The U.S. government's intrusion detection and prevention program known as Einstein has limited ability to detect breaches of federal information systems, according to a new Government Accountability Office report.
Global restaurant chain Wendy's is investigating a suspected data breach following fraud patterns tied to credit and debit cards used at some of its locations. Two card issuers confirm that they've seen signs of related fraud in some U.S. regions.
Israel has reportedly foiled a "severe cyberattack" launched against the Israeli Electricity Authority. The malware attack doesn't appear to have resulted in any disruption to the country's power grid, but many government systems remain offline.
Cyber-extortion attacks, especially those involving DDoS gangs that threaten disruptions unless the targeted organization pays a bitcoin ransom, are on the rise. Experts describe how organizations should respond to - and resist - these attacks.
Networking giant Fortinet warns that more products than it initially suspected have a hardcoded password that attackers could abuse to remotely gain backdoor access to vulnerable devices. But why did the flaws take so long to be found?
Banking institutions and associations are demanding that the Federal Financial Institutions Examination Council make significant changes to its Cybersecurity Assessment Tool. What action, if any, will regulators take in response?
The Ukrainian energy sector is being targeted by fresh phishing attacks, the country's computer emergency response team warns. But it's not clear who's behind those campaigns, or a recent malware infection at Kiev's main airport.
Security experts say the conclusions of an inspector general's report on how the Nuclear Regulatory Commission contracts the administration of security operation centers also applies to other government agencies and private businesses.
Cyber insurance covers more than the cost of breaches of data privacy; it can play a role in protecting against the cost of a cyberattack that disrupts business operations, explains insurance specialist Tim Burke in this video interview.
A lawsuit filed against security firm Trustwave is raising questions about "PCI Professional Forensic Investigators" and how they are monitored by the PCI Security Standards Council. But experts say the onus is on companies, not the council, to ensure their security practices are adequate.
DataBreachToday announces its inaugural list of top influencers, reflecting the individuals and organizations who have the biggest impact - good or bad - on the data breach landscape and growing breach epidemic.
Millions of Android devices - as well as desktops and servers - are at risk from a newly disclosed flaw in the Linux kernel that a malware-wielding attacker could exploit to seize full control of the device.
A new report from security firm FireEye that says the mobile banking Trojan dubbed SlemBunk is rapidly becoming more sophisticated illustrates why mitigating mobile malware risks must be an urgent priority for banks this year.
Casino operator Affinity Gaming has sued incident response firm Trustwave, alleging that the firm failed to fully eradicate and "contain" the 2013 data breach and payment card malware outbreak that it was hired to remediate.