Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.
A federal judge has largely rejected a motion by Verizon to dismiss a class-action lawsuit filed by victims of three data breaches that compromised Yahoo, which is now part of Verizon. The Yahoo breaches appeared to have compromised nearly every Yahoo user's personal details at least once.
Kaspersky Lab says it has uncovered an elegantly written piece of malware that leverages a Latvian-designed router to launch stealthy attacks. The security firm hints that the malicious code could only have come from a well-resourced attacker, but it stops short of naming one.
Regulators are struggling to keep up with the proliferation of online trading schemes. Here's the story of an Australian woman who lost AU$63,000 on a platform called Millennium-FX. She is trying to recover her money, which ended up in an account controlled by a 30-year-old Russian man who lives in Cyprus.
The U.S. Senate is considering a banking reform bill that would ban credit agencies' practice of charging for a credit freeze, one of the crucial steps experts say can help pre-empt identity theft. Lawmakers have been under intense pressure to create laws that better protect consumers following Equifax's data breach.
The attorney general of Pennsylvania has filed a lawsuit against Uber for allegedly violating the state's mandatory breach notification law. It's the latest in a long string of legal and regulatory repercussions Uber is facing after waiting more than a year to disclose a serious breach.
The U.K.'s National Cyber Security Center and Australian Cyber Security Center are using the "Have I Been Pwned" breach-monitoring service to centrally monitor for email addresses registered to government domains that appear in data breaches.
Equifax has identified 2.4 million U.S. consumers whose names and snippets of their driver's license numbers were stolen, adding to one of the worst breaches in history, which resulted in personal data for most U.S. adults being exposed.
Digital certificate vendor Trustico is facing a new crisis after a researcher tweeted about an apparent root-level access flaw in the company's website. The alert comes after Trustico's CEO admitted that his company was archiving private keys for digital certificates.
Digital certificate vendor Trustico is sparring with DigiCert, which recently took over Symantec's digital certificate business, over a serious security incident. The private keys for at least 23,000 Trustico digital certificates have been compromised, prompting a scramble to protect affected websites.
An analysis of a massive 8.8 GB trove of files containing usernames and plaintext passwords suggests hundreds of services may have experienced unreported or undiscovered data breaches. Data breach expert Troy Hunt says the trove of 80 million records appears to contain fresh data.
Certificate authorities continue to be tricked into issuing bogus TLS certificates. A study by Recorded Future found that at least three underground vendors can supply fraudulent TLS certificates, which pose serious risks to data security and privacy.
Australia's real-time payments platform, which launched last week, includes a feature designed to reduce fraud and erroneous payments. Ironically, the feature may also expose users to social engineering attacks.
Google has begun activating a new feature in Chrome that will block 12 types of intrusive advertisements. But some security experts say the online advertising industry needs to solve the malware and privacy problems that have caused users to turn to ad-blocking and anti-tracking tools.
Microsoft has been working to reduce the ability of attackers who use the PowerShell scripting language to "live off the land" in enterprise networks, in part via machine learning. But IT administrators should also have these three essential malicious PowerShell script defenses in place.
After a year of brainstorming on blockchain technology, Microsoft says it will add support in its Authenticator app for a decentralized identity system that's designed to put users in control of their personal information.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.