Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

1.8 billion Internet posts collected by a contractor for the Pentagon were exposed online due to failure to secure an Amazon cloud storage bucket [Read More]
Chinese drone maker DJI and a researcher are in an online battle – which could also turn into a legal battle – over the company’s bug bounty program [Read More]
Apache CouchDB was affected by critical vulnerabilities that could have allowed remote attackers to escalate privileges and execute code [Read More]
Vulnerabilities in the popular WordPress plugin Formidable Forms expose sensitive data and allow hackers to hijack websites [Read More]
Oracle patches several vulnerabilities, including two rated critical, in the Jolt server component of the company’s Tuxedo product [Read More]
Forever 21 investigating payment card breach, but only few details were provided by the company [Read More]
Account takeover study conducted by Google shows that phishing poses the greatest threat to users, followed by keyloggers and third-party breaches [Read More]
Hundreds of apps that use Twilio SDK or REST API include hardcoded credentials that can be used to access millions of calls and text messages [Read More]
Amazon adds five new encryption and security features to its S3 service, including one that alerts users of publicly accessible buckets [Read More]
The recently disclosed crypto flaw affecting Infineon chips takes less time to exploit than initially believed [Read More]

FEATURES, INSIGHTS // Data Protection

rss icon

Eddie Garcia's picture
To reduce the chances of falling victim to an insider-driven breach, security and risk professionals should start by learning what their available data can tell them.
Aditya Sood's picture
The cloud is here to stay, and so long as employees use cloud apps from within an organization’s firewall, we’ll always have to wrangle with Shadow IT, Shadow Data and the attendant problems and risks.
Steven Grossman's picture
Beginning November 30, 2016, DoD third party contractors will be required to establish and maintain an insider threat program.
Eddie Garcia's picture
This article explains how to encrypt data in a Hadoop cluster. The tools are available, and if you are brave enough, you could attempt this at home.
Eddie Garcia's picture
A common misconception about native HDFS encryption is the belief that the data is encrypted when written to disk on the data nodes like most disk encryption solutions.
Torsten George's picture
Google Dorking can be used to identify vulnerable systems and trace them to a specific place on the Internet.
Bill Sweeney's picture
Enterprises have to worry about the surface area that is open for attack and the challenge of detecting attacks quickly when they are occurring. In every instance simplification will help.
Wade Williamson's picture
Data science and machine learning models can assess large groups of cyber threats to find the subtle traits they have in common to better protect organizations.
Tim Layton's picture
The value of identifying your organization’s information out on the Dark Web can serve as a first-line indicator of a new breach that otherwise may go undetected for long periods of time.
Johnnie Konstantas's picture
DLP provides a range of business benefits, including compliance support and intellectual property protection. The concept isn’t a new one, but the ability to put it to use in an easier, more viable manner is.