Security experts have pointed out that British Airways' failure to monitor the output from its servers allowed hackers to maintain malicious code on its payment pages for two weeks.
Facebook earlier this year reportedly patched a vulnerability in its search page that could have allowed enterprising attackers to perform reconnaissance on certain users.
A recent study found customers would cease engaging with a brand after it experienced a breach and that overall, most respondents were unwilling to pay extra for the protection of their personal data.
Kaspersky Lab describes 8 most interesting issues from its recent event, covering criminals' data use; APT attribution; skills gap; ICS water attack; brain implant hack; false memories; lethal AI & data privacy.
A researcher has apparently found a way to exploit the new Group FaceTime feature in iOS 12.1 in order to access iPhone users' contact information.
Check Point Researchers developed an attack to hijack DJI drone user accounts that may contain the user's sensitive information as well as access to the device itself.
Researchers from Radboud University Nijmegen in the Netherlands yesterday disclosed a pair of vulnerabilities in the hardware full-disk encryption mechanisms of self-encrypting solid state drives (SSDs) from Samsung and Crucial.
An unsecured MongoDB server has exposed personal data on 689,272 American Express India customers.
A spyware program fraudulently disguised as a Spanish-language banking app was found last month collecting users' device data and messages, which were later leveraged in smishing schemes.
HSBC confirmed today it suffered a data breach last month affecting about one percent of its US accounts and exposing an extensive amount of customer information.
Hong Kong's privacy commissioner has launched an investigation into the Cathay Pacific airlines data breach that exposed the data of 9.4 million of its customers.
The age of self-regulation should come to an end, according to information commissioner Elizabeth Denham, as she publishes report into the use of personal data in political campaigns and testifies to select committee.
Having your online account hacked is bad enough, but learning that your precious account details were sold for a little as US$ 1 (£0.77) on the dark web adds insult to injury.
Ranking countries whose data is availabe on the dark web, the UK came out third - ie third worst - for having its data exposed - after the US and Canada - albeit using TDLs as a proxy for source.
Thousands of Moscow's wealthiest residents had their information compromised after Moscow-based internet provider Akado Telecom experienced a leak.
Facebook is reportedly suggesting that malicious browser extensions may be behind yet another data breach affecting users of the social platform - this one involving at least 257,256 stolen profiles, including 81,208 with private messages.
The Radisson Hotel Group reported its Radisson Rewards program was hit with a data breach sometime before 1 October exposing member's personally identifiable information.
Apple's latest lineup of Macbook includes a security feature to prevent threat actors from carrying out attacks on the device's microphone that would allow them to eavesdrop on unsuspecting victims.
A pair of new research reports are providing details on an ongoing "sextortion" scam in which malicious actors use publicly available lists of breached email addresses and passwords to contact victims and then blackmail them.
Eurostar is forcing all of its customers to reset their passwords following an incident in which an unauthorised individual attempted to access user accounts.
Wherever gamers go, scammers will follow -- and that especially goes for the immensely popular survival and battle royale game Fortnite.
Two months after Facebook removed 652 inauthentic pages, groups and accounts for spreading misinformation and stoking political discord in other nations, Facebook announced Friday that it banished 82 more offenders for the same reason.
IBM has entered into an agreement to acquire the open-source cloud software firm Red Hat for an estimated US$ 34 billion (£27 billion).
The Internet celebrates its 50th birthday - an awesome system that's insecure with new insecure access devices being added exponentially. If we do want change, we have to do it now says Berners Lee.
Google is upping its privacy game - among other policy changes this week - putting privacy controls within Search
US/UK Cyber Accord signed at Atlantic Future Forum forms a public/private partnership for government & industry to explore emerging trends and technologies & consolidate the leading role of the UK and US.
Google knows lots about us, but it has to tread a balance between using that data to enhance services, while respecting our privacy and keeping our details secure.
SC's UK cyber-security salary explains attributes for different roles, shows high demand & huge variation: junior analysts, £25K in manufacturing; public sector CISOs on £95k, colleagues at large banks - £500k.
Facebook now suspects it was criminal scam artists and not nation-state actors who compromised tens of millions of accounts in a major data breach that was discovered last month, according to the Wall Street Journal.
HaveIbeenpwned is telling its readers who might have an account with Facepunch that the game studio suffered a breach two years ago exposing their information.
Twitter releases 10M tweets, reveals decade of foreign influence, including Russia's efforts during 2016 election
A dataset of more than 10 million Tweets released by Twitter Wednesday included a detailed picture of Russia's attempt to influence voters away from Hillary Clinton and, eventually, toward Donald Trump.
Anthem will pay a record US$ 16 million (£12 million) to settle potential privacy violations stemming from its massive data breach 2015 data breach which compromised the data of nearly 80 million current and former patients.
A trio of unprotected Elasticsearch servers hosted by Amazon Web Service (AWS) left 113.5 million records of fitness tracking company FitMetrix customers exposed, according to the security researcher who discovered the databases.
Juniper Networks released a long list of security updates including seven critical flaws, six of which affect all platforms running Junos OS.
A new trojan dubbed GPlayed shows that threat actors are increasing their abilities to create hybrid threats that can move code from desktops to mobile platforms with no effort.
Eighty-one percent of campus IT professionals have said that securing networks used by students and faculty has become more difficult in the past two years due in part to the proliferation of connected devices.
Sony TV's can be remotely exploited without any authentication by attackers due to three vulnerabilities spotted by Fortinet researchers, with one of the vulnerabilities being rated "Critical Severity" while the other two were rated "High Severity".
Imperva has entered into a definitive agreement to be acquired by the technology-focused private equity firm Thoma Bravo for US$ 2.1 billion (£1.6 billion).
Concerned that it would draw the ire of regulators and that its reputation would take a hit, Google hid a glitch that exposed the personal data of hundreds of thousands of users on Google+, which the company has now shuttered.
The US state of California has passed a law effectively banning weak passwords and enforcing other security measures to more effectively secure connected devices.
Visionary author Andrew Keen first explained why our future needs fixing before addressing how we might constrain the winner-takes-all accumulation of power happening under the current digital revolution.
Security researchers have discovered several vulnerabilities in RouterOS, an operating system used in MikroTik routers, the most critical of which would allow attackers to potentially gain full system access.
After reports that China's People Liberation Army (PLA) slipped microchips into Supermicro motherboards, creating a backdoor that could be used by hackers to obtain information, both Apple and Amazon deny that their servers were affected.
Play to artificial intelligence strengths and avoid weaknesses to make it work in cyber-security, says ZoneFox's Dr Jamie Graves at IPExpo 2018.
Scores out of 100 are given to a range of threats covering devastation, likelihood, nuisance factor, financial impact and defendability, presented in an accessible format - a pack of Trumps playing cards.
Businesses overestimate the danger from outside threat actors while discounting the threat from insiders because of a failure to understand their GDPR-related risks, according to a new survey.
A recent study found Android OS password managers may not be as secure as their desktop counterparts.
Shadow data is being used by Facebook to target advertising at users while giving the targets no control over the collection or use of the information about them, a practice described by one commentator as a breach of GDPR.
Trump might still be blaming China for interfering with US elections at the UN, but there are other issues he should be worried about concerning cyber-attacks in the private sectors.
Many of the national leaders gathering in New York this week for the United Nations General Assembly certainly can sympathise with the UN officials who are dealing with a data breach.
Every vendor is pushing a threat intelligence feed, program, and/or product. How does a lean organisation separate the hype from the actual value?
Brought to you in partnership with Mimecast
Phishing has been around almost as long as the internet, but its still going strong and getting more sophisticated. Why? Because it works.
Brought to you in partnership with Cofense