Microsoft accidentally internet-exposed for three weeks 250 million customer support records stored in five misconfigured Elasticsearch databases. While the company rapidly locked them down after being alerted, it's an embarrassing gaff for the technology giant, which has pledged to do better.
When leveraging AI and machine learning to drive banking innovations, it is essential to take a structured approach in implementing security-by-design for conducting proper risk assessment of the organizations and people involved, says Sameer Ratolikar, CISO, HDFC Bank
A security researcher found an unsecured database belonging to the Shanghai Jiao Tong University in China that contained 8.4 TB of email metadata. While it's not clear if anyone accessed the data, an attacker could have seen all email being sent or received by a specific person.
First American Mortgage Corp., the title insurance company that left hundreds of millions of personal documents exposed on the internet, is now facing a lawsuit and an inquiry by New York's financial regulator. The company is also offering free credit monitoring for anyone who used its title and settlement services...
German officials say the suspect behind the mega-leak of politicians' and celebrities' personal details exploited their weak passwords to access email, social media and cloud service accounts. What can the security industry do to help address the password problem?
In the age of GDPR, more organizations are looking to data classification - including more automated techniques for doing so - as a way to not only help them protect their crown jewels, but in the case of a breach quickly identify what went missing, says Digital Guardian's Tony Themelis.
A computer security researcher has discovered a vast marketing database containing 340 million records on U.S. consumers. The database is the latest in a long line of databases to have been left exposed to the internet without authentication, thus putting people's personal data at risk.
In a reversal, chipmaker AMD is now warning that its chips are susceptible to the speculative execution flaws in microprocessors known as Spectre, but not to the Meltdown. Separately, Intel has confirmed that its firmware updates have led to stability problems for older Broadwell and Haswell processors.
Following the alert over Meltdown and Spectre vulnerabilities, the U.K. Information Commissioner's Office is warning that failures to patch today could be punished with fines under GDPR once enforcement of the data protection law begins later this year.
Infosecurity Europe 2017 in London drew an estimated 18,000 attendees. Here are 13 visual highlights from the annual information security conference, ranging from tchotchkes and keynotes to 19th century architecture and live hacks of internet-connected devices.
IBM and Lenovo have issued a security alert, warning that they inadvertently shipped malware-infected USB flash drives to some customers who use their Storwize hardware. The malware, known as Reconyc, is designed to install additional attack code on infected endpoints.
If Yahoo's 2014 breach had been the result of an in-house Russian intelligence project, the hack probably would not have triggered a U.S. indictment. But Russia has landed in a muddy puddle after apparently tapping freelance talent with an interest in criminal gain.
As President Trump delivered his inaugural address, the White House transitioned its website from the Obama to the Trump administration. Immediately, Trump's team posted a series of position papers, including one that addressed - albeit briefly - cybersecurity.
A new research project called Amnesia tackles the password management problem by not storing full data in any one place where it can be hacked. But does this proposed solution truly offer better password security?