Another Romanian citizen has admitted to his role in a massive phishing campaign that delivered fraudulent emails to victims, prosecutors in Connecticut announced Thursday.

Breached processor Heartland Payment Systems has agreed to a settlement with Visa worth up to $60 million.

A federal judge in Kentucky has granted preliminary approval to settle a class-action lawsuit relating to a data breach that pinned millions of Countrywide Financial customers against the mortgage company.

The Connecticut attorney general, using new authority granted under the HITECH Act, is suing a managed health care provider over a data breach that potentially exposed the personal data of 446,000 state residents.

Despite regulations mandating protection of health care records, more than half of American hospitals fail to take appropriate steps to safeguard the privacy of patients, according to a new survey of health care IT security professionals.

An unencrypted personal laptop, carrying the personal information of hundreds of thousands of doctors nationwide, was stolen over the weekend.

Heartland Payment Systems has settled its first lawsuit with a card brand over the 2008 data breach.

The Massachusetts Supreme Judicial Court last week affirmed a lower court ruling dismissing a case against BJ's Wholesale Club over a 2004 breach.

A federal judge in New Jersey has thrown out one of the three class-action lawsuits pending against Heartland Payment Systems.

A new campaign of the password-stealing Zeus trojan is targeting workers from government and military departments in the United States and United Kingdom, according to security researchers at Websense. The trojan is being distributed through spoofed emails claiming to come from the U.S. National Intelligence Council. The bogus messages contain subject lines such as "Report of the National Intelligence Council." The emails aim to lure users into downloading a document about the "2020 project," which actually is Zeus. — AM

Mozilla is advising users who may have downloaded two "experimental" Firefox add-ons that they contain malware.

During the second half of 2009, attackers shifted their strategy away from mass-injection campaigns and instead focused on launching targeted attacks to infect high-profile websites, Websense found in a new report.

After a relatively quiet January, administrators next week will have to deal with an unusually large security update from Microsoft, with 26 vulnerabilities in line for fixing.

The act would authorize up to $396 million over the next four years to fund cybersecurity research and $94 million over that period to provide scholarships.

Edwin Pena of Venezuela faces a maximum sentence of 25 years in prison for orchestrating a scheme to defraud VoIP providers.

An Internet Explorer vulnerability revealed at this week's Black Hat conference in Washington, D.C. prompted Microsoft to issue an advisory on the issue.

Twitter this week reset the passwords on an unknown number of accounts after discovering malicious file-sharing sites were set up to steal user login information.

Apple on Tuesday pushed out an iPhone and iPod Touch security update.

The newly established U.S. Fleet Cyber Command is responsible for defending Navy networks against cyberattacks and ensuring military objectives can be carried out in cyberspace.

EMC on Monday acquired arguably the most successful pure-play GRC provider, Archer Technologies.

The restaurants, located in Louisiana and Mississippi, are seeking millions of dollars in damages from Georgia-based point-of-sale vendor Radiant Systems and its distributor Computer World.

Enforcement of the Red Flags Rules has been put off again -- this time until next summer, at the request of Congress.