Data Breaches

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the software. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones. In November 2022, researchers at Google’s Project Zero warned about active attacks on Samsung mobile phones which…

Read More

Splunk adds new security and observability features

Splunk is adding new security and observability features to its Observability Cloud and Mission Control to identify threats and incidents more efficiently. The company’s Observability Cloud, which offers AIops-based infrastructure monitoring, application performance monitoring (APM) and intelligence, will get new features that will help IT operation and development operation teams troubleshoot faster and with increased visibility, to enable a unified approach to incident response, the company said. The company has added new autodetect capabilities inside…

Read More

55 zero-day flaws exploited last year show the importance of security risk management

Deploying security patches as quickly as possible remains one of the best ways to prevent most security breaches, as attackers usually rely on exploits for publicly known vulnerabilities that have a patch available — the so-called n-day exploits. But mitigating the risk from vulnerabilities unknown to the affected software developers and don’t have a patch available — the zero-day flaws — requires a careful analysis of the types of actors exploiting them, the geography and…

Read More

Landmark UK-Israeli agreement to boost mutual cybersecurity development, tackle shared threats

The UK and Israeli governments have signed a landmark agreement to define bilateral relations between the two countries and boost mutual cybersecurity advancement until 2030. The 2030 Roadmap for Israel-UK Bilateral Relations is the culmination of efforts that began with the signing of a Memorandum of Understanding in November 2021 to work more closely over the next decade on security, technology, trade, and defense. The Roadmap seeks to ensure the partnership remains modern and continues…

Read More

Developed countries lag emerging markets in cybersecurity readiness

Organizations in developed countries are not as prepared for cybersecurity incidents compared to those in developing countries, according to Cisco’s Cybersecurity Readiness Index, released today. Countries that were found to be most mature in their overall cybersecurity readiness included Asia-Pacific countries such as Indonesia, with 39% of organizations in what Cisco considers a “mature stage” of security preparedness; Philippines and Thailand, both with 27% of organizations in the mature stage; and India, with 24% of…

Read More

9 attack surface discovery and management tools

Cyber asset attack surface management (CAASM) or external attack surface management (EASM) solutions are designed to quantify the attack surface and minimize and harden it. The goal with CAASM tools is to give the adversary as little information about the security posture of the business as possible while still maintaining critical business services. If you’ve ever watched a heist film, step one in executing the score of the century is casing the place: observing security…

Read More

ForgeRock, Double Secret Octopus offer passwordless authentication for enterprises

ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help eliminate the need for user passwords in large organizations. ForgeRock has partnered with Israel-based Secret Double Octopus to offer the new feature set, designed to allow companies to integrate passwordless technology into enterprise IT infrastructure and provide end users with a unified login approach to all their applications. “While ForgeRock already offers passwordless authentication for…

Read More

ForgeRock, Secret Double Octopus offer passwordless authentication for enterprises

ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help eliminate the need for user passwords in large organizations. ForgeRock has partnered with Israel-based Secret Double Octopus to offer the new feature set, designed to allow companies to integrate passwordless technology into enterprise IT infrastructure and provide end users with a unified login approach to all their applications. “While ForgeRock already offers passwordless authentication for…

Read More

CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws

Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP) program to “proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks.” Once the program identifies vulnerable systems, regional CISA personnel will notify them so they can mitigate the flaws before attackers can cause too much damage.  CISA says it will seek out affected systems using existing services, data sources, technologies, and…

Read More

Why You Should Opt Out of Sharing Data With Your Mobile Provider

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. Here’s a primer on why you might want to do that, and how. Image: Shutterstock Telecommunications giant AT&T disclosed this month that a breach…

Read More