Top 10 Stories

Reuters: Target Corp announced an overhaul of its information security practices and the resignation of its chief information officer as the retailer tries to reassure customers and investors after a massive data breach late last year. CIO Beth Jacob is the first high-level executive to leave the company following the breach, which led to the theft of about 40 million credit and debit card records and 70 million other records of customer details.

LA Times: A recent study found that many Americans are lost when it comes to tech-related terms, with 11% saying that they thought HTML — a language that is used to create websites — was a sexually transmitted disease. The study was conducted by Vouchercloud.net, a coupons website, as a way to determine how knowledgeable users are when it comes to tech terms.

Arstechnica: Researchers said they have uncovered yet another mass compromise of home and small-office wireless routers, this one being used to make malicious configuration changes to more than 300,000 devices made by D-Link, Micronet, Tenda, TP-Link, and others. The hackers appear to be using a variety of techniques to commandeer the devices and make changes to the domain name system (DNS) servers used to translate human-friendly domain names into the IP addresses computers use to...

BBC: Police in India have failed to act on hundreds of corruption complaints over an eight-year period because they did not know a computer password, it seems. Delhi officers could not operate a portal holding more than 600 complaints - a lapse that has gone undetected since 2006, the Indian Express Newspaper said. The complaints came from India's anti-corruption agency, called the Central Vigilance Commission (CVC).

Krebs on Security: Nationwide beauty products chain Sally Beauty appears to be the latest victim of a breach targeting their payment systems in stores, according to both sources in the banking industry and new raw data from underground cybercrime shops that traffic in stolen credit and debit cards. On March 2, a fresh batch of 282,000 stolen credit and debit cards went on sale in a popular underground crime store. Three different banks contacted by...

Infosecurity - Google has released Chrome 33 for Windows, Mac and Linux, which includes 28 security fixes. The search giant highlighted fixes “that were either contributed by external researchers or particularly interesting.” In total, eight outside researchers were paid a total of $13,500 in bounties for uncovering nine of the 28 flaws.

Cisco blogs - Today, Cisco is announcing OpenAppID, an open, application-focused detection language and processing module for Snort that enables users to create, share, and implement application detection. OpenAppID puts control in the hands of users, allowing them to control application usage in their network environments and eliminating the risk that comes with waiting for vendors to issue updates. Practically speaking, we’re making it possible for people to build their own open source Next-Generation Firewalls.

ArsTechnica - This GnuTLS bug is worse than the big Apple "goto fail" bug patched last week. Hundreds of open source packages, including the Red Hat, Ubuntu, and Debian distributions of Linux, are susceptible to attacks that circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical vulnerability in a widely used cryptographic code library.

SecurityWeek - A survey of 341 attendees of the recent RSA Conference in San Francisco revealed that less than half (48 percent) felt the NSA overstepped its boundaries with its surveillance programs. This year's conference faced controversy due to allegations that RSA accepted a $10 million payment from the NSA several years ago to use a weak number generating algorithm by default in its BSAFE toolkits. The resulting furor led several scheduled speakers to pull...

PC mag - News flash, Windows XP holdouts. If you haven't already heard—Microsoft is ending support for the aging operating system in just a little over a month, on April 8. On that date, as we have been reporting in recent weeks, those running the legacy OS will still be able to use it, but they won't be able to count on Microsoft for patches, updates, security fixes, and other forms of support. With the...