A multitude of state privacy laws taking effect in 2023 has forced organizations to revamp their compliance programs to incorporate the disparate requirements, says Lisa Sotto. Companies across every industry face a threat environment that's more active and malicious than ever before.
In the latest weekly update, Information Security Media Group Editors discuss current cybersecurity and privacy issues, including advice on strengthening off-hours defenses during the holiday season, emerging cybercrime trends in 2022, and Palo Alto's first big M&A since early 2021.
The latest edition of the ISMG Security Report discusses how the profits of ransomware group Zeppelin have been smashed by security researchers, FTX again highlighting the risks of trading cryptocurrencies, and vendor Extrahop's newly appointed, high-profile president.
Microsoft says vulnerabilities in outdated web servers are likely responsible for a cyberattack last month against Indian energy giant Tata Power. Attackers targeted Boa servers, which were discontinued in 2005, to potentially compromise Tata and other critical infrastructure organizations around the world.
Security firm Group-IB has identified 34 hacking groups that are now selling a stealer-as-a-service model to spread infostealer malware and steal credentials from online gaming and payment accounts. The company advises organizations to be on the lookout for Raccoon and Redline infostealers.
Over 5,000 major health data breaches since 2009 have affected the personal information of 370 million people. Ransomware gangs and hackers are targeting healthcare providers, insurance firms and partners at an alarming rate. Experts explain why it's such a dangerous game.
Successful account takeovers are one of the most common ways that organizations end up with attackers in their systems. But strong authentication can thwart even the most clever phishing campaigns, says Brett Winterford, regional chief security officer for APJ at Okta.
The nefarious LockBit 3.0 cybercriminal group is claiming responsibility for the ransomware attack that halted municipal services and shut down employee email accounts in Westmount, Quebec, giving the city a deadline of Dec. 4 to make an undisclosed ransom payment.
Banks are getting better at catching a wide range of scams targeted at customer accounts, but they are still struggling with stopping authorized payment fraud through peer-to-peer payment companies such as Zelle, says David Pollino, former divisional CISO with PNC Bank.
An Australian nonprofit children's charity warned about 80,000 donors of the compromise of their credit card and personal information resulting from a recent hacking incident. The Smith Family says the hacker failed to steal any charity funds but did manage to access donor data.
Authorities charged six people, including five former Tennessee hospital workers, with conspiracy in disclosing health data. Federal prosecutors say the six sold information about patients involved in motor vehicle accidents to third parties, including chiropractors and personal injury attorneys.
A large-scale cyberespionage campaign by notorious China-based advanced persistent threat actor Mustang Panda is targeting government, academic and other sectors globally. Its main targets include Asia-Pacific organizations in Myanmar, Australia, the Philippines, Japan and Taiwan.
Trade-related services resumed Monday at Central Depository Services Ltd. in India, days after trading was suspended during a cyberattack Friday. All pending trades have now been settled, though brokers report some continued IT issues. The service says it appears that no data has been compromised.
A year after buying Wickr's encrypted instant-messaging app, Amazon will shut down Wickr Me on Dec. 31, 2023. The app has come under law enforcement scrutiny for allegations that the strong encryption shields drug peddlers and child abusers from prosecution.
Data breaches are tricky to cover, and we want to report on them in an ethical way. That requires picking what should be reported for informed public discourse but avoiding topics that may encourage attackers' efforts to shame victims into paying a ransom and anything resembling data dump voyeurism.