Britain's data protection watchdog is investigating two suspected data breaches - one involving the leak of HIV patients' identities, and the other involving the leak of personal information on magazine subscribers.
Sony Pictures Entertainment has reached a tentative deal to settle a class-action lawsuit filed against it, stemming from its 2014 data breach, which resulted in the leak of personal information for up to 50,000 employees.
More hackers are exploiting remote-access and network vulnerabilities, rather than installing malware to invade networks and exfiltrate data, says Dell SecureWorks' researcher Phil Burdette. That's why conventional breach-detection tools aren't catching the intrusions.
Policymakers must consider three factors before imposing sanctions in retaliation for state-backed hacks: Confidence in its attribution of responsibility, the impact of the incident and the levers of national power at a state's disposal.
International law enforcement agencies are warning banking institutions and businesses about extortion attacks being waged by an entity known as DD4BC, or DDoS for Bitcoin. They're advising organizations not pay any ransom and to notify their ISPs and law enforcement officials of any threats.
Lizard Squad, which markets the Lizard Stresser distributed denial-of-service attack tool, appears to have targeted the public-facing website of the U.K.'s National Crime Agency in retaliation for its recent DDoS-tool crackdown.
The FBI estimates fraud losses linked to so-called business email compromise scams worldwide have exceeded $1.2 billion in less than a year. But some financial fraud experts say the losses from this largely overlooked threat could be even higher.
Underground cybercrime forums continue to evolve, offering services ranging from cybercrime toolkits and money laundering to bulletproof hosting and a service that reviews exfiltrated data for corporate secrets, says cybersecurity analyst Tom Kellermann of Trend Micro.
The departure of Noel Biderman as CEO of Avid Life Media, parent company of the infidelity website Ashley Madison, represents a growing recognition of corporate executives' responsibility for data security.
The U.K. National Crime Agency has charged four teenagers with using the "Lizard Stresser" distributed denial-of-service tool to disrupt the websites of a national newspaper and a school, as well as gaming companies and online retailers.
CISOs who want to keep more cyber-attacks from succeeding should focus on decreasing the half-life of vulnerabilities, which refers to the amount of time it takes half of all systems affected by a vulnerability to get patched. That's the advice from Qualys' Wolfgang Kandek.
Breached dating site Ashley Madison is offering a $500,000 reward for information relating to the attack. The FBI, which is leading the investigation, is treating the breach as a national-security matter.
The Ashley Madison hackers have released a third data dump, and security experts warn that spam campaigns and extortion attacks now target supposed users of the dating site, sometimes demanding bitcoins - or else.
To help mitigate the risk that blackmail and extortion campaigns might target employees, employers' security teams must regularly review post-breach data dumps as well ramp up enforcement of their corporate security policies, says Stephen Coty of Alert Logic.