RoboCent, a company that specializes in robocalling voters, left nearly 3,000 files containing detailed data about Virginia voters online by mistake. The data has been secured, but the incident points again to ongoing problems of security misconfigurations in repositories and lack of end-to-end encryption.
A ministry of agriculture website in India lacks basic security measures, risking exposing personal data of millions of farmers who use the site to obtain crop insurance, a security practitioner who uses the site has pointed out.
Why are attacks so successful? Legacy endpoint security products are creating more problems than they solve. There is too much cost and complexity, defenses aren't keeping up, and security staff is stretched thin.
Silicon Valley employees are increasingly calling on executives to restrict the use of facial recognition technology, mobilized in part by the U.S. government's previous policy of separating children from parents at the border. Experts say facial recognition regulations are needed - and quickly.
Blockchain, the digital ledger used for cryptocurrency, can serve as an effective identity management platform, asserts Chris Boscolo, CEO of ZNO Labs, who describes an approach he calls "self-sovereign identity."
"We are living in difficult times ... when the government data is the most vulnerable," says Jayesh Ranjan, principal secretary-IT, electronics and communications & industries and commerce, government of Telangana. He calls for creating "a strong institutional mechanism" to tackle threats.
Timehop, the social media app that resurfaces older social media posts for entertainment, says its ongoing investigation has revealed that an attacker may have compromised more personal information than it previously suspected over the course of a breach that lasted at least seven months.
An Australian company that issues identity cards for access to airports has been notifying applicants and cardholders that their personal information may have been compromised, according to a news report. Australian federal police are investigating.
An ongoing security operations center challenge is trying to get the right data to the right person at the right time. The problem is compounded by there being "too much data and not finding the right people to deal with the data," says Mischa Peters of IntSights. What can help?
To better counter threats carried by content - email, attachments, files - Deep Secure's Simon Wiseman says organizations should investigate content threat removal, which involves extracting required data from content and discarding the rest.
With the increase in vulnerabilities in operational technology infrastructure, it's important to deploy unidirectional hardware gateways to restrict entry into OT networks, says Ajit Jha of L&T Technology Services.
Adaptive authentication is a new approach to combatting fraud that achieves the twin goals of reducing fraud risk and preserving the customer experience.
Download this white paper and learn:
The characteristics and advantages of adaptive authentication;
How behavioral biometrics and mobile apps both play...
If 2017 was the year of ransomware innovation, 2018 is well on its way to being known as the year of cryptocurrency mining malware. Numerous studies have found that the most seen malware attacks today are designed for cryptojacking. But while ransomware campaigns may be down, they're far from out.
To have any hope of keeping up "with the exponential rise in variants in malware," organizations must reduce their attack surface, in part by using technology designed to learn what attacks look like and respond as quickly as possible, says Cylance's Anton Grashion.