Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.
The U.S. federal government and many states haven't conducted forensic investigations into the election systems probed by hackers prior to the 2016 election. An investigation by the New York Times has found two more providers of election systems that were breached.
A federal judge has ruled that a consolidated class-action lawsuit filed by those affected by the Yahoo data breaches can proceed. The ruling means Yahoo's corporate parent, Verizon, will face a suit that could eventually lead a court to attempt to quantify the financial impact of leaked data.
A sloppy spamming operation has exposed on a server in the Netherlands a batch of files that includes more than 700 million email addresses and some associated account passwords. It's perhaps the largest batch of email addresses ever found in one spot.
Verizon has made a strong case for continual PCI DSS awareness with its new study of payment card data security. But like many vendors that conduct their own studies supporting their business cases, Verizon makes suspect logical stretches.
What was perhaps the largest-ever botnet composed of infected Android devices has been disabled. The Wirex botnet cleverly used legitimate looking traffic for DDoS attacks against web services.
A list of weak credentials for vulnerable Internet of Things devices has prompted a new effort to notify their owners. The fear is of another mass, IoT-fueled DDoS attack along the lines of last year's Mirai attacks.
The never-ending stream of bad information security news is fueling a virtual gold rush for companies offering protection. A new report from Forrester predicts a healthy growth rate over the next five years, with some specific technologies expected to see double-digit growth.
There's another option for governments trying to overcome the end-to-end encryption barrier: buy a zero-day software exploit. One prominent zero-day broker, Zerodium, has added encrypted messaging apps to its bounty list.
EDR (endpoint response and detection) products are powerful tools that provide a play-by-play of exactly what happened on a computer during and after an attack. But the products require the right expertise to get the most value, a Gartner analyst says.
Carbon Black rolled with the punches last week after it was accused of exposing customer data via a bug in one of its endpoint detection products. It turned out there was no bug. But the company has gone back and uncovered a bug that did expose customer data, albeit on a small scale.
Philips plans to fix alarming vulnerabilities in a web-based application used to track patient radiation exposure. Versions of the DoseWise Portal mistakenly shipped with errors, including hard-coded credentials for a database and lack of encryption for patient data.
The 30-year-old protocol used by motor vehicle sensors to communicate may have to be rewritten following a proof-of-concept "error flooding" attack that can disable airbags, parking sensors and safety systems.
There's little defense against software updates that have been seeded with malicious code. Kaspersky Lab says attackers planted a backdoor in software updates from network management vendor NetSarang.
The British security researcher credited with stopping the WannaCry ransomware outbreak pleaded not guilty Monday to charges that he developed and sold a type of malicious software that steals online banking credentials.
FireEye says Russia's Fancy Bear hackers are targeting hotel guests with a sneaky attack that leaves no traces and steals network credentials. It involves no malware and is virtually impossible to stop.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.