Digital streaming platform Mixcloud says it's the victim of a data breach after an attacker shared personal data for registered users with several media outlets, including Vice and ZDNet. The data on 21 million users is for sale in an underground market.
With the California Consumer Privacy Act set to go into effect Jan. 1, 2020, companies are making last-minute compliance preparations. But these preparations are challenging because regulations to carry out the law are still pending and ambiguities remain. Here's a look at three issues.
To help security practitioners address their cybersecurity challenges, ISMG is hosting a Cybersecurity Summit on Nov. 21 in Mumbai, best practices in tackling cybersecurity issues. Among the speakers: Loknatha Behera, Kerala's state police chief, and former Supreme Court Justice B. N. Srikrishna.
Instead of proving a flash in the pan, enthusiasm for cryptocurrency has grown - and with it the associated fraud. Cyber criminals were quick to develop malware with the aim of stealing cryptocurrencies, with attackers finding ways to exploit the anonymity offered.
Facebook has revealed that, once again, it allowed third-party app developers to wrongfully gain access to its customers' private data. The company changed access for about 100 developers after the problem was discovered.
Some 42 apps that were available in the Google Play store had been delivering adware to Android devices for about a year, according to the security firm ESET. In the 12-month period starting in July 2018, these apps were downloaded about 8 million times to Android devices around the world, the researchers say.
Avast's CCleaner utility is popular - with attackers. For the second time in two years, the company says it believes CCleaner was the intended targeted of a carefully plotted intrusion executed between May and October.
What is the risk of having too many cybersecurity tools? Compromised visibility because of "tool sprawl," say Brian Murphy and Seth Goldhammer of ReliaQuest. Enterprises are now awakening to this challenge and attempting to overcome it.
Organizations are accepting that the network perimeter no longer serves as the "ultimate defense" and thus adapting zero-trust principles, including least privilege, based on the understanding that they may already have been compromised, says Darran Rolls of SailPoint.
Robotic process automation aims to use machine learning to create bots that automate high-volume, repeatable tasks. But as organizations tap RPA, they must ensure they take steps to maintain data security, says Deloitte's Ashish Sharma.
Large or small, enterprises from all sectors are dealing with the same vulnerabilities in open source code. The difference: the scale of the problem. DJ Schleen of Sonatype discusses insights from the latest ISMG roundtable dinner.
As part of a multi-city tour, ISMG and Sonatype visited Atlanta recently for an engaging discussion on how to mitigate risks introduced by open source code. Here's a conversation with DevOps advocate Derek Weeks.
The U.S. National Security Agency is the latest intelligence agency to warn that unpatched flaws in three vendors' VPN servers are being actively exploited by nation-state attackers. Security experts say such alerts, which are rare, are a clear sign that serious damage is being caused.