LinkedIn failed to force all users to reset their passwords after a 2012 breach of at least 6.5 million credentials came to light. But it turns out the breach actually compromised 167 million accounts. Whoops.
A Japanese ATM cash-out scheme that stole $19 million from South Africa's Standard Bank in less than three hours illustrates why devising better ways to mitigate the risks posed by such schemes must be a priority for financial institutions in markets - including the U.S. - that still rely on mag stripe debit cards.
Cyberattacks have gained regulatory attention worldwide. But the world doesn't need more regulation to address new threats, says Steve Durbin of the Information Security Forum. Instead, government must work more closely with the private sector.
As Europe counts down to implementing its General Data Protection Regulation, which will require EU-wide data breach notifications for the first time, similar efforts to enact a single federal law in the United States remain stalled.
A surge in ransomware attacks on hospitals is driving healthcare organizations large and small - as well as lawmakers and law enforcement agencies - to consider new and improved approaches to dealing with this evolving threat.
Neither Australia nor New Zealand currently has laws on the books requiring organizations to notify people affected by data breaches. But both countries do say they are committed to introducing that requirement.
Too few organizations have in-house incident response teams. As a result, they lack the native ability to even detect evolving threats, such as ransomware, says Ann Barron-DiCamillo of Strategic Cyber Ventures in this video interview. What are the must-have response capabilities?
A data breach at Cabcharge, a large Australian taxi booking and payments service, exposed details on customer movements, drivers and partial credit card numbers. One expert warns that the data could be useful to fraudsters.
A judge has declined to share details of a flaw exploited by the FBI - either in the Firefox browser or modified Tor version - during the course of a large child pornography investigation, saying Mozilla should deal directly with the U.S. government.
With hack attacks continuing against banks, SWIFT must follow in the footsteps of other vendors - notably Microsoft - and begin offering detailed, prescriptive security guidance to its users, says Doug Gourlay of Skyport Systems.
Tavis Ormandy of Google's Project Zero found he could hack Symantec's security products with a single email. The flaw has been fixed, but the finding is a reminder that flaws in anti-virus software can leave users at serious risk from hackers.