Google blames a bug in an API for its Google+ social networking service for exposing personal details of about 500,000 users' accounts, but says it doesn't believe the information was misused. The company was forced to acknowledge the March incident after it was reported by The Wall Street Journal.
Barriers to getting into the business email compromise - aka CEO fraud - game continue to fall, with security vendor Digital Shadows finding that compromised email accounts for a company's finance department can typically be purchased via the black market for just $150 to $500.
The healthcare sector needs to continue upping its ante in cybersecurity to prevent potentially catastrophic "doomsday" events that could devastate regional healthcare systems, says Erik Decker, CISO of the University of Chicago Medicine. He's helping draft a guide to mitigating five key cyber threats.
The latest edition of the ISMG Security Report features an analysis of the latest developments in Facebook's massive data breach and expert analysis of the potential for nation-state interference in the U.S. midterm elections.
Many enterprises still rely on Microsoft Windows Server 2008 to run business critical applications. But Windows Server 2008 will reach End of Support on January 14, 2020, which means no more security and maintenance patches. Every enterprise has to face down this issue of legacy systems sooner or later. With Windows...
At three of the world's largest information security events in 2018, Information Security Media Group's team of editors conducted about 200 video interviews with industry thought leaders, who provided timely insights on important topics. Here's your guide to those interviews.
Healthcare organizations often fail to address five fundamental elements of a solid cybersecurity program, says security expert Mark Johnson of the consultancy LBMC Information Systems, who formerly was CISO at Vanderbilt University and Medical Center.
Warning: Attackers behind the recently revealed Facebook mega-breach may still be able to access victims' accounts at some third-party web services and mobile apps, and Facebook has offered no timeline for when a full lockdown might occur - although there are no signs of third-party account takeovers.
While Facebook has invalidated 90 million users' single sign-on access tokens following a mega-breach, researchers warn that most access token hijacking victims still lack any reliable "single sign-off" capabilities that will revoke attackers' access to hyper-connected web services and mobile apps.
In its ongoing quest to improve the state of medical device cybersecurity, the FDA has announced a number of key moves - including the release of a security "playbook," plans to leverage information sharing and analysis organizations and an effort to update its 2014 premarket guidance for manufacturers.
To comply with GDPR, Facebook has notified Ireland's data privacy watchdog about the massive breach it has suffered, resulting in 50 million accounts being exposed. But Irish authorities have signaled that Facebook has failed to share all of the information they would have expected to see.
Facebook says that whoever hacked 50 million user accounts, putting the privacy of those users' personal data at risk, did so by abusing its "View As" privacy feature. Facebook says the attack successfully targeted three separate bugs in its video-uploading functionality.
Endpoint management, while broad from a technology standpoint, is moving in a definitive direction - the ability to centrally discover, provision, deploy, update, and troubleshoot endpoint devices within
an organization. The proliferation of laptops, desktops, and more will propel the worldwide market for
The workplace is transforming, and keeping up with evolving security
threats has become more critical and challenging than ever. Malware
attacks come from all directions and according to IDC, 70 percent of
successful breaches begin at the endpoint.1 This means that having a
comprehensive endpoint management...
Exploits are commonly used in cyber attacks: upwards of 90% of reported data breaches involve an exploit at one or more points in the attack chain. Including exploit prevention as part of a comprehensive lineup of security defenses is clearly valuable.
Almost every major security vendor can claim some level of...