The latest edition of the ISMG Security Report features a discussion of the controversies surrounding the release of whistleblower Edward Snowden's memoir. Also featured: An update on Lumen PDF's breach disclosure; insights on financial services identity management issues.
Ignoring a breach disclosure can have ugly consequences. Case in point: Lumin PDF, a PDF editing tool, which saw data for much of its user base - about 24.3 million - published in an online forum late Monday. Data breach expert Troy Hunt says it's sign of the dysfunction in the breach disclosure process.
Ahead of the release of Edward Snowden's memoirs chronicling his decision to bring illegal "big data" domestic U.S. surveillance programs to light, a former NSA intelligence specialist points out that the U.S. still lacks a whistleblowing law to protect intelligence workers who spot illegal activity.
Paige A. Thompson, who prosecutors allege hacked into Capital One's network to access millions of credit card applications, has pleaded not guilty to federal computer crime charges. Her tentative trial date is Nov. 4.
With widespread use of Active Directory across industries and organizations of all sizes, it is frequently a target for bad actors who can use a cracking dictionary or exposed credentials to gain unauthorized access to an employee's account.
Facebook has confirmed that unprotected databases containing more than 419 million users' phone numbers contained data scraped from the social network. TechCrunch, which first reported on the development, says many of the exposed phone numbers can be tied to Facebook IDs and remain accurate.
Nation-state actors, cybercriminals, hacktivists - each of these adversaries poses threats to enterprises. But how can organizations prioritize the threats and respond based on business risks? Craig Harber of Fidelis Cybersecurity discusses advanced threats and how to raise the bar on response.
Providence Health Plan says some of its members were among the nearly 3 million individuals affected by a data breach revealed by health plan administrator Dominion National in June. What lessons are emerging from that security incident and others involving third parties?
Do criminal organizations prefer to target organizations that hold cyber insurance policies? A ProPublica report suggests that because cyber insurance policyholders are more likely to pay ransoms, they're a more frequent target. But some cybersecurity experts have expressed skepticism.
Bulgaria's Personal Data Protection Commission has fined the nation's tax agency $2.9 million for failing to stop a breach that leaked tax records for nearly all of the country's citizens. Meanwhile, prosecutors have filed related criminal charges against employees of a penetration testing company.
A federal grand jury indictment of Seattle software engineer Paige A. Thompson charges her with stealing 100 million records from Capital One, stealing data from at least 29 other organizations, as well as using hacked cloud computing servers to mine for cryptocurrency.
Security firm Imperva is notifying some of its Cloud Web Application Firewall customers about a "security incident" that exposed certain data, CEO Chris Hylen reports in a blog post. What risks does the exposure create?
Organizations need to create a "defensible" cybersecurity program that has a mandate and executive endorsement, says Gartner's Tom Scholtz. I. Here are some points to keep in mind when drafting a program.