Personalized product retailer CafePress has been hit with a lawsuit alleging that it failed to notify 23 million customers about a data breach in a timely manner or follow security best practices. The company was allegedly still using outdated SHA-1 to hash passwords, which can be easily cracked.
The FBI is warning banks, businesses and other organizations that cybercriminals are using social engineering and other technical techniques to circumvent multifactor authentication security protections.
"Cyberattacks are one of the unfortunate realities of doing business today," reads gaming company Zynga's data breach notification, thus breaking the first rule of crisis management: Own your mistakes. Hacker Gnosticplayers claims the company was still storing passwords using outdated SHA1.
The cybersecurity industry is sizzling. Venture Capital (VC) investment continues to be deployed at an unprecedented pace - yet, the number of security breaches has grown exponentially and the amount of exposed data has resulted in a crisis of global scale.
This whitepaper compares the level of VC investment with the...
In today's security environment, organizations have to realize that attackers are likely inside a company's environment already - no matter how well they're protected. As a result, security programs are now more proactive with analysts actively searching for the hackers that defeated their defenses.
Food delivery startup DoorDash says 4.9 million customer, contractor and merchant records were breached after "unusual activity" by a third-party service provider. Even aside from the usual identification data, experts say certain data - such as food allergies - could pose risks in the wrong hands.
Russian national Andrei Tyurin pleaded guilty to perpetrating massive hack attacks against leading U.S. financial services firms and others from 2012 to mid-2015. Victims included JPMorgan Chase, from which he stole details of 83 million customer accounts.
Russian national Andrei Tyurin, who was extradited last year from Eastern Europe to the United States, has stated that he plans to accept a plea deal he's reached with federal prosecutors. Tyurin has been charged with numerous crimes, including hacking JPMorgan Chase and stealing 83 million customer records.
The latest edition of the ISMG Security Report features a discussion of the controversies surrounding the release of whistleblower Edward Snowden's memoir. Also featured: An update on Lumen PDF's breach disclosure; insights on financial services identity management issues.
Ignoring a breach disclosure can have ugly consequences. Case in point: Lumin PDF, a PDF editing tool, which saw data for much of its user base - about 24.3 million - published in an online forum late Monday. Data breach expert Troy Hunt says it's sign of the dysfunction in the breach disclosure process.
The U.S. Commodity Futures Trading Commission has hit Philips Capital Inc., a Chicago-based brokerage firm, with a $500,000 penalty for security missteps before and after a 2018 data breach, which resulted in the theft of $1 million from client accounts.
Even the most sophisticated cyber security strategy is not foolproof. You need to be ready for a cyber attack with a proactive, coordinated incident response plan. Use this resource to launch your own incident response strategy. With your incident response plan documented and tested, you can respond swiftly and...
Paige A. Thompson, who prosecutors allege hacked into Capital One's network to access millions of credit card applications, has pleaded not guilty to federal computer crime charges. Her tentative trial date is Nov. 4.
Facebook has confirmed that unprotected databases containing more than 419 million users' phone numbers contained data scraped from the social network. TechCrunch, which first reported on the development, says many of the exposed phone numbers can be tied to Facebook IDs and remain accurate.