GitHub has instructed some users to reset their passwords after a bug caused internal logs to record passwords in plain text. Several users posted screenshots on Twitter of the security-related email they received from GitHub on Tuesday. The company told impacted customers that the incident was discovered during a regular audit. GitHub claims only a “small number”…

If you do incident response work, you know it doesn’t matter whether you work for a large corporation or a small organization — an incident can strike at any given time. Unfortunately, there are often huge time lapses between when an incident occurs, when it is detected and when the security team can address it….

Data breaches, phishing attacks, information disclosure – the Internet can be a scary place. Conducting a cybersecurity audit (or getting a third-party assessment) is a great way to understand your organization’s cybersecurity posture. But, like preparing any exam or review, getting ready for a cybersecurity audit can be intimidating. While every security assessment will be…

While some organizations have spent decades fine-tuning their ability to respond to and manage cyber risks, far too many are still playing games with their security strategy. From a cybersecurity perspective, 2017 will go down as a record year for data breaches. The Identity Theft Resource Center (ITRC) reported 1,579 breaches, up 45 percent from 2016. By…

Updates released by Apple on Monday for iOS, macOS, tvOS and watchOS patch a flaw that causes applications to crash when rendering specific strings of Indian characters. Someone noticed recently that displaying a string written in India’s Telugu language (జ్ఞ‌ా) caused many apps on iOS and macOS to crash. The list of impacted apps includes…

More than 30 lawsuits have been filed by Intel customers and shareholders against the chip giant following the disclosure of the Meltdown and Spectre attack methods. Three class action lawsuits were filed against Intel within a week of the Meltdown and Spectre flaws being disclosed, but the number had reached 32 by February 15, according to an annual…

Cisco informed customers on Wednesday that it has become aware of malicious attacks attempting to exploit a recently patched vulnerability affecting the company’s Adaptive Security Appliance (ASA) software. No other information has been provided by the networking giant, but it’s worth noting that aproof-of-concept (PoC) exploit designed to cause a denial-of-service (DoS) condition on devices running…

Apple and Advanced Micro Devices (AMD) are also facing class action lawsuits following the disclosure of critical CPU vulnerabilities that affect billions of devices. The Meltdown and Spectre attack methods, which rely on vulnerabilities that have been around for roughly two decades, allow malicious applications to bypass memory isolation mechanisms and access passwords, photos, documents, emails, and…

There have been countless cyberbreaches over the past few years in which personal data, such as user IDs and passwords, have been compromised. These range from attacks against government agencies, such as two recent incidents affecting the national identity systems in Spain and Estonia, to corporate breaches exposing data belonging to millions of customers. In…