When a breached organization such as Ubiquiti says it is "not currently aware of evidence" that attackers stole customer data, it too often means: "We don't know, because we failed to have in place the robust logging and monitoring capabilities that might have provided us all with real answers."
CISA and the FBI warn in a new alert that unidentified nation-state actors are scanning for three vulnerabilities in Fortinet's operating system, FortiOS, to potentially target government agencies and companies for cyberespionage.
The latest edition of the ISMG Security Report features an analysis of retailer Fat Face’s awkward "strictly private and confidential" data breach notification. Also featured: Discussions on the ethics of buying leaked data and the rise of central bank digital currencies.
Four editors at Information Security Media Group discuss important cybersecurity issues, including dealing with attacks targeting the aging Accellion File Transfer appliance and taking steps to enhance employee authentication.
As times change, many companies and organizations have worked on ramping up their multi-faceted security defenses. However, threat actors and cyber criminals also adapt and hunt for new vulnerabilities, compromising data by embracing new exploits to ensure substantial financial payoff.
In this report, we...
Many organizations have invested in improving their threat detection capabilities over the
past two years and express increased confidence in their ability to stop threats that have
penetrated the network perimeter. However, these organizations also cite a number of
weaknesses and areas for further improvement,...
An attacker added a backdoor to the source code for PHP, an open-source, server-side scripting language used by more than 75% of the world's websites. Core PHP project members say the backdoor was quickly removed.
DDoS, one of the oldest types of cyberthreats, continues to pose major security risks for virtually every type of enterprise — small and large alike. And while some organizations might believe they’re a low-risk target, the growing reliance on internet connectivity to power business-critical applications leaves...
Many organizations have updated the authentication process for customers to help ensure frictionless transactions. Now, some are starting to take similar steps to streamline and enhance authentication of their employees - especially those working remotely.
What happens when an e-commerce retailer sends customers a data breach notification email with a subject line that reads "strictly private and confidential"? "Clearly trying to make people stay quiet," responded one unamused Fat Face customer. Others report being none the wiser as to what risks they now face.