Skip the navigation

Cybercrime and Hacking Topic Center

Get the latest news and analysis on cybercrime and hacking

Cybercrime and Hacking News

Hackers steal user data from the European Central Bank website, demand money

Hackers have stolen user contact information, including email addresses and phone numbers, from the website of the European Central Bank and attempted to extort money from the institution.
Read more...

EBay faces class-action suit over data breach

EBay faces a class action suit in a U.S. federal court over a security breach earlier this year.

Arrests made after international cyber-ring targets StubHub

Six people have been indicted on charges of running an international ring that resold tickets bought through compromised StubHub accounts for some of New York's biggest concerts and sporting events.

File-encrypting Android ransomware 'Simplocker' targets English-speaking users

A ransomware threat that encrypts files stored on the SD memory cards of Android devices has been updated to target English-speaking users with FBI-themed alerts.

SQL injection flaw opens door for Wall Street Journal database hack

A vulnerability in a web-based graphics system led to a breach of The Wall Street Journal's network by a hacker, the newspaper acknowledged late Tuesday.

Goodwill Industries probes possible payment card breach

Goodwill Industries International said Monday federal authorities are investigating a possible payment card breach at its U.S.-based retail outlets.

Aloha point-of-sale terminal, sold on eBay, yields security surprises

Matt Oh, a senior malware researcher with HP, recently bought a single Aloha point-of-sale terminal -- a brand of computerized cash register widely used in the hospitality industry -- on eBay for $200.

Emergency vBulletin patch fixes SQL injection vulnerability

Developers of the popular vBulletin Internet forum software have issued emergency patches Wednesday in order to fix a SQL injection vulnerability that could allow attackers to read and manipulate information stored in the databases of vBulletin-based sites.

Feds declare big win over Cryptolocker ransomware

A status update filed in Pennsylvania by the U.S. Department of Justice said that both the Gameover Zeus botnet and Cryptolocker 'remained neutralized.'

How to sign up for Microsoft's restored security alert email service

Microsoft has restored service to its security advisory mailing list, but it has buried the sign-up form and made it hard to find.

Cybercrime and Hacking In Depth

How to protect yourself against privileged user abuse

The typical organization loses 5% of its revenues to fraud by its own employees each year, with most thefts committed by trusted employees in executive management, operations, accounting, sales, customer service or purchasing, according to the Association of Certified Fraud Examiners (ACFE). This type of malicious behavior by "privileged users" who have been given broad access to the company's computer assets has captured the attention of CIOs across the country.

Six ways to prevent a breach like the one at AT&T

A data breach like the one recently reported by AT&T demonstrates that security policies alone are only a paper tiger without the technological teeth to make sure they are enforced, experts say.

'Oleg Pliss' hack makes for a perfect teachable IT moment

Earlier this week, some iOS device owners woke up to discover that "Oleg Pliss" had hacked their iPhones and iPads and locked them up. The hack could have been worse, says Ryan Fass, which is why it's a good lesson in security that IT staffers should use.

U.S. set to charge Chinese military officials with hacking

The U.S. Department of Justice is preparing to charge Chinese military officials with hacking US companies to obtain trade secrets.

Evan Schuman: Killer robots? What could go wrong? Oh, yeah ...

The UN wants to talk about killer robots as 'conventional weapons.' Someone needs to learn the IT facts of life: If something can go wrong, it will.

Ira Winkler: My run-in with the Syrian Electronic Army

The hacker group dedicated to supporting Syria's dictator wasted an attack vector on trying to embarrass the writer. Will the SEA's handlers in the Syrian intelligence services approve of such immaturity?

CIO Discovers the 'Terrifying' Reality of Cloud Apps Running Wild

Rogue cloud services are ripping gaping holes in the security fabric of most companies, putting the CIO in a tough spot. But as the fallout from the Target attack shows, IT and business leaders will go down together if the breach hits the fan.

Evan Schuman: Resurrection of Full Disclosure mailing list is great news, if you're not a cyberthief

The alternatives to an independent list like Full Disclosure can't match it for stopping new cyberattack tactics.

Security Manager's Journal: Stopping vendors from making us a Target

The data breach suffered by Target could make it easier for our manager to make some needed changes in his company's vendor management processes.

The new security perimeter: Human Sensors

Security Manager George Grachis discusses the current cyber threat landscape and why Human Sensors, our users, are our most underutilized resource that can make all the difference