Apache has released an emergency fix for its Struts web application framework to patch a flaw that attackers can exploit to take full control of the application. Some incident response experts, based on the severity of breaches they've investigated, recommend dropping Struts altogether.
With less than three months to go until the U.S. midterm elections, Alex Stamos, until recently Facebook's CSO, says there isn't time to properly safeguard this year's elections. But here's what he says can be done in time for 2020.
Facebook, Twitter and Google have suspended or removed hundreds of pages and accounts tied to two separate alleged influence operations being run by Iran and Russia. Cybersecurity firm FireEye says the campaigns target the U.S., U.K., Latin America and Middle East.
In an exclusive, in-depth analysis, a panel of experts says the proposed personal data protection and privacy bill, prepared by the Justice B. N. Srikrishna committee, has many gaps and some provisions that could prove challenging to implement.
Kaspersky Lab has discovered a new form of malware it calls Dark Tequila that has been targeting users in Mexico and stealing bank credentials and other personal and corporate data. The malware can move laterally through a computer while it's offline, says Dmitry Bestuzhev, a Kasperksy researcher.
U.K. health and beauty retailer Superdrug Stores is warning customers that attackers may have compromised some of their personal information, apparently because they'd reused their credentials on other sites that were hacked. While Superdrug quickly notified victims, it stumbled in three notable ways.
A lawsuit accuses Google of "the surreptitious location tracking of millions of mobile phone users." The legal action was sparked by a report demonstrating that some Google apps tracked and time-stamped users' locations even if a user deactivated the "location history" setting.
Cybercrime is a business and, like any business, it's driven by profit. But how can organizations make credential theft less profitable at every stage of the criminal value chain, and, in doing so, lower their risk?
A messy insider incident - allegedly involving an elected official in Wisconsin who is suspected of installing keylogging software to inappropriately access county systems over a five-year span - has impacted more than 258,000 individuals.