Britain's biggest businesses continue to inappropriately expose servers and services to the internet, putting the organizations and data at risk, according to a study by Rapid7. Tod Beardsley describes the findings, including a widespread lack of phishing defenses as well as cloud misconfigurations.
Hacking and extortion attempts against organizations have unfortunately become all too commonplace these days. On Tuesday, an unlikely victim went public: the British band Radiohead. But was the band really a hacking and extortion victim?
The fallout from the 2015 TalkTalk hack continues as a 22-year-old U.K. man was sentenced to jail Monday for his role in the attack and other cybercrimes, including an attack against his former school.
License plate and traveler photos collected at the U.S. border have been compromised after a federal government subcontractor was hacked. While Customs and Border Protection officials claim the image data hasn't been seen online, security experts say it's already available for download via a darknet site.
What are the top trends shaping the rising tide of financial fraud in 2019, and what can security professionals expect in the months and years to come? Trace Fooshee of Aite Group discusses changes in the fraud landscape.
Online invitation site Evite has been hacked and information on an unspecified number of users stolen. In a data minimization fail, the breach apparently dates from earlier this year, but it's been tied to "an inactive data storage file associated with Evite user accounts" from before 2014.
The latest edition of the ISMG Security Report describes Apple's newly announced single sign-on function that's built with privacy in mind. Plus, a discussion of the "other" insider threat and an Infosecurity Europe conference recap.
Key vendor risk management steps include determining upfront how much the vendor will interact with various stakeholders and interact with the news media in case of a breach, says Satyavathi Divadari of Cognizant.
A security researcher has posted a demonstration showing how an attacker could exploit the BlueKeep vulnerability to take over a Windows device in a matter of seconds. Meanwhile, the NSA has joined Microsoft in urging users to patch devices before an attacker takes advantage of this vulnerability.
A third medical lab test firm - BioReference Laboratories - has acknowledged that it's a victim of the data breach at American Medical Collection Agency, which may have exposed data on more than 20 million patients. Meanwhile, at least four state attorneys general are now investigating the breach.
One year after the EU's General Data Protection Regulation went into full effect, data protection experts gathered at the European Data Protection Summit in London to review the state of privacy - not just in the U.K. and Europe but across the world. Here are eight takeaways.
Organizations and their applications are under attack from automated bots and bad actors. And many of these attacks are undetectable by conventional security technologies. How can organizations detect and prevent this activity? Carl Gustas of Cequence Security shares insights.