ZDNet Researcher Ryan Stevenson recently found a big problem on T-Mobile's website regarding an unprotected API.  As a result of the flaw, untold millions of T-Mobile's customers' account information was left exposed and completely unprotected.  Literally anyone who stumbled across the site and tried to abuse it could access a wide range of customer information with no password required.

Karanbir Singh (a program manager at Microsoft) is on a mission:

Kill the password.

As he said in a recent blog post:

"Nobody likes passwords.  They are inconvenient, insecure, and expensive.  In fact, we dislike them so much that we've been busy at work trying to create a world without them--a world without passwords.

Coca-Cola is the latest company to fall victim to a data breach.  Unlike some of the others that have recently made headlines, however, this one was conducted from within.

In September 2017, an employee at one of the company's subsidiaries stole an external hard drive containing personal data belonging to more than 8,000 company employees.

The news just keeps getting worse for Equifax.  The company has already had to revise their estimates of how many people were impacted by last year's breach more than once, and now, they're having to revise their estimate yet again.  This latest revision comes after company officials had to testify before Congress, which has been formally investigating the matter.

Security researchers at the Electronic Frontier Foundation (EFF) have discovered a dangerous new email vulnerability called "Efail."  Exploiting this new email vulnerability would allow hackers to decrypt emails encrypted with either PGP or S/MIME - including emails that were sent several years earlier.

Brinker International (the parent company of the Chili's restaurant chain) formally announced that on May 11, they discovered malware on an undisclosed number of their point of sales terminals.  Details are sketchy at this point, because the investigation is still ongoing, but the company had the following to say about the incident:

"If you used your payment card at a Chili's restaurant between March and April 2018, it does not mean you were affected by this incident.

There's a new security threat to be worried about, and security professionals are warning that it could be very bad indeed.  The new malware is known as the "Vega Stealer," and is currently being used in a relatively simplistic phishing campaign designed to harvest financial data that has been saved in both Google Chrome and Firefox browsers.

An identity threat company called 4iQ has recently published a report called "Identities in the Wild:  The Tsunami of Breached Identities Continues."  Unfortunately, the information in the report contains all bad news.  Some of the details are simply confirmations of things we already knew, and some are shocking statistics that will leave you feeling dismayed.

Depending on which side of the privacy debate you're on, you're either going to love or hate this announcement:

"Fitbit intends to use Google's new Cloud Healthcare API to help the company integrate further into the healthcare system, such as by connecting user data with electronic medical records.

The Department of Health and Human services has issued a warning to healthcare providers to be on high alert for the SamSam strain of ransomware, which has been used to attack eight different health care entities so far this year.

SamSam made its first appearance in 2016 and is seeing increasingly widespread use so far this year.