A huge database of text messages and user data has been discovered online, completely unprotected and free for anyone to browse.
Found by researchers from vpnMentor, the database belongs to US communications company, TrueDialog. Among the exposed data are not only tens of millions of SMS messages, but also private information including usernames and passwords.
Security experts from Security Research Labs (SRLabs) have warned that carriers are implementing RCS (Rich Communication Services which will supersede SMS) in ways that risk leaving users exposed to all manner of attack.
The German hacking research collective issues the stark warning that "RCS technology exposes most mobile users to hacking". This is not because of inherent problems with the messaging protocol, but with the ways in which it is being implement.
Cyber-attacks represent a real threat to unprotected healthcare mobile apps. The overall operational integrity of these apps is at risk, but there's also a significant risk of malicious attacks on the medical devices themselves, personal health information, and intellectual property.
We spoke to Rusty Carter, VP of product management at Arxan to find out more about the risks and how they can be addressed.
Almost one in four of UK SMEs -- around 1.4 million businesses -- don't have an IT disaster recovery plan in place. Yet, 80 percent of businesses who suffered a major incident ended up failing within within 18 months, according to the Association of British Insurers.
A survey of over 1,100 IT workers by technology services provider Probrand also finds 54 percent reveal that their disaster plan isn't regularly tested to identify and fix any potential flaws in their DR process.
Every year, threat actors will continue to evolve their current tactics, techniques, and procedures (TTPs) that they use in order to exfiltrate customer, company and partner data, interrupt business operations, implant ransomware, and more. In fact, cybercrime damage costs are predicted to hit $6 trillion annually by 2021, according to research from Cybersecurity Ventures. In 2020, as cybercriminals refine their methods, we will continue to see a plethora of breaches occur due to a common vulnerability: misconfigurations.
Despite organizations running an average of 40 percent of their workloads in the public cloud, most companies fail to be able to accurately identify the risk of misconfiguration in public cloud as higher than the risk in traditional IT environments. In the new year we will also see a greater focus placed on identity in cloud security -- a challenge that’s easier said than done, since approaches that worked in traditional data center environments do not translate to the cloud.
Chief information security officers (CISO) are regularly being summoned by the board of directors to provide recommendations for the business, but this doesn’t mean cybersecurity is being prioritized.
A new study of over 300 cybersecurity executives by 451 Research for Kaspersky finds 60 percent of respondents say business leaders need input from their CISO most often when an internal cybersecurity incident happens, while 57 percent schedule meetings with the board on a regular basis, and 56 percent are requested to provide their expert opinions on future IT projects.
Fraudulent browser push notifications as a means of delivering phishing and advertising are becoming more common, up from 1.7 million in January to 5.5 million in September this year according to the latest Kaspersky research.
Push notifications were introduced several years ago as a useful tool to keep site visitors informed with regular updates, but today are often used to bombard people with unsolicited advertisements or encourage them to download malicious software.
We hear a lot about the use of AI in improving security products, but in most cases the assumption is that it will in some way mimic human intelligence.
Finnish company F-Secure is challenging that assumption with an initiative it calls Project Blackfin. This aims to use collective intelligence techniques, such as swarm intelligence, to create adaptive, autonomous AI agents that collaborate with each other to achieve common goals.
There's a lot to be said for enhancing account security with two-factor authentication (2FA) but Twitter has long-insisted that this be done by handing over your phone number -- not something everyone is happy with.
But now the company has announced a change of heart. With immediate effect, Twitter says "you can Starting today, you can enroll in 2FA without a phone number". The move comes after Jack Dorsey's account was hijacked and used to send racist tweets, and just two months after Twitter revealed that 2FA data had 'inadvertently been used for advertising purposes'.
OnePlus has issued a security notice to customers that have used its online store, informing them that their order information has been accessed by an unnamed third party in a security breach.
The company is giving away very little in the way of details about the incident. It is not clear when the data breach happened, who may be responsible, or how many customers are affected. OnePlus says that information such as names, phone numbers, email addresses and shipping addresses have been exposed.
Ethical human hackers supported by machine learning and artificial intelligence are 73 percent more efficient at identifying and evaluating cyber risks and threats according to a new report.
The study from crowdsourced security platform Synack also finds this combination of cybersecurity talent and AI results in 20 times more effective attack surface coverage than traditional methods.
When major cybersecurity incidents make the headlines it's easy to assume that defenders are fighting a losing battle, but in fact a new report from threat intelligence company DomainTools shows that in breaches are down and confidence in security programs is up.
More than 500 cybersecurity professionals were surveyed and the results show 30 percent of respondents gave their program an 'A' grade this year, doubling over two years from 15 percent in 2017. Less than four percent reported a 'D' or 'F'.
A new report from attack surface management company RiskIQ shows attackers will leverage popular brands and unsafe consumer shopping habits in the run up to the peak holiday shopping period.
Of all apps that can be found by searching for terms related to holiday shopping, 951, or two percent, are blacklisted as malicious -- a 20 percent increase.
A survey of more than 1,000 IT security professionals exposes shortcomings in organizations' approach to managing third-party user identity and access that could leave them vulnerable to compromise.
The study by Dimensional Research for One Identity finds that while 94 percent of organizations grant third-party users access to their network, 61 percent admit they are unsure if those users attempted to or successfully accessed files or data they are not authorized to see.
Organizations are being targeted by a mixture of simple, low effort and low-cost attacks along with more sophisticated, targeted campaigns, according to the latest quarterly Threat Intelligence Report from security and compliance specialist Mimecast.
Based on analysis of over 200 billion emails, the report looks at the four main categories of attack types discovered in the quarter: spam, impersonation, opportunistic, and targeted. This quarter's report finds that impersonation attacks are on this rise, accounting for 26 percent of total detections -- and now include voice phishing or 'vishing.'