Mobile phone retailer Carphone Warehouse has been hit with one of the largest fines ever imposed by Britain's data privacy watchdog after an attacker breached its outdated WordPress installation, exposing 3 million customers' and 1,000 employees' personal details.
Fixes for the Meltdown and Spectre vulnerabilities are leading to decreased processor performance, triggering cloud service and data center slowdowns. All Windows servers - plus older PCs - as well as Linux servers appear to be experiencing noticeable slowdowns.
FBI Director Christopher Wray says the agency was unable to access nearly 7,800 devices in fiscal 2017 because of encryption, which he alleges will pose ever-increasing complications for law enforcement. The FBI doesn't want a backdoor, he says, but rather a "responsible" solution to allow lawful access.
Patch or perish to protect against Meltdown and Spectre attacks, and prepare to keep patching as Intel, AMD and ARM, as well as makers of devices running Apple, Google and Windows operating systems, including Apple iOS and Android smartphones and tablets, continue to refine their fixes.
Microsoft has paused issuing security updates to some Windows PCs with AMD chipsets after at least one update - meant to add some Meltdown and Spectre mitigations - has left some systems unbootable. Microsoft blamed the problem on AMD failing to properly document its firmware.
One of the most alarming breaches of 2015, involving Hong Kong toymaker VTech, has resulted in a $650,000 settlement with the U.S. Federal Trade Commission. It's a warning that internet of things security shortcomings - especially involving children's personal data - will have business consequences.
Dave DeWalt, former CEO of McAfee and FireEye, identifies the next generation of cybersecurity threats in the latest edition of the ISMG Security Report. Also featured: an analysis of the recent news of the Meltdown and Spectre microprocessor flaws and the POS malware attack on retailer Forever 21.
It's been nearly one year since Dave DeWalt walked away from FireEye, where he served as CEO. The veteran security leader has a new role and some candid insights on the state of enterprise cybersecurity defenses.
Personal details for 30,000 Medicaid recipients in Florida may have been exposed after a government employee fell victim to a phishing attack, state officials warn. The information could potentially be used to file false Medicaid claims.
Security teams are scrambling to put in place fixes for the Meltdown and Spectre flaws. But Windows users report that Microsoft's security fix for the flaws has been freezing some PCs built with CPUs from chipmaker AMD. Here are workarounds.
Federal regulators have released a draft of a trusted health information exchange framework with some detailed security components that go beyond HIPAA requirements. The goal is to advance secure national health data exchange so that clinicians have quicker access to potentially life-saving information.
The U.S. Department of Homeland Security says nearly 250,000 federal employees' personal details were exposed in a 2014 breach of its Office of Inspector General's case management system. Witness testimony and an unknown number of nonemployees' personal details also were exposed.
An analysis of how unprepared businesses are to fight back against the continued problem of ransomware is featured in the latest edition of the ISMG Security Report. Also featured: outlooks for health data breaches and other cybersecurity trends in 2018.
Microprocessor makers Intel, ARM and AMD, as well as operating system and software developers and makers of smartphones and other devices, are rushing to prep, test and ship fixes for the serious CPU flaws exploitable via Meltdown and Spectre attacks.
"Replace CPU hardware" might be the only full solution listed by CERT/CC for serious flaws in microprocessors that run millions of PCs, cloud services, servers, smartphones and other devices. Thankfully, many security experts believe patches and workarounds will mostly suffice.