New exploits released online that target long-known configuration weaknesses in SAP's NetWeaver platform could pose risks to payroll, invoicing and manufacturing processes, according to researchers at Onapsis. As many as 50,000 companies could be vulnerable.
JustDial had a second major leak of user information, claims an independent security researcher who earlier this month said he discovered a security loophole in the Mumbai-based hyperlocal search engine. But the company says it has fixed this second vulnerability.
Docker, which offers an open source container platform, is notifying users that an intruder briefly had access to sensitive data from 190,000 Docker Hub accounts, or less than 5 percent of Hub users. But the breach has caused a collective gasp because it potentially magnifies risks for enterprises.
Facebook has fixed a security vulnerability in its digital marketplace that could have been abused to identify the precise location of a seller, and by extension, their goods. Police warn that thieves regularly trawl location data to find the owners and locations of high-value items.
Four unprotected application program interfaces for JustDial, a local search engine in India, are leaking the personally identifiable information of its more than 100 million customers in real time, says an independent security researcher who discovered the vulnerability.
When it comes to browser security, one mistake made by consumers and enterprise alike is that they see the browser as a one-way window into the internet. The reality is quite different - and potentially costly if overlooked, says Pieter Arntz of Malwarebytes.
The latest edition of the ISMG Security Report features an update on a congressional report that slams Equifax for lacking a strong cybersecurity culture. Also featured: A new study on the status of women in the cybersecurity industry and the use of Android phones as security keys.
Ex-black hat Alissa Knight recently joined Aite Group's new cybersecurity practice, and among her first tasks: a hard look at the security of major financial institutions' mobile banking apps. The results may surprise you.
Multi-stage attacks use diverse and distributed methods to circumvent existing defenses and evade detection - spanning endpoints, networks, email and other vectors in an attempt to land and expand. Meanwhile, individual tools including DLP, EDR, CASBs, email security and advanced threat protection are only designed to...
NTT Security has signed a definitive agreement to acquire WhiteHat Security. NTT Security's Khiro Mishra and WhiteHat Security's Craig Hinkley say the deal will help bring more application security - and DevSecOps - products, services and smarts to more organizations.
As CSO of CDK Global LLC, Craig Goodwin has been part of the rollout of a new API platform that he believes will revolutionize automotive purchasing. Goodwin offers his perspective on security's role in application DevOps.