Researchers from Tenable Security claim they have found what is essentially a skeleton key for an ID and access control system that could open the doors for anyone, plus other less severe but nonetheless zero-day vulnerabilities.
The recent exposure of customer data on the website of Singapore Airlines as a result of a software bug is further evidence of the persistent challenge of adequately addressing security during the development stage.
The organization that manages IT for Singapore's public healthcare sector says it has terminated, demoted or financially penalized several employees for their roles in the handling of a 2017 cyberattack on SingHealth, the nation's largest healthcare group. What do U.S. security experts think of these measures?
Numerous cybercrime gangs continue to use darknet forums to seek fresh recruits, sell stolen data or advertise hacking services. One recent job listing from the data-leaking blackmail gang called The Dark Overlord sought technically proficient individuals who were fluent in Arabic, Chinese or German.
A U.K. court has sentenced Daniel Kaye, 30, after he admitted launching DDoS attacks against Liberia's largest telecommunications company in 2015 and 2016. A rival internet services provider paid Kaye $100,000 to launch the attacks.
A hacktivist who launched distributed denial-of-service attacks on Boston Children's Hospital and another local facility in 2014 has received a lengthy prison sentence and must pay restitution. But will the outcome of the case deter other hackers?
The U.S. government shutdown is impacting agencies integral to the nation's cybersecurity readiness, and experts fear its long-term impact on the country's cyberattack response capabilities, as well as the risk that it will drive away desperately needed new cybersecurity talent from entering public service.
Europe's "right to be forgotten" should not apply worldwide, but only inside the EU, according to a nonbinding opinion issued to the European Court of Justice by one of its advocate generals regarding a case that arose from a dispute between France's data privacy watchdog and Google.
A Juniper Research analysis of why card-not-present fraud will continue to grow leads this week's edition of the ISMG Security Report. Also featured: Updates on a Neiman Marcus breach lawsuit settlement and a German hacking incident.
German officials say the suspect behind the mega-leak of politicians' and celebrities' personal details exploited their weak passwords to access email, social media and cloud service accounts. What can the security industry do to help address the password problem?
A variety of security weaknesses contributed to a massive 2017 health data security breach in Singapore, according to a new report. What can healthcare organizations around the world learn from the report's security recommendations?
Forty-three states have reached a settlement with Neiman Marcus over its 2013 data breach, one of several breaches from that period blamed on in-memory malware. The retailer will pay $1.5 million and must use encryption and tokenization to protect card data.
On Wednesday, just days after a new "cybersecurity" law took effect, Vietnam alleged that Facebook has violated the law by allowing users to post anti-government comments on the platform. The so-called cybersecurity law actually speaks little about IT security measures.
Police in Germany say a 20-year-old student has confessed to stealing and leaking personal details from 1,000 German politicians, celebrities and journalists, allegedly after bragging about the crime. More advanced attackers rarely make so much noise.
An EU General Data Protection Regulation enforcement action against a hospital in Portugal demonstrates complying with GDPR may be even tougher than complying with HIPAA. Regulatory experts analyze the implications of the case.