Mozilla, which maintains the Firefox browser, says an attacker infiltrated its bug-tracking tools, stole information on an unpatched flaw, and exploited users for at least three weeks, before the flaw was patched.
With automation and the increasing economic feasibility of launching targeted attacks on a small scale, tier-II and III organizations housing data need to start getting concerned, says Gartner's Ahlm.
With enterprises increasingly concerned about advanced persistent threats, ISMG speaks to experts for recommendations on building APT resilience in their organizations - both immediate and long-term.
Sony Pictures Entertainment has reached a tentative deal to settle a class-action lawsuit filed against it, stemming from its 2014 data breach, which resulted in the leak of personal information for up to 50,000 employees.
More hackers are exploiting remote-access and network vulnerabilities, rather than installing malware to invade networks and exfiltrate data, says Dell SecureWorks' researcher Phil Burdette. That's why conventional breach-detection tools aren't catching the intrusions.
Policymakers must consider three factors before imposing sanctions in retaliation for state-backed hacks: Confidence in its attribution of responsibility, the impact of the incident and the levers of national power at a state's disposal.
Singapore's leading privacy experts debate the merits of mandatory disclosure of data breaches. Should breach notification be a regulatory requirement when critical data is compromised or at risk?
The Ashley Madison breach offers important lessons for all organizations about safeguarding customer information, storing passwords, securing the supply chain and avoiding bad technology decisions.
Underground cybercrime forums continue to evolve, offering services ranging from cybercrime toolkits and money laundering to bulletproof hosting and a service that reviews exfiltrated data for corporate secrets, says cybersecurity analyst Tom Kellermann of Trend Micro.
The departure of Noel Biderman as CEO of Avid Life Media, parent company of the infidelity website Ashley Madison, represents a growing recognition of corporate executives' responsibility for data security.
Beyond APT30, another advanced threat group appears to be at work in India and the SEA region, targeting critical information assets. However, APT resiliency is not yet a part of the security lexicon, experts say.
CISOs who want to keep more cyber-attacks from succeeding should focus on decreasing the half-life of vulnerabilities, which refers to the amount of time it takes half of all systems affected by a vulnerability to get patched. That's the advice from Qualys' Wolfgang Kandek.
Breached dating site Ashley Madison is offering a $500,000 reward for information relating to the attack. The FBI, which is leading the investigation, is treating the breach as a national-security matter.
The Ashley Madison hackers have released a third data dump, and security experts warn that spam campaigns and extortion attacks now target supposed users of the dating site, sometimes demanding bitcoins - or else.
To help mitigate the risk that blackmail and extortion campaigns might target employees, employers' security teams must regularly review post-breach data dumps as well ramp up enforcement of their corporate security policies, says Stephen Coty of Alert Logic.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.
