Asked to explain the compromise of 500 million of its users' accounts, Yahoo appears to be trying to blame Russia. Of course, that would be an easy face-saving exercise for a publicly traded firm currently negotiating its $4.8 billion sale to Verizon.
Security expert Sean Sullivan isn't surprised that the massive 2014 breach of Yahoo, which exposed at least 500 million account details, only recently came to light. Here's why, as well as what users must learn from this breach.
In this latest edition of the ISMG Security Report, you'll hear an explanation why estimates from the Ponemon Institute and The Rand Corp. on typical enterprise data breach costs vary so widely. Also, analyses of a car hack, SWIFT's latest initiative to help banks mitigate fraud and the Yahoo breach.
A recent incident involving a vendor using a Boston clinic employee's credentials to inappropriately access patient data via a regional health information exchange illustrates the potential risks involved as the use of HIEs continues to grow.
Don't leap to conclusions on the basis of a new report that suggests Yahoo is preparing to warn the world that it was hacked and lost hundreds of millions of users' account credentials. Someone may simply have harvested passwords reused on other sites.
Three recent criminal cases involving hospital insiders who allegedly committed a variety of fraud, identity theft or egregious privacy violations that victimized patients highlight just how difficult it is to mitigate insider threats.
A developer warns that Dropbox gains wide-ranging access to Apple's OS X operating system using a SQL trick that some equate to hacking users' systems. Here's why giving a desktop app unusual access to Apple's privacy settings poses a security risk.
B. Vindell Washington, M.D., the new head of the Office of the National Coordinator for Health IT, pledges that the agency's top priority of advancing standards-based interoperable, secure health data exchange will continue under his leadership. But what will happen once a new president is elected?
The recent hacker attack targeting the drug records of Olympic athletes, as well as other breaches involving high-profile targets, highlight the challenges involved in protecting sensitive data from external attackers or malicious insiders driven by political and other causes, says security expert Sean Curran.
The handling of a recent data breach - the details of which are still unfolding - by Oakland, Calif.-based web services company Regpack provides a look into how the discovery and disclosure of a breach can turn into a real train wreck.
The Department of Health and Human Services is gearing up for its first-ever round of HIPAA compliance audits of business associates, and is also developing new guidance aimed at helping organizations deal with a surge in cyber threats.
All in the family: A "sophisticated attacker" alert from US-CERT, urging enterprises to lock down their networking gear, was triggered by the leak of exploit tools - targeting, in part, U.S.-built networking gear - that may have been tied to the NSA.
Fancy Bear strikes again: the suspected Russian hacking group released confidential medical records for four U.S. Olympic athletes, falsely contending the documents prove illegal drug use by the Olympians.
Is recently issued guidance from federal healthcare regulators clarifying when a ransomware attack needs to be reported starting to have an impact? Two recent breach notifications could be an early indication that the answer is yes.