D-Link has reached a proposed settlement with the U.S. Federal Trade Commission, which alleged the IoT device developer left consumers vulnerable to hackers through inadequate security practices. The terms of the settlement may serve as a warning to IoT makers to get their security checks in order.
Reducing risk is a tall order, but IBM's Christopher Bontempo says healthcare security leaders can get immediate and measurable results by concentrating on two aspects: data security and incident response.
Malicious actors are increasingly using social media platforms to spread malware to unsuspecting victims. In the latest incident, Facebook removed more than 30 pages from its platform after security analysts with Check Point Research found that a hacker had loaded them with malware.
Sophos is the latest security firm to create a proof-of-concept exploit for the BlueKeep vulnerability in older versions of Windows. The company echoed several government agencies that have urged businesses to patch their devices.
Several unsecured Amazon S3 buckets belonging to IT services firm Attunity left at least 1 TB of data, including files from companies such as Netflix, TD Bank and Ford, exposed to the internet, UpGuard researchers disclosed. Although the databases have been secured, an investigation is continuing.
Italy's data protection regulator has slapped a $1 million fine on Facebook for mismanaging user data and precipitating the Cambridge Analytica debacle. But that pales by comparison to the the fine that's reportedly still being weighed by the U.S. Federal Trade Commission.
A former Equifax CIO who sold his stock in the company after learning about its 2017 data breach several months before the public and government agencies were informed has been sentenced to four months in prison for insider trading. Another former Equifax executive was sentenced on similar charges last year.
The firmware of more than 500 Huawei networking products is riddled with security weaknesses that make the vendor risky to use for 5G networks, a new report contends. The study analyzed more than 9,000 firmware images in 558 enterprise products from the Chinese company.
With the European Union's Cybersecurity Act now in full force, the European Union Agency for Network and Information Security, or ENISA, has a new name and a permanent mandate - as well as more money and staff - to oversee a range of cybersecurity issues.
The cyberattack earlier this year against Indian outsourcer Wipro, as well as several of its customers, is part of a much larger, multiyear phishing campaign that involves many more companies used as jumping off points, according to RiskIQ, which says the attackers apparently are manipulating gift cards.
Six major cloud services providers apparently were victims of Cloud Hopper, an umbrella name for deep cyber intrusions suspected to originate in China, Reuters reports. The report also alleges Cloud Hopper-affected companies withheld information from their clients for reasons of liability and bad publicity.