Open source components help developers build and deploy applications faster, but with increased speed comes greater risk. Maria Loughlin of Veracode describes how to reduce those risks through several steps, including component inventories and developer education.
The U.S. Department of Justice on Thursday unsealed an indictment charging two Chinese nationals in connection with APT10 or Cloud Hopper, a cyber espionage campaign, alleging they acted in association with a government agency.
Facebook violated consumer protection law by failing to protect personal data that consumers thought they'd locked down, the District of Columbia alleges in a new lawsuit. Plus, Facebook is disputing a New York Times report that it ignored privacy settings and shared data with large companies without consent.
For the past three years, hackers have been intercepting sensitive diplomatic cables sent between EU member states after stealing passwords for accessing the EU network via a phishing attack against diplomats in Cyprus, The New York Times reports.
The number of data breach reports filed since the EU General Data Protection Regulation went into effect has hit nearly 3,500 in Ireland, over 4,600 in Germany, 6,000 in France and 8,000 in the U.K. Regulators say more Europeans are also filing more complaints about organizations' data protection and privacy practices.
A large health insurer in Western Australia shared the home addresses of some psychologists to a web-based appointment booking service, according to a news report. The health insurer belated realized after a complaint from one practitioner that some psychologists work from home.
Although CERT-In says the hacking of Indian websites declined dramatically this year, based on reports it has received, some security experts argue that many hacking and other cybercrime incidents are never reported.
Twitter says that an unspecified number of its users may have been targeted by state-sponsored hackers seeking to unmask their identity. Separately, Trend Micro says Twitter has blocked an account that was posting image memes designed to remotely control malware-infected PCs.
The battle against Russian disinformation is far from over. Two in-depth Senate reports have revealed that such campaigns continue despite efforts by social media companies to cleanse their platforms. Researchers say Facebook's Instagram may be the next battleground.
Ireland's privacy watchdog is probing data breaches at Facebook that exposed users' private data. In the latest breach to be disclosed, Facebook has warned that for a 12-day period in September, up to 6.8 million users' private photos may have been revealed to 1,500 apps built by 876 developers.
Following industry standards should not be a compliance-driven, checkbox activity, says the PCI Security Standards Council's Nitin Bhatnagar. "It has to be a holistic approach, and you have to get involved with people, process and technology."