Uber CISO John Flynn tells a U.S. Senate subcommittee that the company should have told the public sooner about its 2016 data breach. He says the company's attempt to position its $100,000 payoff to hackers as a bug bounty was not appropriate.
A hacking team dubbed "Group 123" with apparent ties to the government of North Korea has been exploiting a zero-day vulnerability in the Flash browser plug-in, likely to hack high-value targets. Adobe has released an emergency Flash update with security fixes. Or organizations could simply stop using Flash.
The Department of Justice has charged two men, arrested in Connecticut near the scene of a jackpotting attack against a drive-up ATM, with bank fraud stemming from a malware attack. Police say they recovered $9,000 in $20 bills, as well a black box and other equipment from the suspects' car.
Apple and Cisco say they've partnered with insurers Aon and Allianz to offer cyber insurance policies for organizations that meet best security practices and use products from the technology companies. The partnership follows increasing interest in cyber insurance as a hedge against hacking risks.
Lauri Love, a British man accused of 2012 and 2013 hack attacks against U.S. government computers - including systems operated by the Federal Reserve, U.S. Army and NASA - has won his legal bid to quash a U.S. extradition request. But he still faces a potential trial in England.
Blockchain technology already underpins the boom in cryptocurrencies, but it is also being rigorously tested and developed for other applications, including identity and access management. Such projects could make personal data easier to secure and less vulnerable to data breaches.
Orwell got it wrong: People are less likely to surrender their privacy to a totalitarian state than to the lure of sharing holiday snaps, cat videos or the route and time they took for their latest cycling, jogging or kiteboarding outing, as captured by a wearable fitness device.
The booming interest and sometimes surging values of cryptocurrencies are drawing the interest of cybercriminals on a scale never seen before - including attacks aimed at trying to steal computing power to mine cryptocurrency.
Leading the latest edition of the ISMG Security Report: Inside the darknet marketplaces that serve cybercrime-as-a-service buyers and sellers. Also, why the healthcare sector remains so bad at detecting data breaches and blocking ransomware.
The number of data breaches reported by U.S. organizations reached an all-time high last year. In 2017, organizations that described how bad their breach was - and one-third did not - collectively lost 14 million payment cards and 158 million Social Security numbers, according to the Identity Theft Resource Center.
The U.S. government's idea to take the reins of the development of 5G mobile networks has been met with cynicism and criticism. But there are goods reasons the government is worried: Standards haven't been set in stone yet, and 5G will present a bevy of new security challenges. Here are some of them.
As big-data analytics matures, it will play a bigger role, but security information and event management software, or SIEMs, will also remain essential, contends Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham.
The White House, fearing China is spying on phone calls, has suggested that the U.S. government take a primary role in marshaling the development of secure 5G networks. But would nationalizing 5G networks make them more secure?