Leaders from both the private and public sectors united to oppose a brief filed with the Supreme Court that they say could peg independent security researchers as threats –
and criminals.
An automated campaign Magecart campaign against 2,000 Magento stores over the weekend compromised the private information of thousands of customers and may very well be the largest attack of its kind since 2015. The hacks were typical Magecart attacks, but since many of the stores victimized had no prior history of security incidents, “this suggests…
Are organizations better off today than they were three years ago when a devastating breach at Equifax exposed sensitive customer data and poor security practices in equal measure? The consensus among experts is that companies still have a ways to go. “Unfortunately, not much has changed,” said Greg Foss, senior threat researcher from VMware Carbon…
A duo of vulnerabilities discovered in the MAGMI Magento plugin could result in remote code execution (RCE) on vulnerable sites using Magento. The flaws in the Magento database client used for raw bulk operations on online store models were found by researcher Enguerran Gillier, a member of the Tenable Web Application Security Team, according to…
Apple appears to have inadvertently approved OSX.Shlayer malware as part of the security notarization process it has touted would boost user confidence that the Developer ID-signed software they distribute has the innovative tech giant’s seal of approval. “While it is unclear “what the Shlayer folks did to get their malware notarized,” essentially Apple’s process “allowed…
While security leaders often pay with their jobs for lapses that lead to breaches at their companies (think Target and Uber), organizations long have struggled with how to handle everyday employees who step outside the bounds of security protocols.
IBM will pony up $1 million worth of technology to the city of Los Angeles for COVID-19 contact tracing, and The Weather Channel app will change its privacy practices regarding use of user location data. The changes come with the settlement of a lawsuit that accused the app of misleading users as to how their…
Security teams should brace for a potential onslaught of ransomware attacks – more troubling as workforces operate remotely during the pandemic – after the public-facing profiles of 235 million TikTok, Instagram and YouTube users were exposed through a misconfigured database. “Since everybody is working remotely, those phishing attacks can compromise a personal device, which then…
With no common framework in place defining how to protect personal information across the Atlantic, U.S. companies may be forced to silo data about European customers.
Utilities are gearing up to meet the security requirements laid out in the Critical Infrastructure Protection (CIP) Security Compliance Standards: NERC Critical Infrastructure (NERC-CIP) standards and waiting to see how a presidential executive order, also designed at securing bulk power systems (BPS), shakes out. That’s created an opportunity for the Asset to Vendor Network Power…
