Ticketmaster UK has been fined $1.7 million by Britain's privacy watchdog for its "serious failure" to comply with the EU's General Data Protection Regulation. Its failure to properly secure chatbot software led to attackers stealing at least 9.4 million payment card details.
A recently uncovered point-of-sale malware called "ModPipe" is targeting Oracle software used by thousands of restaurants and other businesses in the hospitality industry, according to researchers at ESET. This backdoor can then steal sensitive data, such as cardholder names.
An unauthorized person apparently gained access to a database of insurance software firm Vertafore and compromised the driver's license information of over 27 million Texans. Security analysts say a misconfigured database is the likely culprit.
Despite a Thursday deadline that would have forced China-based ByteDance to shut down its TikTok video-sharing app in the U.S., the Commerce Department will allow the company to continue its American operations for now as various court cases continue.
The gang behind the Ragnar Locker ransomware posted an ad on Facebook in an attempt to publicly shame a victim so it would pay a ransom. Security experts say the innovative tactic is indicative of things to come.
A House of Representatives staff report concludes that existing technology and infrastructure could be used to allow lawmakers to securely cast their votes remotely during the COVID-19 pandemic. But some Republicans question whether remote voting is, indeed, feasible.
A German appeals court has slashed by 90% the $11 million General Data Protection Regulation fine levied last year against 1&1 Telecom by the nation's federal privacy watchdog over call center data protection shortcomings. Experts say the case is a reminder that all GDPR fines can be appealed.
Federal regulators Thursday issued their 11th HIPAA settlement - the ninth in recent months - involving a patient right of access to records case. The resolution agreement with a Queens, New York, physician's practice calls for a $15,000 penalty and adoption of a corrective action plan.
Three state-sponsored advanced persistent threat groups - one Russian, two North Korean - have been targeting companies across the globe involved with COVID-19 vaccine and treatment development, Microsoft says.
Two senior U.S. Department of Homeland Security officials have been forced to resign, and a senior cybersecurity official fears he will be fired by the Trump administration, according to news reports. The moves have raised questions over U.S. stability during the transition period to President-elect Joe Biden.
The Muhstik botnet, which has been operating for at least two years, has recently started targeting vulnerabilities in the Oracle WebLogic application server and the Drupal content management system as a way to expand its cryptocurrency mining capabilities, according to security firm Lacework.
The lack of automation and actionable threat intelligence may be preventing enterprises from developing the fully functional Cyber Fusion Centers they envision. Anomali's Mark Alba shares ideas on how to change that.
Chat and collaboration software tools such as Slack are critical for software development teams. But a data breach experienced by Utah-based software developer WildWorks illustrates why developers should think twice before sharing sensitive database keys over chat.
Information Security Media Group's members-only CyberEdBoard CISO community has opened its doors, giving senior cybersecurity practitioners a private ecosystem to exchange intelligence, gain access to critical resources and enhance personal career capabilities in collaboration with peers around the world.