The Health and Human Services Department (HHS) said that HelthCare.gov, the nation's health insurance enrollment website, was breached in July and that the attackers uploaded malware to the server.
The breach, which is the first successful intrusion into the website, was discovered on August 25 by a CMS security team after an anomaly was detected in the security logs of one of the servers on the compromised system.
The Wall Street Journal cites unnamed federal officials as saying that a hacker gained access and uploaded malicious software to a server that is part of Healthcare.gov. The attack occurred in July and was discovered on August 25 during a daily security scan.
The officials say that the server is used only to test code for the site. The attacker gained no access to consumers' personal data and no such data was on the server. But because the server was not meant to be connected to the Internet, it was protected with a default password.
L33tdawg: Hate to say we told you so, but well, Vladimir Katalov did - last year at that! Take a look at his presentation slides (PDF) if you haven't already
Bryan Hamade, a 27-year-old from Georgia, told BuzzFeed his scheme to make some easy bitcoins backfired and that now he’s being harassed by 4chan users.
As the online hunt for the persons responsible for yesterday’s massive celebrity nude photo leak continues, some Redditors and security researchers have pointed to Bryan Hamade, a 27-year-old from Lawrenceville, Georgia, as the culprit.
Apple said Monday it is "actively investigating" whether a security breach at its iCloud service was responsible for the leak of several private, nude images of celebrities, including actress Jennifer Lawrence.
"We take user privacy very seriously and are actively investigating this report," Apple spokeswoman Natalie Kerris told Recode. CNET has contacted Apple for comment and will update this report when we learn more.
The web forum 4chan is known mostly as a place to share juvenile and, to put it mildly, politically incorrect images. But it’s also the birthplace of one of the latest attempts to subvert the NSA’s mass surveillance program.
When whistleblower Edward Snowden revealed that full extent of the NSA’s activities last year, members of the site’s tech forum started talking about the need for a more secure alternative to Skype. Soon, they’d opened a chat room to discuss the project and created an account on the code hosting and collaboration site GitHub and began uploading code.
By now, you have probably heard about the digital exposure, so to speak, of nude photos of as many as 100 celebrities, taken from their Apple iCloud backups and posted to the “b” forum on 4Chan. Over the last day, an alleged perpetrator has been exposed by redditors, although the man has declared his innocence. The mainstream media have leapt on the story and have gotten reactions from affected celebrities including Oscar winner Jennifer Lawrence and model Kate Upton.
In the current era of mega-(should I say giga-?) breaches with tens to hundreds of millions of lost customer records and the hacking-of-everything, it is safe to assume that the logical security of devices becomes almost more important than the physical protection around those assets. While it is true that the logical (in-)security of devices renders “remote attacks” (attacks that are carried out against the system from another location than where the device is located, i.e.
The Institute of Electrical and Electronics Engineers (IEEE) has formed a new advisory group with the private sector that aims to advise software developers on how to ensure that their applications are secure.
The IEEE has linked with ten IT and security organisations - including Google, Twitter, Cigital and RSA - to form the IEEE Centre for Secure Design (CSD). The CSD's first step has been to issue an advisory report for software developers - and allied staff - on how they can make their applications more secure.
Microsoft has extended the data loss prevention features in Office 365 so that they are available not only for its email tools but also for data in SharePoint Online and OneDrive for Business.
Office 365 already had DLP capabilities for Exchange Online and Outlook, so that compliance officers could monitor email communications and enforce corporate and regulatory rules regarding the use of sensitive corporate data, such as confidential intellectual property details and customers' financial information.
