Warning: Attackers behind the recently revealed Facebook mega-breach may still be able to access victims' accounts at some third-party web services and mobile apps, and Facebook has offered no timeline for when a full lockdown might occur - although there are no signs of third-party account takeovers.
Step away from the social media single sign-on services, cybersecurity experts say, citing numerous privacy and security risks. Instead, they recommend that everyone use password managers to create unique and complex passwords for every site, service or app they use.
While Facebook has invalidated 90 million users' single sign-on access tokens following a mega-breach, researchers warn that most access token hijacking victims still lack any reliable "single sign-off" capabilities that will revoke attackers' access to hyper-connected web services and mobile apps.
For too many organizations, software vulnerability management is just about "patch Tuesday." But Alejandro Lavie of Flexera says organizations need to adopt a new strategy focusing on visibility, prioritized response and mitigation.
It may seem silly to wonder how safe your backups are; backups are rarely
thought of as being at risk. It stems back to a time when backups were on
tape - a medium that would be tough for even skilled developers to hack. But
today's backups are stored (whether on-premises or in the cloud) on disk or,
If you are reading this, it means you are taking time out of your busy schedule to search for data protection solutions. Data protection is not meant to be exciting; it's meant to automate the boring parts through automation so that your company stays out of the negative headlines.
"You get paid for...
Modern backup is still too complicated. Adding to the woes of the modern backup administrator
is the fact that very few organizations get to tear
their entire IT apparatus down and take a completely
modern, greenfield approach. In the real world, data
centers are the result of incremental growth. With that growth...
Although the terms "backup" and "archiving" are sometimes used
interchangeably, they refer to two completely different processes. Both deal
with long-term data storage, yes, but that is where the similarities end.
Backups are designed to provide an organization with a way of recovering its
data following some sort...
In Australia, it can take as few as 15 minutes to steal someone's phone number, a type of attack known as SIM hijacking. Such attacks are rising, but mobile operators have no plans to change the authentication required around number porting, which can be set in motion online with minimal personal information.
Security is a journey not a destination. What's been deployed today may be found
to have a vulnerability tomorrow. Operating systems like Windows Server 2003 and
2008, which were once trusted building blocks for critical applications, are now
potential liabilities as time goes on and maintenance comes to an end and...
Email fraud threats have evolved from attackers targeting networks to them focusing on specific individuals within an organization. What can enterprises do to halt these attacks before they reach the inbox? Denis Ryan of Proofpoint shares defensive tactics.
Massive, well-resourced companies are still using live customer data - including their plaintext passwords - in testing environments, violating not just good development practices but also privacy laws. That's yet another security failure takeaway from last year's massive Equifax breach.
Those of you who are CISOs and have been conducting awareness programs for years realize that ''the devil is in the details" when building a successful program. Initial attempts to get an awareness program started are usually done by trial and error- but this hit-and-miss approach is often ineffective or frustrating....
One mystery with the recently discovered payment card sniffing attacks against such organizations as British Airways and Newegg has been how attackers might have first gained access to the victims' networks. But a number of cybercrime markets sell such access, in some cases for as little as 50 cents.