News

• Mayor of New Jersey town arrested on hacking and conspiracy charges

  The mayor of West New York, New Jersey, was arrested together with his son on Thursday, for allegedly hacking into a website that criticized him and his administration.

• Security researcher urges IT managers to keep up with SAP patches

  More than 95 percent of over 600 SAP systems tested by security firm Onapsis were vulnerable to espionage, sabotage and fraud, mainly because patches had not been applied, according to a researcher.

• 10 hacks that made headlines

  In our first Rogues Gallery, we looked at ten infamous social engineers -- con men who exploited human weaknesses rather than technical vulnerabilities.

• Hackers blackmail Belgian bank with threats to publish customer data

  Hackers claimed to have breached the systems of the Belgian credit provider Elantis and threatened to publish confidential customer information if the bank does not pay €150,000 (US$197,000) before Friday, May 4, they said in a statement posted to Pastebin. Elantis confirmed the data breach on Thursday, but the bank said it will not give in to extortion threats.

• Most IT and security professionals see Anonymous as serious threat to their companies

  The majority of IT and security professionals believe that Anonymous and hacktivists are among the groups that are most likely to attack their organizations during the next six months, according to the results of a survey sponsored by security vendor Bit9.

• Sophos takes down partner portal after signs of hacking

  Security firm Sophos has taken its partner portal offline and will reset every user's password after it found signs of a potential security breach on the server hosting it.

• 1

  Reborn LulzSec claims hack of dating site for military personnel

  A group of hackers claiming to be the reborn Lulz Security (LulzSec) took credit for an alleged compromise of MilitarySingles.com, a dating website for military personnel, and the leak of over 160,000 account details from its database.

• Java-based Web attack installs hard-to-detect malware in RAM

  A hard-to-detect piece of malware that doesn't create any files on the affected systems was dropped onto the computers of visitors to popular news sites in Russia in a drive-by download attack, according to security researchers from antivirus firm Kaspersky Lab.

• 10 questions for LogRhythm CFO Mark Vellequette

  Name: Mark Vellequette

• Alleged members of hactivist group LulzSec busted

  The FBI and law enforcement counterparts abroad have arrested members of the LulzSec hacker group now affiliated with the broader hactivist collective Anonymous, according to news reports that also say LulzSec leader "Sabu" turned in his fellow hackers.

• Malware increasingly uses DNS as command and control channel to avoid detection, experts say

  The number of malware threats that receive instructions from attackers through DNS is expected to increase, and most companies are not currently scanning for such activity on their networks, security experts said at the RSA Conference 2012 on Tuesday.

• Imperva: Companies should secure their websites before worrying about DDoS attacks from Anonymous

  Organizations that look to protect themselves against attacks launched by the Anonymous hacktivist collective should make sure that their Web applications are secure before deploying anti-DDoS (distributed denial-of-service) solutions, says security firm Imperva in a new report.

• WikiLeaks releases Stratfor emails possibly from December hack

  WikiLeaks said it planned to release from Monday over 5 million emails from Stratfor Global Intelligence, a provider of geopolitical analysis, whose website was hacked and emails and customer data stolen in December.

• Many pcAnywhere systems still sitting ducks

  Despite warnings from security software maker Symantec not to connect its pcAnywhere remote-access software to the Internet, more than 140,000 computers appear to remain configured to allow direct connections from the Internet, thereby putting them at risk.

• DreamHost resets customer FTP passwords following database breach

  Los Angeles-based Web hosting firm DreamHost reset the FTP and shell access passwords for all of its customers on Friday after detecting unauthorized activity within one of its databases.