Asked to explain the compromise of 500 million of its users' accounts, Yahoo appears to be trying to blame Russia. Of course, that would be an easy face-saving exercise for a publicly traded firm currently negotiating its $4.8 billion sale to Verizon.
Security expert Sean Sullivan isn't surprised that the massive 2014 breach of Yahoo, which exposed at least 500 million account details, only recently came to light. Here's why, as well as what users must learn from this breach.
Yahoo's disclosure of 500 million stolen accounts, one of the largest-ever data breaches, comes after months of dark-web chatter that indicated the company may be the next victim following Twitter, LinkedIn and Dropbox.
In this latest edition of the ISMG Security Report, you'll hear an explanation why estimates from the Ponemon Institute and The Rand Corp. on typical enterprise data breach costs vary so widely. Also, analyses of a car hack, SWIFT's latest initiative to help banks mitigate fraud and the Yahoo breach.
Don't leap to conclusions on the basis of a new report that suggests Yahoo is preparing to warn the world that it was hacked and lost hundreds of millions of users' account credentials. Someone may simply have harvested passwords reused on other sites.
To improve security, The Insurance Regulatory and Development Authority of India is requiring insurance companies to stop using internet servers outside India and to store all critical customer data domestically. The authority also is requiring insurers to take stringent measures to safeguard indigenous servers.
FBI Director James Comey, Facebook CEO Mark Zuckerberg and security expert Mikko Hypponen all advocate covering up your webcam as a cheap and no-brainer defense against everything from unscrupulous competitors to sextortionists.
Cisco has patched another zero-day flaw stemming from the Shadow Brokers' leak of Equation Group tools and attack code. The technology giant warns that attackers have been exploiting the vulnerability.
Apple-FBI crypto debate update: A researcher successfully defeated an iPhone passcode using less than $100 in equipment. But the delicate procedure, if used on the San Bernardino shooter's iPhone, could have accidentally obliterated its data.
To help financial institutions better spot attempted fraud, the SWIFT interbank messaging network plans to begin offering voluntary "daily validation reports" to customers to flag unexpected senders, recipients or payments as well as unusually large payments.
Ransomware attacks are surging because attackers have perfected their techniques while enterprises in all sectors have failed to address critical security shortcomings, says Raimund Genes, CTO at Trend Micro.
Because many law enforcement agencies lack cybercrime expertise, it's important for companies that have been attacked to provide as much technical and forensic information as possible to authorities to help ensure that investigations lead to arrests and prosecutions, a panel of experts says.
A developer warns that Dropbox gains wide-ranging access to Apple's OS X operating system using a SQL trick that some equate to hacking users' systems. Here's why giving a desktop app unusual access to Apple's privacy settings poses a security risk.