The Dropbox data breach is a warning to update passwords

Recent data breaches underline the need for Internet users to regularly update the passwords for all their Internet accounts. On Wednesday, Spotify reset the passwords of an unspecified number of users, just a day after data on 68 million accounts from Dropbox began reaching the Internet. In a notice to users, Spotify said their credentials[…]


Review: SentinelOne blocks and dissects threats

SentinelOne Endpoint Protection Platform (EPP) is an antimalware solution that protects against targeted attacks, malware, and zero-day threats through behavioral analysis and process whitelisting and blacklisting. The client agent, which analyzes the behavior of processes on Windows, OS X, Linux, and Android endpoints, can replace or run alongside other signature-based antimalware solutions. SentinelOne EPP stands[…]

Okta's API access product targets the trend toward services

Okta has changed key parts of its product portfolio to attract new users to its corporate identity management and access control platforms. The startup is launching a new API access management product and revamping its provisioning service to make it easier to change employees’ permissions within a company. The changes, announced at the company’s Oktane conference[…]

5 commonly misunderstood compliance terms

Although vendor-written, this contributed piece does not advocate a position that is particular to the author’s employer and has been edited and approved by Network World editors. In the world of compliance and governance, terms such as certified, compliant and validated have distinct meanings that are often mistakenly used interchangeably.  It is key to understand[…]

BitTorrent client is found distributing Mac-based malware

A popular BitTorrent client called Transmission has again been found distributing Mac-based malware, months after it was used to spread a strand of ransomware. Researchers at security firm ESET have been following a malware called OSX/Keydnap, which can steal passwords, and noticed that it was spreading through Transmission’s official site. Somehow, a version of the[…]

Attackers deploy rogue proxies on computers to hijack HTTPS traffic

Security researchers have highlighted in recent months how the web proxy configuration in browsers and operating systems can be abused to steal sensitive user data. It seems that attackers are catching on. A new attack spotted and analyzed by malware researchers from Microsoft uses Word documents with malicious code that doesn’t install traditional malware, but instead[…]

New ransomware threat deletes files from Linux web servers

A destructive ransomware program deletes files from web servers and asks administrators for money to return them, though it’s not clear if attackers can actually deliver on this promise. Dubbed FairWare, the malicious program is not the first ransomware threat to target Linux-based web servers but is the first to delete files. Another program called Linux.Encoder first[…]

What to look for in endpoint detection and response tools and services

What you need to know Organizations are quickly learning that keeping the bad guys out of an enterprise environment isn’t as simple as deploying firewalls and antivirus. As cybercriminals utilize customized malware and bypass traditional antivirus solutions, it’s become necessary to take a broader and more proactive approach to protect the endpoint. This means real-time[…]

Privacy groups complain to FTC about WhatsApp policy changes

Privacy groups in the U.S. have complained to the Federal Trade Commission that changes last week in WhatsApp’s terms and privacy policy breaks its previous promise that user data collected would not be used or disclosed for marketing purposes. The Electronic Privacy Information Center and the Center for Digital Democracy have described the changes as[…]

Hackers had a chance to hamper voting by deleting records

A U.S. cybersecurity monitor on Monday described another breach of a voter election system just after after a leaked FBI report revealed two similar attacks. In June, anonymous hackers stole administrative login credentials in an unnamed county that would have let them delete voter registration records and prevent citizens from casting ballots. The information comes[…]