Authorities in the Netherlands recently levied a $516,000 fine under the General Data Protection Regulation against a hospital in the Hague in connection with a data breach involving "dozens" of staffers who snooped on the electronic medical records of a celebrity.
Weeks after Microsoft issued a patch for the BlueKeep vulnerability, which threatens devices running older versions of Windows, many organizations worldwide have yet to install patches despite alerts from the software giant, government agencies and cybersecurity companies, according to researchers at BitSight.
With the GandCrab ransomware-as-service gang promising to retire - and free decryptors now aiding victims - rival Sodinokibi has already stepped into the void, security experts warn. Driven also by attackers wielding Ryuk, Dharma and Phobos, ransom payments by victims have been surging.
At a Senate committee hearing on Tuesday, lawmakers grilled a Facebook executive about the company's plans to launch a cryptocurrency. One Democratic senator said Facebook "does not respect the power of the technologies they are playing with - like a toddler who has gotten his hands on a book of matches."
Software vulnerabilities sometimes have an uncanny knack of revealing themselves, even when a bug hunter is looking someplace else. Sam Curry's probing eventually revealed a cross-site scripting flaw in a Tesla service, which netted him a $10,000 bounty.
Fraudsters continue to get new tricks up their sleeves. Criminals are increasingly using Apple Pay, setting up mobile call centers to socially engineer victims as well as tricking consumers via fake e-commerce sites that never fulfill orders, fraud-fighting experts warn.
When it comes to supply chain risk, many organizations overlook how dependent they are on those critical relationships, says Matt Kraning of Expanse. As a result, they are minimizing serious security vulnerabilities. Kraning offers insights on re-thinking that dynamic.
The latest edition of the ISMG Security Report analyzes the significance of fines against British Airways and Marriott for violations of the EU's GDPR. Also featured are discussions of California's privacy law as a model for other states and the next generation of deception technologies.
George Orwell's "1984" posited a world in which Big Brother monitored us constantly via "telescreens." But thanks to our "smart" AI home assistants - from Google, Amazon and others - we're increasingly installing the monitoring equipment ourselves, and it may "hear" much more than we realize.
As more organizations rely on third parties for various services, managing the security risks involved is becoming a bigger challenge. Three CISOs offer insights on their real-world strategies for success.
Apple has taken an extraordinary move to protect its users from a yet-to-be-disclosed vulnerability that could compromise Macs that have the Zoom video conferencing software installed. It released a silent update to remove a vulnerable left-behind local web server, which likely has a remote code execution flaw.
Security researchers have found yet another unsecured database that left personal data exposed to the internet. In this latest case, a MongoDB database containing about 188 million records, mostly culled from websites and search engines, was exposed, researchers say.