Foxit Software reveals data breach that exposed users' email addresses, passwords and more


Foxit Software has revealed that it "recently" suffered a security breach in which private user data was exposed to unnamed third parties. Those whose account have been affected are being contacted and "encouraged to change their passwords".
The company -- famed for PDF applications such as Foxit Reader and PhantomPDF -- does not say when the incident took place, nor how many users are affected, but it explains that "My Account" section of user accounts was exposed. This includes data such as email addresses, passwords, users' names, phone numbers, company names and IP addresses, but not payment information.
Google's bug bounty program now covers any big Android app


Bug bounty programs have become a popular way for developers to track down security issues in software, but big pay-outs are not something that every company can afford.
In a bid to keep its Android platform secure, Google has announced that its own bug bounty program is being expanded to include all big Android apps, regardless of who develops them. The company will reward security researchers who find bugs in any app in the Google Play Store with 100 million or more installs.
Security operations centers face high levels of staff turnover


New research from managed detection and response company CRITICALSTART finds that security operations center (SOC) analysts are being overwhelmed by alerts and this is leading to high rates of analyst turnover.
In the past year, 80 percent of respondents reported SOC turnover of more than 10 percent of analysts, with nearly half reporting between 10 and 25 percent turnover. 35 percent report losing a quarter or more of their SOC analysts in under a year.
Only a quarter of UK firms prioritize security when buying new tech


Only 24 percent of organizations are prioritizing security when it comes to technology investment according to a new report from UK-based software company Advanced.
For the report the company surveyed over 500 senior decision makers working in UK businesses, both SMEs and large enterprises, to explore the state of digital transformation. It shows that just 34 percent admit that regulatory change is triggering the purchase of new technology in their organisation, which is surprisingly low given the introduction of GDPR in May last year.
New solution delivers improved website defenses


DDoS attacks remain a major problem for businesses and can have serious consequences.
Data center services supplier US Signal is launching a new cloud-based offering. Building on the company’s partnership with Cloudflare it delivers a robust, customizable service that protects organizations against online threats including DDoS, ransomware, malicious bots and application-layer attacks.
Looking deep into Magecart


The Magecart JavaScript attack that captures online payment information has been around since 2016. A new study for Arxan Technologies produced by Aite Group takes a detailed look at the attack.
This research follows the trail of servers compromised by Magecart groups, as well as the collection servers to which the sites were actively sending stolen credit card data, in an effort to examine commonalities between victim websites and the tactics, techniques, and procedures used to compromise the servers.
One in four workers would steal information to get a job at a competitor


Would you take information from your employer to help you get a job at a competitor? 24 percent would according to a new survey of almost 500 IT professionals carried out at Blackhat USA 2019.
The survey by behavior-based security specialist Gurucul finds that managed service providers (34 percent) and developers (30 percent) pose the leading sources of third party risk, and that if someone was to commit fraud it would most likely occur in the finance department (32 percent).
Budget and staffing limits mean SMBs struggle with security


SMBs around the world continue to cite budget constraints, paired with a lack of time and personnel to research new security threats, as the main obstacles facing the implementation of their IT security according to a new report.
The study from Untangle Inc studied over 300 SMBs, compiling data on budget and resource constraints, breaches, IT infrastructure, cloud adoption and more.
Apple puts the kibosh on vulnerability that let iPhone users jailbreak iOS 12.4


Apple has released an update to iOS 12.4, plugging a vulnerability that had been reintroduced which allowed for jailbreaking.
iOS 12.4.1 repatches a security flaw which Apple previously fixed and then, inexplicably or accidentally, unpatched. iPhone owners now face a dilemma: upgrade to iOS 12.4.1 and have the most up-to-date, secure operating system, or stick with iOS 12.4 and retain jailbreak.
Over half of social media logins are fraudulent


Social media sites are a popular target for cybercriminals. It shouldn't come as too much of a surprise therefore to find that 53 percent of logins on social media sites are fraudulent and 25 percent of all new account applications are too.
These are among the findings of a study by anti-fraud platform Arkose Labs which analyzed over 1.2 billion transactions spanning account registrations, logins and payments from financial services, e-commerce, travel, social media, gaming and entertainment industries, in real time.
How cloud-based training can help address the cybersecurity skills gap [Q&A]


It's widely acknowledged that there's a skills shortage in the cybersecurity field. Many businesses are looking to address this by training their own security talent, but this in itself can be a challenge.
We spoke to Zvi Guterman, founder and CEO of virtual IT labs company CloudShare to find out how the cloud can help address security training issues.
Web host Hostinger resets 14 million customer passwords following data breach


Hosting company Hostinger has reset passwords for all of its customers after a data breach in which a database containing information about 14 million users was accessed "by an unauthorized third party".
Hostinger says that the password reset is a "precautionary measure" and explains that the security incident occurred when hackers used an authorization token found on one of the company's servers to access an internal system API. While no financial data is thought to have been accessed, hackers were able to access "client usernames, emails, hashed passwords, first names and IP addresses".
Five vendors account for nearly a quarter of all vulnerabilities


Just five major vendors account for 24.1 percent of disclosed vulnerabilities in 2019 so far, according to a new report from Risk Based Security.
The report also reveals that 54 percent of 2019 vulnerabilities are web-related, 34 percent have public exploits, 53 percent can be exploited remotely and that 34 percent of 2019 vulnerabilities don't yet have a documented solution.
Microsoft and others join the Linux Foundation's Confidential Computing Consortium


Microsoft, Google, Red Hat, IBM and Intel are among those to join the newly formed Confidential Computing Consortium (CCC). The new organization will be hosted at the Linux Foundation, having been established to help define and accelerate the adoption of confidential computing.
The company explains that, "confidential computing technologies offer the opportunity for organizations to collaborate on their data sets without giving access to that data, to gain shared insights and to innovate for the common good". Microsoft will be contributing the Open Enclave SDK that allows developers to build Trusted Execution Environment (TEE) applications using a single enclaving abstraction.
Beta bug hunters can bag up to $30k in the Microsoft Edge Insider Bounty program


With a new beta of the Chromium-based version of Edge now available, Microsoft has unveiled details of a new bug bounty program for the browser.
Through the Microsoft Edge Insider Bounty it is possible to earn a maximum payout of $30,000 for discovering vulnerabilities in the Dev and Beta builds of Edge. Microsoft says that it intends to complement the Chrome Vulnerability Reward Program, meaning that any report that affects the latest version of Microsoft Edge but not Chrome will be eligible.
Recent Headlines
BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.
© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.