Cybersecurity vendor Imperva's breach post-mortem should serve as a warning to all those using cloud services: One mistake can turn into a calamity. The company accidently left an AWS API key exposed to the internet; the key was then stolen and used to steal a sensitive customer database.
Nation-state attackers from outside the European Union pose the greatest threat to the continent's upcoming 5G networks, according to a new security assessment, which sidesteps the issue of Chinese firm Huawei's role in building these networks.
Rather than focusing solely on rankings offered by the common vulnerability scoring system, or CVSS, when setting priorities for risk mitigation, organizations need to size up the specific potential risks that vulnerabilities pose to their critical assets, according to a new report from RiskSense.
ISMG and Rapid7 kicked off a roundtable dinner series in San Francisco, where Rapid7's Scott King says the conversation showcased the challenges security leaders face in engaging business leaders to discuss risk.
Healthcare organizations can take steps to start mitigating risks while awaiting vendor software patches to address URGENT/11 IPnet vulnerabilities in their medical devices, says researcher Ben Seri of security firm Armis, which identified the flaws.
The Food and Drug Administration has issued an alert warning healthcare organizations about 11 vulnerabilities dubbed "URGENT/11" involving IPnet, a third-party software component that may introduce risks for certain medical devices and hospital networks.
"Cyberattacks are one of the unfortunate realities of doing business today," reads gaming company Zynga's data breach notification, thus breaking the first rule of crisis management: Own your mistakes. Hacker Gnosticplayers claims the company was still storing passwords using outdated SHA1.
What are some of the most important aspects in managing vendor security risk when taking on third parties to handle sensitive data? Mitch Parker, CISO of Indiana University Health, explains the critical steps his organization is taking in its approach to vendor risk.
Delayed enforcement of the "strong customer authentication" requirements for online transactions under the European Union's PSD2 regulation is hampering efforts to enhance security. That's why the European Banking Authority should act quickly to develop a new timeline.
Ahead of the release of Edward Snowden's memoirs chronicling his decision to bring illegal "big data" domestic U.S. surveillance programs to light, a former NSA intelligence specialist points out that the U.S. still lacks a whistleblowing law to protect intelligence workers who spot illegal activity.
As part of its September Patch Tuesday security update, Microsoft issued software fixes for two vulnerabilities in several versions of Windows that it says are being exploited by attackers in the wild. Security experts are urging IT teams to quickly patch these flaws.
Independent security researchers have found yet another unsecured database accessible via the internet. This time, the exposed data belongs to South Korean manufacturing company DK-Lok.
Representatives from the U.S. intelligence establishment met with security officials of major social media and technology firms this week to help craft the nation's approach to securing the 2020 elections, including facilitating better information sharing and coordination.
In the wake of the HSBC money-laundering scandal, whistleblower Everett Stern founded the intelligence firm Tactical Rabbit. He explains the firm's mission and how the HSBC experience continues to drive him forward.
Mike Krygier of the New York City Cyber Command outlines threats to connected cities and critical infrastructure, including ransomware, and what steps can be taken to mitigate risks
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.
