AT&T's U-verse routers and gateways contain a bevy of internet-of-things coding errors that could be easily exploited by hackers, a researcher contends. As many as 235,000 hosts could be vulnerable to attack.
PrincessLocker ransomware is back, although it's less demanding than it used to be, with attackers decreasing the quantity of bitcoins they require to unlock forcibly encrypted files. Unusually, the ransomware is being spread by the RIG exploit kit.
The U.S. federal government and many states haven't conducted forensic investigations into the election systems probed by hackers prior to the 2016 election. An investigation by the New York Times has found two more providers of election systems that were breached.
A massive Locky ransomware campaign has been infecting devices via malware-laced spam messages as well as through fake Dropbox phishing pages. More than 23 million Locky spam email have been seen in just one 24-hour period.
A federal judge has ruled that a consolidated class-action lawsuit filed by those affected by the Yahoo data breaches can proceed. The ruling means Yahoo's corporate parent, Verizon, will face a suit that could eventually lead a court to attempt to quantify the financial impact of leaked data.
Hospitals in Lanarkshire, Scotland, are continuing to recover following an outbreak involving a new variant of Bitpaymer ransomware. Security experts say the malware often gets spread via brute-force attacks against endpoints running remote desktop protocol software.
A sloppy spamming operation has exposed on a server in the Netherlands a batch of files that includes more than 700 million email addresses and some associated account passwords. It's perhaps the largest batch of email addresses ever found in one spot.
Admitted Mirai malware attacker Daniel Kaye has been extradited from Germany to the United Kingdom, where he faces charges that he launched DDoS attacks and extortion attempts against the U.K.'s Lloyds Banking Group and Barclays banks.
In the wake of Hurricane Harvey, Texas hospitals have not yet reported issues involving access to electronic health records and other critical systems, says Lance Lunsford of the Texas Hospital Association.
The FDA on Tuesday issued an alert about a voluntary recall by a manufacturer of a network-connected implantable device due to cybersecurity vulnerabilities. Nearly 500,000 of the cardiac pacemakers from St. Jude Medical, now owned by Abbott Laboratories, are in use in the U.S.
A federal judge has granted preliminary approval for an amended $115 million settlement in the class action lawsuit over the 2015 cyberattack on Anthem, which resulted in a breach impacting nearly 79 million individuals. An amendment frees certain others from liability in the case.
Organizations in all sectors "need to look at the CISO role as an executive position with holistic understanding and a more well-rounded background" to help ensure security goals align with business goals, says consultant Ed Amoroso, former AT&T chief security officer.
As CISO at Hearst Corp., David Hahn's security strategy must be mindful of the challenges and brand risks for well-known media properties, including ESPN and Esquire, as well as smaller, lesser-known units within the corporation. Each requires a risk management strategy.