The attorney general of Pennsylvania has filed a lawsuit against Uber for allegedly violating the state's mandatory breach notification law. It's the latest in a long string of legal and regulatory repercussions Uber is facing after waiting more than a year to disclose a serious breach.
The U.K.'s National Cyber Security Center and Australian Cyber Security Center are using the "Have I Been Pwned" breach-monitoring service to centrally monitor for email addresses registered to government domains that appear in data breaches.
Digital certificate vendor Trustico is facing a new crisis after a researcher tweeted about an apparent root-level access flaw in the company's website. The alert comes after Trustico's CEO admitted that his company was archiving private keys for digital certificates.
The U.S. Securities and Exchange Commission has released revised guidance "to assist public companies in preparing disclosures about cybersecurity risks and incidents." It includes new prohibitions on trading in corporate shares after a breach has been discovered but before investors have been notified.
The top U.S. intelligence official has warned Congress that Russia will attempt to meddle in the this year's U.S. midterm elections, a repeat of the country's alleged 2016 U.S. presidential election interference.
Following the online attack against the opening ceremonies of the Olympic Winter Games in South Korea, some pundits were quick to guess that Russia was involved. But some attribution experts call the rush to attribute any cyberattack premature or even "irresponsible."
Equifax says that its digital forensic investigators have found that while its tally of 145.5 million U.S. breach victims hasn't changed, more of them had their email addresses, tax identification numbers and driver's license information exfiltrated.
The Twitter accounts of several celebrities and politicians in India were recently hacked. Cybersecurity leaders discuss the challenges and risk mitigation strategies in dealing with social media attacks.
Uber CISO John Flynn tells a U.S. Senate subcommittee that the company should have told the public sooner about its 2016 data breach. He says the company's attempt to position its $100,000 payoff to hackers as a bug bounty was not appropriate.
A Canadian museum had multiple points of possible infiltration to protect: employees with memory sticks, phishing attacks, visitors and contractors connecting to Wi-Fi, and exhibit computers. Additionally, the museum had prevented ransomware attacks in the past, but needed to increase its level of protection.
A malware incident at Partners HealthCare that was detected last spring but was only recently determined to have exposed patient data illustrates that confirming a data breach through a forensics investigation can be difficult and time-consuming.
So far in 2018, 15 health data breaches have been reported to federal regulators, affecting a combined total of nearly 391,000 individuals. But why are incidents involving ransomware still so rare on the federal health data breach tally?
Coincheck, a Tokyo-based exchange, says it suffered a hack attack that led to the theft of $530 million worth of XEM cryptocurrency from its hot wallet. But the developers of XEM say they are tagging all accounts that receive the stolen funds to stop it from being converted to cash.
Leading the latest edition of the ISMG Security Report: Ransomware crypto-locks customer data stored by a cloud-based service provider. Also, there's a move afoot to use blockchain technology to better protect people's personally identifiable information.
The cloud gives organizations great new opportunities to deploy new systems and applications. It also creates a whole new level of cybersecurity exposure, says Gavin Millard of Tenable, offering tips to bridge that gap.
"The difference between what is known and what is managed in an environment ... and then what's...