The federal tally that lists major health data breaches has hit a new milestone: More than 2,000 breaches have been reported since September 2009. And the tally shows a significant shift in the kinds of breaches being reported.
Nationwide Mutual Insurance Co. will pay a $5.5 million settlement and update its security practices as a result of an agreement with attorneys general in 32 states and the District of Columbia in the wake of a 2012 data breach affecting more than 1.2 million individuals.
About half of today's cyberattacks are malware-free and don't involve having to write any files to disk, says Dan Larson of Crowdstrike. These attacks get around conventional defenses, such as firewalls and antivirus programs, so they require new defenses, he says.
Just in time for the seasonal upgrading of tax software, the IRS is warning of phishing emails purporting to be software updates, but which try to trick tax professionals into divulging login credentials.
The Department of Homeland Security has issued an alert warning about cyber vulnerabilities in certain Siemens medical imaging products running Windows 7 that could allow hackers to "remotely execute arbitrary code." How serious are the risks?
Data breach truism: So many organizations get breached, and remain breached, but don't find out until months or even years later, says Paul White of the cybersecurity firm Cyber adAPT. He offers insights on speeding reaction time by watching for clues.
It's a red-faced moment for FireEye. The company says an investigation reveals that an attack against an analyst's personal online accounts was enabled by the employee's continued use of compromised login credentials.
Employees are still falling for phishing scams leading to major breaches, including those related to ransomware attacks, say federal regulators, who are urging healthcare entities to step up their workforce training and awareness of email schemes.
Cybersecurity researcher Marcus Hutchins will plead not guilty in federal court to charges relating to creating and selling banking malware called Kronos. Some in the security community think the FBI may have confused legitimate research activities with criminal behavior.
Maxim Senakh, who was extradited from Finland to the United States to face charges related to Ebury botnet attacks, has been sentenced to serve nearly four years in federal prison, after which he will be deported to his native Russia.
British national Marcus Hutchins, aka "MalwareTech," has been arrested by the FBI on charges relating to the distribution of the Kronos banking Trojan. Hutchins is the "accidental hero" who singlehandedly defused the WannaCry ransomware outbreak.
Office of Personnel Management Chief Information Officer David DeVries says negative aspects of a Government Accountability Office report on steps OPM is taking to secure its IT paint an incomplete and not fully accurate picture of the agency's cybersecurity posture.
Spain has approved a U.S. extradition request for Russian national Stanislav Lisov, who's been charged with helping to organize and profit from a prolific banking Trojan called Neverquest. He's the latest in a long line of suspected Russian hackers to be detained while vacationing abroad.
Security expert Troy Hunt has released a massive data set of compromised passwords that's intended to help web services steer users away from picking those that have already been exposed in data breaches.