Yahoo has agreed to pay $80 million to settle a federal securities class action lawsuit following the massive data breaches that compromised the personal information of three billion users. The suit was filed by several shareholders in January 2017, alleging the web services provider intentionally misled them about its cybersecurity practices, in...

Bitcoin is so far the most successful cryptocurrency. Nevertheless, just like other cryptocurrencies, Bitcoin has seen prices drop dramatically for the past few months. Price volatility remains one of the most significant challenges facing all cryptocurrencies, as they try to navigate a tricky ecosystem towards being recognized as a world currency....

Android P, the next generation of Google's operating system, may not be due for release until sometime later this year - but that doesn't mean we don't already know some of the features it has in store for us. That's because the Android P is now available as a developer preview. That means this first preview of Android P is intended for developers...

A cryptocurrency exchange says a large-scale phishing campaign was behind abnormal trading activity that affected some of its users. The trouble started on 7 March when some Binance users posted to Reddit about problems involving their accounts' alternative coin amounts. Here's what one person said: Binance just sold all my alts at market rate and...

Cloud computing has revolutionized the way businesses operate, and it is growing exponentially. The main advantages provided by this technology include cost optimization where there is no need for a capital expenditure upfront anymore and costs being further reduced by using economies of scale where a large number of organizations are sharing service...

At least 400,000 servers are thought to be running a vulnerable program that can be tricked by a remote hacker into running malicious code. The problem is in versions of the open-source Exim message transfer agent (MTA). Exim, which was initially developed at the University of Cambridge, may not be a program familiar to the average computer user, but...

A video game developer gave customers a $5.00 discount off their next purchase after discovering a data breach that affected two of its online stores. Nippon Ichi Software, a Japanese developer and publisher of video games, claims in an email sent out to customers that it identified the breach on 26 February. The incident involved the addition of a ...

On January 12, 2018, GSA (General Services Administration) posted a request for public comment regarding updates to the General Services Administration Acquisition Regulation that will include new cybersecurity compliance and reporting requirements for federal contractors that access data on unclassified systems. Two regulations in particular will...

It's confirmed that some locations of the Applebee's restaurant chain suffered a point-of-sale (POS) breach involving customers' payment card data. On 2 March, RMH Franchise Holdings (RMH) issued a notice of data incident on its website. The statement explains how RMH, a franchisee of Applebee's...

Two significant ransomware attacks occurred in the first half of 2017. The first outbreak took place on May 12, 2017, when WannaCry leveraged a known Windows exploit to infect hundreds of thousands of vulnerable computers around the world, including 34 percent of UK National Health Service (NHS) trusts. Less than two months later, NotPetya abused...

This article is part 2 of 3 in the “Insider Enterprise Threats” series, outlining effective policies and practices for combating insider cyber security threats to the modern enterprise.In the first part of this series, we examined the seriously-overlooked threat posed by malicious insiders – employees, contractors, and more – and discussed user...

Colorado's Department of Transportation (CDOT) has suffered an infection from another variant of the same ransomware family that attacked it just days earlier. On 1 March, a variant of SamSam ransomware targeted employees at CDOT. The attack didn't hamper the Department's Traffic Operations Center,...

A massive data breach at the U.S. Marine Corps Forces Reserve has leaked the personal information of more than 20,000 Marines and civilians. According to reports, the compromised data included highly sensitive information, such as truncated Social Security numbers; bank electronic funds transfer and bank routing numbers; truncated credit card...

Data exposure reports have reached a dizzying pace in the past few months, and the security community has been focused on the risk from multiple angles. Now, a new study from HTTPCS gives us new insight into rates of vulnerable S3 configurations. HTTPCS scanned s3.amazonaws.com addresses looking for storage “buckets” and logged data on those that were...

German officials are blaming Russian-linked black-hat hackers for breaching several federal agencies and stealing sensitive information. On 28 February, sources told Deutsche Presse-Agentur (dpa) that the Russian digital espionage group APT28 used malware to target the German government's secure computer network. ...

Tripwire's February 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe and Oracle. BULLETIN CVE Adobe Flash APSB18-03 CVE-2018-4878, CVE-2018-4877 Microsoft Browser CVE-2018-0763, CVE-2018-0839, CVE-2018-0771 Microsoft Scripting Engine CVE-2018-0840, CVE...

Many of us in the cybersecurity world have followed this general mantra: protect the data, protect the data, protect the data. It’s a good mantra to follow, and ultimately that is what we are all trying to do. But there are different ways to protect data. The obvious method is to make sure it doesn’t get ripped off, but as we have noted in previous...

Many people view the Health and Safety at Work Act 1974 as unnecessary and burdensome, but its introduction has had a dramatic impact on reducing accidents in the workplace, particularly within industrial settings. Today, it controls the safety of equipment used on process plants, the time professional drivers may spend behind the wheel, and even...

A new family of mobile malware called RedDrop exfiltrates victims' sensitive data including ambient audio recordings and sends it to cloud storage services. Wandera, a mobile security firm which spotted weaknesses in the CBS Sports app and mobile site back in 2016, uncovered the malware when a user clicked on an ad for the Chinese search engine...

BEC, or Business Email Compromise, is a contemporary twist on a staple scam. Often in the shadow of the more extravagant, media-friendly super-hacks or ransomware compromises, BEC is leading the line on both the number of attack victims and the direct losses encountered by businesses. Although not as en vogue as other ‘nouveau’ cybersecurity threats...