Sensitive information, including credit card and phone numbers, was left exposed to the internet on an unsecured database belonging to Fieldwork Software, which provides cloud-based services to small businesses, researchers note in a new report.
An unprotected database belonging to Chinese e-commerce site Gearbest exposed 1.5 million customer records, including payment information, email addresses and other personal data for customers worldwide, white hat hackers discovered.
Today's workforce is increasingly working remotely and relying on a variety of devices and cloud services to accomplish their jobs. Organizations must support but also secure this push, or they risk driving employees to adopt shadow IT, warns Jon Oberheide of Duo Security.
Apple has revoked Facebook's enterprise certificate, leaving the social network's employees unable to access internal iOS apps, after Facebook used it to distribute an app that monitored smartphone activity, sometimes from minors, in exchange for monthly payments. Facebook says it did nothing wrong.
Your VPN is cumbersome and time consuming from a management and performance perspective. But what you might not want to concede is that VPNs, by their very nature, pose a significant threat to enterprise security.
Read this white paper to learn more about:
Why VPN elimination must happen now;
The four advantages...
An Australian man who as a teenager managed to infiltrate Apple's networks and do it again after the company expelled him - aided by a folder on his laptop storing his "Hacky Hack Hack Methods" - has been sentenced to serve eight months of probation, according to news reports.
A swift FBI sinkhole blunted an apparently imminent attack against Ukraine via "VPN Filter" malware, which has infected more than 500,000 routers. But mass router compromises will continue so long as manufacturers fail to build in easy or automated patching and updating, security experts warn.
Despite the buzz about digital transformation, most enterprises remain overwhelmed by having to support and secure legacy technologies, says Mark Loveless of Duo Security. How can they simultaneously protect their legacy systems while securing their future?
Evidence continues to mount that Russian intelligence created the "Guccifer 2.0" hacker online persona as a "plausible deniability" cover for dumping information stolen from the U.S. Democratic National Committee, among other targets, says cybersecurity expert Alan Woodward.
A report outlining new ways to recruit and retain cybersecurity professionals in the U.S. federal government leads the latest edition of the ISMG Security Report. Also, the sector considered the most cybersecurity challenged, and the growing interest in virtual private networks.
The U.S. regulation that forbid ISPs from selling information about web activity without a customer's permission is gone. But it's still possible to maintain privacy on the Web even if prying eyes are watching.
Memo to would-be cybercriminals: Want to move stolen funds internationally to bank accounts that you control? Need to route the funds to a few money mules to get it laundered? Don't do it from a system tied to an IP address registered to your home.
Three Romanian men accused of running a cybercrime ring that used custom-built "Bayrob" malware and money mules to steal at least $4 million from victims have been extradited to face charges in the United States.
Cisco has begun releasing updates for all ASA devices to patch them against a buffer overflow vulnerability that was targeted by leaked Equation Group attack tools. Attackers can exploit the flaw to gain remote control of ASA devices.
If leading intelligence agencies can seemingly hack a wide variety of IT gear, what hope is there for enterprise security? Experts describe how organizations should respond to the recent dump of attack tools from the Equation Group, which is widely believed to be tied to the NSA.