Reddit suffered a data breach in June after attackers managed to bypass its SMS-based two-factor authentication system. User data from 2007 and before was compromised. Security experts say the breach should serve as a reminder that using any two-factor authentication is better than none.
With Australia's data breach reporting law now in effect, its healthcare sector has recently reported the highest number of data breaches - a finding that is sure to intensify the already intense scrutiny of the country's controversial e-health records project.
Struggling European electronics giant Dixons Carphone says its investigation into a 2017 data breach has found that 10 million customers' personal details - up from its previous estimate of 1.2 million - were compromised. It previously reported that 5.9 million payment cards were also compromised.
A large Midwestern health network says a successful phishing campaign exposed a raft of personal and medical data stored in its email systems. The count of affected victims numbers 1.4 million, although investigators believe stealing personal data was not the attackers' goal.
The fundamentals of governance, risk and compliance are sorely lacking in too many organizations that are striving to improve cybersecurity, says Malcolm Palmore, an assistant special agent at the FBI.
This edition of the ISMG Security Report features Elvis Chan, a supervisory special agent at the FBI, discussing ongoing efforts to thwart Russian interference in the U.S. midterm election this fall, and Alberto Yepez of ForgePoint Capital addressing cryptocurrency security issues.
Under the EU's General Data Protection Regulation, within 72 hours of an organization learning about the data breach, it must report the breach to relevant authorities or face fines. The U.K.'s data privacy watchdog says it's already seen the volume of self-reported breaches quadruple.
Breach defense is a strategic business issue for most enterprises, but too many cybersecurity solutions rely more on flash than substance, says Lastline CEO Chris Kruegel. It's time to start talking about true breach defense.
Spear phishing attacks are in the news again following the Justice Department's indictment of Russian military intelligence officers for alleged attacks against U.S. politicians and county and state election boards. Here's how to play better phishing defense.
Singapore's largest healthcare group has suffered a hack attack that exposed 1.5 million residents' personal details. But authorities say the "deliberate, targeted and well-planned attack" appears to have been principally designed to steal medical information pertaining to the country's prime minister.
This edition of the ISMG Security Report includes an analysis by Executive Editor Matthew J. Schwartz on President Donald Trump's changing views on election meddling, plus an update on voter data being accidently exposed by a robocalling company.
Asked in a press conference if he would denounce Russia for interfering in U.S. elections, President Trump responded with a conspiracy theory about a missing DNC server. Some security experts say Trump's response was nonsense and flies in the face of good digital forensics and incident response practice.
A Spanish consumer rights organization says telecommunications company Telefónica has fixed an elementary security error in its Movistar website that potentially exposed billing invoices for millions of customers. Telefónica says it hasn't detected fraudulent use of the data.