A review of the mobile app that malfunctioned during Iowa's critical tally of the Democratic Party's caucus has uncovered a security vulnerability, ProPublica reports. Security firm Veracode says the app insecurely sends data, but it did not provide more details.
In a recently discovered phishing campaign, hackers attempted to steal victims' passwords and credentials by posing as a former Wall Street Journal reporter and sending documents with potential interview questions, according to security firm Certfa.
The coronavirus statistics are dizzying - as of Thursday, there were more than 28,000 infections and about 560 deaths. But the key stat to watch is the mortality rate, currently 2 percent, says pandemic expert Regina Phelps. How that number changes will dictate how business continuity leaders must respond.
Facebook scientists have proposed using "radioactive data" watermarks to identify when online images get used to train neural networks. The proposal appears to be aimed at the rise of big data startups, such as Clearview AI, that are scraping publicly available photographs to create facial recognition tools.
Ekans, a recently discovered ransomware variant that's designed to target industrial control systems, appears to have some of the same characteristics found in Megacortex, malware that struck several high-profile targets in 2019, according to the security firm Dragos.
Ireland's Data Protection Commission is launching an investigation into how Google uses customer data for its location services after the privacy watchdog received numerous complaints from consumer rights organizations across the European Union.
Australian transportation and logistics firm Toll Group has confirmed that it sustained a ransomware attack earlier this month that has forced the company to shut down several of its systems and led to delays in deliveries.
British leaders' failure to more quickly choose and pursue a specific path for the nation's 5G rollout meant that ultimately, the decision got made for them, despite many security concerns persisting over the use of Chinese-built telecommunications gear.
More bad news for ransomware victims: Anyone hit with crypto-locking DoppelPaymer malware now faces the prospect of having their personal data dumped on a darknet site unless they pay a ransom. The gang's move follows in the footsteps of Maze, Sodinokibi (aka REvil) and Nemty ransomware operators.
The European Union appears to be moving toward dropping a temporary ban on the use of facial recognition technology in public places, according to news reports. Some technology experts had argued that a temporary ban would be impractical and ineffective in preventing abuse.
Twitter says it has fixed an API problem that would have allowed someone to match phone numbers en masse to corresponding accounts, which could potentially unmask anonymous users. The flaw could have been found and exploited by state-sponsored actors, the social media firm warns.
The National Institute of Standards and Technology has unveiled a pair of draft practice guidelines that offer updated advice and best practices on how to protect the confidentiality, integrity and availability of data in light of increasing threats from ransomware and other large-scale cyber events.
After a hiatus, TA505 - a sophisticated APT group that has targeted financial companies and retailers in several countries, including the U.S. - has returned with a campaign that uses HTML redirectors to deliver malicious Excel documents, according to Microsoft and other security researchers.
Iowa prosecutors have dropped all charges against two penetration testers who were contracted to test the electronic and physical security of three judicial facilities, only to be arrested for trespassing. The case highlights how a lack of communication before penetration tests can have serious consequences.
Scammers are blackmailing users of infidelity-focused dating site Ashley Madison using leaked data from 2015, warns security firm Vade Secure. The sextortion shakedown is a reminder that while data breaches may be a blip for corporate entities, for individual breach victims, the impact may last forever.