PageUp, an HR software developer in Australia with clients worldwide, is warning that malware-wielding attackers may have accessed a raft of personal data stored in its systems. The breach may be the largest to have hit Australia since its mandatory data breach notification law went into effect in February.
The U.S. Treasury Department announced Monday that it has imposed sanctions on five Russian organizations and three individuals, the latest move by the Trump administration in response to Russian cyberattacks.
South Korean cryptocurrency exchange Coinrail says hackers stole 30 percent of all of the cryptocurrency tokens it was storing, but many have been successfully frozen or recalled. Security experts say cryptocurrency exchanges remain poorly secured, so they're popular targets for hackers.
The Department of Homeland Security has issued two more alerts about cyber vulnerabilities in certain medical devices. The stream of recent advisories is helping to draw more attention to the importance of addressing device security. But healthcare providers face the challenge of tracking and mitigating all risks.
One day, organizations may be able to self-certify their GDPR compliance, says an official at the U.K.'s data privacy regulator. Regardless, experts recommend that organizations ensure they are focusing on continuous GDPR compliance and regularly testing their data breach response plans.
The era of the underground marketplace may be ending as concerns over law enforcement infiltration rise, says threat intelligence company Digital Shadows. Cybercriminals' deals are shifting toward encrypted chat and other decentralized services, the company says.
Australian HR service provider PageUp, which serves a variety organizations worldwide, says malicious software on its systems may have compromised client data as well as usernames and passwords. PageUp believes systems that store documents, resumes and employment contracts are not affected.
The geneology service MyHeritage says a security researcher found 92 million email addresses and hashed passwords for its users on a private external server. The company, however, says there's no evidence of abnormal account activity or indications family trees or DNA results were affected.
RSA's most recent Quarterly Fraud Report shows that "newsjacking" is increasingly empowering phishing attacks, says Angel Grant, RSA's director of identity fraud and risk intelligence. The report also shows a continuing surge in mobile app fraud.
Australian police in Queensland are pursuing a criminal investigation into what may be one of the first instances of a company swiping cryptocurrency using a software backdoor after a business deal went bad.
When it comes to fraud, enterprise data has a story to tell, and it's up to security and fraud leaders to know how to interpret that story. Jim Apger of Splunk discusses reading and reacting to these stories.
Experts have long warned that bitcoin is not as private as it appears. The very design of bitcoin, as well as some other virtual currencies, can lend a surprising amount of information about the groups using it to transact. In fact, it's sometimes easier to track than if criminals used the banking system.