The U.S. Securities and Exchange Commission is investigating the exposure of personal and mortgage-related records from First American Financial Corp., according to security blogger Brian Krebs. First American spent $1.7 million on the incident in its second quarter, but investigations and lawsuits are looming.
Security researchers at Check Point Software Technologies say they've uncovered an SQLite database vulnerability in Apple iOS devices that can run malicious code capable of stealing passwords and gaining persistent control on affected devices.
Apple is opening up its bug bounty program to all researchers, increasing the rewards and expanding the scope of qualifying products in a bid to attract tips on critical software flaws. The changes were announced at last week's Black Hat security conference in Las Vegas.
Some members of a hacking group with ties to China's government that's primarily known for its complex cyberespionage campaigns have developed a side business targeting the global gaming industry for financial gain, the security firm FireEye says.
More than two months after Microsoft issued the first warnings about the BlueKeep vulnerability, many enterprises have a spotty record when it comes to patching for this particularly worrisome flaw, new research from SecurityScorecard finds. Financial services companies have fared better than those in other sectors.
A new variant of the Ursnif Trojan is targeting vulnerable systems in an attempt to steal banking passwords and other credentials. The malware is spreading through infected Microsoft Word documents, and it has the ability to evade advanced security filters, according to security researchers at Fortinet.
Broadcom says it plans to acquire Symantec's enterprise security business for $10.7 billion in cash. The deal relieves Symantec of a business line where it faced aggressive competition. For Broadcom, it means gaining well-developed security offerings as it seeks to grow its infrastructure business.
Australia's fair trading regulator says it's seeking penalties against HealthEngine, an online platform for booking medical appointments, for allegedly selling patient details to private health insurance brokers without disclosure and embellishing patient reviews of healthcare providers.