Data security and privacy

Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.

Top Stories

Feature 19 Dec 2024
10 cybersecurity predictions for 2025

AI will still be a hot topic in 2025, but don't miss out on other trends, including initial access broker growth, the rise of vCISOs, tech rationalization and more. Continue Reading
By
- Kyle Johnson, Technology Editor
Answer 19 Dec 2024
How bad is generative AI data leakage and how can you stop it?

Mismanaged training data, weak models, prompt injection attacks can all lead to data leakage in GenAI, with serious costs for companies. The good news? Risks can be mitigated. Continue Reading
By
- Chris Tozzi

Definition 08 Apr 2024
backup storage device

A backup storage device is a hardware component for storing copies of data. Continue Reading
By
- Robert Sheldon
- Kinza Yasar, Technical Writer
- Garry Kranz
Podcast 05 Apr 2024
Risk & Repeat: Cyber Safety Review Board takes Microsoft to task

This podcast episode discusses the Cyber Safety Review Board's report on Microsoft and its conclusion that the software giant must overhaul its security culture. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 04 Apr 2024
Thought leaders tips to obtain a secure cloud environment

Securing the cloud ecosystem is a multifaceted endeavor requiring both strategy and cooperation. Learn best practices and practical advice from leading speakers in this space. Continue Reading
By
- Alicia Landsberg, Senior managing Editor
News 04 Apr 2024
Ransomware attacks ravaged municipal governments in March

Many municipalities across the U.S. faced network outages, data breaches and large ransom demands following a flurry of ransomware attacks last month. Continue Reading
By
- Arielle Waldman, News Writer
Tip 04 Apr 2024
Data protection vs. data backup: How are they different?

They might be viewed as separate functions, but data backup should be part of an overall data protection strategy to thwart ransomware and comply with stringent privacy laws. Continue Reading
By
- Kathleen Richards
Tip 03 Apr 2024
How to conduct a data privacy audit, step by step

The vital importance of a data privacy audit can't be underestimated in today's climate of proliferating customer data, more stringent regulations and sophisticated cyber threats. Continue Reading
By
- Jerald Murphy, Nemertes Research
News 03 Apr 2024
Trend Micro: LockBit ransomware gang's comeback is failing

LockBit is struggling to resume operations in part due to the name-and-shame aspect of the international law enforcement operation responsible for the gang's disruption. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 01 Apr 2024
6 business benefits of data protection and GDPR compliance

Complying with GDPR and avoiding severe fines is a primary goal of businesses, but the data governing principles and security tools to achieve compliance yield systemic benefits. Continue Reading
By
- Chris Tozzi
Definition 28 Mar 2024
sensitive information

Sensitive information is data that must be protected from unauthorized access to safeguard the privacy or security of an individual or organization. Continue Reading
By
- Nick Barney, Technology Writer
Feature 28 Mar 2024
11 core elements of a successful data protection strategy

Your organization's data protection strategy might not include all 11 core elements and associated activities, but the important thing is to have a comprehensive strategy in place. Continue Reading
By
- Paul Kirvan
News 27 Mar 2024
Flashpoint observes 84% surge in ransomware attacks in 2023

The threat intelligence vendor anticipates that enterprises will continue to face increases in ransomware activity and data breaches in 2024, with some silver linings ahead. Continue Reading
By
- Arielle Waldman, News Writer
Feature 26 Mar 2024
6 data privacy challenges and how to fix them

Fragmented data protection laws, technology disruptions, AI adoption, data governance and consumer trust are among the complex issues confronting businesses in need of remedies. Continue Reading
By
- Jeff McCormick
Opinion 26 Mar 2024
Top 6 data security posture management use cases

Data security posture management is a top 10 security issue for 2024, according to research. Check out the top six use cases for DSPM and weigh in on other possibilities. Continue Reading
By
- Todd Thiemann, Senior Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 22 Mar 2024
Data protection impact assessment template and tips

Conducting a data protection impact assessment is key to evaluating potential risk factors that could pose a serious threat to individuals and their personal information. Continue Reading
By
- Paul Kirvan
News 22 Mar 2024
'GoFetch' attack spells trouble for Apple M-series chips

Academic researchers discovered a hardware optimization feature called 'data memory-dependent prefetcher' could be abused to extract secret encryption keys from vulnerable systems. Continue Reading
By
- Rob Wright, Senior News Director
News 21 Mar 2024
NCC Group: Ransomware attacks jump 73% in February

While NCC Group expected an increase in ransomware attacks from January to February, year-over-year data showed just how persistent the threat is to enterprises. Continue Reading
By
- Arielle Waldman, News Writer
Podcast 19 Mar 2024
Risk & Repeat: Microsoft's Midnight Blizzard mess

This podcast episode discusses the latest disclosure from Microsoft regarding Midnight Blizzard, which accessed internal systems, source code and some cryptographic secrets. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 19 Mar 2024
How to manage third-party risk in the cloud

Third parties, including CSPs, remain a weak point in the supply chain. Adding CSPs into your organization's third-party risk management processes is crucial. Continue Reading
By
- Dave Shackleford, Voodoo Security
Feature 15 Mar 2024
The importance of ethics in information management

Advancements in data collection and processing may tempt information management professionals to use as much customer data as possible. Yet, more data use means less privacy. Continue Reading
By
- Tim Murphy
- Kogan Page
Definition 14 Mar 2024
cloud encryption

Cloud encryption is a service cloud storage providers offer whereby a customer's data is transformed using encryption algorithms from plaintext into ciphertext and stored in the cloud. Continue Reading
By
- Cameron Hashemi-Pour, Site Editor
- Michael Cobb
- Rachel Kossman, TechTarget
Podcast 13 Mar 2024
Risk & Repeat: CISA hacked via Ivanti vulnerabilities

The compromise of two internal CISA systems comes on the heels of ongoing attacks and developments related to two zero-day vulnerabilities Ivanti disclosed in January. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 13 Mar 2024
What is cryptography?

Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is intended can read and process it. Continue Reading
By
- Kathleen Richards
News 12 Mar 2024
Sophos: Remote ransomware attacks on SMBs increasing

According to new research from Sophos, small businesses are seeing a rise in threats such as remotely executed ransomware attacks, malvertising, driver abuse and more. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 12 Mar 2024
asymmetric cryptography

Asymmetric cryptography, also known as public key cryptography, is a process that uses a pair of related keys -- one public key and one private key -- to encrypt and decrypt a message and protect it from unauthorized access or use. Continue Reading
By
- Kate Brush
- Michael Cobb
News 11 Mar 2024
CISA confirms compromise of its Ivanti systems

CISA said that approximately one month ago, it identified 'activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 Mar 2024
Midnight Blizzard accessed Microsoft systems, source code

Microsoft said Midnight Blizzard used data stolen from a breach of its corporate email system to access other parts of the company's network, including source code repositories. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 07 Mar 2024
Risk & Repeat: Alphv/BlackCat's chaotic exit (scam)

This podcast episode discusses the possible exit scam of ransomware-as-a-service gang Alphv/BlackCat, as well as the chaotic months the gang had leading up to its closure. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 05 Mar 2024
Alphv/BlackCat leak site goes down in possible exit scam

An Alphv/BlackCat affiliate accused the ransomware gang of stealing a ransom payment worth more than $20 million that may have been obtained in the Change Healthcare attack. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 05 Mar 2024
Inside an Alphv/BlackCat ransomware attack

Sygnia researchers investigated an intrusion in a client's network and discovered an Alphv/BlackCat ransomware actor had been lurking in the environment for weeks. Continue Reading
By
- Rob Wright, Senior News Director
Feature 04 Mar 2024
Infosec pros weigh in on proposed ransomware payment bans

Whether for or against a payment ban, security professionals are concerned regulations could negatively affect victims and result in fewer incident disclosures. Continue Reading
By
- Arielle Waldman, News Writer
News 04 Mar 2024
LockBit, Alphv/BlackCat highlight February ransomware activity

With events surrounding the LockBit and Alphv/BlackCat gangs and the ConnectWise ScreenConnect flaws, ransomware activity continues this year after a surge in 2023. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 29 Feb 2024
phishing

Phishing is a fraudulent practice in which an attacker masquerades as a reputable entity or person in an email or other form of communication. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
News 28 Feb 2024
Alphv/BlackCat attacking hospitals following FBI takedown

The ransomware attacks against hospitals and the healthcare sector come after law enforcement agencies, led by the FBI, disrupted Alphv/BlackCat's network in December. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 27 Feb 2024
Risk & Repeat: LockBit resurfaces after takedown

LockBit returns just days after an international law enforcement operation infiltrated the ransomware gang's network and seized infrastructure, source code and decryption keys. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 27 Feb 2024
Ransomware gangs exploiting ConnectWise ScreenConnect flaws

Ransomware activity is ramping up against vulnerable ScreenConnect systems as Black Basta and Bl00dy threat actors were observed exploiting the vulnerabilities. Continue Reading
By
- Arielle Waldman, News Writer
News 26 Feb 2024
LockBit restores servers following law enforcement takedown

Law enforcement agencies last week announced a takedown of the LockBit ransomware gang that involved the seizure of servers, websites and decryption keys, as well as two arrests. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 26 Feb 2024
data broker (information broker)

A data broker, also called an information broker or information reseller, is a business that collects large amounts of personal information about consumers. Continue Reading
By
- Robert Sheldon
Tip 22 Feb 2024
IoMT device tips for healthcare IT departments

Healthcare providers' IT departments must keep an ever-expanding range of IoT devices powered on, connected and secure. Challenges abound, but they are surmountable. Continue Reading
By
- Dan Jones
Definition 22 Feb 2024
cybersecurity

Cybersecurity is the practice of protecting internet-connected systems such as hardware, software and data from cyberthreats. Continue Reading
By
- Sharon Shea, Executive Editor
- Alexander S. Gillis, Technical Writer and Editor
News 21 Feb 2024
Apple unveils PQ3 post-quantum encryption for iMessage

Apple said its new PQ3 protocol for iMessage is the first of its kind and addresses both future threats from quantum computing as well as "harvest now, decrypt later" attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 20 Feb 2024
Operation Cronos dismantles LockBit ransomware gang

An international law enforcement operation led by the U.K.'s National Crime Agency seizes LockBit's websites, servers, source code and decryption keys. Continue Reading
By
- Rob Wright, Senior News Director
Definition 20 Feb 2024
Advanced Encryption Standard (AES)

The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified information. Continue Reading
By
News 15 Feb 2024
Ransomware disrupts utilities, infrastructure in January

Ransomware attacks last month caused outages and disruptions at public sector and critical infrastructure organizations as well as a major financial services firm. Continue Reading
By
- Arielle Waldman, News Writer
Tip 14 Feb 2024
What is cybersecurity mesh and how can it help you?

The concept of cybersecurity mesh could help solve and simplify issues created by multi-cloud deployments and the increase in remote work environments. Continue Reading
By
- Ed Moyle, Drake Software
News 13 Feb 2024
Iranian cyberattacks targeting U.S. and Israeli entities

Google said Tuesday that state-backed Iranian actors targeted the U.S. and Israel consistently in the years prior to the start of the Israel-Hamas war as well as the months after. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Feb 2024
Proofpoint: 'Hundreds' of Azure accounts compromised

Proofpoint researchers found that the attackers manipulated the MFA of compromised accounts, registering their own methods to maintain persistent access. Continue Reading
By
- Rob Wright, Senior News Director
Feature 13 Feb 2024
Ransomware preparedness kicks off 2024 summit series

BrightTALK commenced the new year with ransomware readiness, giving viewers workable tips to prevent and recover from a devastating attack. Check out some highlights here. Continue Reading
By
- Alicia Landsberg, Senior managing Editor
Tip 12 Feb 2024
Top metaverse cybersecurity challenges: How to address them

As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Tip 09 Feb 2024
Top 7 data loss prevention tools for 2024

Data loss prevention software is a necessity for most companies. Our guide gives you a quick overview of seven top DLP providers and tells you what works -- and what doesn't. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Definition 09 Feb 2024
mobile security (wireless security)

Mobile security, also known as wireless security, refers to the measures taken to protect smartphones, tablets, laptops, smartwatches and other portable computing devices and the networks they connect to, from threats and vulnerabilities associated with wireless computing. Continue Reading
By
- Kinza Yasar, Technical Writer
- Brien Posey
- Ivy Wigmore
News 08 Feb 2024
NCC Group records the most ransomware victims ever in 2023

Enterprises faced an alarming number of ransomware attacks as gangs targeted supply chains and took advantage of zero-day vulnerabilities and organizations' patching struggles. Continue Reading
By
- Arielle Waldman, News Writer
News 07 Feb 2024
Chainalysis: 2023 a 'watershed' year for ransomware

Chainalysis said ransomware payments ballooned to reach $1.1 billion in 2023, marking a complete reversal from the decline in ransomware payments seen the year prior. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 07 Feb 2024
encryption

Encryption is the method by which information is converted into secret code that hides the information's true meaning. Continue Reading
By
- Robert Sheldon
- Peter Loshin, Former Senior Technology Editor
- Michael Cobb
News 06 Feb 2024
Google: Spyware vendors are driving zero-day exploitation

Google's Threat Analysis Group urged further government action against commercial surveillance vendors that let customers abuse spyware products with impunity. Continue Reading
By
- Arielle Waldman, News Writer
News 05 Feb 2024
AnyDesk hacked, details unclear

Of the hack, AnyDesk said it found 'no evidence that any end-user devices have been affected.' But researchers said they saw AnyDesk customer credentials for sale on the dark web. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 02 Feb 2024
communications security (COMSEC)

Communications security (COMSEC) is the prevention of unauthorized access to telecommunications traffic or to any written information that is transmitted or transferred. Continue Reading
By
- Paul Kirvan
- Ben Cole, Executive Editor
News 01 Feb 2024
CISA deputy director touts progress, anti-ransomware efforts

In this Q&A, CISA Deputy Director Nitin Natarajan shares his thoughts on scaling up to meet high demand, the agency's new initiative to address ransomware and more. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 31 Jan 2024
security operations center (SOC)

A security operations center (SOC) is a command center facility in which a team of information technology (IT) professionals with expertise in information security (infosec) monitors, analyzes and protects an organization from cyberattacks. Continue Reading
By
- Paul Kirvan
- Sarah Lewis
News 30 Jan 2024
Corvus: 2023 was a 'record-breaking' ransomware year

The insurance company analyzed claims data and ransomware gangs' data leak sites, which suggests as many as 7,600 organizations across the globe were attacked in 2023. Continue Reading
By
- Arielle Waldman, News Writer
Feature 30 Jan 2024
Security executives slam Microsoft over latest breach

Criticisms about Microsoft's breach include the lack of multifactor authentication on the targeted account and the company's approach to disclosing information about the attack. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 29 Jan 2024
Citizen Lab details ongoing battle against spyware vendors

At the SANS Cyber Threat Intelligence Summit, Citizen Lab researcher Bill Marczak discusses spyware proliferation from commercial vendors such as NSO Group, Cytrox and Quadream. Continue Reading
By
- Arielle Waldman, News Writer
Tip 29 Jan 2024
What is attack surface management and why is it necessary?

Attack surface management approaches security from the attacker's perspective. Learn how ASM can help better secure your organization's assets and resources. Continue Reading
By
- Michael Cobb
Tip 29 Jan 2024
Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
News 26 Jan 2024
Microsoft: Legacy account hacked by Russian APT had no MFA

Microsoft has begun notifying other organizations that have been targeted in recent attacks by Midnight Blizzard, a Russian nation-state actor also known as Cozy Bear and APT29. Continue Reading
By
- Alexander Culafi, Senior News Writer
- Rob Wright, Senior News Director
Definition 26 Jan 2024
digital forensics and incident response (DFIR)

Digital forensics and incident response (DFIR) is a combined set of cybersecurity operations that incident response teams use to detect, investigate and respond to cybersecurity events. Continue Reading
By
- Sean Michael Kerner
News 25 Jan 2024
HPE breached by Russian APT behind Microsoft hack

HPE suspects that Cozy Bear, a Russian state-sponsored threat actor also known as Midnight Blizzard and Nobelium, breached its network twice in 2020. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 24 Jan 2024
NCSC says AI will increase ransomware, cyberthreats

While other threats are likely to increase as well, the U.K.'s National Cyber Security Centre warns that threat actors will use AI to continue the influx of ransomware attacks. Continue Reading
By
- Arielle Waldman, News Writer
Definition 24 Jan 2024
encryption key management

Encryption key management is the practice of generating, organizing, protecting, storing, backing up and distributing encryption keys. Continue Reading
By
- Rahul Awati
- Ed Hannan
News 23 Jan 2024
Attacks begin on critical Atlassian Confluence vulnerability

Exploitation activity for CVE-2023-22527 marks the third time in four months that a critical Atlassian Confluence flaw has gained threat actors' attention. Continue Reading
By
- Arielle Waldman, News Writer
News 22 Jan 2024
Microsoft breached by Russian APT behind SolarWinds attack

Several email accounts belonging to Microsoft senior leadership were accessed as part of the breach, though Microsoft found 'no evidence' of customer environments being accessed. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 18 Jan 2024
CISA posts incident response guide for water utilities

In its guide, CISA urged water and wastewater sector utility operators to harden their security posture, increase information sharing and build incident response plans. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 18 Jan 2024
Chainalysis observes decrease in cryptocurrency crime in 2023

During 2023, Chainalysis tracked a decrease in the total value and volume of illicit cryptocurrency transactions. But it is unclear if the downward trend will continue. Continue Reading
By
- Arielle Waldman, News Writer
News 17 Jan 2024
Google, researchers in dispute over account hijacking attacks

Google disputes aspects of threat research that CloudSEK published last month claiming threat actors are maintaining persistence after hijacking Google user accounts. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 12 Jan 2024
How to recycle mobile phones in the enterprise

Mobile device disposal requires careful planning. IT teams must learn how to recycle mobile phones to keep e-waste out of landfills and enterprise data out of the wrong hands. Continue Reading
By
- Marius Sandbu, Sopra Steria
Tip 11 Jan 2024
How to securely recycle enterprise computers

No matter how an organization wants to retire a device when it reaches its end of life, IT must first ensure that any sensitive data on it has been properly destroyed. Continue Reading
By
- Marius Sandbu, Sopra Steria
News 10 Jan 2024
China claims it cracked Apple's AirDrop, can track senders

The flaw used by Chinese researchers to crack Apple's AirDrop encryption was reported to the company in 2019 by researchers at German university TU Darmstadt. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 09 Jan 2024
Amsterdam arrest leads to Babuk Tortilla ransomware decryptor

A joint effort by Cisco Talos, Avast and Dutch law enforcement results in an all-encompassing Babuk ransomware recovery key and the arrest of a threat actor. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Jan 2024
Account hijacking, cryptocurrency scams spread on X

One company that had its account stolen and used for cryptocurrency scams, CertiK, said it was hacked through a phishing attack from a journalist's compromised account. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 09 Jan 2024
How to fix the top 5 cybersecurity vulnerabilities

Check out how to fix five top cybersecurity vulnerabilities to prevent data loss from poor endpoint security, ineffective network monitoring, weak authentication and other issues. Continue Reading
By
- Dave Shackleford, Voodoo Security
Definition 08 Jan 2024
NIST Cybersecurity Framework

The NIST Cybersecurity Framework (CSF) provides guidance on how to manage and reduce IT infrastructure security risk. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Feature 08 Jan 2024
How to become an incident responder: Requirements and more

Incident response is a growth area that provides career advancement options and a good salary. Here's an in-depth look at job requirements, salaries and available certifications. Continue Reading
By
- Ed Moyle, Drake Software
News 04 Jan 2024
December ransomware attacks disrupt healthcare organizations

Two attacks last month exposed the sensitive information of more than 3 million individuals as ransomware attacks continued to disrupt networks and expose private data. Continue Reading
By
- Arielle Waldman, News Writer
Definition 02 Jan 2024
identity theft

Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, to impersonate someone else. Continue Reading
By
- Ben Lutkevich, Site Editor
Definition 27 Dec 2023
email signature

An email signature -- or signature block or signature file -- is the short text that appears at the end of an email message to provide more information about the sender. Continue Reading
By
- Pat Brans, Pat Brans Associates/Grenoble Ecole de Management
News 21 Dec 2023
10 of the biggest ransomware attacks in 2023

Ransomware attacks against U.S. organizations hit record levels this year as threat actors stepped up extortion tactics and took shaming victims to new levels. Continue Reading
By
- Arielle Waldman, News Writer
Definition 21 Dec 2023
What is the CIA triad (confidentiality, integrity and availability)?

The CIA triad refers to confidentiality, integrity and availability, describing a model designed to guide policies for information security within an organization. Continue Reading
By
- Cameron Hashemi-Pour, Site Editor
- Wesley Chai
News 19 Dec 2023
FBI leads Alphv/BlackCat takedown, decrypts victims' data

The latest law enforcement effort to halt the surge of ransomware attacks was successful in disrupting one of the most active ransomware-as-a-service groups. Continue Reading
By
- Arielle Waldman, News Writer
Feature 14 Dec 2023
9 cybersecurity trends to watch in 2024

Analysts are sharing their cybersecurity trends and predictions for 2024. From zero-day attacks to generative AI security and increased regulations, is your organization ready? Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 13 Dec 2023
12 key cybersecurity metrics and KPIs for businesses to track

IT security managers need to monitor cybersecurity efforts and make sure they're effective. These 12 metrics and KPIs will help show what's working -- and what isn't. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 13 Dec 2023
How ransomware gangs are engaging -- and using -- the media

New Sophos research shows that ransomware groups are not only attacking technical systems, but taking advantage of information systems as well to pressure victims into paying. Continue Reading
By
- Arielle Waldman, News Writer
News 05 Dec 2023
Exposed Hugging Face API tokens jeopardized GenAI models

Lasso Security discovered more than 1,600 exposed Hugging Face API tokens provided access to generative AI and large-language models contained in hundreds of repositories. Continue Reading
By
- Rob Wright, Senior News Director
News 05 Dec 2023
Ransomware ramps up against private sector in November

Ransomware disclosures and reports increased again in November, with the most disruptive and dangerous attacks occurring against healthcare organizations. Continue Reading
By
- Arielle Waldman, News Writer
Feature 01 Dec 2023
How to solve 2 MFA challenges: SIM swapping and MFA fatigue

While MFA improves account security, attacks still exploit it. Learn about two MFA challenges -- SIM swapping and MFA fatigue -- and how to mitigate them. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Definition 30 Nov 2023
privacy policy

A privacy policy is a legal document that explains how an organization handles any customer, client or employee information gathered in its operations. Continue Reading
By
- Gavin Wright
News 30 Nov 2023
Black Basta ransomware payments exceed $100M since 2022

Insurance provider Corvus and blockchain analytics vendor Elliptic partnered to examine how much damage the Black Basta ransomware group has caused in less than two years. Continue Reading
By
- Arielle Waldman, News Writer
News 29 Nov 2023
Okta: Support system breach affected all customers

Okta warned customers that they face an 'increased risk of phishing and social engineering attacks' after new details emerged from a breach that occurred earlier this year. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Nov 2023
Europol, Ukraine police arrest alleged ransomware ringleader

Europol and Ukraine's National Police arrested the alleged leader of a ransomware gang last week, along with four accomplices, dismantling the cybercrime group. Continue Reading
By
- Arielle Waldman, News Writer
News 27 Nov 2023
Threat actors targeting critical OwnCloud vulnerability

Researchers observed exploitation attempts against a vulnerability affecting OwnCloud's Graph API app, highlighting threat actors' continued focus on file-sharing products. Continue Reading
By
- Arielle Waldman, News Writer
Feature 27 Nov 2023
How passwordless authentication aids identity security

Enterprise Strategy Group's Jack Poller discusses survey results on user authentication practices and explains the security benefits of passwordless methods. Continue Reading
By
- Craig Stedman, Industry Editor
News 22 Nov 2023
CISA relaunches working group on cyber insurance, ransomware

Following a hiatus, the Cybersecurity Insurance and Data Analysis Working Group will relaunch in December to determine which security measures are most effective to reduce risk. Continue Reading
By
- Arielle Waldman, News Writer