The Indian Railway Catering and Tourism Corp. took two years to fix a security vulnerability that could have given hackers unfettered access to the personal information of passengers, a researcher claims. Some security practitioners question whether government agencies pay enough attention to data security.
The notorious Romanian hacker known as Guccifer, who revealed the existence of Hillary Clinton's private email server and admitted to hacking numerous email and social media accounts, has been extradited from Romania to begin serving his 52-month U.S. prison sentence.
InfoWars' website was briefly affected by the Magecart payment card skimming malware, a finding that triggered a fiery response from the far right commentary site. But InfoWars is just one in a long line of victims of the malware.
The United States will soon officially have a single agency that takes the lead role for cybersecurity. Congress has passed legislation to establish the Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security. The measure awaits President Trump's signature.
The department store chain Nordstrom says it doesn't believe that employees' personal data, which was exposed in an October data breach due to a contractor's error, has been misused. The retailer says the breach exposed no customer data.
Over the past year, there's been a surge in so-called Magecart attacks, which involve payment card data being stolen from e-commerce sites via injected attack code. Researchers say they are tracing at least six active Magecart groups, each with unique infrastructure, skimmers and targeting.
Google is investigating an unorthodox routing of internet traffic that on Monday sent traffic bound for its cloud services instead to internet service providers in Nigeria, Russia and China. Security experts say border gateway protocol is to blame and no easy fix is in sight.
Rather than creating a new commission to take the lead role on data security, the government of India is giving the Telecom Commission that role and renaming it the Digital Communications Commission, making it a primary custodian of citizens' data.
With cyber espionage attacks from China escalating over the past year, the NSA's Rob Joyce says the U.S. government is responding in multiple ways via a process of "defending forward" and "continuous engagement" that includes dumping foreign APT hackers' malware toolkits online for all to see.
Hackers behind the FASTCash ATM cash-out attack campaign - tied by the U.S. government to North Korea - use Trojan code designed to exploit bank networks running outdated versions of IBM's AIX Unix operating system, Symantec warns.
The days of effective CISOs being pure-play technologists are long gone. Instead, CISO Paul Swarbrick says the role demands someone who is expert "in people, and management and risk," and who is skilled at bringing to bear the right experts for every strategic challenge they identify.
As the pace of technology innovation continues to quicken - including the ability to make payments via everything from Alexa to Facebook Messenger - risk-based security is imperative to maintain a frictionless customer experience, says Tim Ayling of Kaspersky Lab.
Singapore's Integrated Health Information Systems, or IHiS, has announced a slew of measures to help strengthen cybersecurity across the nation's public healthcare system. But security experts say it will be critical for the agency to monitor whether its steps are actually proving to be effective.
U.S. Attorney General Jeff Sessions resigned on Thursday at the request of President Donald Trump. While long expected, the move raises questions about the fate of an ongoing investigation into Russia's election hacking.