Stories by Jeremy Kirk

Google+

Shellshock flaw could pose risks to payments industry

The "Shellshock" flaw has the potential to pose a risk to the payments industry, but doesn't appear to have caused any problems yet, an official with a consortium run by major credit card companies warned on Tuesday.

EPIC seeks enforcement action over Arizona data breaches

A privacy watchdog filed a complaint with the Federal Trade Commission against a community college district in Arizona that lost the personal data of 2.5 million students and employees in two data breaches.

Apple patches Bash vulnerability in OS X

Apple released a patch Monday for Shellshock, a serious software vulnerability disclosed last week, although the company had said it posed no risk to most users.

Two scenarios that would make OS X vulnerable to the Shellshock bug

Apple's OS X is vulnerable to the Shellshock bug, but it's not that easy for attackers to take advantage of it, according to Intego, which specializes in security software for the operating system.

Malicious advertisements distributed by DoubleClick, Zedo networks

Two online advertising networks, Google's DoubleClick and Zedo, have been delivering malicious advertisements that could install malware on a person's computer, according to the security vendor Malwarebytes.

Google to turn on encryption by default in next Android version

Google is turning on data encryption by default in the next version of Android, a step that mirrors broad moves in the technology industry to ensure better data security.

CloudFlare can provide its caching service without your SSL keys

CloudFlare said it has engineered a novel way to handle sensitive encryption keys that allows organizations such as financial institutions to still use its caching service to fend off cyberattacks.

Encryption goof fixed in TorrentLocker file-locking malware

The developers of a type of malicious software that encrypts a computer's files and demands a ransom have fixed an error security experts said allowed files to be recovered without paying.

US military unaware of Chinese attacks against transport contractors

The U.S. Defense Department plans to tighten reporting of cyber incidents against transportation contractors after the military found it was mostly left in the dark about successful attacks from China, according to a Senate report.

Apple turns on iCloud two-step verification after nude selfie scandal

Apple on Tuesday began offering an additional security protection for iCloud account users, a move the company made following the theft of nude photos from several celebrities' accounts last month.

Hackers accessed Goodwill hosting provider for 18 months before card breach

Hackers evaded security systems for a year-and-a-half at a hosting center that processed payment cards for Goodwill Industries, using the same type of malware that struck Target and other major retailers to steal card data, according to the charity's software vendor.

'Tiny banker' malware targets US financial institutions

A banking trojan, known for its small size but powerful capabilities, has expanded the number of financial institutions it can collect data from, according to security vendor Avast.

Data loss detection tool mines the ephemeral world of 'pastes'

It's not easy to figure out if your data has been collected by hackers, but an online tool has been expanded to hunt through one of the most prolific sources of leaked data, known as "pastes."

Sprint, Windstream traffic routing errors hijacked other ISPs

Internet traffic routing errors made by U.S. operators Sprint and Windstream on the same day last week underscore a long-known Internet weakness, posing both security and reliability issues.

CTO for Liberty Reserve payment network pleads guilty

The CTO of a Costa Rica-based payment network that U.S. prosecutors allege primarily served the cybercriminal underworld pleaded guilty on Thursday to one count of conspiring to operate an unlicensed money transmitting business.