Home Depot says an estimated 56 million payment cards were exposed in a data breach at its U.S. and Canadian stores. The retailer says an investigation revealed the breach involved custom-built malware not used in other cyber-attacks.
A cross-site scripting vulnerability at eBay.co.uk left an undetermined number of users susceptible to an attack that attempted to steal their credentials when they clicked on links within a listing offering a used iPhone for sale.
Apple announces security and privacy changes tied to the release of iOS8, including better data encryption, more secure iCloud backups, and a corporate promise to be more transparent. But it delays release of its HealthKit.
Federal government auditors have identified weaknesses in the technical controls protecting the security of the federally run Obamacare HealthCare.gov website and systems, which they say create increased and unnecessary risks.
C&K Systems, the vendor identified by Goodwill as the source of a breach that impacted about 330 of its stores, has confirmed details of the 18-month breach of its "hosted managed services environment" affecting three of its clients.
When IBM unveiled BIOS - Basic Input/Output System - in 1981 with the introduction of its personal computer, few perceived it as a security threat. But now, NIST has issued a new guide to mitigate BIOS vulnerabilities in servers.
Experts review new allegations that have emerged about information security practices at Home Depot in the wake of the retailer confirming that it suffered a data breach resulting in the theft of an unknown quantity of credit and debit cards details.
While the new Apple Pay system is slated to debut next month in the United States, payment card brands say the system eventually will expand to some of the other 66 countries that already accept contactless payments.
Security experts see good news and bad in Apple's latest announcements. Upsides include Apple Pay and numerous privacy and security improvements in iOS 8. But after the celebrity photo leak, iCloud fixes remain missing.
Leading this week's industry news roundup, Juniper Networks announces advancements in its threat intelligence platform, while Fiserv releases tokenization capabilities for its mobile wallet application.
Google says just 2 percent of the recent dump of nearly 5 million credentials to Russian cybercrime forums contained valid Gmail username and password combinations. But anyone who reused the same passwords on other sites remains at risk from hackers.