Nearly two weeks since news of Shellshock broke, attacks that are taking advantage of the Bash vulnerabilities are grabbing headlines. But Michael Smith of Akamai warns that the battle against hackers capitalizing on Shellshock could go on for years.
Yahoo confirms Shellshock-targeting attackers hacked into three of its servers, but claims they didn't exploit Bash flaws. Meanwhile, Lycos denies it's been breached and WinZip isn't responding directly to a report that it was hacked.
The hackers who breached JPMorgan Chase also infiltrated about nine other financial institutions, and may be operating from Russia, according to one news report. But security experts caution against jumping to conclusions over attackers' identities or motives.
The inquiries focus on U.S. Investigation Services, a contractor that conducted security-clearance background checks, and whose computers were breached in August, exposing data on 25,000 federal employees.
Top government leaders express high confidence in the security of state IT systems, which could explain why chief information security officers don't feel they're getting enough money to build stronger IT security.
JPMorgan Chase has confirmed that 76 million households and 7 million small businesses were impacted by a breach that reportedly began in June and was not detected until late July. One fraud expert calls the breach "a national crisis."
The Justice Department announces that four alleged members of an international hacking ring have been charged with stealing intellectual property valued at $100 million, including a U.S. Army Apache helicopter simulator and Microsoft Xbox prototypes.
The FDA is ramping up efforts to strengthen the security of medical devices. That includes a collaborative effort to develop a risk assessment framework to identify cybersecurity vulnerabilities and mitigate the risks.