News

• Security researcher urges IT managers to keep up with SAP patches

  More than 95 percent of over 600 SAP systems tested by security firm Onapsis were vulnerable to espionage, sabotage and fraud, mainly because patches had not been applied, according to a researcher.

• Banking malware monitors victims by hijacking webcams and microphones, researchers say

  A new variant of SpyEye malware allows cybercriminals to monitor potential bank fraud victims by hijacking their webcams and microphones, according to security researchers from antivirus vendor Kaspersky Lab.

• Outsourcing Allows Utility to Refocus IT

  Consumers Energy has hired an outsourcer to take over some of its day-to-day IT operations, and it hopes the move will allow its own data center workers to focus on projects that directly impact its bottom line.

• UNC Charlotte: 350,000 SSNs exposed in decade-long data breach

  Two issues exposed financial data and Social Security numbers for 350,000 people, although it is thought the information has not been abused, the University of North Carolina at Charlotte said.

• Free tool to encrypt DNS requests released for Windows

  A security company specializing in the Domain Name System has released a Windows version of a tool that encrypts DNS requests, which could be spied on to reveal a user's browsing activity.

• Apple engineering mistake exposes clear-text passwords for Lion

  Apple's latest update to OS X contains a dangerous programming error that reveals the passwords for material stored in the first version of FileVault, the company's encryption technology, a software consultant said.

• Microsoft boots Chinese firm for leaking Windows exploit

  Microsoft on Thursday identified a Chinese security partner as the source of a leak last March in its highly restricted vulnerability information-sharing program.

• Hackers blackmail Belgian bank with threats to publish customer data

  Hackers claimed to have breached the systems of the Belgian credit provider Elantis and threatened to publish confidential customer information if the bank does not pay €150,000 (US$197,000) before Friday, May 4, they said in a statement posted to Pastebin. Elantis confirmed the data breach on Thursday, but the bank said it will not give in to extortion threats.

• Dutch court temporarily frees 17-year-old KPN hacking suspect

  A Dutch 17-year-old suspected of compromising customer account data on hundreds of servers belonging to telecommunications operator KPN is set to be freed temporarily on Thursday, allowed to wait at home for his criminal proceedings to begin, the Dutch Public Prosecution Service said on Wednesday.

• House passes CISPA cyberthreat sharing bill, despite privacy concerns

  The U.S. House of Representatives has passed a cyberthreat information-sharing bill that critics say will give U.S. government agencies access to the private communications of millions of Internet users.

• Nissan, Under Armor report breaches of employee information

  Nissan Motor Co. and performance apparel maker Under Armor have disclosed recent data breaches involving the potential compromise of employee information.

• Most IT and security professionals see Anonymous as serious threat to their companies

  The majority of IT and security professionals believe that Anonymous and hacktivists are among the groups that are most likely to attack their organizations during the next six months, according to the results of a survey sponsored by security vendor Bit9.

• Who's Got Your Mail?

  Trouble Ticket

• Berners-Lee: Demand your data from Internet companies

  Tim Berners-Lee has said that the problem with companies like Facebook and Google is not that they collect vast troves of data about their users, but that they don't share with them what they learn from it.

• Workers did not exceed authorization when data stolen, says appeals court

  In a somewhat startling decision, the U.S. Court of Appeals for the Ninth Circuit last week ruled that several employees at an executive recruitment firm did not exceed their authorized access to their company's database when they logged into the system and stole confidential data from it.