Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Chinese e-commerce giant Gearbest exposed user data through unprotected databases. The company has downplayed the incident and blamed it on an error made by a member of its security team. [Read More]
Box enterprise shared links can leak sensitive information if access to them hasn’t been restricted to relevant users only, Adversis security researchers warn. [Read More]
An unprotected MongoDB database was recently found exposing over 800 million records, including email addresses and phone numbers. [Read More]
Runtime encryption company Fortanix has launched a free and open source SDK for building Intel SGX applications. [Read More]
RackTop Systems, a company that provides a platform incorporating data storage, security and compliance, raises $15 million in a Series A funding round. [Read More]
The Dow Jones Watchlist, a dataset of 4.4 Gigabytes, was found exposed in an unprotected Elasticsearch database on an AWS server. [Read More]
Cisco Talos’ security researchers warn of a spike in attacks on unsecured Elasticsearch clusters, coming from six distinct actors. [Read More]
US lawmakers opened a debate Tuesday over privacy legislation in the first step by Congress toward regulation addressing a series of troublesome data protection abuses by tech firms. [Read More]
Many PDF viewers and online validation services contain vulnerabilities that can be exploited to make unauthorized changes to signed PDF documents without invalidating the signature, researchers warn. [Read More]
New California bill aims to close a loophole in the current data breach notification law by requiring organizations to notify users when passport or biometric information has been compromised. [Read More]

FEATURES, INSIGHTS // Data Protection

rss icon

Gunter Ollmann's picture
DLP has always been tricky to deploy and enforce, and most CISOs can freely regale stories of DLP promises and their subsequent failures.
Ellison Anne Williams's picture
Data protection schemes must recognize and secure data as it exists at all points in the processing lifecycle, whether at rest, in transit, or in use.
Torsten George's picture
By implementing the core pillars of GDPR, organizations can assure they meet the mandate’s requirements while strengthening their cyber security posture.
Laurence Pitt's picture
Failure to implement basic cybersecurity hygiene practices will leave retailers vulnerable to damage and fines during a lucrative time for their businesses.
Travis Greene's picture
While GDPR doesn’t require encryption, there are four mentions of encryption in GDPR that provide real incentives for organizations to use encryption.
Preston Hogue's picture
Security teams should think about how company data might connect with data from other organizations or industries and how those combined data sets could be triangulated into a larger picture that ultimately puts you at risk.
Bradon Rogers's picture
While a contract, distributed, partner-oriented workforce and supply chain can create serious risks to your organization, careful implementation of visibility and data protection strategies can help you mitigate many of the risks.
Alastair Paterson's picture
While a boon to productivity, some of the most ubiquitous file sharing services across the Internet are also at the heart of a global problem – publicly exposed data.
Jim Ivers's picture
More vulnerabilities create more attacks; more attacks breed additional fatigue. So how can we wake up and fix the problems creating such a widespread headache?
Justin Fier's picture
When we look at this cycle of stealthy and silent data breaches, we have to ask ourselves: how can such tremendous amounts of data leave our corporate networks without raising any alarms?