11 Oct 2019

AppSec ‘Spaghetti on the Wall’ Tool Strategy Undermining Security

In order to mitigate application security risk, organizations often use a ‘spaghetti on the wall’ approach, meaning that they use lots of different tools and hope for the best, a new Radware report indicates. The most common AppSec solutions are Web Application Firewalls (WAFs, used by 75% of firms), cloud WAF services

Read More
11 Oct 2019

Imperva blames data breach on stolen AWS API key

Last month, cybersecurity firm Imperva announced that the data of a “subset of customers” of Imperva’s Cloud Web Application Firewall was exposed in a “security incident” in September 2017. This week, the company published an analysis of the breach, which shows that the incident was made possible by the company

Read More
11 Oct 2019

Escort forums in Italy and the Netherlands hacked, user data put up for sale

Two European web forums serving sex workers and their customers have been breached by a Bulgarian threat actor who is now selling 330,000 stolen user records on underground marketplaces. The hacker, who uses the moniker InstaKilla, exploited a recently disclosed critical vulnerability in vBulletin in order to steal 300,000 records

Read More
10 Oct 2019

Twitter Uses Phone Numbers, Emails to Sell Ads

Twitter has admitted that it “inadvertently” used an unknown number of email addresses and phone numbers that had been provided by users solely for the purpose of enabling multi-factor authentication, for targeted advertising. The social media firm assured that “no personal data was ever shared externally with our partners or

Read More
04 Oct 2019

How to protect your organization against insider threats

Nearly half (49%) of business executives and 43% of IT decision makers have clicked on a potentially malicious link in an email before verifying that it was safe to do so, according to a new Code42 study[pdf] that highlights the insider threat to companies. In the past year and a

Read More
04 Oct 2019

Being compliant with laws and regulations is not a guarantee against data breaches

A new report[pdf] by Advisera underscores what security consultants have been telling their clients for years: compliance does not guarantee security. The two are closely related however, as 85% of survey respondents agreed. 90% of respondents said that low security awareness among employees due to a lack of relevant training

Read More
03 Oct 2019

Two-Thirds of Firms Have Suffered ERP Data Breaches

A new study by Onapsis and IDC highlights how enterprise resource planning (ERP) applications can undermine the data protection efforts of companies. In the past two years, 64% of businesses that use SAP or Oracle E-Business Suite (EBS) have experienced a breach of their ERP environment. The compromised data often included

Read More
03 Oct 2019

Zendesk announces data breach impacting years-old accounts

Customer service software company Zendesk experienced a data breach in 2016 that impacted around 10,000 corporate customers, the company announced on Wednesday. Zendesk found out about the breach through a third-party and launched an investigation into the matter, which confirmed that the compromised data includes the full names, contact information,

Read More
02 Oct 2019

Data breaches now cost companies an average of $1.41 million

Data breaches keep getting more expensive for enterprises. In 2017, data breaches at enterprises cost $1.23 million on average per incident, but that number rose to $1.41 million in 2018, a new report by Kaspersky shows. In the first half of 2019, around 4,000 data breaches have taken place, affecting

Read More
02 Oct 2019

Six in 10 Global Firms Hit by a Data Breach

In the last three years, 60% of organizations around the world have experienced a breach, and 36% acknowledge that they may have been compromised without realizing it, a new survey[pdf] by Bitdefender indicates. A majority of firms (58%) are worried about their ability to handle a major cybersecurity incident. The study

Read More