Some 4 terabytes of data on over 1.2 billion individuals - including LinkedIn and Facebook profiles - was exposed to the internet on an unsecured Elasticsearch server, according to an analysis by a pair of independent researchers.
Ransomware attacks have taken an unwelcome turn: The Maze gang reportedly has begun leaking a victim's files to create pressure to pay a ransom. Security experts say they're not surprised by this development, but note that given the different skills required, such tactics may not become widespread.
Twitter users no longer have to supply a phone number in order to use two-step verification for authentication. The move will better protect accounts from SIM hijacking attempts and also means users don't have to sacrifice some of their privacy to enable a security feature.
This edition of the ISMG Security Report features an analysis of the very latest ransomware trends. Also featured: Discussions of Microsoft's move to DNS over HTTPS and strategies for tackling IoT security challenges.
Dopplepaymer ransomware, despite ongoing rumors, is not being spread via the Teams collaboration platform or BlueKeep remote desktop protocol flaws, Microsoft says. But it warns that the damaging crypto-locking code is being spread via stolen Active Directory administrator credentials.
Creating effective strategies for securing digital India's assets is challenging. For example, the growth of the cashless economy and increase in digital transactions have made consumers' data more vulnerable to cyberattacks, creating a more urgent need to protect digital assets.
This session discusses:
Complying with regulations and standards, including GDPR, PCI DSS, the RBI Gopala Krishna Committee report and the UIDAI's Aadhaar biometric, has increased the need for stringent data protection measures. India's upcoming data privacy bill will further mandate all organizations to safeguard sensitive data.
About 50 banks in India have cyber insurance policies to cover breach response costs, risk mitigation services, notification, forensic services, public relations, crisis management and any customer loss which can be quantified, as well as third-party risk exposure and other specialty services, such as hiring an...
An unsecure database belonging to PayMyTab, a company that provides U.S. restaurants with mobile payment apps and devices, left payment card and other customer data exposed, according to a new report from two independent security researchers.
A bipartisan group of eight U.S. senators is urging National Security Adviser Robert O'Brien to appoint a special coordinator to oversee the rollout of 5G cellular networks. The coordinator would address security issues and coordinate the efforts of federal agencies.
Microsoft has outlined its plans for supporting the encryption of Domain Name System queries, which allows for more private internet browsing. The first step will be to upgrade connections to DNS over HTTPS, but allow admins to control DNS settings.
Developing a mature security program takes time, but I've met many forward-thinking security leaders who've made swift and lengthy strides in protecting their clients' data. With those lessons in mind, here are five things any organization can do today to create immediate, measurable security benefits,
In the wake of Google's plan to buy Fitbit, two U.S. senators have introduced legislation that aims to protect the privacy of consumer health data collected on wearable devices. Meanwhile, a House committee is scrutinizing the healthcare system Ascension's sharing of patient data with Google.