Nearly two weeks since news of Shellshock broke, attacks that are taking advantage of the Bash vulnerabilities are grabbing headlines. But Michael Smith of Akamai warns that the battle against hackers capitalizing on Shellshock could go on for years.
Yahoo confirms Shellshock-targeting attackers hacked into three of its servers, but claims they didn't exploit Bash flaws. Meanwhile, Lycos denies it's been breached and WinZip isn't responding directly to a report that it was hacked.
The hackers who breached JPMorgan Chase also infiltrated about nine other financial institutions, and may be operating from Russia, according to one news report. But security experts caution against jumping to conclusions over attackers' identities or motives.
JPMorgan Chase has confirmed that 76 million households and 7 million small businesses were impacted by a breach that reportedly began in June and was not detected until late July. One fraud expert calls the breach "a national crisis."
The Justice Department announces that four alleged members of an international hacking ring have been charged with stealing intellectual property valued at $100 million, including a U.S. Army Apache helicopter simulator and Microsoft Xbox prototypes.
Financial institutions are starting to report fraud tied to the massive Home Depot payment card data breach. One card issuer calls the fraud ramp up "much greater than what we saw from Target, Michaels and Neiman Marcus."
Home Depot says an estimated 56 million payment cards were exposed in a data breach at its U.S. and Canadian stores. The retailer says an investigation revealed the breach involved custom-built malware not used in other cyber-attacks.
A cross-site scripting vulnerability at eBay.co.uk left an undetermined number of users susceptible to an attack that attempted to steal their credentials when they clicked on links within a listing offering a used iPhone for sale.