While Facebook has invalidated 90 million users' single sign-on access tokens following a mega-breach, researchers warn that most access token hijacking victims still lack any reliable "single sign-off" capabilities that will revoke attackers' access to hyper-connected web services and mobile apps.
Facebook says that whoever hacked 50 million user accounts, putting the privacy of those users' personal data at risk, did so by abusing its "View As" privacy feature. Facebook says the attack successfully targeted three separate bugs in its video-uploading functionality.
Security ratings are increasingly popular as a means of selecting cybersecurity vendors. But Ryan Davis at CA Veracode also uses BitSight's ratings as a means of benchmarking his own organization for internal and external uses.
In Australia, it can take as few as 15 minutes to steal someone's phone number, a type of attack known as SIM hijacking. Such attacks are rising, but mobile operators have no plans to change the authentication required around number porting, which can be set in motion online with minimal personal information.
Massive, well-resourced companies are still using live customer data - including their plaintext passwords - in testing environments, violating not just good development practices but also privacy laws. That's yet another security failure takeaway from last year's massive Equifax breach.
A recent incident involving a chronic care management company spotlights how paying a ransom to recover decryption keys from ransomware attackers can put sensitive data at additional risk. Security experts offer insights on how to prepare for the many challenges posed by attacks.
Identifying the right controls to manage specific risks is a vital component of an enterprisewide security program, says Gregory Wilshusen of the U.S. Government Accountability Office.
Artificial intelligence and machine learning will have a significant impact on lowering the cost of securing an organization because it will reduce the need for advanced skillsets, predicts Rapid7's Richard Moseley.
If you're paying attention, you've probably already seen a handful of GDPR-related headlines just today, let alone in the last week or month. But there are two good reasons for the deluge of GDPR discussion right now: It's incredibly important and the time to act is now.
Adequately tracking the nonstop arrival and departure of officials in the Trump White House might require real-time, multidimensional flowcharts. But one thing is clear: The White House is facing a looming cybersecurity knowledge and expertise deficit, and that deficit may soon get worse.
A coherent risk analysis program tailored to the organization is a vital component of any effort to improve cybersecurity and meet regulatory requirements, says attorney Shawn Tuma.
Vendor risk management is becoming more critical as companies rely more on partners who have access to payment card data and other sensitive information, says Ramon Lipparoni, IT integration manager at ComAir, a South African airline. One critical step, he says, is conducting impromptu vendor audits.
An effective endpoint security strategy can be as layered as you want it to be. But you'll have a strong foundation if you build off of these four key steps.
Organizations in the Middle East and Central Asia are beginning to respond to the nuances of the evolving threat landscape in the region, says Tata Communication' Avinash Prasad in this exclusive interview.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.