Data security breaches
Get the latest information on enterprise security data breaches. Learn about data breach laws and regulations, best practices for data breach notification and response plans, the risks of exposed corporate data and personally identifiable information.
Top Stories
-
Feature
05 Nov 2021
The 10 most common ERP security issues and ways to fix them
Today's ERP systems are exposed like never before. Learn about the most common ERP security issues companies are facing and how IT and security teams can address them. Continue Reading
-
News
28 Oct 2021
Twitter details internal Yubico security key rollout
Following last year's breach, Twitter obtained 100% security key enrollment from its 5,500 internal employee accounts within a month of the cutover date. Continue Reading
-
News
17 Aug 2017
NotPetya ransomware impact costs Maersk hundreds of millions
Danish shipping giant A.P. Moller-Maersk said the NotPetya ransomware attacks severely damaged business processes and the impact has been estimated at as much as $300 million in lost revenue. Continue Reading
-
Podcast
28 Jul 2017
Risk & Repeat: Why are Amazon S3 buckets spilling on the web?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the series of enterprise data leaks through misconfigured Amazon S3 buckets and what should be done about them. Continue Reading
-
Answer
25 Jul 2017
ASLR side-channel attack: How is JavaScript used to bypass protection?
Researchers have developed an ASLR Cache side-channel attack that enables them to eliminate ASLR protections. Expert Nick Lewis explains how JavaScript code is used in the attack. Continue Reading
-
News
18 Jul 2017
Another AWS data leakage due to misconfiguration
Dow Jones becomes the latest organization to be affected by an AWS cloud data leakage due to misconfiguration and user error. Continue Reading
-
Answer
13 Jul 2017
How are forged cookies used in attacks on online user accounts?
Yahoo claimed a vulnerability in its email service enabled attackers to use forged cookies to gain access to user accounts. Expert Michael Cobb explains what forged cookies are and how they are used in attacks Continue Reading
-
E-Zine
10 Jul 2017
The best endpoint security practices are evolving and essential
Ever since the first mobile device hit the enterprise network, best endpoint security practices have been a major IT concern. What's happened since then has been a staggering proliferation of the number and types of devices on the network, complicated by increasing numbers of mobile and remote corporate employees, all of which have essentially ended the traditional idea of a corporate network security perimeter. Firewalls and other more traditional security appliances may still be in use, and rightly so, but endpoint security management is more critical than ever in keeping enterprise systems and data safe from malicious actors.
The summer Insider Edition, our Information Security magazine quarterly e-zine, looks at what's new in endpoint security management, from the best endpoint security tools to consider now, and what other efforts beyond tools infosec pros can employ to best secure all those pesky mobile endpoints wandering in and out of corporate corridors.
This Insider Edition offers expert assessments on the endpoint security technology vendors have developed to combat mutating ransomware like WannaCry -- from machine learning to multivendor partnerships to behavior analytics. Also included is an exploration of mobile endpoint security tools like application containers and app wrapping. CISOs must focus now on how the threats, and the technological advances to fight them, are changing and factor these considerations into any endpoint security strategy.
Readers will come away with a deeper understanding of the best endpoint security tools and techniques available and be able to consider the most advanced approaches available to locking down the company data and systems that endpoints can access.
Continue Reading -
Feature
10 Jul 2017
Advanced endpoint protection takes on the latest exploits
Advanced endpoint protection is arriving from all quarters -- machine learning, crafty sandboxes, behavior analytics. Learn how tech advances are being applied to endpoints. Continue Reading
-
Opinion
10 Jul 2017
Do thoughts of your least secure endpoint keep you up at night?
Some days, 'secure endpoint' feels like an oxymoron, but that soon may change. From smart sandboxes to advanced behavior analytics, learn what's new in endpoint security technologies. Continue Reading
-
Answer
19 Jun 2017
How did thousands of MongoDB databases get hijacked?
Thousands of MongoDB configurations were hijacked due to poor authentication practices. Expert Nick Lewis explains how organizations can properly configure their implementations. Continue Reading
-
Tip
15 Jun 2017
Information privacy and security requires a balancing act
Maintaining information privacy and security seem to be separate challenges, but in reality, each is integral to the other. Expert Kevin Beaver explains how to work toward both. Continue Reading
-
Feature
23 May 2017
Learn what breach detection system is best for your network
Breach detection systems are essential in these days of machine learning and artificial intellingence. Learn how to identify the features and functions your network needs. Continue Reading
-
Answer
05 Apr 2017
Insecure OAuth implementations: How are mobile app users at risk?
Mobile apps using insecure OAuth could lead to over one billion user accounts being attacked. Expert Michael Cobb explains how developers can implement OAuth securely. Continue Reading
-
News
21 Mar 2017
FBI investigating Trump campaign ties to Russia, DNC breach
FBI Director James Comey confirmed the bureau is investigating the Trump campaign's ties to the Russian government and election cyberattacks such as the DNC breach. Continue Reading
-
Podcast
03 Mar 2017
Risk & Repeat: Cloudflare bug poses incident response challenges
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the recent Cloudflare bug that leaked an undetermined amount of customer data over several months. Continue Reading
-
News
03 Mar 2017
Cloudflare security team calms fears over Cloudbleed bug
Cloudflare security researchers continue investigations as CEO calms fears over potential exposure of sensitive personal data by the Cloudbleed bug, though doubts remain. Continue Reading
-
News
02 Mar 2017
Employees knew about Yahoo security breach years ago, per new SEC filing
A new SEC filing details who knew about the major Yahoo security breach in 2014, but experts are confused by the repercussions of the announcement. Continue Reading
-
News
24 Feb 2017
Project Zero discovers Cloudflare bug leaking sensitive customer data
The Cloudflare bug in CDN is fixed after causing sensitive customer data to leak. Google Project Zero discovered the flaw, and users were warned to change passwords. Continue Reading
-
Answer
10 Feb 2017
What caused the ClixSense privacy breach that exposed user data?
A privacy breach at ClixSense led to user account details being put up for sale. Expert Michael Cobb explains how companies should be held accountable for their security practices. Continue Reading
-
Answer
18 Jan 2017
How do facial recognition systems get bypassed by attackers?
Researchers found that facial recognition systems can be bypassed with 3D models. Expert Nick Lewis explains how these spoofing attacks work and what can be done to prevent them. Continue Reading
-
Answer
21 Dec 2016
Should one cybersecurity mistake mean the end of a CEO's career?
In one case, a tenured CEO made one cybersecurity mistake and was fired. Expert Mike O. Villegas discusses whether this sets a precedence for enterprises going forward. Continue Reading
-
Quiz
01 Dec 2016
Test your privileged user management knowledge
Test your proficiency in privileged user management. Take this quiz to determine your ability to keep privileged access secure across your organization. Continue Reading
-
Answer
05 Oct 2016
How would a cyberattack information database affect companies?
A proposed cyberattack information database in the U.K. aims to improve cyberinsurance. Expert Mike Chapple explains what collecting data breach information means for U.S. companies. Continue Reading
-
Feature
14 Jul 2016
Cybersecurity blind spots: Mitigating risks and vulnerabilities
Cybersecurity blind spots based in risk and vulnerabilities can be difficult to spot and address. Sean Martin talks with security experts on how to overcome that challenge. Continue Reading
-
Answer
23 Nov 2015
What data breach notification policy should enterprises follow?
A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best practices. Continue Reading
-
News
23 Sep 2015
FBI CISO warns of IoT data breaches
In a keynote address, FBI CISO Arlette Hart tackled the Internet of Things and explained why enterprises need to step up their IoT security efforts. Continue Reading
-
Tip
10 Sep 2015
Improve corporate data protection with foresight, action
Better corporate data protection demands foresight and concrete action. Learn why breach training, monitoring and early detection capabilities can minimize damage when hackers attack. Continue Reading
-
News
28 Aug 2015
Internet of Things security concerns prompt boost in IoT services
News roundup: As Internet of Things concerns become an enterprise reality, one vendor is quick to offer IoT services to combat the risks. Plus: 1% of users create 75% of the risk; Target pays up; Apple devices improperly secured in the enterprise. Continue Reading
-
News
29 Jul 2015
SN blogs: Google OpenStack support could have ulterior motives
Industry analysts speculate about Google's decision to back an OpenStack initiative and discuss the impacts of 'attacktivism.' Continue Reading
-
Feature
25 Jun 2015
How to keep track of sensitive data with a data flow map
Expert Bill Hayes describes how to create a data flow map to visualize where sensitive data is processed, how it transits the network and where it's stored. Continue Reading
-
News
24 Apr 2015
NIST wants help building the one ID proofing system to rule them all
The U.S. government wants to solve the weaknesses in online ID proofing systems, but it needs the help of enterprise and security professionals in order to overcome privacy concerns and other issues. Continue Reading
-
News
18 Mar 2015
Premera hack exposes 11 million financial and medical records
US health insurance firm Premera Blue Cross reveals an IT systems breach, exposing financial and medical records of 11 million customers Continue Reading
-
Answer
12 Feb 2013
What risk does the Apple UDID security leak pose to iOS users?
Expert Michael Cobb details Apple's Unique Device Identifiers, plus why iOS users should be concerned about the Anonymous UDID security leak. Continue Reading
-
News
04 Aug 2011
Missing USB drive, found in pub, contained unencrypted data
The ICO says two housing groups must improve data security after a contractor’s missing USB drive, containing unencrypted data, was found in a pub. Continue Reading
-
Answer
17 Dec 2009
Personally identifiable information guidelines for U.S. passport numbers
Do U.S. passport numbers count as personally identifiable information? Learn more about guidelines for PII in this security management expert response from David Mortman. Continue Reading
-
Tip
05 Nov 2008
Lessons learned: The Countrywide Financial breach
The data breach at Countrywide Financial Corp. seems like something out of a TV crime drama: Two men regularly copied customer data and secretly sold it as leads to other mortgage brokers. The tale suggests that data theft is, more often than not, an inside job. Robert Mullins reviews internal threats, and the authorization and access control practices that can stop them. Continue Reading
-
Answer
04 Mar 2008
What techniques are being used to hack smart cards?
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers. Continue Reading
-
Tip
16 Jan 2008
PCI compliance after the TJX data breach
The massive TJX data breach reinforced the need for stricter controls when handling credit card information. In this tip, Joel Dubin reexamines the need for the PCI Data Security Standard and advises how to ease the PCI compliance burden. Continue Reading
-
Feature
26 Jan 2007
Balancing the cost and benefits of countermeasures
The final tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage published by Realtimepublishers. Continue Reading