Microsoft warned on Monday that Russia-linked attackers are gaining access to corporate networks through poorly configured devices, such as office printers and VOIP phones. The remedy is paying more attention to deployed IoT devices, including establishing security policies and regular testing.
More lawsuits have been filed in the wake of the Capital One breach that exposed the data of more than 100 million individuals. GitHub is also a target of one of those lawsuits, which alleges the code-sharing site failed to promptly remove breached data.
A new strain of ransomware called MegaCortex is beginning to fill part of the void left by GandCrab and other variants that have been discontinued, targeting large corporations with huge ransom demands, according to a new analysis released Monday by Accenture's iDefense.
Several large breaches involving hacking/IT incidents, including ransomware attacks, have been added in recent weeks to the federal tally of major health data breaches. Here's a rundown of the latest additions.
Capital One's enormous data breach is a subject of intense scrutiny as well as fear. A definitive post mortem is likely months away. But security professionals have ideas as to how the breach was achieved and the weaknesses that led to it.
The latest edition of the ISMG Security Report analyzes the root causes of the Capital One data breach. Also featured: breach remediation advice and compliance with New York's new third-party risk management requirements.
A newly discovered vulnerability in Visa's contactless payment cards could allow fraudsters to bypass payment limits of 30 British pounds ($37) at U.K. banks, according to researchers at Positive Technologies, who claim the vulnerability could be exploited in other countries as well.
The U.S. Department of Defense has purchased IT gear known to have significant cybersecurity vulnerabilities, according to a new inspector general audit, which also highlights concerns about the use of equipment manufactured in China.
A federal judge has granted preliminary approval for a $74 million settlement of a consolidated class action lawsuit against health insurer Premera Blue Cross stemming from a 2014 data breach that affected 11 million individuals. More money will go to security enhancements than to victim reimbursement.
A newly discovered mobile ransomware strain called Filecoder.C is targeting Android devices through malicious links in online forums and then spreading via contact lists through SMS messages that attempt to entice others to install an app, according to research by the security firm ESET.
In what's likely the first of many investigations, the New York attorney general's office announced late Tuesday that it's launching a Capital One probe following the disclosure that over 100 million U.S. residents had their personal data exposed in a breach. Meanwhile, class action lawsuits are looming.
The cause of Capital One's breach is known. But experts say the incident still raises questions over why Capital One held onto personal data so long and if the bank was adequately monitoring administrator accounts.