Some security experts are questioning whether Experian is doing enough to ensure security after a researcher discovered that an API the credit reporting firm uses to allow lenders to check the credit score of prospective borrowers could expose customer's scores.
Law enforcement agencies use forensics tools from Israeli company Cellebrite to gain access to locked mobile devices and extract data. But the creator of encrypted messaging app Signal says he's found vulnerabilities in Cellebrite's tools, raising questions about whether the extracted data can be trusted.
To minimize the risk of exposing data to cyberhreats, enterprises should take a collaborative approach with all the stakeholders to ensure privacy by design along with data classification in this data-driven economy, according to a panel of experts.
Ireland's privacy regulator has launched an investigation into Facebook after personal information for 533 million of the social network's users appeared for sale online. It will analyze whether Facebook violated the country's data protection law or the EU's General Data Protection Regulation.
To help mitigate the risks of state-sponsored cyberattacks against India's critical infrastructure - and improve detection and response - requires industry collaboration and information sharing, root cause analysis with specialized forensics, and better testing of code, a panel of experts says.
The Russian state-sponsored group Fancy Bear was responsible for breaches at the Swedish Sports Confederation that resulted in hackers accessing sensitive athlete information, including doping test results, according to the Swedish Prosecution Authority. But Sweden will not pursue legal action in the case.
Chad Wolf, the former acting secretary for the Department of Homeland Security, has confirmed the accuracy of an earlier news report saying that the SolarWinds supply chain attackers gained access to his unclassified DHS email accounts, which included calendar details.
Criminals love to amass and sell vast quantities of user data, but not all data leaks necessarily pose a risk to users. Even so, the ease with which would-be attackers can amass user data is a reminder to organizations to lock down inappropriate access as much as possible.
The new world of "work from anywhere" is all about connecting users to applications. “It’s just different,” says iBoss CEO Paul Martini. Yet, many enterprises still approach this new dynamic with the wrong security mindset. Martini outlines what they’re missing.
At least 14 lawsuits seeking class-action status have been filed against Accellion in the wake of breaches of the vendor's 20-year-old File Transfer Appliance. A motion to consolidate the cases has also been filed.
How much does it cost to recover from a ransomware attack? For the Scottish Environment Protection Agency, which was hit by the Conti ransomware-wielding gang on Christmas Eve, reported cleanup costs have reached $1.1 million. SEPA is still restoring systems and has refused to pay any ransom.
Several healthcare entities are reporting health data breaches in the wake of an incident involving a vendor's employee who uploaded files containing patient data to the public-facing, open-source software development hosting website GitHub. How can entities avoid such mishaps?
The Iranian-linked threat group TA453, also known as Charming Kitten and Phosphorus, conducted a phishing campaign, dubbed "BadBlood," in late 2020 that targeted senior U.S. and Israeli medical researchers in an attempt to obtain their Microsoft Office credentials, according to Proofpoint.