While Facebook has invalidated 90 million users' single sign-on access tokens following a mega-breach, researchers warn that most access token hijacking victims still lack any reliable "single sign-off" capabilities that will revoke attackers' access to hyper-connected web services and mobile apps.
To comply with GDPR, Facebook has notified Ireland's data privacy watchdog about the massive breach it has suffered, resulting in 50 million accounts being exposed. But Irish authorities have signaled that Facebook has failed to share all of the information they would have expected to see.
Machine learning could be a breakthrough for data classification, addressing fundamental challenges and paving the way to create and enforce automated policies that can be scaled across the enterprise, says Titus CEO Jim Barkdoll.
As attackers become more adept at evading "reactive" security controls and alert mechanisms, proactively analyzing the behaviors of people and systems is critical to detecting malicious activity, says Gartner's Kelly Kavanagh.
Facebook says that whoever hacked 50 million user accounts, putting the privacy of those users' personal data at risk, did so by abusing its "View As" privacy feature. Facebook says the attack successfully targeted three separate bugs in its video-uploading functionality.
Facebook revealed Friday that it had discovered a breach that affected almost 50 million user accounts. Attackers exploited a vulnerability that enabled them to steal "access tokens," digital keys that keep users logged in so they don't need to re-enter their password.
Several days after the Port of San Diego was hit by a crypto-locking ransomware attack, incident response efforts remain underway and many port systems remain offline. Port officials say the attacker has demanded a ransom, payable in bitcoin, for the promise of a decryption key.
An Australian man who as a teenager managed to infiltrate Apple's networks and do it again after the company expelled him - aided by a folder on his laptop storing his "Hacky Hack Hack Methods" - has been sentenced to serve eight months of probation, according to news reports.
Ride-hailing platform Uber Technologies has reached a $148 million settlement agreement with the attorneys general of all 50 states and the District of Columbia over its failure to report a massive 2016 data breach in a timely manner, as well as its inadequate information security practices.
In harmony with a wave of global privacy and security legislation, Canada has its own new breach notification requirements going into effect on Nov. 1. Attorney Ruth Promislow says these standards will force organizations to shift from a reactive to a proactive approach to incident response.
Ryan Duquette, an independent forensics examiner who formerly was a criminal investigator in law enforcement, offers insights on public/private partnerships and how investigators can work better with enterprises in the event of a breach.
For too many organizations, software vulnerability management is just about "patch Tuesday." But Alejandro Lavie of Flexera says organizations need to adopt a new strategy focusing on visibility, prioritized response and mitigation.
A national cybersecurity strategy document released by the White House last week - along with comments from a top Trump administration official that the U.S. would step up its offensive cyber measures - are getting mixed reviews from cybersecurity experts.