New data shows attackers are trying to sneak past malware scanners on websites using stealthy hacks such as cryptojacking and malicious JavaScript. Website security service provider SiteLock analyzed data from 6 million customer websites for the second quarter of 2018 and found that a website, on average, suffers 58 attack attempts per day – or…

At the moment, within the cybersecurity industry the emphasis tends to be on securing networks with perimeter-based protection, however, leaving an application endpoint unsecured means an application programming interface (API) can serve as a gateway to the data centre by which attackers can effectively attack the backend via bots, and compromised or impersonating applications. With…

The security of Internet of Things (IoT) devices, especially those intended for consumer use, tends to fall on a spectrum between “serious concern” and “industry joke.” Yet the fact is that a growing number of employees have various IoT devices in their homes — where they also could be connecting to an enterprise network to…

Additional information includes PII affected and the authentication issue that led to the breach. Timehop, the company that specializes in “digital nostalgia,” is releasing more information on the July 4 breach that compromised millions of users’ personally identifiable information (PII). New details include the timeline of the attack, the information affected, and the steps the…

Organizations must manage known vulnerabilities in web applications. When it comes to application security, the Open Web Application Security Project (OWASP) Foundation Top 10 is the primary source to start reviewing and testing applications. The OWASP Foundation list brings some important questions to mind: Which vulnerability in the OWASP Foundation Top 10 has been the…

Senator Ron Wyden (D-Ore.) on Tuesday asked the chief information officer at the U.S. Department of Defense (DoD) to take immediate action to ensure that the organization’s websites use HTTPS. The senator noted that some of the DoD’s websites, such as the ones belonging to the NSA, the Army, and the Air Force, do use…