Blog

Security researchers are claiming at least a temporary victory over an enormously productive malware distribution scheme that shuffled as many as 2 million users a day from legitimate websites to malware.

The networked, dubbed EITest, leveraged compromised websites to direct users to ransomware, tech support schemes and exploit kits. EITest, noticed as far back as 2011, had been dubbed the "king of traffic distribution."

Malware researcher Kafeine, who works for Proofpoint, writes that users who encountered a website tampered with by EITest are now being redirected to a sinkhole set up by researchers. The sinkhole, which is a non-malicious domain, became active on March 15.

"We are now receiv...

Uber has agreed to stricter monitoring by the U.S. Federal Trade Commission following its concealment of a 2016 data breach while it was negotiating with the agency for a settlement tied to a separate, yet similar, breach two years prior.

The FTC said Thursday the ride-sharing company had agreed to a revised settlement that, if violated, means Uber could be subject to civil penalties.

"The strengthened provisions of the expanded settlement are designed to ensure that Uber does not engage in similar misconduct in the future," says Acting FTC Chairman Maureen K. Ohlhausen.

The revised version of an earlier settlement comes as the technology industry is facing a reckoning over how it protects an...

At a U.S. House hearing Wednesday, Facebook CEO Mark Zuckerberg said the company would eventually comply worldwide with the European Union's tough privacy law, the General Data Protection Regulation.

Earlier this month, Zuckerberg had indicated the company would comply "in spirit" worldwide but that some exceptions would be made (see: Facebook's Zuckerberg: GDPR Won't Apply Worldwide).

"Yes, all the same controls will be available around the world," Zuckerberg testified at the House hearing. "We believe everyone deserves good privacy controls."

Some of the data protections required by GDPR have been built into Facebook already and available for years, Zuckerberg said. For instance, Facebook u...

Databases never lie, right? That is, unless they're infected with malware.

FireEye recently released its M-Trend reports, which looks at data breaches investigated by its Mandiant forensics arm. The report finds that breach investigations are increasingly prompting audits intended to ensure organizations are still compliant with Sarbanes-Oxley.

The law, passed in the U.S. in 2002, sought to bring more corporate transparency for investors and stronger penalties for misreporting financial data. It fundamentally changed risk management and assessment, holding top executives accountable for presenting accurate financial statements.

When the law was enacted, the state of information security was a...

Facebook says up to 87 million people may have had their personal details transferred to Cambridge Analytica, a voter-profiling company that denies the data powered digital ad targeting for President Donald Trump's 2016 campaign.

The figure exceeds the 60 million estimate from a whistleblower who worked as a data scientist at Cambridge Analytica. It is also the first estimate provided by Facebook since the scandal erupted after exposés in The Observer and The New York Times last month.

About 70 million of the users possibly affected are in the U.S., with the remainder in Australia, the U.K., the Philippines, Indonesia, Mexico, Canada, India, Brazil and Vietnam. That could open up Faceb...

Panera Bread acknowledged a data leak on Monday, but says fewer than 10,000 customers were affected. The leak appears to have persisted for at least eight months, despite the company having been warned about the problem last August. And the exposed database appears to have included information on more than 7 million customers, meaning the breach could be much larger than Panera Bread claims.

Information security blogger Brian Krebs reported that the leak's finder, security researcher Dylan Houlihan, recently alerted him to the problem. Krebs writes that after he contacted Panera Bread with an inquiry, the company briefly took its website offline, apparently to attempt to fix the problem.

The...