McDonald's home food delivery app in India leaked sensitive personal information relating to 2.2 million users. But the restaurant giant only addressed the insecure API after a researcher went public one month after informing McDonald's about the problem.
With ransomware attackers having already launched attack code with themes ranging from horror movies and Pokemon to Hitler to cats, it was only a matter of time before they decided to beam Star Trek's Kirk and Spock direct to would-be victims' PCs.
With apologies to Troy Hunt, the last thing you want to see in the morning as you're having your first cup of coffee and scanning the interwebz for cat videos is a notice from his "Have I Been Pwned" breach-alert service.
Britain's GCHQ intelligence agency dismissed as "utterly ridiculous" claims that it conducted surveillance on then-candidate Donald Trump at the request of President Obama. The White House reportedly apologized to the British government for its comments.
Hackers have been targeting the likes of AOL and Yahoo, in part, because a certain generation of users - including many senior U.S. officials - continue to use the services to send and store state secrets. Let's make sure future generations don't make similar mistakes.
FireEye's Mandiant investigative unit is seeing a revival in tried-and-true hacking techniques, ranging from social engineering to the snatching of OAuth tokens. Why are these old techniques still working?
FBI Director James Comey worries about data corruption, and he's focused on hackers altering data. But if government leaders feed false information into computer systems, what should IT and IT security practitioners do to protect data integrity?
WikiLeaks says it leaked the "Vault 7" CIA hacking arsenal in part to stoke a debate on cyber-weapon proliferation. Here's how information security experts are reacting to WikiLeaks' claims and potential agenda, as well as the dump and information vulnerability-exploit information it contains.
Confide, an encrypted messaging application, received a surge of attention after White House officials began using it for leaks. But a teardown of the app by two security firms revealed a raft of serious security issues.
Yahoo CEO Marissa Mayer will lose her cash bonus after an independent investigation into security breaches at the search giant found that the company's senior executives and legal team failed to properly comprehend or investigate the severity of the attacks.
Déjà vu "smart toy" information security fail: Spiral Toys, maker of internet-connected CloudPets, is under fire for exposing 821,000 user records online - now being ransomed - as well as links to 2.2 million parents' and children's voice recordings.
The Russian government appears to be doubling down on its information warfare success to date, publicly confirming that it has a "cyber army" designed to wage psychological operations and propaganda campaigns. While there are defenses, too few are using them.
Our objective, as the industry's largest global media organization, is to bring you the most important bits from the conference, whether you attended the event or are experiencing the content now for the first time. Call this the Best of RSA Conference 2017.
Paid breach notification site LeakedSource has disappeared. Given the site's business model - selling access to stolen credentials to any potential buyer - breach notification expert Troy Hunt says the site's demise is no surprise.
New ransomware circulating via BitTorrent is disguised as software that purports to allow Mac users to crack popular Adobe and Microsoft applications. Separately, new ransomware calling itself Trump Locker appears to be the previously spotted VenusLocker ransomware in disguise.