Yahoo CEO Marissa Mayer will lose her cash bonus after an independent investigation into security breaches at the search giant found that the company's senior executives and legal team failed to properly comprehend or investigate the severity of the attacks.
Cloud-connected stuffed animals built by Spiral Toys include an unsecured Bluetooth implementation that could be used to locally spy on anyone near the toys, a security research firm warns. It alleges that Spiral Toys has failed to respond to warnings it began issuing in October 2016.
The Reserve Bank of India has mandated that all banks must report all unusual cyber incidents within two to six hours to enable issuing suitable cautionary advisories to other banks. Experts discuss the challenges financial institutions will face in complying with the new requirement.
Déjà vu "smart toy" information security fail: Spiral Toys, maker of internet-connected CloudPets, is under fire for exposing 821,000 user records online - now being ransomed - as well as links to 2.2 million parents' and children's voice recordings.
ISMG's Fraud and Breach Prevention Summit Mumbai featured information security leaders addressing such issues as breach response challenges, cybercrime trends and security technologies and services new to the Indian market, including analytics, threat intelligence and cyber insurance.
The technology and know-how exists to build a hack-proof computer, but doing so won't be easy, says Howard Shrobe, principal research scientist at the Massachusetts Institute of Technology's Computer Science and Artificial Intelligence Laboratory.
The Russian government appears to be doubling down on its information warfare success to date, publicly confirming that it has a "cyber army" designed to wage psychological operations and propaganda campaigns. While there are defenses, too few are using them.
What did Yahoo executives know about multiple data breaches and attacks that the company suffered, and when did they know it? Those questions have continued to dog Yahoo as it negotiates its sale to Verizon for the now-discounted price of $4.5 billion.
A one-character coding error by Cloudflare exposed data - that otherwise would have been encrypted - from major web services, putting personal information, chat messages, OAuth tokens, encryption keys and cookies at risk.
Leading the latest version of the ISMG Security Report: a look at how various sectors are moving away from checkbox compliance, instead taking proactive measures to secure their information assets. Also, big increase in e-commerce fraud and Yahoo's costly breach.
Paid breach notification site LeakedSource has disappeared. Given the site's business model - selling access to stolen credentials to any potential buyer - breach notification expert Troy Hunt says the site's demise is no surprise.
Attackers are increasingly targeting mobile channels, driving banks to seek better ways of verifying the authenticity and integrity of not just users, but also mobile devices and transactions, says John Gunn of cybersecurity technology firm Vasco Data Security.
New ransomware circulating via BitTorrent is disguised as software that purports to allow Mac users to crack popular Adobe and Microsoft applications. Separately, new ransomware calling itself Trump Locker appears to be the previously spotted VenusLocker ransomware in disguise.
Researchers have demonstrated the first practical attack against the SHA-1 cryptographic hash function. While security experts had already recommended dropping SHA-1, some browsers and other security tools still rely on it.