After a data breach, if individuals' stolen information is offered for sale on the dark web, that potentially bolsters class action lawsuits filed by plaintiffs against the breached organization, says technology attorney Steven Teppler of the law firm Mandelbaum Salsburg P.C.
British regulators have fined Dixons Carphone $653,000 for a breach that exposed millions of payment card details and personal data due to point-of-sale malware. The retailer's lack of security contributed to a "careless loss of data," the Information Commissioner's Office says.
The latest edition of the ISMG Security Report discusses "Orwellian" surveillance activity in 2020 via the ToTok app. Also featured: the controversy over enabling law enforcement to circumvent encryption; the cyberattack risks posed by IoT devices.
The security company Check Point has revealed several vulnerabilities in TikTok, the popular Chinese video app that has raised concerns lately from the U.S. military and lawmakers. The issues are fixed, and TikTok says it doesn't appear the issues were exploited for a breach.
Not even George Orwell could have predicted nation-state surveillance in the 21st century. Give us free instant messaging for our smartphones, and faster than you can say "viral kitten video," we're collectively part of a mass surveillance nightmare. Case in point: The ToTok social messaging app.
Protecting enterprise networks from attackers boils down to the same thing: Unless organizations get the basics right, they're sitting ducks. That's a top takeaway from experts warning that Iran will likely retaliate with cyberattacks after one of its senior military leaders was killed by a U.S. drone strike.
The DHS says the defacement of a U.S. government website over the weekend is not linked to Iranian state-sponsored actors. Attackers posted a pro-Iran message with a photo of President Donald Trump being punched in the face. The website, belonging to the Federal Depository Library Program, is now offline.
The Maze gang crypto-locked Georgia cable and wire manufacturer Southwire's systems and publicly dumped stolen data to try to force it to pay a ransom. In response, Southwire has sued its attackers and obtained a court order in Ireland that knocks the gang's "name and shame" site offline.
E-commerce sites have been under siege from cybercriminals who seek to sneak malicious code into checkout processes. A researcher has now found two new methods that payment card number thieves are using to try to stay under the radar.
Landry's Inc., a Houston-based company that owns and operates over 600 restaurants, hotels, casinos and other entertainment establishments in the U.S. and around the world, is investigating an apparent data breach after its security team found malware within a system.
Microsoft has taken control of 50 domains that the company says were used by a hacking group with ties to North Korea. The attackers used these sites to launch spear-phishing attacks against specific victims and spread malware.
A persistent question over the past several years is which managed service providers were affected by APT10, a tenacious Chinese hacking group. But a Wall Street Journal investigation on Monday has revealed new companies affected by Cloud Hopper attacks.
Human error looks to be the obvious culprit in an accidental data breach by Britain's Cabinet Office, which published the home addresses of celebrities such as Elton John and Olivia Newton-John when it released a list of individuals set to be recognized for their contributions to British society.