The rigidity of web application security controls has left the enterprise vulnerable to data breach.
Every business that operates a cardholder environment to transact with its customers is required to maintain compliance to the PCI DSS international standard for security. Penalties for lack of compliance have become costly yet compliance does not equal security.
Tax and donation information was revealed on hundreds of Canadians, some of them prominent.
A year after the massive breach at the retailer, authorities are keeping mum, but security pros say signs point to Ukrainian man.
The National Association of Federal Credit Unions is asking Congress to establish national data breach and notification standards for retailers.
The Boston-based hospital agreed to the fine related to its 2012 data breach which left information on thousands of patients vulnerable to compromise.
The company disclosed the lawsuits as part of its quarterly earnings report.
Prince George's County Public School System in Maryland is notifying roughly 10,000 employees that their personal information may be at risk.
Panelists at the closing keynote at SC Congress 2014 in Chicago urged attendees to work with the FBI to unravel breaches.
Members of the USPS testified before a House subcommittee Wednesday, drawing criticism over the delay in its breach notification to impacted employees.
Brian Krebs reported on Monday that malware found in Staples stores was observed to be communicating with command-and-control networks used by attackers in the Michaels payment card breach.
Boston-based Brigham and Women's Hospital is notifying roughly 1,000 patients that their personal information may have been on a laptop computer and cell phone stolen from a physician during an armed robbery.
Democrats on a House oversight committee have asked Secretary of State John Kerry when the breach was first discovered.
A number of Websense threat predictions point back to the vulnerable healthcare industry as a major target for cybercriminals.
The AP reported on Sunday that the State Department had its unclassified system compromised. The news follows the breach of three other government entities' systems.
Central Dermatology Center is notifying more than 76,000 patients that one of its servers had been compromised by malware for roughly two years, and their personal information may or may not have been accessed.
It's easy to get hung up on discussions around chip-and-pin, malware and network segmentation, and in the process lose sight of the broader trends that underlie many breaches.
Seattle Public Schools is notifying parents that personal information on as few as 8,000 special education students was improperly released.
The personal information included card and linked account numbers, card expiry dates and cardholder names.
Two debt sellers allegedly posted the people's personal information on unencrypted, publicly accessible spreadsheets that were post online.
If organizations are looking to raise their security profile, they should certainly examine these commonly overlooked areas.
BrowserStack experienced an attack on Sunday that resulted in partial user information being accessed and bogus emails being sent to about 5,000 users.
The attacks were detected and incident response began immediately, with unscheduled maintenance being performed to mitigate the threat.
The American Postal Workers Union filed charges to the National Labor Relations Board against the Postal Service for failing to notify them earlier about the recent breach.
As many as 75,000 customers who received services at a Visionworks location in Maryland are being notified that in an investigation is underway to locate a missing database server potentially containing their information.
In a notification letter to customers, Amex said law enforcement has arrested an individual possessing stolen personal and account information.
A Cyphort Labs report provides an in-depth analysis of Backoff, BlackPOS and FrameworkPOS, malware used in some of the biggest breaches.
Attackers are using stolen email addresses to try to steal victims' bank account numbers.
Payment cards used at Grand Casino Mille Lacs were subsequently used to make fraudulent purchases, and may have been compromised by an unauthorized individual who used malware.
A Canadian federal bill that would force companies to notify individuals of breaches moved a step closer to being law in October.
Sign up to our newsletters
SC Magazine Articles
- APT operation 'Double Tap' exploits serious Windows OLE bug
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- Vulnerabilities identified in three Advantech products
- The Internet of Things (IoT) will fail if security has no context
- Operators disable firewall features to increase network performance, survey finds
- DDoS attacks cost organizations $40,000 per hour, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Study: 'High priority' issues hamper endpoint security solution implementation
- Researchers identify POS malware targeting ticket machines, electronic kiosks
- Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor
- DDoS attacks grew in size, threats became more complex, Q3 reports say
- Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards