demands $10M
• Audit finds 700 high-risk vulnerabilities in air traffic systems
• Survey: Software flaws account for breaches at 62% of companies
• Two brothers among indictees in $4M spam case

April 2009

• We don't want to run U.S. cybersecurity efforts, NSA chief says
• New cybersecurity bill for electric grid readied
• Internet threats rise by two-thirds in April
• Why Web Attacks Are Rising
• Password Stealers Sit on Popular Download Sites
• Botnet operators may be able to profit from Conficker update
• Five Ways To Survive a Data Breach Investigation
• Botnets: Reasons It's Getting Harder to Find and Fight Them
• Report: U.S. needs 'transparent' policies for carrying out cyberattacks
• Software: The eternal battlefield in the unending cyberwars
• The fog of (cyber) war
• Internet warfare: Are we focusing on the wrong things?
• The Kilo-Day threat and mundane security
• Computer Spies Breach Fighter-Jet Project
• FBI used spyware to catch cable-cutting extortionist
• One bot-infected PC = 600,000 spam messages a day
• The FBI as an ethical hacker?
• Hackers break into Pentagon's fighter jet project
• Researcher wants hacker groups hounded mercilessly

March 2009

• Power grid is found susceptible to cyberattack
• Site Hacks, Fake Security Rakes in Serious Cash
• Conficker's next move a mystery to researchers
• Report links Russian intelligence to cyber attacks
• Businesses Lose More Than $1 Trillion in Intellectual Property Due to Data Theft and Cybercrime
• Expert: Hackers penetrating industrial control systems
• China becoming the world's malware factory
• Political cyberattacks to militarize the Web
• Beckstrom's resignation lifts lid on opposition to NSA's cybersecurity role
• What's behind the rash of university data breaches?
• NYPD faces ID theft risk after data stolen from pension fund
• Botnet ringleader gets four years in prison for stealing data from PCs
• Banks, credit unions begin to sue Heartland over data breach

February 2009

• Web site: More than 150 banks affected by Heartland data breach thus far
• Study: Hackers still driven by urge to vandalize Web sites
• Most Oracle database shops don't mandate use of security patches, survey says
• Study: Data breaches continue to get more costly for businesses
• SQL Injection Attacks Planting Malware on Web Sites Ranks #1
• SQL Injection Attacks Planting Malware on Web Sites
• Reported federal cyberattacks increasing
• Hackers steal thousands of Wyndham credit card numbers
• Fugitive hacker indicted for running VoIP scam
• Think like a hacker
• Opinion: Where is the government on cybersecurity?

January 2009

• With economic slump, concerns rise over data theft
• That's a Monster of a data breach
• Monster.com reports theft of user data
• What the Web knows about you
• Your digital fingerprints are left all over the Internet
• Heartland data breach sparks security concerns in payment industry
• Two big, bad botnets gone, but replacements step up
• Hackers deface NATO, U.S. Army Web sites
• CheckFree warns 5 million customers after hack
• Week of Security Predictions 2009 –Cisco’s “Top Trends to Expect in 2009”
• Week of Security Predictions 2009 - PandaLabs 2009 Security Predictions
• Data breaches rose sharply in 2008, study says