Microsoft warned today that attackers are targeting a previously unknown security vulnerability in some versions of Microsoft Office and Windows. The company also has shipped an interim “Fix-It” tool to blunt attacks on the flaw until it has time to develop and release a more comprehensive patch.
A hacker break in at a U.S. company that brokers reservations at limousine and Town Car services nationwide has exposed the personal and financial information on more than 850,000 well-heeled customers, including Fortune 500 CEOs, lawmakers, and A-list celebrities.
Over the past several weeks, a handful of frantic Microsoft Windows users have written in to ask what they might do to recover from PC infections from “CryptoLocker,” the generic name for an increasingly prevalent and nasty strain of malicious software that encrypts your files until you pay a ransom. Unfortunately, the answer for these folks is usually either to pay up or suck it up. This post offers a few pointers to help readers avoid becoming the next victim.
The recent data breach at Adobe that exposed user account information and prompted a flurry of password reset emails impacted at least 38 million users, the company now says. It also appears that the already massive source code leak at Adobe is broadening to include the company’s Photoshop family of graphical design products.
In the wake of revelations that credit bureau Experian sold consumer data to the proprietors of an underground identity theft service, a powerful U.S. senator is calling on the company to divulge more information on the extent of the potential damage to consumers.
An identity theft service that sold Social Security and drivers license numbers — as well as bank account and credit card data on millions of Americans — purchased much of its data from Experian, one of the three major credit bureaus, according to a lengthy investigation by KrebsOnSecurity.
Earlier this year, hackers broke into the networks of marketing and press release distribution service PR Newswire, making off with usernames and encrypted passwords that customers use to access the company’s service and upload news releases, KrebsOnSecurity has learned. The stolen data was found on the same Internet servers that housed huge troves of source code recently stolen from Adobe Systems. Inc., suggesting the same attackers may have been responsible for both breaches.
Oracle has released a critical security update that fixes at least 51 security vulnerabilities in its Java software. Patches are available for Linux, Mac OS X, Solaris and Windows versions of the software.
Attackers appear to have compromised tens of thousands of Web sites using a security weakness in sites powered by the forum software vBulletin, security experts warn.
Scam artists who deploy credit and debit card skimmers most often target ATMs, yet thieves can also use inexpensive, store-bought skimming devices to compromise modern-day cash registers. Just this past weekend, for instance, department store chain Nordstrom said it found a half-dozen of these skimmers affixed to registers at a store in Florida.
