An army of 40,000 small office/home office routers have been exploited by automated malware. But who's responsible for devices being vulnerable: vendors for using well-known defaults; or distributors and IT managers for not locking them down?
Caffeine junkies are up in arms over reports that criminals have been targeting their Starbucks account balances. But the real story is poor password-picking practices by consumers, and Starbucks' lack of multi-factor authentication.
After recently announcing an investigation, Sally Beauty Supply now confirms that it has "sufficient evidence to confirm that an illegal intrusion into our payment system has indeed occurred." The retailer reported a similar breach in March 2014.
Wanted: Hackers for hire. Or in British government parlance: "Committed and responsible individuals who have the potential to carry out computer network operations to keep the U.K. safe." Ready to apply?
The FBI is offering a big-stakes reward for an alleged criminal who ranks at the top of its "cyber most wanted" list. But one cybercrime expert asks: "Would you cross the Russian mafia or some organized crime gang for $3 million?"
Fraudsters have been hacking into and draining Starbucks accounts, customers report. Security experts say attackers appear to be guessing weak account passwords, then using funds to fill up gift cards destined for the black market.
Much of today's crime is "cyber-enabled," warns cybercrime expert Raj Samani, and successfully blocking such attacks increasingly demands not just better technology and public-private collaboration, but also an understanding of psychology.
A judge's decision to allow MasterCard's settlement with Target to stand isn't likely to be appealed and could discourage banking institutions, some experts say, from continuing to pursue a breach-related class-action lawsuit they filed against the retailer.
It's unlikely that the same hackers that hit Sally Beauty in 2014 struck the company a second time this year, several threat intelligence experts say. Find out the latest theories about what may have led to the apparent second breach of the retailer.
Knowing exactly when to share information with law enforcement in the wake of a breach is challenging, says Assistant U.S. Attorney William Ridgway, a featured speaker at ISMG's Fraud Summit Chicago on May 19.
Partners HealthCare System is the latest healthcare organizations to suffer a data breach following a phishing attack. But why did Partners wait five months to issue a breach notification, when HIPAA requires notifications within 60 days?