A long-running marketplace for selling stolen payment card data claims it has 30 million stolen payment cards that experts believe are linked to the breach at Wawa convenience stores late last year. The breach is one of the largest ever involving card-related data.
Trend Micro researchers created a phony "smart factory" that lured attackers, demonstrating how they are increasingly focusing on industrial control systems and have become adept at planting malware within vulnerable infrastructure.
A New York Times reporter apparently was targeted with spyware developed by the NSO Group as part of a campaign that may be linked to a Saudi Arabia group, which has previously been accused of hacking attempts against dissidents, journalists and human rights lawyers, according to the think tank Citizen Lab.
Deception technologies offer a way to shift away from a purely defensive "detect and response" posture toward a more proactive offensive approach that draws stealth cyberattackers into the open before a breach.
The United Kingdom will allow "limited" use of equipment from China's Huawei for the nation's emerging 5G networks. After the Tuesday announcement, the White House and some U.S. lawmakers again expressed concerns about the global security threat posed by the use of the Chinese firm's gear.
Bad news on the ransomware front: Victims that choose to pay attackers' ransom demands - in return for the promise of a decryption tool - last quarter paid an average of $84,116, according to Coveware. But gangs wielding Ryuk and Sodinokibi - aka REvil - often demanded much more.
Many companies that should be offering customers the ability to "opt out" of the sale of their information under the California Consumer Privacy Act are failing to do so because of the law's ambiguities, some legal experts say. CCPA went into effect Jan. 1, but it won't be enforced until July.
Federal prosecutors say Practice Fusion - a unit of Allscripts - will pay $145 million to settle civil and criminal investigations related to its electronic health records system. The case includes a kickback scheme involving opioids as well as false claims regarding HITECH Act certification compliance.
With the number of installed internet of things devices expected to surpass 75 billion by 2025, the U.K. government is taking the first steps toward creating new security requirements for manufacturers to strengthen password protections and improve how vulnerabilities are reported.
A California healthcare provider took nearly seven months to report to regulators a phishing incident that exposed information on 200,000 patients. Security experts are analyzing whether the delay could be justifiable.
A spear-phishing campaign targeted a U.S. government agency for several months last year using emails with content about North Korea geopolitics as a lure, according to an analysis from Palo Alto Networks' Unit 42.
U.S. Senator Ron Wyden, D-Ore., has called on the National Security Agency to take steps to make sure the personal devices of high-ranking Trump administration officials are secure following a report last week that Amazon CEO Jeff Bezos' smartphone had been compromised.