200 million-record breach: Why collecting too much data raises risk
If you don’t collect it, no one can steal it. Sometimes the best way to secure customer data is not to collect it in the first place. While it can be tempting to “collect it all” just in case, most enterprises need far less data on their users to market to them effectively. Reducing the…
Multiple Security Flaws Discovered in Visitor Management Systems
The analyzed systems include Lobby Track Desktop (Jolly Technologies), EasyLobby Solo (HID Global), eVisitorPass (Threshold Security), Envoy Passport (Envoy), and The Receptionist (The Receptionist). A total of 19 vulnerabilities were discovered in these systems, and their successful exploitation could lead to exfiltration of data such as visitor logs, contact information, or corporate activities; complete takeover…
Azure AD Identity Protection now revolves around risky users and risky sign-ins
Launched in September 2018, Microsoft Threat Protection (MTP) integrates a number of Microsoft services to provide a fully integrated, end-to-end solution for securing the entire attack surface of enterprises: identities, endpoints, user data, cloud apps, and infrastructure. Since MTP’s launch, Microsoft has slowly been polishing the offering by adding new and improved features such as…
Consumers Care About Security – Sometimes
Consumer concern about cybersecurity and privacy is very real but not evenly distributed, a new report shows: while passwords and financial information are worrying for everyone, concern about other information varies widely depending on the individual’s age, gender, and national origin. The RSA Data Privacy & Security Survey 2019 of more than 6,000 adults contains…
Security analytics to reach $12 billion by 2024
Amid a maelstrom of cybersecurity threats and rampant hacking attempts that leverage the power of the IoT against itself, organizations are forced to realize that they are on the losing side of this war. As such, market vendors have no choice but to enhance their cybersecurity arsenal with more sophisticated tools which allow a deeper…
Adobe Patches 87 Vulnerabilities in Acrobat Software
The vulnerabilities impact the Windows and macOS versions of Acrobat and Acrobat Reader DC (Continuous and Classic 2015 tracks), and Acrobat and Acrobat Reader 2017 products. The list of security holes includes various types of critical bugs that can lead to arbitrary code execution, including buffer errors, untrusted pointer dereference, use-after-free, and heap overflow. The…
Cyber-Attacks: How to Stop a Multibillion-Dollar Problem
Where there’s money, there has always been crime. Traditional bank robbery and physical assaults on ATMs are still a challenge, and now a new breed of cyber-enabled theft—using ATMs as the endpoint for cash-outs— has become a multibillion-dollar problem. One recent raid saw $13.5m stolen from India’s Cosmos Bank. Although the FBI issued a warning…
Automating security at AWS: How Amazon Web Services operates with no SOC
Amazon Web Services (AWS) has become one of the largest technology companies in the world. The cloud giant has over 20 data center locations and more than a million customers. Given the size of its customer base, it’s little surprise that outages make the headlines like few other companies. A single human error in 2017…
Cisco Warns of Zero-Day Vulnerability in Security Appliances
The zero-day flaw, tracked as CVE-2018-15454, is related to the Session Initiation Protocol (SIP) inspection engine used in the company’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. A remote and unauthenticated attacker can exploit the vulnerability to cause an affected device to reload or consume CPU resources, resulting in a denial-of-service (DoS)…
7 unexpected ways GDPR and other privacy regulations make security harder
The smallest well-intentioned acts can have significant unintended negative consequences. When those acts have a global impact on individuals and businesses, the unanticipated negative effects could potentially be catastrophic. That’s what some experts fear when it comes to the ability of security teams to do their jobs in the wake of new privacy regulations, in…