Data security and privacy
Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.
Top Stories
-
News
22 Sep 2023
Apple issues emergency patches for 3 zero-day bugs
Apple said CVE-2023-41992, CVE-2023-41991 and CVE-2023-41993 -- all reported by Citizen Lab and Google researchers -- might have been exploited against versions of iOS before 16.7. Continue Reading
-
Feature
21 Sep 2023
Palm scanning tech explained: Everything you need to know
Just like fingerprints, your vein patterns are unique. Now, palm scanning technology is using your veins as a new form of identification that's more secure than other biometrics. Continue Reading
-
News
20 Sep 2023
Okta: Caesars, MGM hacked in social engineering campaign
Identity management vendor Okta had previously disclosed that four unnamed customers had fallen victim to a social engineering campaign that affected victims' MFA protections. Continue Reading
-
Podcast
19 Sep 2023
Risk & Repeat: MGM, Caesars casino hacks disrupt Las Vegas
This podcast episode compares the cyber attacks suffered by casino giants MGM Resorts and Caesars Entertainment in recent weeks and the fallout from them. Continue Reading
-
News
18 Sep 2023
Microsoft AI researchers mistakenly expose 38 TB of data
Microsoft said no customer data was affected by the Azure Storage exposure and 'no other internal services were put at risk because of this issue,' which has been mitigated. Continue Reading
-
Tip
14 Sep 2023
How CIOs can build cybersecurity teamwork across leadership
Cross-departmental relationships are key to long-term business success. Discover why CIOs must focus on teamwork with these three C-suite roles for highly effective cybersecurity. Continue Reading
-
News
14 Sep 2023
Caesars Entertainment breached in social engineering attack
Caesars said it took steps after the breach to "ensure that the stolen data is deleted by the unauthorized actor," suggesting it paid a ransom to the attackers. Continue Reading
-
Tip
11 Sep 2023
How to develop a cloud backup ransomware protection strategy
Deploying cloud backups for ransomware protection has become a common security strategy. Here's how to properly vet cloud storage vendors to ensure backups stay secure. Continue Reading
-
News
05 Sep 2023
Ransomware attacks on education sector spike in August
While data breach notifications for MoveIt Transfer customers continued to rise, August also saw ransomware ramp up against schools and universities as classes resumed. Continue Reading
-
Tip
31 Aug 2023
How to recover from a ransomware attack
With a ransomware recovery plan, organizations can act quickly to prevent data loss without descending into chaos. Learn the six steps to incorporate into your plan. Continue Reading
-
News
29 Aug 2023
Cisco VPNs under attack via Akira, LockBit ransomware
Cisco and Rapid7 say ransomware actors LockBit and Akira have apparently been targeting Cisco VPNs not configured for multifactor authentication. Continue Reading
-
Feature
28 Aug 2023
3 ransomware detection techniques to catch an attack
While prevention is key, it's not enough to protect a company's system from ransomware. Reduce damage from attacks with these three ransomware detection methods. Continue Reading
-
Tip
28 Aug 2023
Should companies make ransomware payments?
Once infected with ransomware, organizations face a major question: to pay or not to pay? Law enforcement recommends against it, but that doesn't stop all companies from paying. Continue Reading
-
News
25 Aug 2023
CloudNordic loses most customer data after ransomware attack
The Danish cloud host said the ransomware attack it suffered last week 'has paralyzed CloudNordic completely' and that 'it has proved impossible' to recover more customer data. Continue Reading
-
Tip
18 Aug 2023
Comparing iPhone vs. Android privacy for employee devices
Employee privacy is a crucial factor in mobile device management, and IT should know how device type plays into this. Learn how the privacy features of iOS and Android differ. Continue Reading
-
Podcast
17 Aug 2023
Risk & Repeat: Highlights from Black Hat USA 2023
Black Hat USA 2023 in Las Vegas covered several trends, such as generative AI and cloud security issues, as well as new vulnerabilities, including the Downfall flaw in Intel chips. Continue Reading
-
Feature
16 Aug 2023
Adopt embedded penetration testing to keep IoT devices secure
Regular embedded penetration testing can help discover vulnerabilities before attackers do. The author of 'Practical Hardware Pentesting' explains. Continue Reading
-
Tip
15 Aug 2023
Top 4 information security strategy essentials CIOs need
Right now, hackers are targeting your organization. Fight back by learning how CIOs can create a resilient and strong information security foundation. Continue Reading
-
Tip
14 Aug 2023
5 digital forensics tools experts use in 2023
A data breach prompts law enforcement and affected organizations to investigate. These five digital forensics tools help with evidence collection and incident response. Continue Reading
-
Feature
10 Aug 2023
Why using ransomware negotiation services is worth a try
If stakeholders decide to pay ransom demands, using a ransomware negotiation service could improve the situation's outcome and lower the payout. Continue Reading
-
Answer
09 Aug 2023
Best practices for reporting ransomware attacks
Organizations must decide whether to report ransomware incidents to the authorities and disclose them to the public. Experts weigh in on the options and best practices. Continue Reading
-
News
08 Aug 2023
Google unveils 'Downfall' attacks, vulnerability in Intel chips
Google researcher Daniel Moghimi first reported CVE-2022-40982 and the resulting data leak attacks to Intel in August 2022, but it's taken nearly 12 months to disclose the flaw. Continue Reading
-
Tip
08 Aug 2023
5 steps to ensure HIPAA compliance on mobile devices
IT must implement several measures to comply with HIPAA, and mobile devices can add further complexity to this process. Follow these important steps for mobile HIPAA compliance. Continue Reading
-
News
03 Aug 2023
MoveIt Transfer attacks dominate July ransomware disclosures
Traditional ransomware attacks took a back seat last month, as Clop operators continued to claim victims from the zero-day attacks on MoveIt Transfer customers. Continue Reading
-
Podcast
03 Aug 2023
Risk & Repeat: Microsoft takes heat over Storm-0558 attacks
The Storm-0558 attacks have raised questions about Microsoft's response to a cloud flaw and a stolen MSA key that was used to compromise customer email accounts. Continue Reading
-
Feature
02 Aug 2023
How to detect AI-generated content
AI- or human-generated? To test their reliability, six popular generative AI detectors were asked to judge three pieces of content. The one they got wrong may surprise you. Continue Reading
-
Feature
01 Aug 2023
Infosec experts divided on SEC four-day reporting rule
Professionals in the cybersecurity industry voiced concerns and praises of new incident disclosure rules that allow companies four days to report a "material" cyber attack. Continue Reading
-
Tip
31 Jul 2023
6 ways to support business resilience at your organization
Without enough support, resilience initiatives are unlikely to succeed. Here are six ways individuals and departments can support business resilience. Continue Reading
-
News
31 Jul 2023
CISA details backdoor malware used in Barracuda ESG attacks
CISA said Friday that 'Submarine' is a novel persistent backdoor used in attacks against Barracuda Email Security Gateway appliances vulnerable to CVE-2023-2868. Continue Reading
-
Answer
26 Jul 2023
How do companies protect customer data?
Companies can protect customer data through various technical tools and strategies, like authentication and encryption. But some types of data need more protection than others. Continue Reading
-
News
25 Jul 2023
Thoma Bravo sells Imperva to Thales Group for $3.6B
With the acquisition, Thales looks to expand its Digital Security and Identity business with an increased focus on protecting web applications and API. Continue Reading
-
News
25 Jul 2023
Ivanti EPMM zero-day vulnerability exploited in wild
A zero-day authentication bypass vulnerability in Ivanti Endpoint Manager Mobile was exploited in a cyber attack against a Norwegian government agency. Continue Reading
-
Tip
25 Jul 2023
5 steps to approach BYOD compliance policies
It can be difficult to ensure BYOD endpoints are compliant because IT can't configure them before they ship to users. Admins must enforce specific policies to make up for this. Continue Reading
-
News
24 Jul 2023
Coveware: Rate of victims paying ransom continues to plummet
Incident response firm Coveware said 34% of ransomware victims paid the ransom in Q2 2023, a sharp decline from last quarter and an enormous decline from 2020 and 2019. Continue Reading
-
Podcast
20 Jul 2023
Risk & Repeat: Are data extortion attacks ransomware?
Ransomware gangs are focusing more on data theft and extortion, while skipping the encryption of networks. But should these attacks still be considered ransomware? Continue Reading
-
News
20 Jul 2023
Cyber insurers adapting to data-centric ransomware threats
Cyber insurance carriers and infosec vendors weigh in on how the shift in ransomware tactics is affecting policies and coverage, presenting challenges for enterprises. Continue Reading
-
Tip
19 Jul 2023
7 ways to collect customer data that keep you compliant
Organizations can collect customer data through cookies and sales transactions, but they must be transparent and ensure they follow government regulations for data privacy. Continue Reading
-
Opinion
19 Jul 2023
Using defense in depth to secure cloud-stored data
To better secure cloud-resident data, organizations are deploying cloud-native tools from CSPs and third-party tools from MSPs to achieve a defense-in-depth strategy. Continue Reading
-
News
17 Jul 2023
JumpCloud breached by nation-state threat actor
JumpCloud's mandatory API key rotation earlier this month was triggered by a breach at the hands of a nation-state threat actor that gained access through spear phishing. Continue Reading
-
Tip
13 Jul 2023
The role of Mac file and folder encryption for businesses
IT administrators can enable the Mac FileVault utility across business files and data to provide an extra layer of security and meet compliance standards. Continue Reading
-
News
12 Jul 2023
Chainalysis observes sharp rise in ransomware payments
The rise in total ransomware payments so far this year is a reversal of the decline Chainalysis saw in 2022, when payments fell sharply to $457 million from $766 million in 2021. Continue Reading
-
Podcast
11 Jul 2023
Risk & Repeat: How bad is Clop's MoveIt Transfer campaign?
Clop's data theft and extortion campaign against MoveIt Transfer customers marks some of the most high-profile threat activity this year, but its success level remains unclear. Continue Reading
-
News
11 Jul 2023
Clop's MoveIt Transfer attacks lead to mixed results
Clop's data theft extortion campaign against MoveIt Transfer customers has apparently compromised hundreds of organizations. But it's unclear how many victims have paid ransoms. Continue Reading
-
Opinion
11 Jul 2023
For stronger public cloud data security, use defense in depth
The amount of cloud-resident data is increasing -- and so are the number of challenges to sufficiently secure it, especially within multi-cloud environments. Continue Reading
-
News
06 Jul 2023
CISA: Truebot malware infecting networks in U.S., Canada
CISA warned of Truebot attacks in a joint advisory alongside the FBI, the Canadian Centre for Cyber Security and the Multi-State Information Sharing and Analysis Center. Continue Reading
-
News
05 Jul 2023
June saw flurry of ransomware attacks on education sector
As the school year culminated, ransomware attacks surged across K-12 schools and universities, causing class disruptions and putting sensitive data at risk. Continue Reading
-
News
30 Jun 2023
TSMC partner breached by LockBit ransomware gang
A cyber attack against Chinese systems integrator Kinmax led to the theft of TSMC proprietary data, which LockBit threatened to publish unless TSMC paid a $70 million ransom. Continue Reading
-
News
22 Jun 2023
Apple patches zero days used in spyware attacks on Kaspersky
Two Apple zero days were used in the spyware campaign Kaspersky Lab named 'Operation Triangulation,' which was initially discovered on iOS devices of Kaspersky employees. Continue Reading
-
Feature
22 Jun 2023
10 common cryptocurrency scams in 2023
Some of the latest scams involve rug pulls, Ponzi schemes and phishing. Continue Reading
-
News
21 Jun 2023
May ransomware activity rises behind 8base, LockBit gangs
LockBit was the most active group last month, but NCC Group researchers were surprised by 8base, which started listing victims from attacks that occurred beginning in April 2022. Continue Reading
-
Podcast
20 Jun 2023
Risk & Repeat: More victims emerge from MoveIt Transfer flaw
CISA last week said several federal agencies suffered data breaches resulting from a MoveIt Transfer zero-day vulnerability, though it's unclear what type of data was stolen. Continue Reading
-
Tip
20 Jun 2023
Implement zero trust to improve API security
Not all organizations have an API security strategy in place. Using zero trust in API security is one way to protect APIs and reduce their changes of being attacked. Continue Reading
-
News
16 Jun 2023
U.S. government agencies breached via MoveIt Transfer flaw
CISA Director Jen Easterly said 'several' U.S. agencies suffered intrusions via their MoveIt Transfer instances, but have not seen significant effects from the attacks. Continue Reading
-
News
15 Jun 2023
Chinese nation-state actor behind Barracuda ESG attacks
Mandiant said the zero-day attacks on Barracuda Email Security Gateway appliances were part of a 'wide-ranging campaign in support of the People's Republic of China.' Continue Reading
-
News
14 Jun 2023
State governments among victims of MoveIT Transfer breach
The Clop ransomware gang, which claimed responsibility for multiple data breaches tied to the MoveIT Transfer flaw, said it would delete data stolen from government agencies. Continue Reading
-
News
12 Jun 2023
MoveIT Transfer attacks highlight SQL injection risks
Security vendors say SQL injection flaws, like the zero-day vulnerability recently disclosed by Progress Software, can be challenging for companies to identify and resolve. Continue Reading
-
Tip
09 Jun 2023
Pros and cons of blockchain for ERP
ERP's longevity reaches back to the 1960s, but thanks to blockchain, an old dog may well learn some new business tricks in this ever-changing and modernizing world of technology. Continue Reading
-
Podcast
08 Jun 2023
Risk & Repeat: Moveit Transfer flaw triggers data breaches
Several organizations, predominantly in the U.K., have confirmed data breaches that stemmed from exploitation of the critical Moveit Transfer zero-day vulnerability. Continue Reading
-
News
08 Jun 2023
MoveIt Transfer flaw leads to wave of data breach disclosures
Organizations that have confirmed a data breach tied to the critical MoveIt flaw disclosed in May include the government of Nova Scotia, the BBC and HR software firm Zellis. Continue Reading
-
Tip
08 Jun 2023
How to secure blockchain: 10 best practices
Blockchain has huge potential in the enterprise, but remember all emerging technologies come with their own risks. Consider these 10 best practices for securing blockchain. Continue Reading
-
News
07 Jun 2023
What generative AI's rise means for the cybersecurity industry
ChatGPT's moment in cybersecurity is significant for both technological and marketing reasons. Security analysts and experts have their own reasons why. Continue Reading
-
Tip
07 Jun 2023
Top blockchain attacks, hacks and security issues explained
Blockchain is an attractive target for malicious actors. From blockchain-specific attacks to human vulnerabilities to lack of regulations, these are the top blockchain issues. Continue Reading
-
Tip
06 Jun 2023
9 benefits of cryptocurrency in business
Businesses adopting cryptocurrency can potentially improve their financial liquidity, attract new customers, ensure transaction transparency, reduce fraud and align with Web 3.0. Continue Reading
-
News
06 Jun 2023
Ransomware takes down multiple municipalities in May
City and local governments experienced severe disruptions to public services due to ransomware attacks in May, particularly from the Royal ransomware group. Continue Reading
-
News
06 Jun 2023
Verizon 2023 DBIR: Ransomware remains steady but complicated
Chris Novak, managing director of cybersecurity consulting at Verizon Business, said 2023 was a "retooling year" for ransomware threat actors adapted to improved defenses. Continue Reading
-
Feature
05 Jun 2023
Attack surface reduction rules for Microsoft productivity apps
Attack surface reduction rules in Microsoft Defender for Endpoint help prevent apps from launching executable files and scripts, running suspicious scripts and more. Continue Reading
-
News
01 Jun 2023
Zero-day vulnerability in MoveIt Transfer under attack
Rapid7 observed exploitation of a SQL injection vulnerability in Progress Software's managed file transfer product, which was disclosed this week but has not been patched. Continue Reading
-
Opinion
01 Jun 2023
6 ways Amazon Security Lake could boost security analytics
Amazon's new security-focused data lake holds promise -- including possibly changing the economics around secure data storage. Continue Reading
-
Podcast
25 May 2023
Risk & Repeat: A troubling trend of poor breach disclosures
This Risk & Repeat episode covers three data breach disclosures from Dish Network, Gentex Corporation and Clarke County Hospital and the troubling trends that connect all three. Continue Reading
-
News
24 May 2023
Updated 'StopRansomware Guide' warns of shifting tactics
CISA's updates to the 'StopRansomware Guide' address shifts in the threat landscape as more threat actors skip the encryption step and focus on data theft and extortion. Continue Reading
-
Tip
23 May 2023
How the 3-2-1-1-0 backup rule reflects modern needs
The 3-2-1-1-0 backup rule addresses modern data protection requirements, such as ransomware protection and cloud backup. Find out how it builds on the 3-2-1 rule in this tip. Continue Reading
-
News
22 May 2023
Iowa hospital discloses breach following Royal ransomware leak
Clarke County Hospital revealed that it took network services offline after an attack in April, but did not address the reported data leak by the Royal ransomware gang. Continue Reading
-
Tip
19 May 2023
Top 10 customer data privacy best practices
To ensure customer data remains secure and inaccessible to bad actors, organizations should implement best practices such as frequent data audits and employee trainings. Continue Reading
-
News
19 May 2023
Dish 'received confirmation' ransomware gang deleted stolen data
A line in Dish Network's breach notification sent to affected employees this week suggested the satellite TV provider had paid a ransomware gang to delete stolen data. Continue Reading
-
News
18 May 2023
Gentex confirms data breach by Dunghill ransomware actors
The Dunghill ransomware gang last month claimed responsibility for an attack against Gentex Corporation, which confirmed this week that it suffered a breach several months ago. Continue Reading
-
News
17 May 2023
KeePass vulnerability enables master password theft
KeePass developer Dominik Reichl said the vulnerability should be fixed in KeePass version 2.54, which is expected to release in July along with other security updates. Continue Reading
-
News
16 May 2023
Chinese APT exploits TP-Link router firmware via implant
Check Point Software Technologies said the malicious implant, which it attributed to Chinese APT "Camaro Dragon," was firmware agnostic and could be used against other vendors. Continue Reading
-
Opinion
16 May 2023
Protect against current and future threats with encryption
Current and future cyber threats, such as ransomware, generative AI, quantum computing and an increase in surveillance, are driving the need to secure all data with encryption. Continue Reading
-
News
12 May 2023
Bl00dy ransomware gang targets schools via PaperCut flaw
The Bl00dy ransomware gang is targeting schools via a critical remote code execution flaw present in unpatched instances of PaperCut MF and NG print management software. Continue Reading
-
News
12 May 2023
Experts question San Bernardino's $1.1M ransom payment
While no public safety services were compromised in the ransomware attack on San Bernardino County's Sheriff's Department, the government opted to $1.1 million to threat actors. Continue Reading
-
News
10 May 2023
CISOs face mounting pressures, expectations post-pandemic
Proofpoint's 2023 Voice of the CISO report shows deep concern among executives about impending data loss and exposure from negligent -- and malicious -- employees. Continue Reading
-
News
10 May 2023
Dragos discloses blocked ransomware attack, extortion attempt
Dragos Inc. published a blog post that outlined a likely ransomware attack it stopped this week, though a threat actor obtained 'general use data' for new hires. Continue Reading
-
Podcast
09 May 2023
Risk & Repeat: Ex-Uber CSO Joe Sullivan sentenced
This podcast episode covers the sentencing of former Uber CSO Joe Sullivan over the 2016 breach cover-up, and what it means for other security executives and the industry at large. Continue Reading
-
Tip
09 May 2023
5 major data backup trends to watch
As IT becomes more sophisticated, data backup grows to incorporate, and protect against, the latest advances. Find out which five data backup trends are top of mind for IT teams. Continue Reading
-
News
08 May 2023
Intel BootGuard private keys leaked following MSI hack
Intel said it was "actively investigating" reports that OEM BootGuard keys were stolen and leaked by ransomware actors following a breach at motherboard maker MSI Continue Reading
-
News
08 May 2023
Western Digital confirms ransomware actors stole customer data
Western Digital issued an update late Friday that confirmed customer data was stolen in an attack for which Alphv ransomware actors claimed responsibility. Continue Reading
-
News
05 May 2023
Former Uber CSO Joe Sullivan avoids jail for breach cover-up
A U.S. district judge sentenced former Uber security chief Joe Sullivan to three years of probation and 200 hours of community service for his role in the 2016 breach cover-up. Continue Reading
-
News
04 May 2023
Ransomware attack disrupts Dallas police, city services
The city said less than 200 government devices were compromised by the Royal ransomware attack, though it's unclear if threat actors exfiltrated sensitive data. Continue Reading
-
News
04 May 2023
Ransomware gangs display ruthless extortion tactics in April
Ransomware groups are pressuring enterprises into paying with harsher extortion tactics, contacting individual victims directly and leaking stolen photos and video footage. Continue Reading
-
News
01 May 2023
1Password execs outline shift to passwordless authentication
1Password CEO Jeff Shiner and Anna Pobletts, head of passwordless, discuss the power of passkeys, the adoption challenges ahead, and the threat of generative AI attacks. Continue Reading
-
Feature
28 Apr 2023
It's time to harden AI and ML for cybersecurity
An RSA Conference panel said that now is the time to become proactive against AI and ML adversarial attacks -- before they become more sophisticated. Continue Reading
-
Conference Coverage
24 Apr 2023
RSA Conference 2023 highlights strength through alliances
Follow this RSA 2023 guide from TechTarget Editorial to get pre-conference coverage and stay on top of breaking news and analysis from the infosec world's biggest annual event. Continue Reading
-
News
20 Apr 2023
Fortra completes GoAnywhere MFT investigation
An investigation around the zero-day attack that affected a growing number of victims revealed that activity started earlier than Fortra initially reported. Continue Reading
-
News
20 Apr 2023
DC Health Link breach caused by misconfigured server
Mila Kofman, executive director of the District of Columbia Health Benefit Exchange Authority, blames "human error" for the DC Health Link breach. Continue Reading
-
News
19 Apr 2023
Point32Health confirms service disruption due to ransomware
A ransomware attack interrupted access to services provided by one of New England's largest healthcare insurers, though the scope of affected customers and data remains unknown. Continue Reading
-
Tip
19 Apr 2023
Top 7 data loss prevention tools for 2023
Data loss prevention software is a necessity for most companies. Our guide gives you a quick overview of seven top DLP providers and tells you what works -- and what doesn't. Continue Reading
-
Guest Post
18 Apr 2023
Standardized data collection methods can help fight cybercrime
Implementing standards similar to NERC CIP for the entire cybersecurity industry could make it easier for law enforcement to investigate and prosecute cyber attackers. Continue Reading
-
News
18 Apr 2023
Mandiant: 63% of breaches were discovered externally in 2022
Mandiant said the 2022 increase is most likely affected by the threat intelligence firm proactively investigating threat activity targeting Ukraine last year. Continue Reading
-
Feature
17 Apr 2023
11 cybersecurity tips for business travelers
Don't put your sensitive information at risk when you travel. Learn how to take a few extra precautions with these cybersecurity tips. Continue Reading
-
News
13 Apr 2023
Western Digital restores service; attack details remain unclear
While Western Digital confirmed that it suffered a data breach on March 26, the storage company has not offered details about the attack scope or whether ransomware was involved. Continue Reading
-
News
12 Apr 2023
Cisco provides extra-secure Webex for U.S. government
Cisco will provide a higher-security cloud-based unified communications platform for U.S. national security and defense personnel to monitor classified data, starting in 2024. Continue Reading
-
Answer
12 Apr 2023
How to use a public key and private key in digital signatures
Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures to manage electronic documents. Continue Reading