At a Senate committee hearing on Tuesday, lawmakers grilled a Facebook executive about the company's plans to launch a cryptocurrency. One Democratic senator said Facebook "does not respect the power of the technologies they are playing with - like a toddler who has gotten his hands on a book of matches."
A vulnerability in global airline check-in software used by 500 airlines could have been exploited to download other individuals' valid boarding passes, potentially giving them access to restricted airport spaces, warns security expert David Stubley. The flaw in Amadeus travel software has now been fixed.
Software vulnerabilities sometimes have an uncanny knack of revealing themselves, even when a bug hunter is looking someplace else. Sam Curry's probing eventually revealed a cross-site scripting flaw in a Tesla service, which netted him a $10,000 bounty.
In-App Protection Crucial for High-Value Applications
How do you prevent applications from becoming a security failure? According to Gartner, by deploying in-app protection capabilities that include hardening techniques, application monitoring, anti-tampering, and threat analytics.
In the 2019 Market Guide for...
The latest edition of the ISMG Security Report analyzes the significance of fines against British Airways and Marriott for violations of the EU's GDPR. Also featured are discussions of California's privacy law as a model for other states and the next generation of deception technologies.
George Orwell's "1984" posited a world in which Big Brother monitored us constantly via "telescreens." But thanks to our "smart" AI home assistants - from Google, Amazon and others - we're increasingly installing the monitoring equipment ourselves, and it may "hear" much more than we realize.
Security researchers have found yet another unsecured database that left personal data exposed to the internet. In this latest case, a MongoDB database containing about 188 million records, mostly culled from websites and search engines, was exposed, researchers say.
Applications have become primary targets for two vastly different, but equally dangerous, types of cyberattacks. Successful application breaches can lead to financial fraud, stolen IP, and business disruption.
Like many risk-averse organizations, state and local governments are missing out on the benefits of full-scale cloud adoption because they are paralyzed by the complexities associated with trusting their data to a third party. It's no surprise that government agencies have concerns about storing citizen data in the...
Video conferencing vendor Zoom has opted to make major changes to its Mac application after a security researcher found several weaknesses in it. The changes come after the researcher refused a bug bounty and instead went public after 90 days, putting pressure on Zoom.
In the wake of digital transformation, there remain some organizations that - for security reasons - resist the temptation to move to the cloud. What are their objections? Zscaler's Bil Harmer addresses these, as well as the critical questions security leaders should ask of cloud service providers.
If you analyze any of the recently published cyber attacks, two patterns emerge:
80-90% of the attacks exploit an unpatched vulnerability or an unhardened, widely open system
70% of the attacks begin at the endpoints
While "cool" new products create a lot of buzz, cyber hygiene is often ignored. But, it must be...
Security requirements need to be understood holistically in the context of your entire IT environment. Products and tools need to effectively address requirements without contributing to the chaos. Budgets and human resources are limited and need to be applied for maximum benefit.
But with hundreds of product...
What makes detecting compromised devices so difficult? The risk of a breach is higher than ever, with countless examples ending up in the news. So how do we detect these infected endpoints faster?
This guide seeks to answer this question and explore the obstacles in identifying infections.