Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.
Magecart, the criminal group behind the recent data breach at certain Ticketmaster websites, may have also hit the company's sites in Australia, New Zealand, Turkey and Hungary, according to RiskIQ, which says the group's digital payment card skimmers may also affect as many as 800 other e-commerce sites.
Attackers have stolen $23.5 million in cryptocurrency from Bancor, which is developing a decentralized exchange. The cause of the hack may have been a failure by Bancor to protect authentication keys that allowed for changes in its token smart contracts.
Timehop, an application that revives older social media posts, says the lack of multifactor authentication on a cloud services account led to a data breach affecting 21 million users. The breach exposed names, email addresses, phone numbers and access tokens Timehop used to read information from accounts.
Australian medical booking platform HealthEngine offered AU$25 (US$19) gift vouchers to dental patients who sent photos of their treatment invoices to the company, which it positioned to patients as "invaluable" research. Privacy experts say the company may have fallen afoul of Australian privacy guidelines.
California's legislature has quickly introduced and passed new privacy legislation, making the state's laws the strongest in the U.S. The new law gives consumers a raft of new rights, and aims to bring more transparency to the murky trade in people's personal information.
A computer security researcher has discovered a vast marketing database containing 340 million records on U.S. consumers. The database is the latest in a long line of databases to have been left exposed to the internet without authentication, thus putting people's personal data at risk.
Reality Leigh Winner, 26, a former contractor for the NSA, has pleaded guilty to leaking a "top secret" five page document that describes Russian meddling with U.S. voting systems. She's agreed to a plea deal that calls for her to serve a 63-months prison sentence.
Helping victims know their passwords have been exposed in a data breach is half the battle in the fight to improve password security. To help, Mozilla and 1Password are integrating into their products a feature from the popular "Have I Been Pwned" breach notification service.
Australia's large online medical booking platform, HealthEngine, has become embroiled in a privacy controversy after it reportedly passed personal medical details to a personal injury law firm. HealthEngine maintains it obtained users' consent, but the revelation appears to have caught many by surprise.
Europe's General Data Protection Regulation is reshaping the way organizations handle data. That's going to have an impact on the sharing of threat intelligence. But the Anti-Phishing Working Group hopes the law will provide legal clarity that will make more organizations comfortable with sharing threat data.
Just one click: That's all it takes for a victim to inadvertently grant attackers access to their email account via a third-party application. Here's how to spot signs of OAuth-related hacking and how to defend against it.
Symantec says it has uncovered a cyber espionage campaign that targets telecommunications operators in Southeast Asia - as well as a defense contractor and satellite communications operator - and warns that the hacking group, dubbed Thrip, may be laying the groundwork for more destructive attacks.
Human resources software developer PageUp says it doesn't appear that personal data exposed in a malware attack was actually removed from its systems. But it has also found authentication error logs that recorded incorrect login attempts from before 2007.
Nearly three weeks after human resources software vendor PageUp discovered malware on its system, the tally of what data was exposed remains unclear, although successful job applicants appear to have been hardest hit.
Banco de Chile has become the latest victim of a SWIFT-related malware incident. Attackers first corrupted thousands of PCs' master boot records as a distraction. Then they used fraudulent SWIFT messages to steal $10 million.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.asia, you agree to our use of cookies.