An unsecure database belonging to a company that provides hotel reservation management technology exposed about 179 GB of customer data, including travel arrangements and other data for U.S. military and other government personnel, according to a new report from two independent security researchers.
Inadequately protected shared network storage devices at a Department of Veterans Affairs regional office left veterans' personal and health information vulnerable to ID theft, fraud and other compromises, according to a new report. Security experts say this kind of security lapse is common in other sectors.
Draft regulations to carry out the California Consumer Privacy Act do not go far enough to clarify ambiguities in the law, which goes into effect Jan. 1, 2020, says privacy attorney Sadia Mirza of the law firm Troutman Sanders, who encourages organizations to submit comments on the proposed regs.
The State Department's years-long review of former Secretary Hillary Clinton's use of a private email server found that although 38 current or former department officials violated government security policies, there was no "persuasive evidence of systemic, deliberate mishandling of classified information."
Turla, an advanced persistent threat group with apparent ties to Russia, seized attack infrastructure and tools used by OilRig, an Iranian APT group, U.K. and U.S. intelligence agencies have jointly reported. They say Turla used the coopted infrastructure to conduct its own reconnaissance and attacks.
Zappos is close to settling a long-running class action lawsuit filed by consumers over a 2012 data breach. The online shoe and clothing retailer's proposed compensation would be a 10 percent discount on a future online purchase. A federal judge has granted preliminary approval to the deal.
A British judge has denied WikiLeaks founder Julian Assange's request to delay a five-day hearing, slated to begin Feb. 25, on whether he should be extradited to the United States to face espionage charges.
What is the risk of having too many cybersecurity tools? Compromised visibility because of "tool sprawl," say Brian Murphy and Seth Goldhammer of ReliaQuest. Enterprises are now awakening to this challenge and attempting to overcome it.
As the supply chain in the healthcare sector becomes increasingly complex, so do the cybersecurity risks and threats. New guidance aims to help healthcare organizations better address these challenges, says Darren Vianueva, who co-chaired an industry task force that developed the guidance.
ESET researchers have uncovered a new cybercriminal scheme that uses a trojanized version of the Tor browser for stealing bitcoins from darknet users. So far, the scam has netted about $40,000 in virtual currency, the security firm says.
Sodinokibi/REvil appears to be making millions since it seized the ransomware-as-a-service mantle from GandCrab earlier this year. Security firm McAfee says up to 40 percent of every victim's ransom payment - average: $4,000 - gets remitted to the Sodinokibi actor, with "affiliates" keeping the rest.
New legislation introduced by Sen. Ron Wyden, D-Ore., would "bring meaningful punishments for companies that violate people's data privacy, including larger fines and potential jail time for CEOs," he says. But can Congress agree on a privacy law?
While the Russian-linked hacking group known as The Dukes, Cozy Bear and APT29 in recent years appeared to have gone somewhat quiet, researchers from ESET report that the hackers have been targeting various European embassies and ministries as part of what the security firm dubs "Operation Ghost."
A North Carolina-based healthcare organization has reportedly discovered that malicious code had been contained on its e-commerce site for three years, sending consumers' payment information to unauthorized individuals.