What are some of the moves that organizations can make to improve their identity and access management? Veda Sankepally, an IT security manager at managed care company Molina Healthcare, describes critical steps in this case study interview.
This edition of the ISMG Security Report discusses the latest improvements in deception technology and how best to apply it. Also featured: a report on the growth of mobile fraud, plus insights on Merck's experience recovering from a NotPetya attack.
Paige A. Thompson, who's been arrested on a charge of hacking into Capital One's network and taking the personal and financial data of 106 million individuals, is also suspected of stealing information from over 30 other organizations, according to new court documents.
A South Korean company that makes a biometric access control platform exposed fingerprint, facial recognition data and personal information after leaving an Elasticsearch database open, security researchers say. They found 23GB of data belonging to organizations that use Suprema's BioStar 2 system.
Choice Hotels says about 700,000 guest records were exposed after one of its vendors copied data from its systems. Fraudsters discovered the unsecured database and tried to hold the hotel chain to ransom, which it ignored.
The U.S. Securities and Exchange Commission is investigating the exposure of personal and mortgage-related records from First American Financial Corp., according to security blogger Brian Krebs. First American spent $1.7 million on the incident in its second quarter, but investigations and lawsuits are looming.
The news that serial entrepreneur Elon Musk and scientists have unveiled Neuralink - a neuroscience startup that's been in stealth mode for two years and aims to create a new computer/brain interface - might make you ask: What took him so long? Before signing up, just make sure it's immune to ransomware.
A little over a week after a breach at Capital One was revealed, more U.S. lawmakers are raising questions about what happened at the bank, including what role, if any, Amazon may have played in opening the door to the intrusion.
Monzo, a U.K. mobile-only bank that plans to expand into the U.S., alerted about 480,000 customers to change their PINs this week after the company's security team found that a software bug meant some numbers were stored unencrypted in plaintext.
More lawsuits have been filed in the wake of the Capital One breach that exposed the data of more than 100 million individuals. GitHub is also a target of one of those lawsuits, which alleges the code-sharing site failed to promptly remove breached data.
Capital One's enormous data breach is a subject of intense scrutiny as well as fear. A definitive post mortem is likely months away. But security professionals have ideas as to how the breach was achieved and the weaknesses that led to it.
The latest edition of the ISMG Security Report analyzes the root causes of the Capital One data breach. Also featured: breach remediation advice and compliance with New York's new third-party risk management requirements.
In what's likely the first of many investigations, the New York attorney general's office announced late Tuesday that it's launching a Capital One probe following the disclosure that over 100 million U.S. residents had their personal data exposed in a breach. Meanwhile, class action lawsuits are looming.