One measure of why it's so difficult for organizations to keep their software patched and better secured: Of the nearly 20,000 unique vulnerabilities in 2,000 products cataloged last year, only half involved Microsoft, Adobe, Java, Chrome or Firefox software, says Flexera's Alejandro Lavie.
Three Ukrainian men who were allegedly part of a hacking gang that stole more than 15 million payment card records from U.S. businesses, sold the data in underground markets and enabled at least $12.4 million in fraud have been arrested in Germany, Poland and Spain at the request of the U.S.
Reddit suffered a data breach in June after attackers managed to bypass its SMS-based two-factor authentication system. User data from 2007 and before was compromised. Security experts say the breach should serve as a reminder that using any two-factor authentication is better than none.
With Australia's data breach reporting law now in effect, its healthcare sector has recently reported the highest number of data breaches - a finding that is sure to intensify the already intense scrutiny of the country's controversial e-health records project.
Struggling European electronics giant Dixons Carphone says its investigation into a 2017 data breach has found that 10 million customers' personal details - up from its previous estimate of 1.2 million - were compromised. It previously reported that 5.9 million payment cards were also compromised.
A large Midwestern health network says a successful phishing campaign exposed a raft of personal and medical data stored in its email systems. The count of affected victims numbers 1.4 million, although investigators believe stealing personal data was not the attackers' goal.
The fundamentals of governance, risk and compliance are sorely lacking in too many organizations that are striving to improve cybersecurity, says Malcolm Palmore, an assistant special agent at the FBI.
This edition of the ISMG Security Report features Elvis Chan, a supervisory special agent at the FBI, discussing ongoing efforts to thwart Russian interference in the U.S. midterm election this fall, and Alberto Yepez of ForgePoint Capital addressing cryptocurrency security issues.
Under the EU's General Data Protection Regulation, within 72 hours of an organization learning about the data breach, it must report the breach to relevant authorities or face fines. The U.K.'s data privacy watchdog says it's already seen the volume of self-reported breaches quadruple.
Breach defense is a strategic business issue for most enterprises, but too many cybersecurity solutions rely more on flash than substance, says Lastline CEO Chris Kruegel. It's time to start talking about true breach defense.
Spear phishing attacks are in the news again following the Justice Department's indictment of Russian military intelligence officers for alleged attacks against U.S. politicians and county and state election boards. Here's how to play better phishing defense.
Singapore's largest healthcare group has suffered a hack attack that exposed 1.5 million residents' personal details. But authorities say the "deliberate, targeted and well-planned attack" appears to have been principally designed to steal medical information pertaining to the country's prime minister.
This edition of the ISMG Security Report includes an analysis by Executive Editor Matthew J. Schwartz on President Donald Trump's changing views on election meddling, plus an update on voter data being accidently exposed by a robocalling company.