Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

An estimated 35,000 Elasticsearch clusters exposed to the public Internet are potential victims to a series ransom attacks that have already hit over 33,000 MongoDB databases. [Read More]
Aerospike Database Server affected by critical and high severity remote code execution and information disclosure vulnerabilities [Read More]
Hacker claims to have stolen 900 Gb of data from Israeli mobile forensics company Cellebrite [Read More]
Google has launched a beta version of a new Cloud Key Management System (KMS) to supplement the existing Google-managed server-side encryption and customer-controlled on-premise key management. [Read More]
Nearly 33,000 MongoDB databases have been hijacked as of today, the latest numbers associated with a series of attack campaigns that have been picking up pace over the past couple of weeks show. [Read More]
The California Department of Insurance said that an investigation into the data breach of health insurance giant Anthem has concluded that a foreign country was behind the attack. [Read More]
An open source tool called “Truffle Hog” helps developers check if they’ve accidentally leaked any secret keys on GitHub [Read More]
The recently reported hijacking of MongoDB databases to hold their content for ransom is picking up pace as more hackers are trying to monetize the attack method, security researchers say. [Read More]
The reports that a hacker breached FBI systems using a Plone zero-day exploit are likely false, said the developers of the CMS [Read More]
A hacker going by the online handle of "Harak1r1" is attempting to monetize on MongoDB databases exposed to the Internet by hijacking them and demanding a ransom for the data [Read More]

FEATURES, INSIGHTS // Data Protection

rss icon

Ashley Arbuckle's picture
The healthcare industry has a lot to gain by digital transformation. However it also has a lot to lose if it doesn’t start with security as a foundation.
Travis Greene's picture
Whether US government officials improve their handling of classified information in the new administration or not, industry can certainty learn from the blunders and reduce risks.
Eddie Garcia's picture
To reduce the chances of falling victim to an insider-driven breach, security and risk professionals should start by learning what their available data can tell them.
Aditya Sood's picture
The cloud is here to stay, and so long as employees use cloud apps from within an organization’s firewall, we’ll always have to wrangle with Shadow IT, Shadow Data and the attendant problems and risks.
Steven Grossman's picture
Beginning November 30, 2016, DoD third party contractors will be required to establish and maintain an insider threat program.
Eddie Garcia's picture
This article explains how to encrypt data in a Hadoop cluster. The tools are available, and if you are brave enough, you could attempt this at home.
Eddie Garcia's picture
A common misconception about native HDFS encryption is the belief that the data is encrypted when written to disk on the data nodes like most disk encryption solutions.
Torsten George's picture
Google Dorking can be used to identify vulnerable systems and trace them to a specific place on the Internet.
Bill Sweeney's picture
Enterprises have to worry about the surface area that is open for attack and the challenge of detecting attacks quickly when they are occurring. In every instance simplification will help.
Wade Williamson's picture
Data science and machine learning models can assess large groups of cyber threats to find the subtle traits they have in common to better protect organizations.