A Congressional committee is demanding Facebook provide answers concerning a complaint filed with the FTC alleging misleading privacy practices involving personal health information. The complaint also alleged a data leak exposed the names of over 10,000 cancer patients participating in a Facebook group.
A security audit of popular password managers has revealed some concerning weaknesses. Luckily, none of the problems are showstoppers that should put people off using such applications. But the research shows that some password managers need to more thoroughly scrub data left in memory.
Recent apparently state-sponsored hack attacks have hit dozens of companies in the U.S. and political parties in Australia. Officials say China and Iran appear to have escalated their online espionage campaigns, seeking to gather better intelligence and steal intellectual property.
The Federal Trade Commission is reportedly negotiating a settlement with Facebook that includes a multibillion dollar fine for its privacy failures. But the social network is alarmed about the proposed settlement agreement's terms and conditions, The Washington Post reports.
The latest edition of the ISMG Security Report highlights how thieves can use "deep fake" photos in an attempt to steal cryptocurrency. Also featured: A discussion of the implications of "data gravity" and an analysis of whether the era of mega-breaches is ending.
A former U.S. Air Force counterintelligence agent was indicted for disclosing classified information and helping Iran compromise the computers of other U.S. intelligence agents. The case marks another damaging leak for the American government.
What if organizations' information security practices have gotten so good that they're finally repelling cybercriminals and nation-state attackers alike? Unfortunately, the five biggest corporate breaches of the past five years - including Yahoo, Marriott and Equifax - suggest otherwise.
Federal regulators have hit a California-based healthcare provider with a $3 million HIPAA settlement related to two breaches involving misconfigured IT. It's the latest in a recent series of hefty penalties issued in HIPAA cases.
In 2018, the Identity Theft Resource Center counted 1,244 U.S. data breaches - involving the likes of Facebook, Marriott and Exactis - that exposed 447 million sensitive records, such as Social Security numbers, medical diagnoses and payment card data.
The notorious xDedic Marketplace Russian-language cybercrime forum and shop remains offline following an international police takedown. Security experts expect xDedic customers to shift to UAS, a rival darknet market that also specializes in stolen and hacked remote desktop protocol credentials.
The consistency challenges that enterprise security teams are faced with has never been more complex, especially for the role of a CISO.
The CISO's team - from security architects, engineers and analysts to program managers - spends most of its time managing the balancing act of keeping tools & technology working...
The State Bank of India, the nation's largest bank, is investigating an apparent data leak that reportedly exposed information on millions of its customers. Security experts are calling on all banks to improve their server management practices.
Airbus says it suffered a hack attack, leading to a breach of "contact and IT identification details" for at least some of its EU employees. The aerospace giant says its investigation continues and that it has notified European privacy authorities, per GDPR requirements.
Special Counsel Robert Mueller's investigation into Russian interference in the 2016 U.S. presidential elections has led to 199 criminal charges, 37 indictments or guilty pleas and four prison sentences so far. But some key questions remain unanswered.