Sen. Maggie Hassan, D-N.H., is demanding that the U.S. Government Accountability Office review how the Department of Homeland Security shares personal data with contractors following several recent security incidents in which such information was exposed.
Big data analytics and search tools give organizations the ability to analyze information faster than ever before. But too many organizations deactivate security controls built into Elasticsearch, Amazon S3 buckets and MongoDB when they deploy, leaving their data exposed, says Elastic's James Spiteri.
Agile environments benefit from development platforms and open-source software, but that also raises the risks of attacks seeded in those supply chains, says Chet Wisniewski of Sophos, who describes steps that organizations can take to mitigate the risks.
Some 42 apps that were available in the Google Play store had been delivering adware to Android devices for about a year, according to the security firm ESET. In the 12-month period starting in July 2018, these apps were downloaded about 8 million times to Android devices around the world, the researchers say.
Johannesburg has been hit with a ransomware attack that is crippling municipal services. City Power, an electric utility owned by the city that was hit by a similar attack in July - also was affected by the latest attack.
Democratic lawmakers are urging the U.S. Federal Trade Commission to open an investigation into whether Amazon violated federal law by failing to the prevent Capital One's devastating data breach. Amazon dismissed the request as "baseless and a publicity attempt from opportunistic politicians."
The "Raccoon" infostealer, first spotted in the wild earlier this year, is rapidly gaining in popularity on underground forums due to its low cost and ability to steal a wide range of data, including credit card numbers and cryptocurrency wallets, according to a new analysis from Cybereason.
The latest edition of the ISMG Security Report analyzes how the Russian hacking group Turla has been coopting Iranian hacking tools. Plus: Avast's CCleaner hit by second attack; sizing up draft regulations for the California Consumer Protection Act.
The use of new standards can help strengthen cybersecurity risk management of medical devices at the Department of Veterans Affairs as well as other healthcare organizations, says Anura Fernando of UL, which recently completed a study with the VA examining gaps in medical device cybersecurity approaches.
Spanish authorities say they've arrested three individuals on charges of running a large-scale business email compromise scheme that targeted a dozen companies around the world to steal about $11 million.
A U.S. Congressional committee on Wednesday peppered Facebook CEO Mark Zuckerberg with tough questions about the company's plans for a cryptocurrency called Libra, raising concerns about privacy issues as well as potential use of the currency for money laundering or to finance deals for illegal drugs and weapons.
The FBI issued a warning this week about skimmer attacks designed to steal payment card data from e-commerce sites. The U.S. Department of Homeland Security also offered tips on defending against these attacks.