Anne Saita

U.S. Sen. Jay Rockefeller wants to strengthen SEC legislation that requires publicly traded companies disclose significant digital security breaches, mainly because most aren’t.

The chairman of the Senate Commerce, Science and Transportation Committee last week added a provision to cybersecurity legislation that would direct the SEC to clarify when companies must disclose data breaches. 

A University of Texas cancer center today began notifying almost 30,000 patients that their personal data was stolen after someone swiped an unencypted laptop from a physician’s home almost two months ago.

An updated version of the Blackhole Exploit Kit appears to now offer an emerging technique to boost infection and redirection rates: a pseudo-random domain generator.The automation feature was discussed this week in a blog post by Symantec security researcher Nick Johnston, in which he outlined how a script injected into a compromised site can regularly register other URLs to maintain the Web-based attack.

A two-year undercover operation today netted two dozen arrests in eight countries in what federal authorities say is the largest coordinated international takedown  in history directed at those who traffic stolen financial data through online forums. The investigation uncovered 411,000 compromised credit and debit cards and saved an estimated $205 million in economic losses. Additionally, 47 companies, government entitites and educational institutions were notified their networks had been breached.

Two members of the hacker group Lulz Security (LulzSec) pleaded guilty today to taking part in a cyber crime spree that launched attacks against Web sites belonging to law enforcement, corporations and media companies.

Ryan Cleary, 20, of Wickford, Essex and Jake Davis, 19, of Lerwick, Shetland admitted in a London courtroom to two counts of conspiracy to do an unauthorized act or acts with intent to impair, or with recklessness as to impairing, the operation of a computer or computers, according to numerous published reports.

Twitter officials say it was a “cascading bug” and not the handiwork of hacktivists that brought down the microblogging site today in two separate outages.

Less than two weeks after learning more than 6 million stolen LinkedIn passwords were posted online, an Illinois woman is leading a class-action lawsuit against the professional networking site for using inadequate security tools to protect its members’ data.Katie Szpyrka, who registered for a LinkedIn account in 2010, filed the lawsuit last week in U.S. District Court in Northern California. In the complaint, she claims LinkedIn violated its own privacy policy in failing to use industry standards to protect personally identifiable information.