Facebook has revealed that, once again, it allowed third-party app developers to wrongfully gain access to its customers' private data. The company changed access for about 100 developers after the problem was discovered.
Organizations should develop a comprehensive strategy for managing third-party security risks and avoid over-reliance on any one tool, such as vendor security risk assessment, monitoring or ratings services, says analyst Jie Zhang of Gartner.
By year's end, the National Institute of Standards and Technology should be ready to publish the first version of its privacy framework, a tool to help organizations identify, assess, manage and communicate about privacy risk, says NIST's Naomi Lefkovitz, who provides implementation insights.
Say hello to NortonLifeLock, as Symantec anti-virus for consumers is no more, following the sale of Symantec's enterprise assets and name to Broadcom for $10.7 billion. But can the new, pure-play consumer "cyber safety" business succeed where the combined consumer and enterprise business previously stumbled?
Maliciously or unintentionally, people cause data breaches via email. But email is an essential part of enterprise life. How can the channel be made more secure? Sudeep Venkatesh of Egress offers new perspectives.
Martin Overton has worked both in cybersecurity and insurance, so he has a unique perspective on cyber insurance - the genuine benefits as well as the potential pitfalls. He shares tips on what to seek in an effective policy.
Deception technologies can play a critical role in mitigating cyber risks, says Devender Kumar, CISO at TMF Group, who also other sizes up other key technology investments and reviews challenges CISOs are facing. He'll be a featured speaker at ISMG's Cybersecurity Summit in Mumbai on Nov. 21.
The Sophos 2020 Threat Report is out, and among the key findings: Ransomware attackers continue to leverage automated active attacks that can evade security controls and disable backups to do maximum damage in minimal time. John Shier of Sophos analyzes the trends that are most likely to shape the 2020 cybersecurity...
The cybersecurity community had been holding its breath in anticipation of mass attacks targeting the severe BlueKeep vulnerability in Windows, which Microsoft has patched. The first in-the-wild exploits have now been seen, although they don't appear to constitute an emergency - at least yet.
Many ransomware-wielding attackers continue to hack into organizations via remote desktop protocol. But some Sodinokibi ransomware-as-a-service affiliates have shifted instead to targeting victims via botnets, saying hackers' use of RDP exploits has grown too common.
Ransomware continues to be a highly profitable cybercrime. Ransomware incident response firm Coveware reports that for the third quarter of this year, the average ransom amount paid was $41,198, a six-fold increase from the same period last year, driven by strains such as Ryuk and Sodinokibi.
For Russian-speaking hackers, ransomware used to be taboo. But GandCrab killed all such ethical qualms, democratizing ransomware-as-a-service, paving the way for new profit-sharing schemes such as Sodinokibi and driving a new generation of attackers to master advanced hacking skills, a new report finds.
A trio of domain name registrars are mandating a password reset after a breach affecting about 22 million accounts occurred in late August. Web.com and two of its brands, Network Solutions and Register.com are contacting victims via email.
A new study produced in partnership with several insurance companies concludes that a single virus attack affecting 15 major ports across Singapore, China, Japan, South Korea and Malaysia potentially could lead to losses of up to $110 billion worldwide.