Problem solve

Data security breaches

• Should large enterprises add dark web monitoring to their security policies?

  Security expert Nick Lewis says dark web monitoring can help enterprises gather threat intelligence, but enterprises need to understand how to validate the data they find. Continue Reading

• Is there a viable breach notification tool?

  A breach notification tool from Firefox Monitor and Have I Been Pwned could help consumers understand more quickly if their email or other vital information has been hacked. Continue Reading

• How can a ransomware incident response plan be updated?

  With an increase in ransomware attacks involving cities, the need to update incident response plans has become clear. Learn what organizations should do if infected with ransomware. Continue Reading

• Data breach litigation: What enterprises should know

  Data breach litigation can be highly detrimental to an organization that just suffered a major security incident. Find out what kinds of legal action enterprises could face in the event of a data breach. Continue Reading

• Ransomware recovery methods: What does the NIST suggest?

  Knowing what ransomware recovery methods are available is important as the threat continues to grow. Expert Judith Myerson outlines what the NIST recommends for enterprises. Continue Reading

• How did sensitive data from file-sharing website Docs.com get leaked?

  Many users of the file-sharing website Docs.com were unaware that the sensitive data they uploaded was searchable. Expert Michael Cobb explains how this data leak happened.Continue Reading

• ASLR side-channel attack: How is JavaScript used to bypass protection?

  Researchers have developed an ASLR Cache side-channel attack that enables them to eliminate ASLR protections. Expert Nick Lewis explains how JavaScript code is used in the attack.Continue Reading

• How are forged cookies used in attacks on online user accounts?

  Yahoo claimed a vulnerability in its email service enabled attackers to use forged cookies to gain access to user accounts. Expert Michael Cobb explains what forged cookies are and how they are used in attacksContinue Reading

• How did thousands of MongoDB databases get hijacked?

  Thousands of MongoDB configurations were hijacked due to poor authentication practices. Expert Nick Lewis explains how organizations can properly configure their implementations.Continue Reading

• What is the impact of the Siemens SCADA vulnerability?

  Certain Siemens SCADA products were found to be vulnerable to local privilege escalation. Expert Nick Lewis explains how the SCADA vulnerability works and how to protect your systems.Continue Reading

• Insecure OAuth implementations: How are mobile app users at risk?

  Mobile apps using insecure OAuth could lead to over one billion user accounts being attacked. Expert Michael Cobb explains how developers can implement OAuth securely.Continue Reading

• Risk & Repeat: Cloudflare bug poses incident response challenges

  In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the recent Cloudflare bug that leaked an undetermined amount of customer data over several months.Continue Reading

• What caused the ClixSense privacy breach that exposed user data?

  A privacy breach at ClixSense led to user account details being put up for sale. Expert Michael Cobb explains how companies should be held accountable for their security practices.Continue Reading

• How do facial recognition systems get bypassed by attackers?

  Researchers found that facial recognition systems can be bypassed with 3D models. Expert Nick Lewis explains how these spoofing attacks work and what can be done to prevent them.Continue Reading

• Risk & Repeat: Second Yahoo data breach uncovered

  In this episode of SearchSecurity's Risk & Repeat podcast, the editors discuss the second major Yahoo data breach and what it means for both the company and its users.Continue Reading