McDonald's home food delivery app in India leaked sensitive personal information relating to 2.2 million users. But the restaurant giant only addressed the insecure API after a researcher went public one month after informing McDonald's about the problem.
With apologies to Troy Hunt, the last thing you want to see in the morning as you're having your first cup of coffee and scanning the interwebz for cat videos is a notice from his "Have I Been Pwned" breach-alert service.
The Trump administration has called for trimming the budget for the Department of Health and Human Services by 18 percent. But what do we know so far about proposed funding for HHS initiatives designed to help ensure health data security and privacy?
Hackers have been targeting the likes of AOL and Yahoo, in part, because a certain generation of users - including many senior U.S. officials - continue to use the services to send and store state secrets. Let's make sure future generations don't make similar mistakes.
A groundbreaking study from RAND Corporation quantifies the stakes around how zero-day software vulnerabilities get discovered and persist, bringing hard facts to bear on related - and contentious - debates surrounding vulnerability disclosure and public safety.
Confide, an encrypted messaging application, received a surge of attention after White House officials began using it for leaks. But a teardown of the app by two security firms revealed a raft of serious security issues.
Implementing robust access controls in healthcare settings can be particularly challenging for several reasons. But Fisher-Titus Medical Center is making progress in strengthening authentication and other security controls, says Peter Jacob, the hospital's manager of IT operations.
With Verizon's data breach investigations team finding that 90 percent of breaches trace to a phishing or other social engineering attack, lead investigator Chris Novak says that using multifactor authentication should be a no-brainer for all organizations.
In the history of data breaches, Cloudflare's recent breach was strikingly unique, in that a software bug caused a random regurgitation of data from server memory. But a postmortem from CEO Matthew Prince should put most people's concerns to rest.
The technology and know-how exists to build a hack-proof computer, but doing so won't be easy, says Howard Shrobe, principal research scientist at the Massachusetts Institute of Technology's Computer Science and Artificial Intelligence Laboratory.
The Russian government appears to be doubling down on its information warfare success to date, publicly confirming that it has a "cyber army" designed to wage psychological operations and propaganda campaigns. While there are defenses, too few are using them.
Attackers are increasingly targeting mobile channels, driving banks to seek better ways of verifying the authenticity and integrity of not just users, but also mobile devices and transactions, says John Gunn of cybersecurity technology firm Vasco Data Security.
Because so many healthcare organizations are growing through mergers and acquisitions at a time when cyber threats are multiplying, effective access control is becoming increasingly important - and more complex, says Joe Meyer of the security consulting firm NCC Group.
The Healthcare Information and Management Systems Society's 2017 Conference will offer a slew of educational sessions and informative exhibits focused on top cybersecurity and data privacy challenges facing the healthcare sector. Catch our coverage.
A report on passage by the House of Representatives of a bill aimed at toughening insider threat defenses at the Department of Homeland Security leads the latest edition of the ISMG Security Report. Also, analyzing the use of blockchain technology to secure healthcare data.