Monzo, a U.K. mobile-only bank that plans to expand into the U.S., alerted about 480,000 customers to change their PINs this week after the company's security team found that a software bug meant some numbers were stored unencrypted in plaintext.
Microsoft warned on Monday that Russia-linked attackers are gaining access to corporate networks through poorly configured devices, such as office printers and VOIP phones. The remedy is paying more attention to deployed IoT devices, including establishing security policies and regular testing.
It's difficult to build a reliable security system based on artificial intelligence and machine learning, says Aleksandr Lazarenko of Group-IB, who offers insights on how to make the most of these technologies.
More lawsuits have been filed in the wake of the Capital One breach that exposed the data of more than 100 million individuals. GitHub is also a target of one of those lawsuits, which alleges the code-sharing site failed to promptly remove breached data.
A new strain of ransomware called MegaCortex is beginning to fill part of the void left by GandCrab and other variants that have been discontinued, targeting large corporations with huge ransom demands, according to a new analysis released Monday by Accenture's iDefense.
Several large breaches involving hacking/IT incidents, including ransomware attacks, have been added in recent weeks to the federal tally of major health data breaches. Here's a rundown of the latest additions.
Capital One's enormous data breach is a subject of intense scrutiny as well as fear. A definitive post mortem is likely months away. But security professionals have ideas as to how the breach was achieved and the weaknesses that led to it.
Some 23 federal agencies come up short in their cybersecurity efforts even as attacks on their IT infrastructures continue to grow and concerns about foreign interference in the upcoming 2020 elections persist, according to a Government Accountability Office report.
The latest edition of the ISMG Security Report analyzes the root causes of the Capital One data breach. Also featured: breach remediation advice and compliance with New York's new third-party risk management requirements.
DirectTrust's new effort to develop a standard for instant messaging in healthcare could potentially help providers securely communicate in real time over multiple platforms, says Scott Stuewe, the nonprofit alliance's president and CEO.
Through hundreds of millions of selfies, the small Russian company behind FaceApp has likely created one of the largest private troves of geometric and facial landmark data - on the scale of Google and Facebook. The viral app has turned into an intellectual property boon.
A newly discovered vulnerability in Visa's contactless payment cards could allow fraudsters to bypass payment limits of 30 British pounds ($37) at U.K. banks, according to researchers at Positive Technologies, who claim the vulnerability could be exploited in other countries as well.
A watchdog agency review of a VA medical center in California spotlights security issues involving medical device "workarounds" that some experts say are common but often overlooked or underestimated risks.