Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.
Equifax has identified 2.4 million U.S. consumers whose names and snippets of their driver's license numbers were stolen, adding to one of the worst breaches in history, which resulted in personal data for most U.S. adults being exposed.
Digital certificate vendor Trustico is facing a new crisis after a researcher tweeted about an apparent root-level access flaw in the company's website. The alert comes after Trustico's CEO admitted that his company was archiving private keys for digital certificates.
Digital certificate vendor Trustico is sparring with DigiCert, which recently took over Symantec's digital certificate business, over a serious security incident. The private keys for at least 23,000 Trustico digital certificates have been compromised, prompting a scramble to protect affected websites.
An analysis of a massive 8.8 GB trove of files containing usernames and plaintext passwords suggests hundreds of services may have experienced unreported or undiscovered data breaches. Data breach expert Troy Hunt says the trove of 80 million records appears to contain fresh data.
Certificate authorities continue to be tricked into issuing bogus TLS certificates. A study by Recorded Future found that at least three underground vendors can supply fraudulent TLS certificates, which pose serious risks to data security and privacy.
Australia's real-time payments platform, which launched last week, includes a feature designed to reduce fraud and erroneous payments. Ironically, the feature may also expose users to social engineering attacks.
Google has begun activating a new feature in Chrome that will block 12 types of intrusive advertisements. But some security experts say the online advertising industry needs to solve the malware and privacy problems that have caused users to turn to ad-blocking and anti-tracking tools.
Microsoft has been working to reduce the ability of attackers who use the PowerShell scripting language to "live off the land" in enterprise networks, in part via machine learning. But IT administrators should also have these three essential malicious PowerShell script defenses in place.
After a year of brainstorming on blockchain technology, Microsoft says it will add support in its Authenticator app for a decentralized identity system that's designed to put users in control of their personal information.
Attackers recently snuck cryptomining code onto thousands of websites by inserting it into a third-party accessibility plug-in called Browsealoud. Web specifications designed to guard against these types of rogue actions by third-party code libraries already exist. Why aren't more sites using them?
Australia is the latest country to roll out real-time payments, where funds from an account at one bank reach an account at another bank in seconds. While convenient, the system poses fresh fraud challenges and consumer protection concerns.
More than 4,200 websites, some belonging to the U.S., U.K. and Australian governments, have been turning their visitors' computers into mining machines to harvest the virtual currency Monero. The security lapse continues the recent trend of cryptocurrency mining malware overtaking ransomware.
Illegal transactions on the internet have long been conducted in the cryptocurrency bitcoin. But underground vendors are accepting new kinds of virtual currency that may be safer to store and offer more privacy protections, according to a new study of 150 dark web markets and forums.
Uber CISO John Flynn tells a U.S. Senate subcommittee that the company should have told the public sooner about its 2016 data breach. He says the company's attempt to position its $100,000 payoff to hackers as a bug bounty was not appropriate.
Apple and Cisco say they've partnered with insurers Aon and Allianz to offer cyber insurance policies for organizations that meet best security practices and use products from the technology companies. The partnership follows increasing interest in cyber insurance as a hedge against hacking risks.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.