A $3.1 million proposed settlement has been reached in a data breach class action lawsuit against Community Health Systems stemming from a 2014 cyberattack that affected 4.5 million individuals. Why are settlements in data breach cases still relatively rare?
A U.K. bank says no customers lost money after cyberattackers attempted account takeovers by rerouting one-time passcodes, Motherboard reports. Such attacks involve unauthorized tampering with Signaling System #7, the protocol used to route mobile phone calls worldwide.
In 2018, the Identity Theft Resource Center counted 1,244 U.S. data breaches - involving the likes of Facebook, Marriott and Exactis - that exposed 447 million sensitive records, such as Social Security numbers, medical diagnoses and payment card data.
Fraud incidents and losses have remained steady or increased in the past year, according to ISMG's latest Faces of Fraud Survey. And the biggest fault of banking institutions' current anti-fraud controls: They rely too much on manual processes. Mike Lopez of survey sponsor Cyxtera Technologies analyzes the results and...
Ransomware victims who opted to pay for the promise of a decryption key forked over an average of $6,733 in the fourth quarter of 2018, according to ransomware incident response firm Coveware. It says strains such as SamSam and Ryuk, which demand higher-than-average ransoms, are increasingly common.
Bangladesh Bank, supported by the New York Fed, has filed a lawsuit in U.S. federal court to try to recover $81 million stolen via one of the biggest online bank heists in history. But the Philippine bank the lawsuit targets has dismissed the case as a "political stunt" designed to shift blame.
The notorious xDedic Marketplace Russian-language cybercrime forum and shop remains offline following an international police takedown. Security experts expect xDedic customers to shift to UAS, a rival darknet market that also specializes in stolen and hacked remote desktop protocol credentials.
The latest edition of the ISMG Security Report features an update on what U.S. intelligence chiefs told Congress this week about persistent nation-state cyberthreats, plus reports on evasion tactics used by cryptocurrency money launderers and what government CIOs have to say about security funding.
Apple's conflict with Facebook this week resulted in the most effective and quickest punishment the social network has ever received over a privacy issue. But should a multi-billion dollar tech company like Apple be picking up the slack for the digital privacy enforcement failures of governments?
The State Bank of India, the nation's largest bank, is investigating an apparent data leak that reportedly exposed information on millions of its customers. Security experts are calling on all banks to improve their server management practices.
Airbus says it suffered a hack attack, leading to a breach of "contact and IT identification details" for at least some of its EU employees. The aerospace giant says its investigation continues and that it has notified European privacy authorities, per GDPR requirements.
Efforts to exploit U.S. election security continue, and China, Russia, Iran and North Korea's "cyber espionage, attack and influence capabilities" pose an increasing threat, Director of National Intelligence Dan Coats told the Senate Intelligence Committee.
Sophos is out with new reports on Matrix and Emotet, two different types of cyberattacks that are hitting enterprise defenses. Matrix is a targeted ransomware, an emerging type of attack Sophos expects to gain prominence, and Emotet is malware that has evolved over the years into an opportunistic, polymorphic threat...
Despite the value of cryptocurrency plummeting since 2017, cybercriminals and rogue nations are still using it to launder funds. One recently discovered scheme designed to evade AML detection is "crypto dusting," according to CipherTrace's Dave Jevans.