Facebook says that whoever hacked 50 million user accounts, putting the privacy of those users' personal data at risk, did so by abusing its "View As" privacy feature. Facebook says the attack successfully targeted three separate bugs in its video-uploading functionality.
Security ratings are increasingly popular as a means of selecting cybersecurity vendors. But Ryan Davis at CA Veracode also uses BitSight's ratings as a means of benchmarking his own organization for internal and external uses.
In Australia, it can take as few as 15 minutes to steal someone's phone number, a type of attack known as SIM hijacking. Such attacks are rising, but mobile operators have no plans to change the authentication required around number porting, which can be set in motion online with minimal personal information.
Massive, well-resourced companies are still using live customer data - including their plaintext passwords - in testing environments, violating not just good development practices but also privacy laws. That's yet another security failure takeaway from last year's massive Equifax breach.
India is seeing a surge in government website defacements and data leaks that apparently are tied to nation-states. But if key stakeholders from all sectors collaborate, using appropriate skills and technologies, they can fight off these threats.
The recent case in which Singapore's OCBC bank suffered a few hours of outage because of an apparent lack of proper monitoring could lead to bigger security issues unless the management and security team of the bank take appropriate steps.
A recent incident involving a chronic care management company spotlights how paying a ransom to recover decryption keys from ransomware attackers can put sensitive data at additional risk. Security experts offer insights on how to prepare for the many challenges posed by attacks.
Identifying the right controls to manage specific risks is a vital component of an enterprisewide security program, says Gregory Wilshusen of the U.S. Government Accountability Office.
In the wake of a growing number of mob lynchings often attributed to fake news spread via WhatsApp, the government is looking for an easy solution. But while some of what it's proposing makes sense, a plan to make messages more traceable would prove impractical.
Artificial intelligence and machine learning will have a significant impact on lowering the cost of securing an organization because it will reduce the need for advanced skillsets, predicts Rapid7's Richard Moseley.
UIDAI again found itself embroiled in a controversy when it was revealed that its helpline was being automatically added in the contact lists of mobile phones. But Google acknowledged that its coding error led to the mishap. Why was Google involved in getting a phone number for UIDAI preloaded on phones?
The fight against fraud in a cashless economy requires investments in technologies that can offer early warning signals, says Bharat Panchal, senior vice president and head of risk management at National Payment Corporation of India.
The Reserve Bank of India issued a notice to all cooperative banks advising them to apply caution while deploying third-party core banking applications and check for appropriate security standards. The move came after credential theft incidents at some banks. But will banks heed the advice?
Mirai-like, distributed denial of service attacks launched by IoT devices are an indication that DDoS may no longer be an external-only threat facing enterprises, warns Philippe Alcoy of Arbor Networks.
One of the key lessons offered at ISMG's Fraud & Breach Prevention Summit, held June 12-13 in Bengaluru, was the need for security practitioners to have a better perception of threats and risks so they can build successful detection and defense mechanisms.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.in, you agree to our use of cookies.