Photo: Scott Schiller via Flickr/CC

Yahoo's Mega-Breaches: Altaba Moves to Settle Lawsuits

Mathew J. Schwartz • September 18, 2018

Lawsuits sparked by massive data breaches at Yahoo - and the company's failure to report those breaches to investors in a timely manner - could soon be resolved. Plaintiffs and defendants say they have committed to a $47 million deal that they expect to submit for court approval within 45 days.

Cybercrime

Feds Charge North Korean With Devastating Cyberattacks

Latest

Cybercrime

Police in Europe Tie Card Fraud to People-Smuggling Gang

Mathew J. Schwartz • September 17, 2018

Coordinated police raids in Germany and Sweden have resulted in the arrest of two Syrian nationals suspected of running a cyber fraud operation that purchased stolen card data to book hundreds of airline and train tickets to help smuggle people from the Middle East into Europe.

Breach Response

Europe Catches GDPR Breach Notification Fever

Mathew J. Schwartz • September 14, 2018

Less than four months after GDPR enforcement began, Europe has arguably entered the modern data breach notification era. Reports of data breaches continue to increase, and breached organizations now face the specter of class-action lawsuits over material as well as non-material damages.

Breach Response

Equifax Breach: Key Lessons Learned

Nick Holland • September 14, 2018

The latest edition of the ISMG Security Report features an analysis of a new Government Accountability Office report on the causes of last year's massive Equifax breach. Also: An update on the role of tokenization in protecting payments.

Cybercrime

Romanian Hacker 'Guccifer' to Be Extradited to US

Mathew J. Schwartz • September 13, 2018

A Romanian court has ruled that the notorious hacker "Guccifer," who discovered the existence of Hillary's Clinton's private email server, will be extradited to the U.S. to serve a 52-month prison sentence after he finishes serving a seven-year sentence in his home country.

General Data Protection Regulation (GDPR)

Fresh GDPR Complaints Take Aim at Targeted Advertising

Jeremy Kirk • September 13, 2018

A web browser startup, Brave, has filed complaints in Europe alleging Google and other behavioral advertising companies are violating Europe's GDPR. Brave's complaints could set up one of the biggest battles so far over how personal data gets used - or abused - for targeted advertising.

Authentication

The Role of Password Management

Tom Field • September 13, 2018

Password management is a critical component of a security strategy that some organizations still find challenging, says Gerald Beuchelt of LogMeIn Inc.

General Data Protection Regulation (GDPR)

Google and EU Fight France Over 'Right to Be Forgotten'

Mathew J. Schwartz • September 12, 2018

Should Europe's "right to be forgotten" apply worldwide? That's the focus of a case before the EU's highest court, which has pitted proponents - including Austria and France - against Google, Microsoft and the European Commission, who argue that the EU law provision should only apply in Europe.

Business Continuity Management / Disaster Recovery

Disaster Recovery: Real-World Lessons Learned

Nick Holland • September 12, 2018

CISOs and CIOs must ensure their organizations plan for worst-case scenarios, conducting frequent "dry runs" of disaster recovery plans, says Tonguc Yaman, CIO of SOMOS, a New York Community Care Network, who formerly served as deputy CIO of Bellevue Hospital.

DevSecOps

Operationalizing Security: A Targeted Approach to 'SecOps'

Varun Haran • September 12, 2018

Effective "SecOps" involves revamping security processes that are inconsistent and ad hoc to make them targeted and consistent, says Rapid7 CEO Corey Thomas, who describes the roles of automation and orchestration.

Cybercrime

RiskIQ: British Airways Breach Ties to Cybercrime Group

Mathew J. Schwartz • September 11, 2018

The British Airways breach, in which up to 380,000 website and mobile users' payment card details were stolen, traces to card-scraping code injected into a script on the airline's website by the cybercrime group called Magecart, says security firm RiskIQ.

Endpoint Security

Protecting the Grid: How IIoT Changes the Game

Nick Holland • September 11, 2018

The threat landscape is changing as the industrial internet of things radically broadens the attack surface for critical infrastructure, says Kenneth Carnes, CISO for the New York Power Authority, who discusses how to address the shift.

Data Breach

British Airways Faces Class-Action Lawsuit Over Data Breach

Mathew J. Schwartz • September 10, 2018

British Airways has been threatened with a class-action lawsuit in U.K. court after warning that a hacker stole payment card data associated with 380,000 transactions. A law firm says that under GDPR, the airline should compensate victims for "inconvenience, distress and misuse of their private information."