Your best bet to avoiding the potentially exorbitant costs of a vendor hack is to not have one in the first place. A solid vendor risk management program, backed up by technology, policies, and procedures is the best protection. Good review and audit processes can catch any vendor-related problems before they become...
A new malware campaign uses a Trojanized version of the game Tetris to target healthcare and educational institutions for credential stealing, according to Blackberry Cylance. Analysts have observed evidence of the threat actors attempting to deliver ransomware with the 'PyXie' Trojan.
Organizations that suffer a security incident must be prepared to rapidly respond. Here are eight incident response essentials they must follow, from executing their breach response and notifying stakeholders to activating external service providers and working with regulators.
German software giant SAP has apologized after a software update mistakenly assigned higher-level privileges to some users within New Zealand's firearms buy-back database, exposing personal details for gun owners. The system has been shut down by police.
Getting the proper vendor contracts completed is a top concern for organizations preparing to comply with the California Consumer Privacy Act, says Caitlin Fennessy, research director at the International Association of Privacy Professionals.
This year's Black Hat Europe conference in London features dozens of briefings touching on a wide variety of topics, including exploiting contactless payment and Bluetooth vulnerabilities, identifying vulnerable OEM IoT devices at scale and running false-flag cyberattacks.
Researchers uncovered an unsecured database belonging to TrueDialog, a business SMS texting solutions provider, which exposed data on millions, including text messages, names, addresses and other information, according to a report by VPNMentor researchers. The database has since been closed.
The latest edition of the ISMG Security Report discusses new combination ransomware and doxing attacks. Plus, Twitter drops phone numbers in 2FA, and why we need to consider quantum cryptography today.
Victims of a massive 2018 Facebook data breach can continue a class-action lawsuit to try and force the social network to maintain "reasonable" information security practices, a federal judge has ruled. But he dismissed the plaintiff's attempt to receive monetary compensation for the breach.
South Korean cryptocurrency exchange Upbit says hackers have stolen $49 million worth of ethereum, in what is the year's seventh major cryptocurrency heist. Much of the $158 million stolen so far this year is likely fueling the North Korean regime's appetite for luxury goods and weapons of mass destruction.
The Australian government's digital health records program manages risk and privacy relatively well, according to a new audit, but there's room for improvement in third-party risk management and emergency access to sensitive health records.
The FCC voted unanimously Friday to ban telecommunications companies from using FCC funds to buy equipment from Chinese manufacturers Huawei and ZTE because they pose a "national security threat." Also under consideration is a plan to rip and replace equipment from the firms.
Some 4 terabytes of data on over 1.2 billion individuals - including LinkedIn and Facebook profiles - was exposed to the internet on an unsecured Elasticsearch server, according to an analysis by a pair of independent researchers.
Ransomware attacks have taken an unwelcome turn: The Maze gang reportedly has begun leaking a victim's files to create pressure to pay a ransom. Security experts say they're not surprised by this development, but note that given the different skills required, such tactics may not become widespread.