Top 10 Stories

Consumerist: The Senate Judiciary Committee heard testimony today from Target’s chief financial officer about the massive data breach that hit the company during the holiday shopping season last year. Target CFO John Mulligan mainly confirmed news we’ve already heard about the breach, including the scope, method, and timeline of the hack. He said he was unable to divulge detailed information because of the continuing forensic and criminal investigation into the attack.  

ITWorld: Lodgers at Holiday Inns, Marriott and Renaissance hotels may have had their payment card details compromised following a new disclosure on Monday of suspected point-of-sale device attacks. White Lodging Services, a hotel management company, warned in a news release it suspects point-of-sale systems at restaurants and lounges on 14 of its properties were compromised between March 20, 2013 and Dec. 16, 2013.  

CNet: A British spy unit turned a cyber attack method favored by Anonymous against it and other hacktivist groups, according to an NBC report based on documents removed from the NSA by Edward Snowden. A division of the Government Communications Headquarters (GCHQ), the U.K.'s communications intelligence agency, used distributed-denial-of-service attacks to disrupt communications among members of Anonymous, according to the documents. DDoS is the same cyberattack technique used by the hacktivist group to mount online attacks targeting financial...

Infosecurity Magazine: In-house web applications top the list of the most-vulnerable type of internet applications, with 40% of them having flaws, according to new research on app trends in 2013.   High-Tech Bridge has found that after in-house apps, plugins and modules for content management systems (CMS) are up there too at 30%. These aren’t created equal, however: small CMS account for 25% of issues, while large CMS, such as WordPress andJoomla, account for only 5%, despite...

Arnnet: The financial services industry is under threat from distributed denial of services (DDoS) attacks, and while none have been successful in downing a major marketplace, Prolexic president, Stuart Scholly, warns against complacency. Forensics carried out by the Prolexic Security and Engineering Team (PLXsert) have identified a trend towards market manipulation whereby DDoS attacks appear intent on lowering the target’s stock price or currency values, or temporarily preventing trades from occurring.

CSO: Adobe has released a patch for Flash Player in order to address a vulnerability that's being actively targeted in the wild. The vulnerability itself exists in version 12.0.0.43 of Flash Player, for both Windows and OS X; or version 11.2.202.335 for Linux. According to Adobe, the issue is an integer overflow bug that could lead to an attacker gaining remote control over the victim's system.

Yahoo: Target’s chief financial officer and executive vice president John Mulligan authored an opinion piece in The Hill on Monday, in which he revealed the company is accelerating its $100 million smart card program following the massive hack it suffered in late 2013. According to Mulligan, the first REDcards smart cards will be deployed in early 2015, more than six years earlier than initially expected, and the technology will also be implemented in the retailers...

BBC: Fresh disclosures about national security requests indicate that Yahoo was ordered to hand over content from more accounts than other tech firms during the first six months of 2013. Yahoo said it was told to release content from between 30,000 and 30,999 accounts over the period under the Foreign Intelligence Surveillance Act (Fisa).

Security Affairs: The official Orange website was breached by unknown hackers who have stolen 800,000 customer records including names, email addresses and phone numbers. Orange, the world’s largest mobile operator, suffered a data breach. Another clamorous case, after the one occurred to Vodafone in Iceland, according first information, data of more than 800,000 customers of giant has been exposed. Orange publicly announced it was targeted by unknown hackers last 16th January 2014, the attackers gained access to the accounts of the Orange...

Forbes: In an interview with Bloomberg BusinessWeek on Thursday, Facebook CEO Mark Zuckerberg admitted that he thought it was “somewhat of a burden” if you are “always under the pressure of a real identity.” If anyone else had said something so obvious it would be completely unremarkable.  But coming from the same person who oncethreatened “the age of privacy is over” and having “two identities is an example of a lack of integrity,” this is no...