Elizabeth Montalbano, IDG News Service, Jeremy Kirk

Two issues exposed financial data and Social Security numbers for 350,000 people, although it is thought the information has not been abused, the University of North Carolina at Charlotte said.

The university said in a statement earlier this week that it has fixed both problems, one of which lasted three months and the other more than a decade.

Megaupload filed a motion in federal court on Thursday asking to delay a civil suit filed against the file-sharing site while it prepares a defense for its criminal case.

Two companies, Microhits and Valcom, filed a civil suit against Megaupload on March 21, alleging the site induced and contributed to infringing copyright.

A security company specializing in the Domain Name System has released a Windows version of a tool that encrypts DNS requests, which could be spied on to reveal a user's browsing activity.

Last December OpenDNS released its tool, called DNSCrypt, for Apple's OS X operating system. The company has now released a technology preview of the same tool for Windows, wrote David Ulevitch, OpenDNS' founder and CEO.

Twitter is contesting a court order requiring it to turn over private data on a user charged with disorderly conduct during the Occupy Wall Street protests in New York last year.

On Monday, the company filed a memorandum in New York's Criminal Court, asserting that users own their content and that it may be unconstitutional to request it without a warrant.

Many of the Twitter logins and passwords leaked on the web this week are either inaccurate or belong to accounts already suspended for spamming, the company said late Tuesday.

The logins and passwords were published Monday on Pastebin, a website intended for programmers to share code but favored by hackers to release stolen data. The data was published on five separate posts on Pastebin, comprising a total of 58,978 login and password combinations.

The Washington State Attorney General's office reached a settlement on Monday with an advertising company it alleged baited and spammed Facebook users with salacious content in order to direct them to unrelated advertising.

Adscend Media, an affiliate marketing company, and managers Jeremy Bash and Fehzan Ali agreed not to spam Facebook users and pay US$100,000 in court and attorney fees, according to the settlement.

A new wave of malware freezes a computer and demands payment to unlock it, this time falsely alleging victims have infringed copyright.

The campaign, spotted by Roman Hussy, who authors the abuse.ch blog, targets users in the U.K., Switzerland, Germany, Austria, France and the Netherlands.

Apple's latest update to OS X contains a dangerous programming error that reveals the passwords for material stored in the first version of FileVault, the company's encryption technology, a software consultant said.

David I. Emery wrote on Cryptome that a debugging switch inadvertently left on in the current release of Lion, version 10.7.3, records in clear text the password needed to open the folder encrypted by the older version of FileVault.

A new product from TrustSphere is tackling the problem of email incorrectly flagged as spam, an irritating and potentially costly error for businesses.

The product, called TrustVault, analyzes the communication between the sender and recipient of an email over a few weeks, looking at how many messages are sent, how often in a day and how quickly.

NASA acknowledged Friday an attack on one of its websites by "The Unknowns," a group that has been publicly trickling information on websites it has hacked over the last few weeks.

The Unknowns claimed to have hacked a NASA website hosted at the Glenn Research Center on May 1, said Sally V. Harrington, a public affairs specialist with the center in Cleveland, Ohio, in an email statement.

Analysts with Lookout Mobile Security have found websites that have been hacked to deliver malicious software to devices running Android, an apparent new attack vector crafted for the mobile operating system.

The style of attack is known as a drive-by download and is common on the desktop: When someone visits a hacked website, malware can transparently infect the computer if it doesn't have up-to-date patches.

Microsoft has detected a new piece of malware targeting Apple OS X computers that exploits a vulnerability in the Office productivity suite patched nearly three years ago.

The malware is not widespread, wrote Jeong Wook Oh of Microsoft's Malware Protection Center. But it does show that hackers pay attention if it's found people do not apply patches as those fixes are released, putting their computers at a higher risk of becoming infected.