In the wake of fraud reports, Blowout Cards has issued a security alert to customers, warning that an attacker hacked its website and installed a PHP file designed to skim payment card details at the time of purchase.
Warning: Drop everything and patch all the Windows things now. That's the alert being sounded by security researchers in the wake of attackers adopting Equation Group attack tools designed to exploit an SMB flaw and install DoublePulsar backdoor.
The latest chapter in the nonstop WikiLeaks saga: As U.S. government officials continue to ramp up their anti-WikiLeaks rhetoric, President Donald Trump has reportedly directed federal prosecutors to examine ways in which members of WikiLeaks could be prosecuted.
Intercontinental Hotels Group says that in addition to 12 hotels that it directly manages suffering a point-of-sale malware outbreak that began in 2016, 1,200 IHG-branded franchise hotel locations in the United States were also affected.
To shift from reactive to active defense mode, organizations need to get better at both threat-hunting and incident response. Tim Bandos of Digital Guardian discusses the tools and skills that are needed.
Medical device manufacturers and healthcare entities should take five key cyber-related steps to help ensure patient safety, says Beau Woods of the grassroots cyber-safety advocacy group, I Am the Cavalry.
Businesses that fail to block former employees' server access or spot any other unauthorized access are asking for trouble. While the vast majority of ex-employees will behave scrupulously, why leave such matters to chance?
The FDA has warned Abbott that it must submit a plan within 15 days to address previously identified cybersecurity vulnerabilities and other potential safety issues in certain cardiac devices of St. Jude Medical, which Abbott Labs acquired in January.
Federal regulators are warning healthcare sector organizations about the threat of man-in-the-middle attacks and related risks associated with the use of some Secure Hypertext Transport Protocol, or HTTPS interception products for end-to-end security.
Collaboration between medical device manufacturers and ethical hackers who discover vulnerabilities is getting better, but there's still plenty of room for improvement, says Bill Aerts, the former global privacy and security officer of Medtronic.
Recent settlements between New York State's attorney general office and three mobile app vendors for misleading privacy and marketing practices could have implications for other developers, especially if other states follow suit with their own enforcement actions, some legal experts say.
Microsoft's docs.com service has been an open window to viewing people's personal data. The company appears to have taken some steps to contain the exposure, but those watching closely say sensitive data can still be found via search engines.
Some medical devices, smartphones and internet of things gadgets contain certain types of sensors that are vulnerable to potential hacking using sound waves, says cybersecurity researcher Kevin Fu, who calls on manufacturers to address the risks.
McDonald's home food delivery app in India leaked sensitive personal information relating to 2.2 million users. But the restaurant giant only addressed the insecure API after a researcher went public one month after informing McDonald's about the problem.