Security experts are urging organizations to patch a newly revealed serious flaw in Microsoft SharePoint as quickly as possible because proof-of-concept exploit code is already available. The U.K.'s National Cyber Security Center warns that hackers frequently target fresh SharePoint flaws.
Ireland's Data Protection Commissioner has launched an investigation into whether Facebook's Instagram service improperly displayed the email addresses and phone numbers of minors on its platform. Facebook, Instagram's owner, could face a GDPR fine if it's found to have violated privacy requirements.
To mitigate the risks posed by ransomware attacks, enterprises need to move from file-based security to a behavior-based approach, says Jennifer Ayers, vice president of the OverWatch division of Crowdstrike.
Britain's Information Commissioner's Office announced this week a dramatic reduction in its fine against British Airways for violating the EU's General Data Protection Regulation. The company will pay a $26 million fine instead of $238 million in a case tied to a 2018 breach.
A hacking group with links to Iran's government is suspected of using ransomware in attempts to damage the systems of organizations in Israel and other countries, the security firm ClearSky reports.
As ransomware continues to slam organizations, a lively debate has ensued about whether ransom payments should be banned in all cases. Attempting to ban ransom payments, however, likely would only make the problem worse.
Books retailer Barnes & Noble is investigating a security incident involving unauthorized access to its corporate systems, including those storing customers' information. To begin its mitigation efforts, the company shut down its systems, which meant its Nook e-book platform was offline.
A newly identified financially motivated threat group, dubbed "FIN11," is deploying Clop ransomware and exfiltrating data from its targets for extortion efforts, according to researchers at FireEye Mandiant.
Yes, a CISO must be technologist and a business risk leader. But more than ever, a CISO also must be a bit of a counselor, says Mark Eggleston, chief information security and privacy officer of Health Partners Plans, who puts mental health support atop his own list of key responsibilities.
Cybercrime wouldn't exist as we know it today without there being a multitude of technologies and services that criminals have been able to turn to their advantage, and cryptocurrency is one of the prime examples, especially when it comes to ransomware, darknet markets and money laundering.
Ransomware attacks remain the top cyber-enabled threat seen by law enforcement. But phishing, business email compromises and other types of fraud - many now using a COVID-19 theme - also loom large, Europol warns in its latest Internet Organized Crime Threat Assessment.
The Treasury Department's Office of the Comptroller of the Currency has hit Citibank with a $400 million fine for deficiencies in enterprisewide risk management, compliance risk management, data governance and internal controls. Meanwhile, the Federal Reserve is requiring the bank's board to take action.
Managing third-party risks must start with due diligence activities, and technology can play an important role, says Julian Colborne-Baber, forensic partner at Deloitte in the U.K.
The Xplora 4 kids smartwatch was shipped with a backdoor that could be activated remotely by an encrypted SMS to take secret screenshots. The manufacturer says the code was mistakenly left in the firmware, and it has issued a patch to remove it.
Stop me if you think that you've heard this one before: The U.S., U.K. and some allied governments are continuing to pretend that criminals will get a free pass - and police won't be able to crack cases - so long as individuals and businesses have access to products and services that use strong encryption.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.