Top 10 Stories

David Sage has been using Yahoo Mail for the last 20 years. Every day, the 80-year-old San Francisco resident checks his email half a dozen times. A massive data breach affecting his account won’t cause him to leave Yahoo. “It would be a hassle,” Sage said. He would have to move hundreds of contacts to another email service and notify them of his new address, and “I don’t have time for that.” Indeed, Yahoo hasn’t...

Several states around the country on Saturday asked cyber security experts to re-examine state and utility networks after a Vermont utility’s laptop was found to contain malware U.S. officials say is linked to Russian hackers. The Burlington Electric Department, one of Vermont’s two largest electric utilities, confirmed Friday it had found on one of its laptops the malware code used in Grizzly Steppe, the name the U.S. government has given to malicious cyber activity by...

Of any single product, CVE Details reckons, Android had the most reported vulnerabilities in 2016 – but as a vendor, Adobe still tops the list. The analysis is limited by the fact that only vulnerabilities passing through Mitre's Common Vulnerabilities and Exposures (CVE) database are counted. That's a statistically worthwhile dataset, however, since 10,098 bugs were assigned numbers during 2016. Even so, with 523 vulnerabilities landing a CVE number in 2016, Android carried nearly double...

Donald Trump showed off his IT security credentials at a New Year's Eve party, suggesting that the best way to keep secrets from hackers is a huge air gap. "No computer is safe," he told journalists gathered at his Mar-A-Lago resort in Florida, a warning many computer security professionals would probably endorse. Trump also shared his advice on managing data security risks. Forget switching to TLS or quantum key exchange: "If you have something really...

A newly discovered Android trojan can sabotage entire Wi-Fi networks and the users who connect to them by accessing the router that an infected device is communicating with and executing a Domain Name System (DNS) hijack attack. According to Kaspersky Lab on Wednesday via its Securelist blog, the malware, named Switcher, uses a compromised Android device to pull up the local router's admin interface, and then attempts to gain top-level privileges by executing a brute-force attack that guesses...

Samir Nasri is being investigated by Spanish anti-doping authorities after his Twitter account was hacked on Tuesday night, according to reports in Spain. A series of bizarre tweets were sent from Nasri's account in response to a post from Drip Doctors, a service he is understood to have used for an intravenous treatment. While most of the focus was on Nasri's alleged infidelity to his then-girlfriend Anara Atanes, it has now emerged that the French playmaker could be investigated...

On Dec. 27th, the NH Department of Health and Human Services announced a data breach that has potentially compromised the personal information of 15,000 people who receive services from DHHS. For more information about the breach, how it happened and steps you can take to protect your personal information, please follow this link to the DHHS web site and read the documents posted there. View full story ORIGINAL SOURCE: DHHS

Three Chinese citizens have been criminally charged in the United States with trading on confidential corporate information obtained by hacking into networks and servers of law firms working on mergers, U.S. prosecutors said on Tuesday. Iat Hong of Macau, Bo Zheng of Changsha, China, and Chin Hung of Macau were charged in an indictment filed in Manhattan federal court with conspiracy, insider trading, wire fraud and computer intrusion. View full story ORIGINAL SOURCE: Reuters

Hackers had access to protected health information and other information of nearly 400,000 members of Community Health Plan of Washington over a 10-month period, the organization says. The information was held by a server operated by a technology services provider, which was not identified by Community Health Plan. The breach was discovered on November 7 and the server was disabled; members of the plan and the media were notified of the breach on December 20....

Airline booking systems lack basic security checks that would stop attackers changing flight details or stealing rewards, warn experts. The problems emerge because the six-digit codes booking systems use to identify travellers are easy to guess. Two researchers demonstrated the weaknesses by changing a flight booking and seat assignment for a reporter. The security investigators presented their findings at the Chaos Communications Congress in Germany. View full story ORIGINAL SOURCE: BBC