The Black Hat Europe information security conference returns to London, featuring 40 research-rich sessions covering diverse topics, including politically motivated cyberattacks, recovering passwords from keyboards thanks to thermal emanations, hacking Microsoft Edge and detecting "deep fakes."
Marriott's mega-breach underscores the challenges companies face in securing systems that come from acquisitions as well as simply storing too much consumer data for too long, computer security experts say. Meanwhile, the hotel giant has yet to answer many pressing data breach questions.
Will Marriott be the first organization that lost control of Europeans' personal data to feel the full force of the EU's General Protection Regulation? With GDPR in full effect since May, organizations with data security practices face the potential of massive fines.
The Marriott hotel chain has announced its Starwood guest reservation database has been hacked, potentially exposing up to 500 million accounts. The unauthorized access to the database started in 2014, the company says.
With the Cosmos bank attack still fresh in memory, some security experts are urging the Reserve Bank of India to take immediate steps to upgrade the security capabilities of banks. For example, they want banks to do away with user-based one-time passwords delivered via text messages.
Another day, another "Have I Been Pwned" alert, this time involving 44.3 million individuals' personal details found in unsecured instances of Elasticsearch, which appear to have been left online by Data & Leads, a Toronto-based data aggregation firm.
A federal grand jury has indicted two Iranians for allegedly waging SamSam ransomware attacks on more than 200 entities, including Atlanta and other municipalities and six healthcare organizations. They collected $6 million in ransoms and caused more than $30 million in losses to victims, U.S. prosecutors allege.
Consumer organizations in seven countries plan to file complaints alleging that Google is violating the EU's General Data Protection Regulation via its location, web and app activity tracking, in what could be a blow to the search giant's lucrative but data-hungry targeted advertising business.
Uber has been slammed with $1.2 million in fines by U.K. and Dutch privacy regulators for its cover-up of a 2016 data breach for more than a year. The breach exposed millions of drivers' and users' personal details to attackers, whom Uber paid $100,000 in hush money and for a promise to delete the stolen data.
Automotive smartphone apps that can be used to unlock or start a car pose new risks that must be managed, says Asaf Ashkenazi of Inside Secure, a mobile security firm, who provides risk mitigation insights.
A court has preliminarily approved Lenovo's proposal to pay $7.3 million to settle a consolidated class action lawsuit filed over its preinstallation of Superfish adware onto laptops purchased by 800,000 consumers. Superfish, which has dissolved, already reached a $1 million settlement agreement.
A British lawmaker has obtained sealed U.S. court documents to reveal internal Facebook discussions about data security and privacy controls, as Parliament probes Facebook and other social media firms as well as Russian interference and fake news.
Australian human resources software developer PageUp says it has found "no specific evidence" that attackers removed data after the company warned in May that it had been breached. But investigators have found that attackers installed all of the tools they would have needed to exfiltrate data.
Cryptocurrency offers both immediacy and anonymity - traits that are attractive to threat actors looking to exploit organizations via ransomware or cryptomining. Laurence Pitt of Juniper Networks discusses why healthcare entities are uniquely vulnerable.
ISMG's Security Summit in Mumbai on Nov. 29 will offer insights from CISOs and other experts on hot topics, including setting the boardroom security agenda, using cyber threat intelligence, preventing fraud through the use of blockchain, securing digital payments and preparing for a breach notification law.