Canon USA has finally acknowledged that a ransomware attack earlier this year involved the theft of corporate data, including such employee information as Social Security numbers and financial account numbers.
CISA is warning about a possible password leak that could affect vulnerable Fortinet VPNs and lead to further exploitation. The latest agency notice comes just days after hackers began publishing what they claim are leaked passwords on underground forums, according to researchers.
Sophos is warning that some of its customers may have had their data exposed to a misconfigured internal system, according to a published report. The security firm confirmed that a "small set" of customers was affected.
Glen Hymers, CISO and head of data protection at the U.K.-based charity Save the Children International, says adapting to a cloud-first environment requires extensive security measures, including automated monitoring.
Encryption keeps the internet secure, but it also gives bad actors the perfect hiding place. Join Gigamon and ISC2 for a deep dive into the latest encryption protocol, TLS 1.3, to learn what's different and what advantages it offers in the constant effort to stay one step ahead of threats.
The Home Depot reached a $17.5 million settlement of a multistate lawsuit stemming from a 2014 data breach that compromised the payment card data of 40 million customers. The company will also implement new security procedures as part of the agreement.
Last week, fraudsters targeted two cryptocurrency platforms by accessing domains managed by GoDaddy, according to notices published by the victimized firms. The domain register company previously has had issues with unauthorized access.
A U.S. unit of Italian-based eyewear maker and eye care center conglomerate Luxottica has reported a breach affecting over 829,000 individuals - the fourth largest health data breach added to the U.S. federal tally so far this year. It's unclear if a recent ransomware attack is related.
A recently uncovered vulnerability in a class of Amazon Web Service APIs can be exploited to leak AWS identity and access management user and arbitrary accounts, according to Palo Alto Networks' Unit 42.
This edition of the ISMG Security Report features a discussion with Christopher Krebs, the recently fired director of the Cybersecurity Infrastructure Security Agency, on his accomplishments at the agency. Also featured are updates on ransomware gangs recruiting affiliates and healthcare supply chain risks.
Japanese computer game company Capcom acknowledged this week that a November security incident was a Ragnar Locker ransomware attack that resulted in about 350,000 customer and company records, including sales and shareholder data, potentially being compromised.
An unauthorized person apparently gained access to a database of insurance software firm Vertafore and compromised the driver's license information of over 27 million Texans. Security analysts say a misconfigured database is the likely culprit.
Two senior U.S. Department of Homeland Security officials have been forced to resign, and a senior cybersecurity official fears he will be fired by the Trump administration, according to news reports. The moves have raised questions over U.S. stability during the transition period to President-elect Joe Biden.
Chat and collaboration software tools such as Slack are critical for software development teams. But a data breach experienced by Utah-based software developer WildWorks illustrates why developers should think twice before sharing sensitive database keys over chat.