Help us recognize the unsung heroes of the security industry by nominating a security leader to be named one of Security magazine's 2021 Most Influential People in Security! We are looking to highlight enterprise security executives, who through their own organizations and externally, have made significant and influential contributions to the enterprise security profession, continue to push security forward both inside their own organizations and in the industry as a whole.
Peloton’s leaky API has allowed any hacker to obtain any user’s account data — even if that user had set their profile to private.
The vulnerability, which was discovered by security research firm Pen Test Partners, allowed requests to go through for Peloton user account data without checking to make sure the request was authenticated. As a result, the exposed API could let anyone access any Peloton user’s age, gender, city, weight, workout stats, and birthday.
SecureLink and Ponemon Institute today released a new report titled “A Crisis in Third-party Remote Access Security”, revealing the alarming disconnect between an organization’s perceived third-party access threat and the security measures it employees. Findings revealed that organizations are not taking the necessary steps to reduce third-party remote access risk, and are exposing their networks to security and non-compliance risks. As a result, 44% of organizations have experienced a breach within the last 12 months, with 74% saying it was the result of giving too much privileged access to third-parties.
Thursday, May 6 is World Password Day, a day dedicated to promoting safer password practices. Strong password management has been especially important as cyberattacks have skyrocketed since the onset of the pandemic and the switch to remote work. Here, security executives share their insight and tips on how to create and promote safer password practices in the enterprise and among employees.
Lookout, Inc. released a report showing that mobile phishing exposure doubled among financial services and insurance organizations between 2019 and 2020. The Lookout Financial Services Threat Report illustrates that these organizations were not immune to mobile phishing despite an increased adoption of mobile device management (MDM).
Digital Shadows released new research into the movement of cybercriminal marketplaces with a feature on Genesis market. According to the Digital Shadows Photon Research Team, Genesis is a high-profile and trusted repository of digital fingerprints that has grown in popularity since it was launched in beta in 2017. In 2020, Genesis commanded 65% of mentions across criminal forums for fingerprinting services. While other markets have come and gone, Genesis continues to endure and has grown year-on-year. In the last two months alone, more than 5,000 new listings have been added to Genesis, bringing the total number of listings to more than 350,000.
Antisemitic incidents remained at a historically high level across the United States in 2020, with a total of 2,024 incidents of assault, harassment and vandalism reported to ADL (the Anti-Defamation League). While antisemitic incidents declined by 4 percent after hitting an all-time high in 2019, last year was still the third-highest year for incidents against American Jews since ADL started tracking such data in 1979.