The commenting platform Disqus is resetting passwords after discovering that its database was breached in 2012. The breach is one of several older breaches that have only now come to light, thanks to the stolen data having surfaced. But how many older breaches have yet to be discovered?
Criminals in Mexico have added endoscopes to their ATM-attack toolkits, warns cash-machine manufacturer NCR. Pairing endoscopes with "black box" attacks can enable criminals to defeat sensors and instruct an ATM to dispense all of its cash.
If an NSA analyst took malware home and it was stolen from his home PC by a foreign intelligence agency, who are you going to blame? As the U.S. government's campaign against Kaspersky Lab intensifies, here are 10 facts, clarifications and likelihoods to keep in mind.
Hackers working for Russia gained access to the home computer of an NSA employee in 2015, pilfering highly classified material and spying code. U.S. officials claim Kaspersky Lab's software helped the hackers, but numerous questions remain unanswered. We round up the issues in play.
Leading the latest edition of the ISMG Security Report: A deep dive into how continuously monitoring user behavior could replace passwords as a means of authentication. Also, U.S. federal agencies continue to fall short on IT security.
CISOs need to anticipate the important questions their CEO is likely to ask as mega-breaches make headlines and data security is in the spotlight. Here, security leaders offer insights on how to answer eight tough questions.
Equifax ex-CEO Richard Smith asserts that a single employee's failure to heed a security alert led to the company failing to install a patch on a critical system, which was subsequently exploited by hackers. But his claim calls into question whether poor patch practices and management failures were the norm.
When Yahoo first disclosed a massive 2013 breach last year, it said 1 billion accounts appeared to have been compromised. But the search giant, now owned by Verizon, says "new intelligence" has revealed that the breach compromised every single Yahoo account, affecting 3 billion users in total.
Security programs fail because of too much emphasis on protection and not enough on detection and response, says Ira Winkler, president of Secure Mentem, who calls on CISOs to help change their organization's security priorities.
At the first of three Congressional hearings slated this week to examine the Equifax mega-breach, one Republican said of the company's delay in detecting the breach: "It's like the guards of Fort Knox forgot to lock the doors and failed to notice the thieves were emptying the vaults."
Credit-reporting agency Equifax says its massive breach was even worse than it suspected, affecting 145.5 million U.S. consumers. But it revised the number of suspected Canadian victims from 100,000 down to 8,000, yet says it's discovered that some also had payment card data compromised.
The latest edition of the ISMG Security Report is devoted to a special report on how enterprises around the world should prepare for the European Union's General Data Protection Regulation, which starts being enforced in May.
Former Equifax CEO Richard Smith this week heads to Capitol Hill to testify about the massive breach suffered by the credit bureau. Lawmakers will likely focus on breach detection and response, information security practices and the suspicious timing of three executives' stock sales.