Step away from the social media single sign-on services, cybersecurity experts say, citing numerous privacy and security risks. Instead, they recommend that everyone use password managers to create unique and complex passwords for every site, service or app they use.
The U.K.'s data protection regulator has fined Bupa Insurance Services £175,000 ($228,000) for failing to stop an employee from stealing 547,000 customer records, which were later offered for sale on the dark web. The ICO found that the health insurer's CRM system lacked adequate security controls.
While Facebook has invalidated 90 million users' single sign-on access tokens following a mega-breach, researchers warn that most access token hijacking victims still lack any reliable "single sign-off" capabilities that will revoke attackers' access to hyper-connected web services and mobile apps.
Education plays a critical role in any program designed to combat insider threats, says Christopher Greany, head of group investigations at Barclays. He'll discuss how to start an insider threat program in a presentation at Information Security Media Group's Security Summit: London, to be held Oct. 23.
To comply with GDPR, Facebook has notified Ireland's data privacy watchdog about the massive breach it has suffered, resulting in 50 million accounts being exposed. But Irish authorities have signaled that Facebook has failed to share all of the information they would have expected to see.
Facebook says that whoever hacked 50 million user accounts, putting the privacy of those users' personal data at risk, did so by abusing its "View As" privacy feature. Facebook says the attack successfully targeted three separate bugs in its video-uploading functionality.
An Australian man who as a teenager managed to infiltrate Apple's networks and do it again after the company expelled him - aided by a folder on his laptop storing his "Hacky Hack Hack Methods" - has been sentenced to serve eight months of probation, according to news reports.
Leading the latest edition of the ISMG Security Report: The reaction to the recently released White House cybersecurity strategy. Also featured: A discussion of GDPR's impact on class action lawsuits.
In harmony with a wave of global privacy and security legislation, Canada has its own new breach notification requirements going into effect on Nov. 1. Attorney Ruth Promislow says these standards will force organizations to shift from a reactive to a proactive approach to incident response.
For too many organizations, software vulnerability management is just about "patch Tuesday." But Alejandro Lavie of Flexera says organizations need to adopt a new strategy focusing on visibility, prioritized response and mitigation.
A national cybersecurity strategy document released by the White House last week - along with comments from a top Trump administration official that the U.S. would step up its offensive cyber measures - are getting mixed reviews from cybersecurity experts.
At RSA Conference 2018 Asia Pacific & Japan, Information Security Media Group conducted dozens of video interviews with industry thought leaders. Here are the highlights.
Breached businesses in Europe: Brace for more class action lawsuits seeking material and non-material damages filed by victims following mandatory data breach notifications under GDPR, says attorney Jonathan Armstrong. He predicts more breach-related suits will succeed in Europe than in the United States.
Security ratings are increasingly popular as a means of selecting cybersecurity vendors. But Ryan Davis at CA Veracode also uses BitSight's ratings as a means of benchmarking his own organization for internal and external uses.
In Australia, it can take as few as 15 minutes to steal someone's phone number, a type of attack known as SIM hijacking. Such attacks are rising, but mobile operators have no plans to change the authentication required around number porting, which can be set in motion online with minimal personal information.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.