The attorney general of Pennsylvania has filed a lawsuit against Uber for allegedly violating the state's mandatory breach notification law. It's the latest in a long string of legal and regulatory repercussions Uber is facing after waiting more than a year to disclose a serious breach.
In a groundbreaking prosecution, two individuals in Ukraine have been sentenced for running extortion campaigns that disrupted international victims' websites with massive DDoS attacks unless they paid bitcoin ransoms of up to $10,000.
Anyone who dined out at one of 166 Applebee's restaurants in 15 states may have had their payment card details compromised by point-of-sale malware infections that began in November 2017, RMH Franchise Holdings warns.
Say hello to a new type of DDoS attack: UDP amplification via internet-facing servers running memcached, an open source distributed caching system that can be abused to amplify DDoS attacks by a factor of 50,000.
The U.K.'s National Cyber Security Center and Australian Cyber Security Center are using the "Have I Been Pwned" breach-monitoring service to centrally monitor for email addresses registered to government domains that appear in data breaches.
Equifax has identified 2.4 million U.S. consumers whose names and snippets of their driver's license numbers were stolen, adding to one of the worst breaches in history, which resulted in personal data for most U.S. adults being exposed.
Digital certificate vendor Trustico is facing a new crisis after a researcher tweeted about an apparent root-level access flaw in the company's website. The alert comes after Trustico's CEO admitted that his company was archiving private keys for digital certificates.
The U.S. Securities and Exchange Commission has reportedly issued dozens of subpoenas and requests for information to technology companies, executives and advisers involved in initial coin offerings. The regulator's new cyber unit investigates ICOs, which attempt to raise funds for cryptocurrency ventures.
Digital certificate vendor Trustico is sparring with DigiCert, which recently took over Symantec's digital certificate business, over a serious security incident. The private keys for at least 23,000 Trustico digital certificates have been compromised, prompting a scramble to protect affected websites.
Cybersecurity company mergers and acquisitions continue. Among the major deals: The sale of PhishMe to a privacy equity syndicate and Splunk's purchase of Phantom. But these are just the latest in a series of moves so far this year as consolidation continues.
NSA Director Mike Rogers told senators that President Donald Trump has not ordered his agency to confront Russian election interference at its source, via network operations, and that President Putin "has clearly come to the conclusion there's little price to pay" for meddling.
A new strain of the Petya ransomware called "Bad Rabbit" is impacting business and sweeping across Russia and Ukraine, among other Eastern European countries. Like many of the other ransomware outbreaks, understanding fact from fiction is the first step in staying safe.
Criminals continue their quest for acquiring cryptocurrencies without having to buy and manage their own mining equipment. They're resorting to attacks aimed at stealing the cryptocurrencies via hacking, phishing, fake advertising and web injection attacks via repurposed banking Trojans.
An analysis of a massive 8.8 GB trove of files containing usernames and plaintext passwords suggests hundreds of services may have experienced unreported or undiscovered data breaches. Data breach expert Troy Hunt says the trove of 80 million records appears to contain fresh data.
Arkansas developer Taylor Huddleston has been sentenced to serve more than two years in prison for developing, marketing and selling two tools designed to be used maliciously - the NanoCore remote access Trojan and Net Seal license software.