Police in Shanghai are investigating the apparent loss of 130 million customers' personal details from Huazhu Hotels Group. The data exposure may trace to the Chinese hotel group's developers accidentally uploading to GitHub access credentials for a production database.
Hubris has a new name: Bitfi. The cryptocurrency wallet-building company, backed by technology eccentric John McAfee, earned this year's not-so-coveted Pwnies Award for "Lamest Vendor Response" for how it mishandled security researchers' vulnerability disclosures. Bitfi has promised to do better.
The FIN7 cybercrime gang regularly phoned victims, posing as buyers, to trick victims into opening phishing emails and attachments with malware, federal prosecutors allege. The group's success - 15 million stolen payment cards and counting - is one measure of how difficult these types of attacks are to block.
While the nature of distributed denial-of-service (DDoS) attacks is constantly evolving, two things are clear: the volume of attacks is increasing and every business is at risk.
The most resilient architecture to help combat these attacks is a combination of onpremisesand cloud DDoS scrubbing to mitigate network,...
In today's digital marketplace, your applications are your business. They fuel innovation and are the driving force for staying
competitive in an always-on, always-connected world. Apps are the way you build relationships with your customers, empower
your employees, facilitate growth, and so much more.
The threat landscape is dramatically different than it was just 5 years ago. A traditional web application firewall (WAF) was once a very effective solution for mitigating application layer attacks, but now has trouble keeping up with the advanced capabilities and agility of attackers. Signatures often lag behind new...
Many companies that have adopted a layered security strategy
still fail to protect their Domain Name System (DNS)
infrastructure, a critical Internet protocol that was never
designed with security in mind.
Read this white paper to learn why integrating a DNS-based
solution with layered enterprise...
Assuming that every user, request, and server is untrusted until
proven otherwise, a zero trust solution dynamically and
continually assesses trust every time a user or device requests
access to a resource. But zero trust offers more than a line of
The model's security benefits deliver...
Reddit suffered a data breach in June after attackers managed to bypass its SMS-based two-factor authentication system. User data from 2007 and before was compromised. Security experts say the breach should serve as a reminder that using any two-factor authentication is better than none.
RoboCent, a company that specializes in robocalling voters, left nearly 3,000 files containing detailed data about Virginia voters online by mistake. The data has been secured, but the incident points again to ongoing problems of security misconfigurations in repositories and lack of end-to-end encryption.
Timehop, the social media app that resurfaces older social media posts for entertainment, says its ongoing investigation has revealed that an attacker may have compromised more personal information than it previously suspected over the course of a breach that lasted at least seven months.
In the age of GDPR, more organizations are looking to data classification - including more automated techniques for doing so - as a way to not only help them protect their crown jewels, but in the case of a breach quickly identify what went missing, says Digital Guardian's Tony Themelis.
Facebook has responded to more than 2,000 questions posed by U.S. Senate and House committees with 747 pages of answers, which reveal that Facebook was still been providing special access to user data to dozens of companies, six months after it says it had stopped doing so in 2015.
Old technology never dies, but rather fades "very slowly" away, as evidenced by there being 21 million FTP servers still in use, says Rapid7's Tod Beardsley. Rapid7's scans of the internet have also revealed a worrying number of internet-exposed databases, memcached servers and poorly secured VoIP devices.