Scammers behind an ongoing "sextortion" campaign have been emailing a legitimate password - likely from a publicly leaked list - to victims with a threat to release a compromising video of the recipient unless they pay up in bitcoins, Barracuda Networks warns.
In the wake of a breach at Hong Kong's Cathay Pacific airlines that involved unauthorized access to personal details on 9.4 million passengers, security experts are weighing in on factors that might have contributed to the incident. So far, the airline has provided only sketchy details.
British Airways has discovered that hackers compromised payment card data and personal details for 185,000 more customers than it had originally suspected and that its systems were first breached not in August, but April. The airline now counts 429,000 data breach victims.
This week's edition of the ISMG Security Report features an analysis of whether the U.K.'s fine of Facebook for the Cambridge Analytica scandal is just the beginning of regulatory enforcement action. Plus: A potential settlement of Yahoo breach lawsuit and tips on securing data in the cloud.
Hong Kong-based airline Cathay Pacific says the personal details of 9.4 million passengers were inappropriately accessed in March, a breach the company confirmed in early May but publicly revealed on Wednesday. That raises questions about whether the airline violated data breach disclosure regulations.
A proposed agreement that would settle a class action suit against Yahoo over devastating data breaches could see the company pay as much as $85 million. That adds to the $35 million fine levied by the SEC earlier this year, showing the high price to be paid for Yahoo's record data breaches.
A Russian national has been charged with coordinating a four-year campaign to spread divisive themes aimed at disrupting the U.S. political system. "Project Lakhta" allegedly employed hundreds of individuals who created bogus accounts on such platforms as Facebook and Twitter to sow false narratives.
The latest edition of the ISMG Security Report features an analysis of the results of over 1,000 cyberattack investigations in the U.K. Also: an update on the proposed NIST privacy framework and a report on voter registration information for sale on the dark web.
Facebook is eyeing spammers as being the culprits behind its recently disclosed mega-breach, The Wall Street Journal reports. Preliminary findings from Facebook's internal investigation suggest that the attackers were not affiliated with a nation-state, but rather part of a known spam ring, the newspaper reports.
Organizations can effectively rely on managed security services providers to take care of many tasks, but certain strategic security functions must be handled in-house, says Sid Deshpande, research director at Gartner.
With at least 20 billion new consumer devices set to be internet-connected by 2020, initiatives in the U.K. and California are trying to ensure that as many IoT devices as possible will be out-of-the-box secure, for starters by not shipping with default passwords.
Federal regulators have smacked health insurer Anthem with a record $16 million HIPAA settlement in the wake of a cyberattack revealed in 2015, which impacted nearly 79 million individuals. What missteps does the settlement highlight?
A batch of U.S. voter registration records from 20 states has appeared for sale online in what appears to be an illegitimate offering. While it's far from the largest-ever seen leak of voter data, the incident again highlights the lax controls too often applied to voter records.
The U.K.'s National Cyber Security Center incident response teams have investigated more than 1,000 significant incidents in the past two years, the majority of which trace to nation-state attackers, officials say.
The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel. The breach alert follows a recent GAO report warning of serious cybersecurity shortcomings in U.S. weapon systems.