January 30, 2016 
The House of the Mouse in California has some high capacity ears whirling above and you paid for them to listen to tens of thousands of you at a time. Story Tweet
January 30, 2016 Oct 2015 breach fallout for TalkTalk: Down 250k customers and new customer market share has declined too. Suffering a breach is bad for business. This Update Start of the Story Tweet
January 29, 2016 4-fer: Tweet Millimeter Wireless Broadband (really broad) might allow you to dump your ISP, but not soon. Story We passed it without reading it? How a multi-nation agreement requires cyber security researchers to get an export license to work across a national border. Yes, really. Story Give Amazon Customer Service your email and they’ll tell you almost anything even if you’re not the one connected to them. Story Is your security camera working for someone else? Story
January 29, 2016 What do you do when your bank in India gets ransomware and BTC transactions are illegal? What do you do? Story Tweet
January 29, 2016 University of Virginia was breached. School found out when FBI told them. It was a year before the victims were even told there was a breach. How much damage was done to them during that time? Story Tweet
January 29, 2016 Neiman Marcus user accounts breached affecting Berdorf and more. Story Tweet
January 28, 2016 
Crooks have hacked baby monitors to communicate with infants via internet enabled baby monitors. NYC Consumer Affairs investigating claims of misleading advertising. Story Tweet
January 28, 2016 
How would you feel if you found out your friends had been spying on your spying since 2008? Story Tweet
January 28, 2016 FTC: IDtheft up 47% from 2015. Most related to tax refund fraud. New tools for consumers. Story Tweet
January 28, 2016 
Almost 1/3 of US computers had some form of malware in 2015. Nordic countries were about 21%. New samples are being found at a rate of 200,000 per day and growth shows no sign of slowing. Story Tweet
January 28, 2016 UPDATE: Israel Utility Regulatory Body was attacked, not the power generation. Sound-bites and internet speed sometimes make the truth harder to find. Story Tweet
January 28, 2016 Fraternal Order of Police (FOP) website hacked, some material reposted. Who, What, and How unanswered. Story Tweet
January 28, 2016 UPDATE: 
Blackberry CEO Chen may be right. The PGP application (coupled with some other tools) leaks enough to lead to open a crack. This update Start of the Story Tweet
January 28, 2016 All LG G3 phones vulnerable to bug in notification application. Patch available. Read this! Story Tweet
January 27, 2016 
Wendy’s breached? Maybe. If systemic could affect 6k+ restaurants in 30 countries and many consumers. Story Tweet
January 27, 2016 Israel joins nations with infrastructure under “severe cyber-attack”. Story Tweet
January 27, 2016 TP-Link Routers broadcast their default passwords, sort of. Change those default security settings! Story Tweet
January 26, 2016 
Do you drive a 12′ tall truck and look for the police before trying to drive under an 11′ bridge? So, if someone sends you a link to Crash_My_Apple_Device.com (not its real name) would you try it? Please don’t! Story Tweet
January 26, 2016 Lenovo hard codes the third worst password of 2015 to create open, unencrypted networks. Story Tweet
January 26, 2016 Ebay’s Magneto, which runs 10+million ecommerce sites, has a weakness allowing anyone who drops code into a field requesting email address to take over the site and swipe consumer info including charge card data. Story Tweet
January 26, 2016 Nation-level spyware found in Australian data center. Who put it there? Story Tweet
January 25, 2016 
Did you know Skype snatched your IP address and let others see it? Until a recent upgrade did this… Story Tweet
January 25, 2016 Uber overshared some personal tax information. Ooops. Story Tweet
January 24, 2016 
Apple is a staunch proponent of strong encryption for people and not allowing backdoor access. Except for the iCloud Backup where they keep a key that could be taken by subpoena or hack. Story Tweet
January 22, 2016 Update: 
Fortinet: this is “a management feature which relied on an undocumented account with a hard-coded password” and there are more devices with this non(backdoor) backdoor. Upgrades advised. This update Start of the story Tweet
January 22, 2016 Update: 
FDA moves forward in protecting us from the dangers that lurk in the internet of medical things. This update Start of the story Related: 2015 Hospital IOT / Billy Rios / Honey Pots & More Tweet
January 22, 2016 Update: 
Spear-phishing continues targeted at Ukraine power, airport, more. Attribution unknown. This update Start of the story Tweet
January 22, 2016 3k+ servers found infected, but no malware delivered. Practice run? Story Tweet
January 21, 2016 
Australia’s Royal Melbourne Hospital was infected with a virus affecting their Win/XP systems, labs, email and exposing patient data. Story Tweet
January 20, 2016 
US Supreme Court supports an aspect of Class Action lawsuits. This is good news for consumers and runs contrary to the vein of earlier opinions that severely curtail equal opportunities in David vs Goliath style legal contests. Story Tweet
January 20, 2016 Update: More on “Cyber Risk Insurance” vs “Crime Insurance”. This update Start of the story Tweet
January 20, 2016 
Would you take a picture of critical information and post it for the use of the bad guys? Do you take selfies and reveal passwords and more? Ah … ooops. Story Tweet
January 20, 2016 Apple fixed compromisable user cookies allowing impersonation 30 months after being told. Story Tweet
January 20, 2016 
Some misinformation corrected about freezing the credit records for children in the absence of a federal law. What you can do depends on what state you reside. Story Tweet
January 19, 2016 Is your password “password”? Congratulations! You have the second most common of the worst passwords compiled from 2+ million leaked passwords collected during 2015. See story for others and guidance for stronger passwords. Story Tweet
January 19, 2016 
Do you know what is radiating in your neighborhood? Is a smart meter messing with your wifi or cell signal? How can you tell? Story Tweet
January 18, 2016 
CEO: Send Money. AccountingDept:Money Sent. CEO:What money? It wasn’t the CEO, it was a scam email and a scam follow up. Now, was it covered under the cyber security policy? Maybe. Story Tweet.
January 17, 2016 
Given the lack of details from law enforcement and Blackberry’s continued protestations is it possible the PGP application was cracked, not the phone itself? Story Tweet.
January 16, 2016 
France rejected backdoors to encryption joining many US business groups. This update Beginning of the story Tweet.
January 15, 2016 LateNews x2. From 1/11/2016: Hacker gets 334 years. From 1/12/2016: Major News to DarkWeb Tweet.
January 15, 2016 
Alternate coin exchange Cryptsy robbed of about $7.5M in bitcoin in mid-2014. Stops trades in mid-January 2016 and may file for bankruptcy. Story Tweet.
January 15, 2016 Hyatt tells more (but not enough) about the breaches affecting 250 properties in 50 countries for over four months. Story Tweet.
January 15, 2016 This absolutely nifty wifi enabled doorbell answers the door, displays video, all sorts of nice features, including exposing your wifi credentials. Story Tweet.
January 15, 2016 Malvertising (advertising containing malware) vs adblockers vs site support. Where is the balance? Story Tweet.
January 15, 2016 As of 1/1/2016 NY wants $2500 PER PHONE if it does not have security backdoor. Tweet Start of the story This update.
January 14, 2016 
Network security devices under fire. Fortinet responds. New Juniper flaw found. Hack, “feature” gone bad, whatever, this is bad for consumers who thought they were buying security. Story Tweet.
January 14, 2016 
A severe weakness in widely deployed Silverlight existed for 2+ years. It was discovered by a security researcher / exploit writer who tried (unsuccessfully) to sell it. Clues in the negotiating narrative led other researchers to find the weakness, report it, and eventually a patch was issued by the original designer. That we celebrate “Patch Tuesday” is a sign of our acceptance of such potentially damaging situations as common place. We need better. Story Tweet.
January 14, 2016 
Having your data in the cloud is not protection against ransomware. Story Tweet
January 14, 2016 
There are Inherent Dangers in the Internet of Things and just because we can connect devices does not mean we should. Many people found that out the cold way. Story Tweet
January 13, 2016 More bad news from yesterday Tweet. Massive under-reporting of ransomware in some countries. Story First Juniper, now Fortinet, another network security device found to have a “secret access” method. Story Popular AntiVirus/PasswordManager software had a weakness exposing all the passwords. Not discovered by the company, but by an independent researcher. Story
January 12, 2016 
Cardinals scouting director confesses to hacking Astros for years. For how and what see Story Tweet
January 12, 2016 
Blackberry PGP phones cracked by RCMP as far back as 2011. Updated. Story Tweet
January 12, 2016 Today was a bad day for exposures. Here are four more stories. Tweet Stuxnet damage capability made easy. Just what we didn’t need. Story US Power grid attacked over 800 times by this group, yet hackers get the publicity. Story Malware used fake digital certificate to infiltrate sites. Story Faithless fan database found on web. No notice from company. New EU rules coming. Story
January 11, 2016 
Ever wonder how some on line poker players claim such high win:loss ratios? This virus might explain some of it. Story Tweet
[ the picture is A Bold Bluff by Cassius Marcellus Coolidge who painted the Dogs Playing Poker series. Painted sometime before February 1909 this was originally titled Judge St. Bernard Stands Pat on Nothing. It was followed by Waterloo that showed what happened next. -ed ]
January 11, 2016 
Blackberry PGP phones cracked to expose plaintext messages. Story Tweet
January 11, 2016 
A new version of CryptoWall ransomware that locks up your files has same prevention measures. Kipling wrote about paying such tributes in 1911. Story Tweet
January 11, 2016 
Is your wearable tech reporting the micro movements when you type or tap? Could be so, right now. Story Tweet
January 10, 2016 
Banking trojan variant has excellent language and social engineering skills. Now preying on citizens of Japan. Not commonly detectable. Who is next? Story Tweet
January 9, 2016 Blackphone, the “most secure” ‘droid phone, and high-grade Level 3 (of 4) home security system were examined and found to be, well, NOT so secure! Story Tweet
January 8, 2016 
A cyber-security researcher’s worst nightmare? Getting a pacemaker whose manufacturers say “just trust us” re cyber-security.
Story Tweet
January 8, 2016 
New toy on the IoT has an insecure communications vulnerability. Story Tweet
January 8, 2016 Win10 adware – BEGONE!!! Story Tweet
January 7, 2016 
2015 Summary: Mixed bag. Compromised accounts down, number of compromises up.
2015 Summary 2005-2015 Charts Tweet 1 Tweet 2
January 7, 2016 Ukraine Update: 
“SandWorm” code recognized in Ukraine cyber attack. This update | Start of Ukraine power outage | SandWorm discovery in October 2014 | Tweet [ Sandworm from TheRegister/UK Ukraine Flag from Wikimedia ]
January 7, 2016 
Good News in Cops vs Crooks: Romanian Police and other law enforcement arrest crooks using Tyupkin malware-for-rent. Story Tweet
January 6, 2016 TimeWarnerCable: ~320k customers exposed. FBI told them. How? Don’t know. Story Tweet
January 6, 2016 Update Did a macro laden spreadsheet start a cascade leading to the Ukraine power outage? Story Tweet
January 6, 2016 
Kid spends dad-dollars for $5,900 of virtual dinosaurs. Story Tweet
January 5, 2016 Linode recovering from 12 Days of DDoS attack then resets all passwords because … Story Tweet
January 5, 2016 Ukraine Power Grid Hack larger than 1.4M previously disclosed Story Tweet
January 2, 2016 
The award for the buggiest software and the company with the most bugs goes to …
Story Tweet
January 1, 2016 
Cyberoam customer/partner database exposed. Phishing alert! Story Tweet
