Target Ignored Data Breach Alarms
3/14/2014Target's security team reviewed -- and ignored -- urgent warnings from threat-detection tool about unknown malware spotted on the network.
Post a Comment
Author
Profile of Mathew J. Schwartz
Blog Posts: 1609Mathew Schwartz is a freelance writer, editor, and photographer, as well the InformationWeek information security reporter.
Articles by Mathew J. Schwartz
Target's security team reviewed -- and ignored -- urgent warnings from threat-detection tool about unknown malware spotted on the network.
Post a Comment
Samsung Galaxy Security Alert: Android Backdoor Discovered
3/13/2014Samsung's flavor of Android has a backdoor that can be remotely exploited by attackers, Android developers warn.
Post a Comment
Bitcoin, Meet Darwin: Crypto Currency's Future
3/12/2014First-movers rarely survive, but some experts see a real future for government-issued crypto currency.
Post a Comment
Experian ID Theft Exposed 200M Consumer Records
3/11/2014ID theft ring sold access to database with 200 million consumers' private data to 1,300 criminals.
Post a Comment
Mt. Gox Chief Stole 100,000 Bitcoins, Hackers Claim
3/10/2014Cryptocurrency aficionados' ire stoked by leaked accounts showing 100,000 bitcoins remain missing.
Post a Comment
Target CIO's Resignation: 7 Questions
3/6/2014After the data breach, why didn't the buck stop with PCI assessors or CEO? Search for accountability reveals flawed system, much finger-pointing.
Post a Comment
Apple iOS Vulnerable To Hidden Profile Attacks
3/6/2014Unpatched flaw in iOS enables malicious profile users to secretly control devices and intercept data.
Post a Comment
Bitcoin Heists Cause More Trouble
3/5/2014Attackers continue to pummel bitcoin "banks," exchanges, and crypto-currency users themselves via malware that steals virtual wallets.
Post a Comment
Malware-Lobbing Hackers Seize 300,000 Routers
3/4/2014Hackers launch scam and malware campaigns after compromising a variety of routers running firmware with known vulnerabilities.
Post a Comment
Mt. Gox Bitcoin Meltdown: What Went Wrong
3/3/2014Transaction malleability attacks and cold-storage software bugs both cited after nearly $500 million worth of bitcoins vanish.
Post a Comment
Fresh Target Breach Cards Hitting Black Market
2/28/2014A Bitcoin-powered marketplace is selling stolen card data in small batches, offering card validity guarantees, an RSA presentation reveals.
Post a Comment
IBM Software Vulnerabilities Spiked In 2013
2/27/2014Most code flaws still involve non-Microsoft products, and overall patching speed has improved, study presented at RSA conference finds.
Post a Comment
Apple Patches Mavericks SSL Flaw: Update Now
2/26/2014Security update patches "goto fail" flaw that enables attackers to intercept communications, but won't help the 23% of Macs running older OS X.
Post a Comment
Apple SSL Vulnerability: 6 Facts
2/25/2014SSL vulnerability that's been patched in iOS -- but not yet for OS X -- lets attackers intercept email and FaceTime communications, plus push malicious software updates.
Post a Comment
Healthcare Devices: Security Researchers Sound Alarms
2/24/2014Default usernames, weak passwords, and widespread Windows XP Embedded systems are cause for concern, SANS Institute researchers say.
Post a Comment
WebView Exploit Affects Most Android Phones
2/19/2014Critical bug affects devices running Jelly Bean (4.2) and earlier Android OSs, including fully updated versions of Google Glass, says Metasploit.
Post a Comment
Bye, Bitcoin: Criminals Seek Other Crypto Currency
2/18/2014Law enforcement crackdowns, hack attacks, and market volatility drive Russian fraudsters to mint their own virtual currency systems.
Post a Comment
Snowman Attack Campaign Targets IE10 Zero-Day Bug
2/14/2014Military personnel appear to be the targets of watering-hole attacks from a hacked VFW website.
Post a Comment
Target Breach: Phishing Attack Implicated
2/13/2014Report suggests malware-laced email attack on Target's HVAC subcontractor leaked access credentials for retailer's network.
Post a Comment
Bitcoin Exchanges Buckle Under DDoS Attacks
2/12/2014Mutant transaction attacks trigger trading halts at major exchanges. Also, new bitcoin-seeking Trojan targets Mac users.
Post a Comment
DDoS Attack Hits 400 Gbit/s, Breaks Record
2/11/2014A distributed denial-of-service NTP reflection attack was reportedly 33% bigger than last year's attack against Spamhaus.
Post a Comment
Florida Sting Nabs Alleged Bitcoin Money Launderers
2/10/2014Florida undercover agents posed as fraudsters seeking to convert cash -- supposedly from stolen credit cards -- into the anonymous, cryptographic currency.
Post a Comment
Data Breach Notifications: Time For Tough Love
2/7/2014Target and Neiman Marcus came clean quickly about their data breaches, but most business don't. It's time for standards -- and fines.
Post a Comment
Target Breach: HVAC Contractor Systems Investigated
2/6/2014Hackers may have used access credentials stolen from refrigeration and HVAC system contractor Fazio Mechanical Services to gain remote access to Target's network.
Post a Comment
Hotel Company Investigates Data Breach, Card Fraud
2/5/2014White Lodging, which manages 168 hotels under Hilton, Marriott, and Sheraton brand names, is investigating a suspected credit and debit card breach.
Post a Comment
British Spies Hit Anonymous With DDoS Attacks
2/5/2014British cyber agents attacked Anonymous chat rooms, leaked intelligence documents show.
Post a Comment
Google Sounds Chrome Browser Hijack Alarm
2/4/2014Chrome users also face subtle attacks, including Chrome extensions that inject unwanted advertisements.
Post a Comment
Yahoo Mail Passwords: Act Now
1/31/2014Yahoo suffers hack attack, eyes third-party database and reused credentials as likely culprits, may enforce two-factor authentication to help users recover accounts.
Post a Comment
Target Hackers Tapped Vendor Credentials
1/30/2014Investigators suspect that BMC software, Microsoft configuration management tools, and SQL injection were used as hacking tools and techniques in Target's massive data breach.
Post a Comment
Angry Birds Site Toppled After Surveillance Report
1/29/2014Syrian Electronic Army ally allegedly defaces Rovio's Angry Birds website over reports that company shared user data with US and UK surveillance agencies.
Post a Comment
Feds Arrest Bitcoin Celebrity In Money Laundering Case
1/28/2014Bitcoin Foundation vice chair Charlie Shrem accused of changing $1 million into bitcoins for users of Silk Road marketplace.
Post a Comment
Michaels Stores Investigates Data Breach
1/27/2014Arts-and-crafts retailer goes into damage-control mode after banks report fraud possibly tied to shoppers' credit cards.
Post a Comment
Target Breach: Why Smartcards Won’t Stop Hackers
1/24/2014"Chip and PIN" smartcard adoption in the United States is long overdue. But the security improvement wouldn't have stopped Target’s BlackPOS malware attackers.
Post a Comment
China Blames Massive Internet Blackout On Hackers
1/23/2014Evidence about the 45-minute outage points to botched censorship operation, not hackers, security experts say.
Post a Comment
Target Breach: 5 Unanswered Security Questions
1/22/2014Investigators have yet to explain how Target was hacked, whether BlackPOS malware infected its payment servers, and whether the same gang also struck other retailers.
Post a Comment
Target, Neiman Marcus Malware Creators Identified
1/21/2014Eastern European team developed memory-scraping Kaptoxa (BlackPOS) malware, sold it at least 40 times, says cyber-intelligence firm.
Post a Comment
Target Malware Origin Details Emerge
1/17/2014Kaptoxa POS malware cited as culprit behind sophisticated, two-stage operation that moved 11 GB of stolen Target data via FTP to a hijacked server in Russia.
Post a Comment
Microsoft Delays Windows XP Antivirus Doomsday
1/16/2014Security Essentials for XP gets 15-month extension, but some antivirus vendors promise updates through 2017 and beyond.
Post a Comment
Java 'Icefog' Malware Variant Infects US Businesses
1/15/2014APT attack campaign uses tough-to-detect Java backdoor to compromise US oil company and two other organizations.
Post a Comment
Target Breach: 8 Facts On Memory-Scraping Malware
1/14/2014Target confirmed that malware compromised its point-of-sale systems. How does such malware work, and how can businesses prevent infections?
Post a Comment
Neiman Marcus, Target Data Breaches: 8 Facts
1/13/2014A cyberattack campaign, likely coordinated, breached data from Target, Neiman Marcus, and at least three other retailers.
Post a Comment
Target Breach Widens: 70 Million Warned
1/10/2014Target discovers that personal information -- including names and contact information -- for 70 million customers was compromised in recent data breach.
Post a Comment
NSA Fallout: Why Foreign Firms Won’t Buy American Tech
1/10/2014Mounting evidence points to billions of dollars in lost US business thanks to the NSA's collect-everything mindset.
Post a Comment
9 Security Experts Boycott RSA Conference
1/8/2014Several leading security experts have pulled out of the RSA conference over unanswered questions concerning the NSA's $10 million payment to RSA.
Post a Comment
Beware PowerLocker Ransomware
1/7/2014Chatter on underground forums traces development of Blowfish-based shakedown malware that encrypts infected PCs.
Post a Comment
Yahoo Ads Hack Spreads Malware
1/6/2014Millions of users exposed to drive-by malware attacks that targeted Java bugs to install six types of malicious code.
Post a Comment
7 InfoSec Predictions For 2014: Good, Bad & Ugly
1/3/2014First, the bad news: Windows XP doomsday, escalating ransomware, botnet-driven attacks, emerging SDN threats. The good news: Threat intelligence goes mainstream.
Post a Comment
9 Notorious Hackers Of 2013
12/27/2013This year's hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state-sponsored groups.
Post a Comment
RSA Denies Trading Security For NSA Payout
12/23/2013EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access.
Post a Comment
Target Breach: 10 Facts
12/21/2013Experts advise consumers not to panic as suspicion falls on point-of-sale terminals used to scan credit cards.
Post a Comment
FBI Traces Harvard Bomb Hoax To Undergrad
12/20/2013The FBI says a Harvard undergrad's decision to access Tor over the university's wireless network helped unmask an alleged sender of bomb threats.
Post a Comment
7 Reasons Why Bitcoin Attacks Will Continue
12/19/2013Cryptographic currency's rising value makes it an appealing target for cybercrime gangs and crimeware toolkit developers.
Post a Comment
Target Confirms Hackers Stole 40 Million Credit Cards
12/19/2013Hackers' 19-day heist scoops up all ingredients required to make counterfeit cards.
Post a Comment
Bitcoin Hit By Gameover Malware, Chinese Crackdown
12/18/2013China gets tough with exchanges trading Bitcoins, while new malware variant targets Bitcoin customers.
Post a Comment
'ChewBacca' Malware Taps Tor Network
12/18/2013Malicious Trojan sporting a Star Wars theme uses Tor anonymizing network to disguise its command-and-control communications.
Post a Comment
Android AV Improves But Still Can't Nuke Malware
12/17/2013Google doesn't let Android antivirus app makers automatically quarantine and zap malware. Until then it's up to users to stay on their toes to prevent infection.
Post a Comment
Is Mob-Busting RICO Overkill For Combating Cybercrime?
12/17/2013The milestone conviction of 22-year-old David Camez for his participation in a Russian-run "carder" forum raises legitimate questions about the role of RICO in taking down cybercrime.
Post a Comment
Advanced Power Botnet: Firefox Users, Beware
12/16/2013Malicious Firefox plugin scans websites for exploitable SQL injection vulnerabilities.
Post a Comment
NSA's Malware Heroics Questioned By Security Experts
12/16/2013NSA says it thwarted a nation state's BIOS-bricking malware plot, but info security and privacy experts say the agency is trying to snow the American public.
Post a Comment
Energy Department Breach Years In Making, Investigators Say
12/13/2013July data breach that affected up to 150,000 employees traces back to a string of managerial and technical failures, investigators conclude.
Post a Comment
Why Fed Cybersecurity Reboot Plan Fails To Convince
12/13/2013Does a presidential commission's hodgepodge analysis and suggestions for improving federal cybersecurity tells us anything we didn't already know?
Post a Comment
Zeus Banking Malware Gets 64-Bit Facelift
12/12/2013Crimeware toolkit developers follow the money, build new features into the notorious banking malware.
Post a Comment
Cybercrime Milestone: Guilty Verdict In RICO Case
12/12/2013Prosecutors use law designed to take down mobsters to fight online crime.
Post a Comment
Microsoft Patches Windows, Office, IE, SharePoint
12/11/2013Microsoft fixes include patch for in-the-wild Office 365 token-grabbing attack that enabled silent eavesdropping.
Post a Comment
NSA Tracks Targets With Google Cookies
12/11/2013Leaked NSA documents indicate it uses Google's advertising cookies to track targets for offensive hacking.
Post a Comment
6 Tips To Secure Webcams, Stop Keyloggers
12/10/2013If the FBI can activate webcams silently and record keystrokes, so can attackers. Here's how to defend yourself.
Post a Comment
Microsoft Fails To Nuke ZeroAccess Botnet
12/10/2013Attacks may be down, but 62% of the malicious infrastructure, along with the P2P communications channel, is alive and well.
Post a Comment
DARPA Crowdsources Bug-Spotting Games
12/9/2013DARPA debuts five different puzzle games to test whether players can spot mathematical flaws in open-source code used by the Defense Department.
Post a Comment
China Slams Bitcoins: What's Next?
12/7/2013Chinese central bank prohibits the country's financial institutions from touching bitcoins, but plans regulation. Cue further trouble for the crypto-currency?
Post a Comment
JPMorgan Chase Catches Heat On July Breach
12/6/2013The July breach may have exposed cardholders' personal information -- so why did the bank wait more than 2 months to notify state officials and affected customers?
Post a Comment
Juniper Mobile VPN Client Taps iOS Security Changes
12/6/2013Apple iOS 7 and Android via Samsung add per-app VPNs, which businesses can apply to better secure employees' mobile devices.
Post a Comment
NSA Fallout: Microsoft Rethinks Customer Data Controls
12/5/2013Fallout over NSA surveillance drives Microsoft to promise widespread security and privacy improvements. But do they go far enough?
Post a Comment
2 Million Stolen Passwords Recovered
12/5/2013The stash includes purloined Facebook, Google, Twitter, and Yahoo access credentials. Researchers promise to help people who were affected.
Post a Comment
Bitcoin Password Grab Disguised As DDoS Attack
12/4/2013Attacks against bitcoin users continue, as online forum Bitcointalk.org warns users their passwords might have been stolen in distributed denial of service hack.
Post a Comment
Hardware Hacker Demos Zombie Drone Hijacker
12/4/2013The SkyJack drone automatically seeks out and hijacks other nearby Parrot drones. Will this mean trouble for Amazon's planned drone delivery fleet?
Post a Comment
Do Antivirus Companies Whitelist NSA Malware?
12/4/2013Microsoft, Symantec, and McAfee fail to respond to a transparency plea from leading privacy and security experts.
Post a Comment
IT Jobs Outlook: Salary, Training Spending Rise
12/3/2013Increased spending on salaries, training, and budgets puts IT in a "sweet spot for employment and investment," says latest Society for Information Management data.
Post a Comment
Windows XP Zero-Day Vulnerability Popular
12/2/2013Attackers use malicious PDF documents to exploit bug in Windows XP and Windows Server 2003 and take full control of vulnerable systems.
Post a Comment
Happy Hour 'Virus' Promises Respite From Work
12/2/2013Need a little extra time off? Ad campaign offers fake virus attack on your computer's screen.
Post a Comment
Android Security: 8 Signs Hackers Own Your Smartphone
11/29/2013Security experts share tips on how to tell if attackers are in control of your Android smartphone.
Post a Comment
NSA Surveillance Fallout Costs IT Industry Billions
11/27/2013Analysts predict US tech companies may lose $180 billion by 2016 due to international concerns about intelligence agencies' spying.
Post a Comment
Bitcoin Thefts Surge, DDoS Hackers Take Millions
11/27/2013Cryptographic currency's massive rise in value leads to a corresponding increase in online heists by criminals seeking easy paydays.
Post a Comment
Microsoft Office 365 Encrypted Email On Tap
11/26/2013Microsoft Office 365 Message Encryption feature will encrypt all messages by default, though recipients will need an Office 365 or Microsoft Account ID to read the mail.
Post a Comment
Dataium Settles Browser History Sniffing Charges
11/26/2013The car buyer tracking firm was accused of using JavaScript to illegally identify websites visited by 181,000 named consumers, and selling harvested information.
Post a Comment
NSA Surveillance Infected 50,000 PCs With Malware
11/25/2013Leaked document details agency's "implants," satellite intercepts, joint CIA eavesdropping operations, and embassy-based monitoring programs abroad.
Post a Comment
LG Admits Smart TVs Spied On Users
11/22/2013LG admits it collected information on consumers' viewing habits, promises firmware update to honor opt-out requests.
Post a Comment
Google Settles With State AGs On Privacy
11/22/2013Google agrees to pay $17 million to 37 states to settle claims it circumvented cookie-blocking controls in Apple's Safari browser.
Post a Comment
'i2Ninja' Trojan Taps Anonymized Darknet
11/21/2013New malware being sold via underground Russian cybercrime markets uses decentralized, anonymizing P2P system.
Post a Comment
Close HealthCare.gov For Security Reasons, Experts Say
11/20/2013Testifying before the House technology committee, four security experts advise would-be HealthCare.gov users to steer clear of the site, pending security improvements.
Post a Comment
Cupid Concedes January Hack, 42 Million Passwords Stolen
11/20/2013Separately, Github forces some users to reset weak passwords following a rapid attack launched via 40,000 IP addresses.
Post a Comment
Mobile App Security: 5 Frequent Woes Persist
11/20/2013HP Fortify study finds five frequent problems that make mobile apps vulnerable, recommends simple-to-implement information security fixes.
Post a Comment
iPhone Photo Leads To Cybercrime Arrest
11/19/2013The FBI uses an iPhone photo to nab six members of a cybercrime ring accused of stealing $45 million via ATMs.
Post a Comment
vBulletin.com Hacked, Customer Data Stolen
11/18/2013"Inj3ct0r Team" hackers claim they employed vBulletin zero-day bug to take down both vBulletin.com and MacRumors, offer to sell related exploit.
Post a Comment
FBI Blames Federal Hacks On Anonymous Campaign
11/18/2013A British suspect is accused of attacking numerous government agencies, including the U.S. Army and NASA.
Post a Comment
Facebook Forces Some Users To Reset Passwords
11/17/2013Facebook is asking users whose passwords might have been exposed on other sites to change their passwords to access the social network.
Post a Comment
Kelihos Botnet Thrives, Despite Takedowns
11/17/2013Fast flux infrastructure and Windows XP infections continue to keep the botnet alive.
Post a Comment
4 Lessons From MongoHQ Data Breach
11/15/2013Security experts urge companies to implement two-factor authentication, VPNs, and graduated permission levels to better protect customer data from hackers.
Post a Comment
Microsoft May Encrypt All Server-To-Server Communications
11/15/2013Microsoft admits it doesn't encrypt all server-to-server communications, opening the way for the NSA and others to access the data flow.
Post a Comment
Obamacare Website Suffers Few Hack Attacks
11/15/2013Affordable Care Act site has faced a relatively low volume of attacks, compared with other federal websites.
Post a Comment
LinkedIn Lesson: Detail Security First, Feature Fest Second
11/15/2013Memo to businesses with an information security trust deficit: Prove how you're going to keep our data secure.
Post a Comment
The next wave in APM
Find out how to get the benefits of application monitoring while avoiding the complexity and
performance headaches.
White Papers
Current Issue
Video
Slideshows
Twitter Feed
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.
- Featured UBM Tech Sites
- InformationWeek |
- Network Computing |
- Dr. Dobbs |
- Dark Reading
- Our Markets:
- Business Technology |
- Electronics |
- Game & App Development
- Working With Us:
- Advertising Contacts |
- Event Calendar |
- Tech Marketing Solutions |
- Corporate Site |
- Contact Us / Feedback
Tweet This