Facebook says that whoever hacked 50 million user accounts, putting the privacy of those users' personal data at risk, did so by abusing its "View As" privacy feature. Facebook says the attack successfully targeted three separate bugs in its video-uploading functionality.
Facebook revealed Friday that it had discovered a breach that affected almost 50 million user accounts. Attackers exploited a vulnerability that enabled them to steal "access tokens," digital keys that keep users logged in so they don't need to re-enter their password.
Several days after the Port of San Diego was hit by a crypto-locking ransomware attack, incident response efforts remain underway and many port systems remain offline. Port officials say the attacker has demanded a ransom, payable in bitcoin, for the promise of a decryption key.
Because business associates have been culprits in heath data breaches impacting millions of individuals, healthcare entities need to be diligent in taking steps to reduce the persistent risks these vendors pose, says privacy and security expert Susan Lucci.
In harmony with a wave of global privacy and security legislation, Canada has its own new breach notification requirements going into effect on Nov. 1. Attorney Ruth Promislow says these standards will force organizations to shift from a reactive to a proactive approach to incident response.
Ryan Duquette, an independent forensics examiner who formerly was a criminal investigator in law enforcement, offers insights on public/private partnerships and how investigators can work better with enterprises in the event of a breach.
A national cybersecurity strategy document released by the White House last week - along with comments from a top Trump administration official that the U.S. would step up its offensive cyber measures - are getting mixed reviews from cybersecurity experts.
In Australia, it can take as few as 15 minutes to steal someone's phone number, a type of attack known as SIM hijacking. Such attacks are rising, but mobile operators have no plans to change the authentication required around number porting, which can be set in motion online with minimal personal information.
A HIPAA-related enforcement case in Massachusetts involving two insider breaches alleges a trail of missteps, including failure to take prompt action after receiving tips about potential misuse of patient information. What can other entities learn from the mistakes?
Kenrick Bagnall, a former IT executive who is now a detective constable with the Toronto Police, offers unique insights on public/private partnerships and how enterprises can work better with investigators in the event of a breach.
Financial service organizations have networks that are larger and more dynamic than ever - and so are their network security risks. Matt Kraning of Qadium shares the results of a new review and how organizations can respond to it.
Not only are we now seeing the most powerful DDoS attacks ever recorded, but they also are leveraging the ever-growing army of IoT devices. Gary Sockrider of NETSCOUT Arbor offers advice for detection and defense.