New exploits released online that target long-known configuration weaknesses in SAP's NetWeaver platform could pose risks to payroll, invoicing and manufacturing processes, according to researchers at Onapsis. As many as 50,000 companies could be vulnerable.
The latest edition of the ISMG Security Report describes a discussion among "Five Eyes" intelligence agencies at the recent CyberUK conference. Plus, an update on a Huawei 'backdoor' allegation and new research on managing third-party risk.
WikiLeaks founder Julian Assange returned to court on Thursday and told a British judge that he would not voluntarily accept extradition to the U.S. to face a charge of helping to hack into a Pentagon computer, setting up a legal fight that could take months.
Every day needs to be password security day - attackers certainly aren't dormant the other 364 days of the year. But as World Password Day rolls around again, there's cause for celebration as Microsoft finally stops recommending periodic password changes.
On Wednesday, a British judge sentenced WikiLeaks founder Julian Assange to 50 weeks in prison for violating the terms of his bail after he sought political asylum in Ecuador's U.K. embassy in 2012. Now he faces possible extradition to the U.S. to face a charge of "conspiracy to commit computer intrusion."
Citrix says the data breach it first disclosed in early March appears to have persisted for six months before it was discovered and the hackers were ejected. In an ironic twist, the company sells the very products that might have blocked recent credential stuffing and password spraying attacks against it.
Vodafone is disputing a Bloomberg report that security vulnerabilities and backdoors within Huawei networking equipment could have allowed unauthorized access to its fixed-line carrier network in Italy. The report comes as Huawei continues to face concerns over its engineering practices and government ties.
How far does an organization's risk surface extend, and who are the custodians of all that data? A new research report aims to answer those questions. In a joint interview, Kelly White, of RiskRecon and Wade Baker of the Cyentia Institute offer an analysis.
Cybercriminals have stolen customer data from Citycomp, a German IT company whose clients include Oracle, Volkswagen, Airbus, Ericsson, Toshiba British Telecom and many others. After Citycomp didn't pay a ransom, the hackers posted the data online.
JustDial had a second major leak of user information, claims an independent security researcher who earlier this month said he discovered a security loophole in the Mumbai-based hyperlocal search engine. But the company says it has fixed this second vulnerability.
An unsecured database hosted on Microsoft's cloud platform contained personal information on nearly 80 million U.S. households, according to two researchers who found it. What does Microsoft have to say about the mysterious database?
Health insurers and financial institutions across Australia are in the final stretch of preparing for a cybersecurity regulation that looks to put companies on a strong footing amidst an increasingly hostile hacking environment. Here's why compliance with the regulation, CPS 234, is challenging.
The good news is: The development of new malware exploits has slowed considerably. The bad news is: That's because the old ones still continue to work so effectively. Adam Kujawa of Malwarebytes Labs talks about the evolution of ransomware and other successful exploits.
An independent security researcher is warning about a vulnerability in peer-to-peer software used in millions of IoT devices that could allow a hacker to eavesdrop on conversations or turn these items into a botnet.
The Reserve Bank of India is proposing that financial technology firms be allowed to test new products and services that might require the relaxation of certain compliance regulations in what's called a "regulatory sandbox" approach.