A recent alert from the Department of Homeland Security warning of vulnerabilities in certain medical imaging products from GE Healthcare is a reminder to other medical device makers and healthcare entities about the risks posed by hardcoded and default credentials.
Facebook is under fire after reports suggested data-mining firm Cambridge Analytica obtained private information on 50 million Facebook users. The social network contends that it didn't suffer a "breach," saying the information was legally obtained but subsequently misused.
To help identify and mitigate the next generation of Spectre and Meltdown speculative execution flaws in CPUs, Microsoft and Intel are offering researchers up to $250,000 if they share their discoveries as part of a coordinated vulnerability disclosure program.
The technology and operating models for identity and access management have evolved with time, but the way many enterprises approach IAM has not. How can security leaders modernize their IAM strategy in this era of unprecedented complexity? Patrick Wardrop of IBM Security shares insights.
The FBI has arrested the CEO of the Canadian smartphone service Phantom Secure on charges that he and four other suspects ran an encrypted telecommunications service used by more than 20,000 customers to facilitate illegal activities, including international shipments of cocaine and other drugs.
Equifax has a new problem in Australia, a country that was left unscathed by the credit bureau's devastating data breach. The Australian Competition and Consumer Commission alleges the credit bureau deceived vulnerable consumers by misrepresenting its products and charging for services that should have been free.
Leading the latest edition of the ISMG Security Report: The Trump administration sanctions Russian organizations and individuals over U.S. election interference, the NotPetya campaign and energy sector hacks. Also featured: A deep dive into the use of so-called active defense.
If you browsed the latest security headlines, you'd probably think the majority of data breaches were related to hackers, political activists, malware or phishing. While the latter two hint at it, the truth is that nearly half of all data breaches can be traced back to insiders in some capacity.
The Securities and Exchange Commission and the Department of Justice have both charged Jun Ying, a former CIO at data broker Equifax, with engaging in illegal insider trading after he determined that his employer had suffered a massive breach.
A U.S. power company, unnamed by regulators, has been fined a record $2.7 million for violating energy sector cybersecurity regulations after sensitive data - including cryptographic information for usernames and passwords - was exposed online for 70 days.
A set of vulnerabilities in AMD chipsets that gives attackers enduring persistence on machines appears to be legitimate. But experts are questioning the motivations of the Israeli security company that found the flaws, contending it ambushed AMD to maximize attention.
President Donald Trump has blocked a bid by Singapore's Broadcom to acquire U.S. chipmaker Qualcomm on the grounds that it could impact national security, including the United States' ability to help shape future mobile telephony standards.
A federal judge has largely rejected a motion by Verizon to dismiss a class-action lawsuit filed by victims of three data breaches that compromised Yahoo, which is now part of Verizon. The Yahoo breaches appeared to have compromised nearly every Yahoo user's personal details at least once.
To the surprise of many, $120 million allocated by Congress since late 2016 to help the State Department combat foreign governments' U.S.-focused propaganda and disinformation campaigns hasn't been spent. Meanwhile, midterm U.S. elections are fast approaching.
Whoever unleashed malware built to disrupt last month's Winter Olympics in Pyeongchang, South Korea, designed it to look like it had been executed by a group of hackers tied to North Korea. But researchers at the security firm Kaspersky Lab say any such attribution would be false.