Real-time protection against API attacks is nonnegotiable for the protection of any web application or digital service that relies on application programming interfaces. Here are some of the most common types of API attacks and strategies for protecting against them in real time.
How much of a risk do hacktivists pose? Hacktivism's heyday was arguably a decade ago. While activists do keep using chaotic online attacks to loudly promote their cause, they're tough to distinguish from fake operations run by governments, including Russia and Iran.
It used to be a stray printer on a network, but today shadow IT comes in all shapes and sizes - and poses serious security threats. Jeff Keating and Jaineesh Davda of FormAssembly discuss how to manage shadow IT and protect your critical data.
Legacy DLP is broken due to excess complexity, extended time to value and misalignment with security and business goals, said Next's Chris Denbigh-White. Addressing insider threats in a meaningful way is one of the biggest data protection challenges for organizations, he said.
While financial fraud has been prevalent for years, businesses still struggle to find it among large pools of data. In this second installment on accounting fraud, a panel of experts discussed the challenges including a lack of resources, skills and tools to identify fraud.
Understanding how your digital health vendors approach cybersecurity, assess and respond to risk, and plan for incident response is critical to protecting your organization. Here is a set of steps to determine if your vendor is serious about their role in protecting patients.
Online sports retailer Sports Warehouse has agreed overhaul its security program and pay a $300,000 fine to New York State after hackers stole 20 years' worth of payment card data and customer information the company was storing in plaintext on its e-commerce server.
The cybercrime economy appears to remain alive and well: Compared to last year, researchers report seeing an increase in the number of known ransomware victims as well as initial access listings, which facilitate such attacks. The impact the takedowns of BreachForums and Genesis remains to be seen.
Warning to criminals: Could that cybercrime service you're about to access really be a sting by law enforcement agents who are waiting to identify and arrest you? That's the message from British law enforcement agents, who say they're running multiple DDoS-for-hire sites as criminal honeypots.
Before he became a chief technical security officer at Qualys, Josh Hankins was a cybersecurity leader in financial services. He learned how security audit failures are increasingly costly, and he devised new strategies for audit preparation. He shares his insights here.
There's much national security ado about how much user data gets collected by the Chinese-owned, wildly popular video-sharing app TikTok. But as France's ban of "recreational apps" from government-issued devices highlights, a bigger-picture approach for combating surveillance is required.
Darktrace has brought in Ernst & Young to review the cybersecurity AI vendor's financial process and controls following bombshell allegations from short seller Quintessential Capital Management. The review comes weeks after QCM claimed that Darktrace overstated its sales, margins and growth rates.
The prolific ransomware group LockBit has been tied to the recent disruption of Britain's national postal system, as Royal Mail reports it remains unable to send international letters or parcels. While LockBit has enjoyed unusual longevity, could this attack be its undoing?
Although small to medium enterprises - SMEs - do not have the security resources larger enterprise possess, they face the same risks. Here are five reasons you should consider consolidating your tech as you strive to find an effective, sustainable security stack that also keeps costs in check.
Many ransomware-wielding attackers are expert at preying on their victims' compulsion to clean up the mess. Witness victims' continuing willingness to pay a ransom - separate to a decryptor - in return from a promise from extortionists that they will delete stolen data. As if.