With cyberattacks, online espionage and data breaches happening at a seemingly nonstop pace, Western intelligence agencies are bringing many of their capabilities out of the shadows to help businesses and individuals better safeguard themselves and respond. We need all the help we can get.
The latest edition of the ISMG Security Report describes a discussion among "Five Eyes" intelligence agencies at the recent CyberUK conference. Plus, an update on a Huawei 'backdoor' allegation and new research on managing third-party risk.
Every day needs to be password security day - attackers certainly aren't dormant the other 364 days of the year. But as World Password Day rolls around again, there's cause for celebration as Microsoft finally stops recommending periodic password changes.
Citrix says the data breach it first disclosed in early March appears to have persisted for six months before it was discovered and the hackers were ejected. In an ironic twist, the company sells the very products that might have blocked recent credential stuffing and password spraying attacks against it.
Cybercriminals have stolen customer data from Citycomp, a German IT company whose clients include Oracle, Volkswagen, Airbus, Ericsson, Toshiba British Telecom and many others. After Citycomp didn't pay a ransom, the hackers posted the data online.
Docker, which offers an open source container platform, is notifying users that an intruder briefly had access to sensitive data from 190,000 Docker Hub accounts, or less than 5 percent of Hub users. But the breach has caused a collective gasp because it potentially magnifies risks for enterprises.
For the first time, members of the secretive "Five Eyes" intelligence-sharing group will make a joint public appearance to discuss how they collaborate, sharing a stage in Glasgow, Scotland, during the CyberUK conference. The Five Eyes alliance comprises Australia, Canada, New Zealand, the U.K. and U.S.
Facebook has fixed a security vulnerability in its digital marketplace that could have been abused to identify the precise location of a seller, and by extension, their goods. Police warn that thieves regularly trawl location data to find the owners and locations of high-value items.
Fraud, e-hustles and social engineering attacks continues to proliferate, the FBI's latest report into the state of internet crime confirms. But over the past year, a new FBI tactic for quickly stopping fraudulent wire transfers has notched notable successes.
Washington State University has agreed to pay more than $4.7 million to settle a lawsuit stemming from the theft of a portable hard disk drive from a self-storage unit. The drive contained information - much of it unencrypted - on more than 1 million individuals.
Two security issues disclosed by Facebook over the past month are worse than first thought, adding to a harrowing series of data-handling mishaps by the social network. Millions of Instagram users had their plain-text passwords stored, and 1.5 million people had their email contact lists uploaded without consent.
Indian IT service firm Wipro on Tuesday said that it has detected abnormal activities on some of its employee accounts due to an advanced phishing campaign. An investigation is continuing, the company confirms.
Microsoft says intruders targeting its email services had access to email content for a single-digit percentage of the overall affected accounts, a more serious conclusion than first thought. But the company hasn't released many details, including the total number of accounts affected.
When it comes to browser security, one mistake made by consumers and enterprise alike is that they see the browser as a one-way window into the internet. The reality is quite different - and potentially costly if overlooked, says Pieter Arntz of Malwarebytes.