Following the alert over Meltdown and Spectre vulnerabilities, the U.K. Information Commissioner's Office is warning that failures to patch today could be punished with fines under GDPR once enforcement of the data protection law begins later this year.
Mobile phone retailer Carphone Warehouse has been hit with one of the largest fines ever imposed by Britain's data privacy watchdog after an attacker breached its outdated WordPress installation, exposing 3 million customers' and 1,000 employees' personal details.
Security practitioners in India and Asia, heeding warnings from vendors and government agencies, are grappling with security challenges posed by the two critical vulnerabilities dubbed Meltdown and Spectre that are affecting desktop computers, smartphones, tablets and cloud services.
Patch or perish to protect against Meltdown and Spectre attacks, and prepare to keep patching as Intel, AMD and ARM, as well as makers of devices running Apple, Google and Windows operating systems, including Apple iOS and Android smartphones and tablets, continue to refine their fixes.
One of the most alarming breaches of 2015, involving Hong Kong toymaker VTech, has resulted in a $650,000 settlement with the U.S. Federal Trade Commission. It's a warning that internet of things security shortcomings - especially involving children's personal data - will have business consequences.
Personal details for 30,000 Medicaid recipients in Florida may have been exposed after a government employee fell victim to a phishing attack, state officials warn. The information could potentially be used to file false Medicaid claims.
Security teams are scrambling to put in place fixes for the Meltdown and Spectre flaws. But Windows users report that Microsoft's security fix for the flaws has been freezing some PCs built with CPUs from chipmaker AMD. Here are workarounds.
The U.S. Department of Homeland Security says nearly 250,000 federal employees' personal details were exposed in a 2014 breach of its Office of Inspector General's case management system. Witness testimony and an unknown number of nonemployees' personal details also were exposed.
Some Indian organizations are not aware that their networks are being used for mining bitcoins, says Rakesh Goyal, managing director at Sysman Computers, a CERT-In empaneled audit firm, who offers insights on improving network security.
Microprocessor makers Intel, ARM and AMD, as well as operating system and software developers and makers of smartphones and other devices, are rushing to prep, test and ship fixes for the serious CPU flaws exploitable via Meltdown and Spectre attacks.
"Replace CPU hardware" might be the only full solution listed by CERT/CC for serious flaws in microprocessors that run millions of PCs, cloud services, servers, smartphones and other devices. Thankfully, many security experts believe patches and workarounds will mostly suffice.
CISOs need to precisely tailor their risk management strategies to protect the specific high-value assets of their organization; a broad-brushed approach will never work, says UK-based Kelly Bissell, managing director and global lead, Accenture Security.
Ransomware has ascended, by some estimates, to a $1 billion industry. Although the FBI advises against paying ransoms, some organizations see it as the quickest way to recovery. Michael Viscuso of Carbon Black says that the larger problem is a failure to defend networks.