Apple is opening up its bug bounty program to all researchers, increasing the rewards and expanding the scope of qualifying products in a bid to attract tips on critical software flaws. The changes were announced at last week's Black Hat security conference in Las Vegas.
Researchers from the security firm Eclypsium have identified 40 poorly designed drivers from 20 hardware and BIOS vendors that can give attackers numerous way to hack into various versions of Windows.
Broadcom says it plans to acquire Symantec's enterprise security business for $10.7 billion in cash. The deal relieves Symantec of a business line where it faced aggressive competition. For Broadcom, it means gaining well-developed security offerings as it seeks to grow its infrastructure business.
Insurer State Farm has been hit by a credential-stuffing attack designed to gain access to U.S. customers' online accounts, a company spokesperson confirms.
Security firm UpGuard found that a misconfigured Amazon S3 bucket belonging to the Democratic Senatorial Campaign Committee left the email addresses of more than 6 million U.S. citizens exposed to the internet. The bucket has since been secured.
A little over a week after a breach at Capital One was revealed, more U.S. lawmakers are raising questions about what happened at the bank, including what role, if any, Amazon may have played in opening the door to the intrusion.
It's been more than two months since lab companies began revealing they had patient data exposed in a data breach at American Medical Collection Agency. But new victim organizations are continuing to emerge, bringing the total to about 18.
Monzo, a U.K. mobile-only bank that plans to expand into the U.S., alerted about 480,000 customers to change their PINs this week after the company's security team found that a software bug meant some numbers were stored unencrypted in plaintext.
Microsoft warned on Monday that Russia-linked attackers are gaining access to corporate networks through poorly configured devices, such as office printers and VOIP phones. The remedy is paying more attention to deployed IoT devices, including establishing security policies and regular testing.
A recent attempt by hackers to trick a mental health provider into transferring funds serves as a reminder to other healthcare entities about the threat of business email compromises.
More lawsuits have been filed in the wake of the Capital One breach that exposed the data of more than 100 million individuals. GitHub is also a target of one of those lawsuits, which alleges the code-sharing site failed to promptly remove breached data.
Several large breaches involving hacking/IT incidents, including ransomware attacks, have been added in recent weeks to the federal tally of major health data breaches. Here's a rundown of the latest additions.
Capital One's enormous data breach is a subject of intense scrutiny as well as fear. A definitive post mortem is likely months away. But security professionals have ideas as to how the breach was achieved and the weaknesses that led to it.
The latest edition of the ISMG Security Report analyzes the root causes of the Capital One data breach. Also featured: breach remediation advice and compliance with New York's new third-party risk management requirements.
DirectTrust's new effort to develop a standard for instant messaging in healthcare could potentially help providers securely communicate in real time over multiple platforms, says Scott Stuewe, the nonprofit alliance's president and CEO.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.