Personalized product retailer CafePress has been hit with a lawsuit alleging that it failed to notify 23 million customers about a data breach in a timely manner or follow security best practices. The company was allegedly still using outdated SHA-1 to hash passwords, which can be easily cracked.
What is a "reasonable" response to a cyber incident? Following a recent roundtable dinner discussion of the topic, Jonathan Nguyen-Duy of Fortinet discusses getting cyber right.
The FBI is warning banks, businesses and other organizations that cybercriminals are using social engineering and other technical techniques to circumvent multifactor authentication security protections.
The U.S. National Security Agency is the latest intelligence agency to warn that unpatched flaws in three vendors' VPN servers are being actively exploited by nation-state attackers. Security experts say such alerts, which are rare, are a clear sign that serious damage is being caused.
Nation-state attackers have been targeting known flaws that customers have yet to patch in their Pulse Secure, Palo Alto and Fortinet VPN servers, Britain's National Cyber Security Center warns, adding that any organization that didn't immediately apply patches should review logs for signs of hacking.
Connected devices - the sheer number of them and the scale of the cybersecurity risks they pose - are a top concern in 2020 and beyond, says Robert Falzon of Check Point Software Technologies, who weighs in on the threats and technologies he's watching.
5G is coming, and with it comes the promise of connectivity on an unprecedented scale. And then there are the security concerns about infrastructure, connected devices and a new multifaceted attack surface. Olivera Zatezalo of Huawei Technologies Canada discusses these concerns.
Microsoft's Remote Desktop Protocol is one of the most widely used utilities for connecting to remote machines. But it poses risks if organizations don't actively monitor how it's used, says Chris Morales of the security firm Vectra.
A bipartisan group of lawmakers has introduced a bill to help U.S. telecommunications providers "rip and replace" any Chinese-built networking equipment. The move comes as many experts warn that using Huawei or ZTE 5G equipment poses an unacceptable national security risk.
With all of the tools deployed for endpoint detection and response, enterprises today are often overwhelmed by threat intelligence, says J.J. Thompson of Sophos. To alleviate "analysis paralysis," Sophos has just launched its Managed Threat Response service. Thompson details its offerings.With all of the tools...
"Cyberattacks are one of the unfortunate realities of doing business today," reads gaming company Zynga's data breach notification, thus breaking the first rule of crisis management: Own your mistakes. Hacker Gnosticplayers claims the company was still storing passwords using outdated SHA1.
A security researcher has uncovered what may rank as one of the most significant iOS weaknesses ever discovered: a flaw that enables bypassing the security protections present in most Apple mobile devices. While the vulnerability can't be patched, an attacker would need physical access to exploit it.
Delayed enforcement of the "strong customer authentication" requirements for online transactions under the European Union's PSD2 regulation is hampering efforts to enhance security. That's why the European Banking Authority should act quickly to develop a new timeline.
The U.S. electric grid is growing increasingly vulnerable to cyberattacks from countries such as Russia, and a well carried out attack on the grid could cause widespread power outages, according to a new GAO audit. Industrial control systems are particularly vulnerable.
Food delivery startup DoorDash says 4.9 million customer, contractor and merchant records were breached after "unusual activity" by a third-party service provider. Even aside from the usual identification data, experts say certain data - such as food allergies - could pose risks in the wrong hands.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.