Britain's privacy watchdog agency has slammed the telecommunications company TalkTalk with a record fine of £400,000 ($511,000) for multiple information security failings that allowed a hacker to bypass access controls and exfiltrate customer data "with ease."
Britain has launched a new National Cyber Security Center to help U.K. organizations better respond to cybersecurity incidents. But Brexit is imperiling intelligence-sharing arrangements that help the U.K. battle attacks and track cybercriminals.
Yahoo built a custom software program that scanned incoming emails for a specific piece of content to comply with a classified U.S. government directive, Reuters reports. If true, did the U.S. government overstep its legal boundaries?
To better mitigate the breach risks tied to the growing use of mobile devices, organizations need to adopt enterprise digital rights management as a way to improve data security, says Gartner's John Girard.
Markus Jakobsson, Chief Scientist at Agari, has released a new book focused on socially-engineered schemes. What are the key takeaways, and how can security leaders improve their abilities to fight back against the schemers?
Republican presidential candidate Donald Trump laying out his cybersecurity agenda leads the latest version of the ISMG Security Report. Also, federal leaders address threats posed to the U.S. electoral system.
The internet of things is being compromised by malware-wielding attackers exploiting default credentials baked into devices. What will it take for manufacturers to ship devices that are secure by default?
Enterprises should employ new modeling, simulation and intelligence tools to provide insight into potential exploitable attack vectors before an incident occurs, Michelle Cobb, vice president at Skybox Security, says in a video interview.
Commerce Secretary Penny Pritzker suggests that regulatory agencies should implement cyber threat information sharing programs with the businesses they regulate, not only to enhance their IT security, but to build a collaborative environment between the two, often adversarial sides.
Bad news: A developer has released the source code for Mirai malware, which is designed to automatically find and hack internet of things devices, turning them into DDoS cannons. The malware has been tied to recent record-smashing DDoS attacks.
In a video interview, Troy Leach, CTO of the PCI Security Standards Council, explains enhanced standards designed to help ensure that POS vendors can stay ahead of new attacks aimed at defeating encryption.
The FTC has denied LabMD's request for a "stay," or delay, in implementing the regulator's final order stemming from a longstanding dispute over the cancer testing lab's information security practices. LabMD has asked an appellate court to review the case.
A new kind of malware for Mac OS X has been linked to Fancy Bear, the Russian group suspected of hacking the DNC and the World Anti-Doping Agency. But the malware only poses a low risk to users, experts say.
The latest ISMG Security Report leads off with a discussion with DataBreachToday Executive Editor Mathew J. Schwartz on why online cybercrime is growing. Also, the status of the U.S. government's cyberthreat information sharing initiative.
The Yahoo breach - and the theft of unencrypted security questions and answers - is a reminder to use unique passwords and security questions, store them using a password safe and take advantage of two-factor authentication whenever it's available.