Researchers have discovered two new Spectre/Meltdown variants: variant 3a, a rogue system register read, and variant 4, a speculative store bypass. Some AMD, ARM, Intel and IBM Power chips have the flaws, which attackers could exploit to steal sensitive data. Some fixes have already been shipped.
Speech recognition software vendor Nuance Communications says an unauthorized third party accessed one of its medical transcription platforms, exposing records for 45,000 people. The company has blamed the breach on a former employee, who accessed personal data from several of Nuance's clients.
Chili's Grill & Bar is warning customers that an unknown number of payment cards were compromised at an unknown number of corporate-owned locations earlier this year for a period of time it suspects lasted two months. Should Chili's have waited to alert customers until it had more information?
Twitter has apologized after it discovered that it had been inadvertently storing users' passwords in plaintext in an internal log, potentially putting them at risk. Twitter has blamed a bug for the fault and recommends all users change their passwords immediately.
Australia's Commonwealth Bank has confirmed that two magnetic tapes containing transaction information for 19.8 million accounts went missing two years ago after mishandling by a subcontractor. A forensic investigation concluded the tapes were likely destroyed, and no fraudulent activity has been detected.
Yahoo, now known as Altaba, has agreed to a $35 million civil fine with the U.S. Securities and Exchange Commission to settle accusations that the search giant failed to promptly notify investors about a December 2014 data breach.
Great news: "SunTrust to offer free identity protection ... at no cost on an ongoing basis." Of course, nothing comes for free, at least for 1.5 million customers of the Atlanta bank, whose personal details may have been sold to criminals by a former employee.
Uber has agreed to stricter monitoring by the U.S. Federal Trade Commission following its concealment of a 2016 data breach while it was negotiating with the agency for a settlement tied to a separate, yet similar, breach two years prior.
With Alabama and South Dakota recently becoming the last two states to adopt breach notification laws, notification processes become more complicated, says privacy attorney Adam Greene, who offers an in-depth analysis.
A spate of payment card breaches at some of the most recognized U.S. brands has been blamed on the hacking of India-based chat network provider 7.ai that led to the infiltration of online chat portals for Delta, Sears, Best Buy, Kmart and perhaps others.
Department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor have suffered a data breach that apparently exposed details on 5 million payment cards. Cybersecurity firm Gemini Advisory says the JokerStash syndicate - aka Carbanak gang - is selling the stolen card data.
Anyone who dined out at one of 166 Applebee's restaurants in 15 states may have had their payment card details compromised by point-of-sale malware infections that began in November 2017, RMH Franchise Holdings warns.
The U.K.'s National Cyber Security Center and Australian Cyber Security Center are using the "Have I Been Pwned" breach-monitoring service to centrally monitor for email addresses registered to government domains that appear in data breaches.
An analysis of a massive 8.8 GB trove of files containing usernames and plaintext passwords suggests hundreds of services may have experienced unreported or undiscovered data breaches. Data breach expert Troy Hunt says the trove of 80 million records appears to contain fresh data.
Equifax says that its digital forensic investigators have found that while its tally of 145.5 million U.S. breach victims hasn't changed, more of them had their email addresses, tax identification numbers and driver's license information exfiltrated.