Skip the navigation

Cybercrime and Hacking Topic Center

Get the latest news and analysis on cybercrime and hacking

Cybercrime and Hacking News

Michaels breach exposes nearly 3M payment cards

About 2.6 million payment cards at Michaels Stores and another 400,000 at subsidiary Aaron Brothers may have been affected in a card skimming attack that compromised its point-of-sale systems, the retailer said Thursday.
Read more...

This Netcraft tool flags sites affected by Heartbleed

Worried about how the Heartbleed vulnerability may affect your personal accounts? A new tool may be of help.

Teen nabbed in Heartbleed attack against Canadian tax site

Canadian police have arrested a 19-year-old man for allegedly using the Heartbleed bug to steal data about taxpayers.

Rushed Heartbleed fixes may expose users to more attacks

In the race to protect themselves from the Heartbleed vulnerability, enterprises could be opening themselves up to new attacks if they aren't careful.

Google issues patch for Android icon permissions attack

Google has issued a patch for an attack that could lead an Android user to a phishing site, according to security vendor FireEye.

Data breaches nail more U.S. Internet users, who now want more regulation

More U.S. Internet users report they have been victims of data breach, while 80 percent want additional restrictions against sharing of online data, according to two surveys released Monday.

Heartbleed bug can expose private server encryption keys

Four researchers working separately have demonstrated a server's private encryption key can be obtained using the Heartbleed bug, an attack thought possible but unconfirmed.

Heartbleed flaw affects mobile apps, too

Android and IOS mobile applications are just as vulnerable to the Heartbleed bug as websites are, security vendor Trend Micro warned.

Nine charged with distributing Zeus malware

The U.S. Department of Justice has brought charges against nine alleged members of a criminal organization that distributed the Zeus Trojan used to steal millions of dollars from bank accounts nationwide.

After Heartbleed, Comodo cranks out new SSL certificates

Tens of thousands of new digital certificates have been issued by Comodo in the wake of the "Heartbleed" security flaw, which has put Internet users' data at risk.

Cybercrime and Hacking In Depth

Evan Schuman: Resurrection of Full Disclosure mailing list is great news, if you're not a cyberthief

The alternatives to an independent list like Full Disclosure can't match it for stopping new cyberattack tactics.

Security Manager's Journal: Stopping vendors from making us a Target

The data breach suffered by Target could make it easier for our manager to make some needed changes in his company's vendor management processes.

The new security perimeter: Human Sensors

Security Manager George Grachis discusses the current cyber threat landscape and why Human Sensors, our users, are our most underutilized resource that can make all the difference

Security Manager's Journal: Thousands of dollars in phone calls? Management hates that.

Problem arose after a consultant made a configuration change, opening up control ports to the Internet, with no authentication required.

Everything You Know About Enterprise Security Is Wrong

Whether you're talking about your network, your company's building or your home, a perimeter approach to security is no longer adequate. As McAfee discussed at this week's RSA Conference, you can't provide physical or electronic security simply by trying to prevent authorized access -- you have to rethink all types to security to protect data and lives.

How to Test the Security Savvy of Your Staff

How do you know your employees retain what you teach them in company-required security awareness training? You don't -- unless you regularly test their security savvy and effectively address their mistakes during post-test follow-up sessions.

McAfee Offers Global Response to Nationalized Malware

In medieval times, kings let barbarians break down the castle gates but made sure they paid the price once they got inside. McAfee's approach to security takes a similar approach -- since data breaches are inevitable, companies should worry less about the perimeter and more on catching the bad guys in the act.

Tech Industry Praises Cybersecurity Framework From White House

Leaders of the tech sector laud the Obama administration's rollout of voluntary cybersecurity guidelines, but broader private-sector adoption could remain a challenge.

Ira Winkler: 6 failures that led to Target hack

The storyline that a single point of failure allowed a sophisticated attacker to steal millions of card numbers from Target just doesn't hold up.

Security Manager's Journal: Cyberattacks just got personal

Recent data breaches suggest that retailers are security laggards, but the professionalism of the attacks should worry just about anyone.