LinuxSecurity.com

LinuxSecurity.com: The EU General Protection Data Regulation (GDPR) is supposed to make companies take extra care with their customers' personal data. That includes gathering explicit consent to use information and keeping it safe from identity thieves.

LinuxSecurity.com: The rise of usable, frictionless encryption has brought us to a point where users can be fairly certain that their Signal or WhatsApp messages are not being collected, subpoenaed, or wiretapped by cops armed with a warrant or message interception technology.

LinuxSecurity.com: One year ago, my phone lit up with the first text alert about the WannaCry ransomware attack. From the onset, it was clear this attack was major and that it was moving across the world at an unprecedented speed. Over four days, WannaCry inflicted billions of dollars of damages and infected more than 300,000 machines.

LinuxSecurity.com: Security is a big worry for the Internet of Things. We've already seen countless incidents where smart internet-connected devices are taken over by an attacker and put to unintended use.

LinuxSecurity.com: Pakistan's central bank has sought to quash reports that the country's lenders have been hacked en masse, following an apparent coordinated skimming campaign.

LinuxSecurity.com: Stuxnet allegedly has a vicious little brother, or perhaps it is a malicious cousin; the complex malware was likened to being similar to Stuxnet but "more violent, more advanced and more sophisticated."

LinuxSecurity.com: According to Europol's 2018 edition of the Internet Organised Crime Threat Assessment (IOCTA), ransomware maintains its supremacy as the key malware threat in most EU member states, while cryptojacking is becoming more and more prevalent.

LinuxSecurity.com: Hackers have exploited --and are currently continuing to exploit-- a now-patched zero-day vulnerability in a popular WordPress plugin to install backdoors and take over sites.

LinuxSecurity.com: The Centers for Medicare and Medicaid Services (CMS) now has details about the data stolen in the breach of Healthcare.gov that occurred last month. According to the government agency, a significant amount of personal information including partial Social Security numbers, tax information and immigration status was compromised in the breach.

LinuxSecurity.com: An independent researcher who was disgruntled with traditional bug bounty methods took it upon himself to leak the details of an exploit in Oracle's Virtual Box without first informing Oracle.

LinuxSecurity.com: Altus Baytown Hospital (ABH) was hit by a ransomware attack on September 3, 2018, with a lot of documents containing patient info being encrypted and the attackers requesting a ransom to unlock the hospital's data.

LinuxSecurity.com: The decision to make recreational cannabis legal in Ontario, Canada, has been fraught with problems and now has been tarnished by a data breach at Canada Post.

LinuxSecurity.com: HSBC Bank, one of the largest banking and financial services organizations in the world, on Tuesday confirmed it suffered a data breach last month, which it believes affected less than 1% of its bank customers in the U.S.

LinuxSecurity.com: Privacy International has filed complaints against seven companies including Experian, Equifax and Oracle for alleged contravention of the GDPR.

LinuxSecurity.com: Tuesday morning, as millions of Americans lined up at their polling places to participate in the often quite literally broken democratic process, a new Twitter account tweeted a link to a short manifesto: "today's voting machines are often insecure, not particularly easy-to-use, and so expensive that they're often used much longer than they were designed for and election officials are forced to hunt for replacement parts on eBay. The market has failed us."

LinuxSecurity.com: The Apache Software Foundation released an advisory addressing a vulnerability in Apache Struts which could allow a remote attacker to take control of an affected system.

LinuxSecurity.com: After Russia's misinformation campaign rattled the 2016 United States election season, scrutiny over this year's midterms has been intense. And while foreign cybersecurity threats have so far been relatively muted, an unclassified government report obtained by The Boston Globe this week indicates more than 160 suspected election-related incidents since the beginning of August, ranging from suspicious login attempts to compromised municipal networks.

LinuxSecurity.com: In April of 2015, IT staffers within the United States Office of Personnel Management (OPM), the agency that manages the government's civilian workforce, discovered that some of its personnel files had been hacked. Among the sensitive data that was exfiltrated were millions of SF-86 forms, which contain extremely personal information gathered in background checks for people seeking government security clearances, along with records of millions of people's fingerprints.

LinuxSecurity.com: Most people in the world would describe it as a company "admitting they've been hacked." But if you're the breached company and want to apply the maximum amount of PR spin, you might instead issue a release saying you're "announcing a data security event affecting customer data."

LinuxSecurity.com: Yahoo must pay $50 million in damages to victims of one of the largest data breaches on record.