Target Chairman and CEO Gregg Steinhafel

Target security breach encompasses 70 million

Target revealed today that the massive security breach that hit 40 million customers’ credit and debit cards also encompasses the personal information of 70 million people. As a part of its investigation into the breach, the retailer said that the attackers who stole millions of credit cards also got email addresses, phone numbers, names and… Read More


Steam, Origin and others taken down in latest attacks against gaming services

Valve’s Steam platform, Activision Blizzard’s and EA’s Origin storefront were all brought down last night by Distributed Denial-of-Service attacks — as an ongoing campaign by digital miscreants started earlier this week continued, leaving players and developers in the lurch. We've directed the Gaben Laser Beam™ @ the EA login servers. Origin #offline — DERP… Read More

Brad Smith, Microsoft general counsel

Here’s what Microsoft plans to do about government surveillance

Microsoft is battening down the hatches when it comes to protecting its customers against government surveillance. In a blog post published tonight, Brad Smith, Microsoft’s General Counsel, laid out the company’s plans for dealing with governments that want to get a hold of its users’ data. First and foremost, Microsoft now considers government surveillance to… Read More


Seattle hospital discloses malware attack that exposes 90,000 patient records

Personal information of about 90,000 patients of Harborview Medical Center and University of Washington Medical Center was exposed after a malware incident last month. UW Medicine, an umbrella organization that oversees Harborview and regional health clinics, disclosed the data breach in a press release this week, noting that it occurred after an employee opened an email… Read More


It’s time to kill the password — before it kills us

It’s time to shoot the password. And multiple screens are the trigger. I had this epiphany when wrestling with one Rhapsody music service on two devices using three pieces of software. Firing up the Rhapsody Android smartphone app, I unexpectedly was prompted for my password. Okay, I figured, the app had been updated and needed… Read More

Forensics Lab

Microsoft’s Internet cops get high-tech, high-security HQ

Not every tech company has its own evidence room and forensics lab. And not every police station has a giant touch-screen display. The worlds of technology and criminal investigation are colliding in a new “Cybercrime Center” on Microsoft’s Redmond campus, home to investigators, researchers and engineers who battle botnets and other online threats around the world…. Read More


Microsoft will patch zero-day IE vulnerability Tuesday

As a part of tomorrow’s Patch Tuesday, Microsoft will be patching a zero-day vulnerability that the internet’s nefarious elements have been using to attack users of Internet Explorer. The vulnerability, known as “CVE-2013-3918,” was first spotted by security researchers at FireEye last Friday, and has been used to infect computers that access a compromised website… Read More


Tacoma’s IID looks to help curb cyberattacks, secures $8M from Bessemer in first-ever financing

IID has been helping organizations mitigate cyberattacks for the past 17 years, building a 65-person company in Tacoma. Now, the company, which earlier this year rolled out its ActiveTrust platform for sharing cyberattack incident data, has reeled in $8 million in funding from Bessemer Venture Partners. It marks the first outside investment in the company, which… Read More


Ten Years of Patch Tuesdays: Why It’s Time to Move On

Earlier this month, Microsoft marked the tenth anniversary of its regular “Patch Tuesday” release of security updates. There wasn’t a lot of fanfare, but there was reflection on how this new, regular process improved security for Microsoft customers and for security practices in the industry overall. Larry Seltzer and Andrew Storms both give a good… Read More


Apple says it’s not snooping on iMessages, dismisses ‘theoretical vulnerabilities’

Security research firm QuarksLab recently dropped a bombshell on iOS users with a presentation at the Hack in the Box conference that described how Apple could read your encrypted iMessages. While the method described is complex, what QuarksLab showed in a nutshell is that while messages sent through Apple’s text message replacement service are encrypted… Read More


Microsoft forks over $100,000 bounty to hacker for exposing Windows security flaw

Here’s one way to make a quick $100,000: Find security flaws in Microsoft products. That’s how much James Forshaw, a security researcher at Context Information Security, just made for finding a new exploitation technique in Windows 8.1. Forshaw previously made $9,400 for finding bugs in a preview release of Internet Explorer 11. This is the first… Read More


Yahoo now offering bug bounty of up to $15,000 following harsh criticisms for $12.50 gift

There’s nothing like a whole lot of bad press to get things moving. Yahoo touched off a firestorm on Tuesday when security firm High-Tech Bridge issued a grumpy press release detailing their compensation for turning in a pair of security vulnerabilities: a $25 gift certificate, good for products available in Yahoo’s company store. Compared to… Read More


Researchers find critical vulnerabilities in Yahoo’s site, offered $12.50 per bug

Yahoo may be in the midst of a reinvention, but according to one security company, their compensation for turning in security flaws is…lacking. According to security firm High-Tech Bridge, they found serious cross-site scripting (XSS) flaws in Yahoo’s platform, and submitted them to the search company so that Yahoo could patch the holes. But High-Tech… Read More


Microsoft announces general availability of multi-factor authentication for Azure

Software developers, want to make sure your Windows Azure logins are extra double secure? Well, now you can. Microsoft is continuing its push to make it easier to create secure cloud offerings by incorporating multi-factor authentication into its Windows Azure platform. That means developers can now build applications that incorporate multi-factor security, make VPNs more… Read More


More transparency: Microsoft not satisfied with government’s new security request plan

Back when the NSA’s snooping practices were revealed in June, Microsoft joined fellow tech giants Google and Facebook in asking the U.S. government for more transparency in regard to government requests for national security information. Late Thursday, the government responded with a plan to release annual reports detailing its requests for customer security data. Microsoft, however, isn’t satisfied and plans to… Read More


Apple slowly bringing developer resources back online following security breach

Following a security breach last week that closed down its developer website, Apple is slowly returning functionality to its tools for developers. The company has created a system status page that shows whether or not a particular service is online. Currently, iTunes Connect and the company’s bug reporter are online, and the current maintenance message… Read More