A web browser startup, Brave, has filed complaints in Europe alleging Google and other behavioral advertising companies are violating Europe's GDPR. Brave's complaints could set up one of the biggest battles so far over how personal data gets used - or abused - for targeted advertising.
The Food and Drug Administration should increase its scrutiny of the cybersecurity of networked medical devices before they're approved to be marketed, a new government watchdog agency report says. FDA says it will carry out the report's recommendations.
Should Europe's "right to be forgotten" apply worldwide? That's the focus of a case before the EU's highest court, which has pitted proponents - including Austria and France - against Google, Microsoft and the European Commission, who argue that the EU law provision should only apply in Europe.
CISOs and CIOs must ensure their organizations plan for worst-case scenarios, conducting frequent "dry runs" of disaster recovery plans, says Tonguc Yaman, CIO of SOMOS, a New York Community Care Network, who formerly served as deputy CIO of Bellevue Hospital.
A newly released report from the U.S. Government Accountability Office on the massive 2017 Equifax data breach provides a postmortem look at what went wrong, centering on the credit bureau's identification, detection, segmentation and data governance, as well as a failure to rate-limit database requests.
The British Airways breach, in which up to 380,000 website and mobile users' payment card details were stolen, traces to card-scraping code injected into a script on the airline's website by the cybercrime group called Magecart, says security firm RiskIQ.
The threat landscape is changing as the industrial internet of things radically broadens the attack surface for critical infrastructure, says Kenneth Carnes, CISO for the New York Power Authority, who discusses how to address the shift.
While healthcare entities and their vendors apparently are improving their encryption practices for computing and storage devices, regulators are also urging organizations to avoid overlooking the importance of physically securing and tracking these devices to help safeguard PHI.
Russian national Andrei Tyurin, who's been accused of hacking into JPMorgan Chase's network in 2014 and stealing personal information on more than 83 million customers, has been extradited to the U.S. He was allegedly part of a group that hacked into brokerages, news firms, a risk intelligence company and others.
British Airways has been threatened with a class-action lawsuit in U.K. court after warning that a hacker stole payment card data associated with 380,000 transactions. A law firm says that under GDPR, the airline should compensate victims for "inconvenience, distress and misuse of their private information."
U.S. prosecutors have accused a 34-year-old North Korean man of involvement in some of the most destructive and profitable cyberattacks ever seen, including the WannaCry ransomware outbreak, the Sony Pictures Entertainment breach and the theft of $81 million from Bangladesh Bank.
British Airways is warning customers that it suffered a hack attack that compromised up to 380,000 customers' payment cards as well as personal data over a 15-day period. The airline says it was alerted to the breach by a business partner that monitors its websites.
To transparently identify legitimate users in digital channels, organizations need strong digital identity risk assessment capabilities that examine each user's digital patterns and can more accurately detect potential bad actors, says IBM's Matt Konwiser.
All organizations should ensure that they are using the most appropriate tools, technologies, practices and procedures to safeguard their information against today's top threats, says Check Point's Avi Rembaum.