Cybersecurity vendor Imperva's breach post-mortem should serve as a warning to all those using cloud services: One mistake can turn into a calamity. The company accidently left an AWS API key exposed to the internet; the key was then stolen and used to steal a sensitive customer database.
Nation-state attackers from outside the European Union pose the greatest threat to the continent's upcoming 5G networks, according to a new security assessment, which sidesteps the issue of Chinese firm Huawei's role in building these networks.
Rather than focusing solely on rankings offered by the common vulnerability scoring system, or CVSS, when setting priorities for risk mitigation, organizations need to size up the specific potential risks that vulnerabilities pose to their critical assets, according to a new report from RiskSense.
ISMG and Rapid7 kicked off a roundtable dinner series in San Francisco, where Rapid7's Scott King says the conversation showcased the challenges security leaders face in engaging business leaders to discuss risk.
Healthcare organizations can take steps to start mitigating risks while awaiting vendor software patches to address URGENT/11 IPnet vulnerabilities in their medical devices, says researcher Ben Seri of security firm Armis, which identified the flaws.
Financial institutions' boards as well as senior management should set clear expectations for cyber risk management and then carefully monitor the efforts, according to the Monetary Authority of Singapore's Cybersecurity Advisory Panel, which also stresses the need to manage supply chain risks.
The Food and Drug Administration has issued an alert warning healthcare organizations about 11 vulnerabilities dubbed "URGENT/11" involving IPnet, a third-party software component that may introduce risks for certain medical devices and hospital networks.
"Cyberattacks are one of the unfortunate realities of doing business today," reads gaming company Zynga's data breach notification, thus breaking the first rule of crisis management: Own your mistakes. Hacker Gnosticplayers claims the company was still storing passwords using outdated SHA1.
What are some of the most important aspects in managing vendor security risk when taking on third parties to handle sensitive data? Mitch Parker, CISO of Indiana University Health, explains the critical steps his organization is taking in its approach to vendor risk.
Delayed enforcement of the "strong customer authentication" requirements for online transactions under the European Union's PSD2 regulation is hampering efforts to enhance security. That's why the European Banking Authority should act quickly to develop a new timeline.
Rear Admiral Mohit Gupta, who was recently appointed chief of India's new Defense Cyber Agency, has made a series of recommendations for top action-items. But will the government actually carry out his priorities?
Ahead of the release of Edward Snowden's memoirs chronicling his decision to bring illegal "big data" domestic U.S. surveillance programs to light, a former NSA intelligence specialist points out that the U.S. still lacks a whistleblowing law to protect intelligence workers who spot illegal activity.
As part of its September Patch Tuesday security update, Microsoft issued software fixes for two vulnerabilities in several versions of Windows that it says are being exploited by attackers in the wild. Security experts are urging IT teams to quickly patch these flaws.
Independent security researchers have found yet another unsecured database accessible via the internet. This time, the exposed data belongs to South Korean manufacturing company DK-Lok.
Representatives from the U.S. intelligence establishment met with security officials of major social media and technology firms this week to help craft the nation's approach to securing the 2020 elections, including facilitating better information sharing and coordination.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.in, you agree to our use of cookies.
