One of the co-authors of the devastating Mirai botnet malware has been sentenced to home incarceration and community service, and ordered to pay $8.6 million in restitution, for his role in a series of damaging distributed denial-of-service attacks that disrupted operations at Rutgers University.
Good news for anyone whose data has been crypto-locked by attackers wielding GandCrab, the year's most aggressive strain of ransomware: You may be able to get your data back, thanks to a free decryptor.
British Airways has discovered that hackers compromised payment card data and personal details for 185,000 more customers than it had originally suspected and that its systems were first breached not in August, but April. The airline now counts 429,000 data breach victims.
Australian police have charged a woman in the theft of AU$450,000 (US$318,000) worth of the virtual currency XRP, also known as Ripple, in one of the largest cryptocurrency thefts from a single victim. The case highlights how basic security messaging on protecting cryptocurrency isn't getting through.
This week's edition of the ISMG Security Report features an analysis of whether the U.K.'s fine of Facebook for the Cambridge Analytica scandal is just the beginning of regulatory enforcement action. Plus: A potential settlement of Yahoo breach lawsuit and tips on securing data in the cloud.
Medicaid agencies and their contractors reported more than 1,200 data breaches in 2016, but just one hacking incident accounted for more than 70 percent of all victims, according to a new report. What else does the report reveal?
Hong Kong-based airline Cathay Pacific says the personal details of 9.4 million passengers were inappropriately accessed in March, a breach the company confirmed in early May but publicly revealed on Wednesday. That raises questions about whether the airline violated data breach disclosure regulations.
A proposed agreement that would settle a class action suit against Yahoo over devastating data breaches could see the company pay as much as $85 million. That adds to the $35 million fine levied by the SEC earlier this year, showing the high price to be paid for Yahoo's record data breaches.
Two years after Mirai botnets first appeared, security researchers say telnet-targeting botnets are attempting to compromise internet of things devices by pummeling them with 1,065 different username/password combinations. Some of these attacks are designed to install Linux DDoS malware.
Health insurer Anthem had earned HITRUST Common Security Framework certification before its mega-breach. Now that the insurer has agreed to a $16 million HIPAA settlement with federal regulators, who spelled out the company's security shortcomings, it's worth scrutinizing the value of adopting a framework.
Where is the secret spying chip devised by China that Bloomberg reported had worked its way into at least 30 companies, including Amazon and Apple? The report earlier this month alleging supply chain infiltration by China's People's Liberation Army triggered skepticism from the start - and it's growing.
A tale of two different ransomware victims' responses: One Connecticut city says it had little choice but to pay a ransom to restore crypto-locked systems. But a North Carolina water utility hit separately says that rather than bow to criminals' demands, it will rebuild affected systems and databases.
A Russian national has been charged with coordinating a four-year campaign to spread divisive themes aimed at disrupting the U.S. political system. "Project Lakhta" allegedly employed hundreds of individuals who created bogus accounts on such platforms as Facebook and Twitter to sow false narratives.
Cryptojackers and eavesdroppers are continuing to exploit a one-time zero-day flaw in unpatched MikroTik routers, despite a patch that's been available for six months as well as the actions of a vigilante "gray hat" hacker who's forcibly "fixed" 100,000 vulnerable routers.