What a week we’re having – and it’s only Thursday! RSA has been action-packed, meeting with customers, showing off our new product enhancements, and booking time with new prospects. Interest in API security is running at an all-time high, as more organizations recognize what Salt saw years ago, that APIs entirely upend the security playing field!
Analysis on 3,000 websites and over 100,000 associated webpages (using the client-side security scanning feature of Feroot Inspector) revealed that pixels/trackers are collecting and/or transferring data prior to the explicit consent (e.g., cookie acceptance) of a website user. (While some do not require actual consent for one reason or another, the consent is not explicitly made.) Table 1 shows the degree to which some pixels/trackers were present on the analyzed websites.
In an analysis of over 3,000 websites and over 100,000 associated webpages (using the client-side security scanning feature of Feroot Inspector) across 6 sectors, it was discovered that TikTok pixels/trackers were present on 7.41% of the analyzed websites (shown in Table 1). Here, TikTok pixels/trackers were within the code of the web pages that load into a user’s browser from those websites.
“ manipulate content, and if they want to, to use it for influence operations” – FBI Director Chris Wray “To maintain the security of data owned by the state of Nebraska, and to safeguard against the intrusive cyber activities of China’s communist government, we’ve made the decision to ban TikTok on state devices.” – NB Governor Pete Ricketts “Protecting citizens’ data is our top priority, and our IT professionals have determined, in consultat
When you start pursuing compliance for a particular security standard, you do it with a specific goal in mind. Maybe you’re pursuing compliance because it’s a legal requirement in your industry or because a prospective customer requires it. But what happens after you achieve that initial SOC 2 or ISO 27001? It’s easy to get caught up in checking the boxes and lose sight of the why behind your security and compliance work.
A cyberattack is an attack on computers, networks or systems by cybercriminals in an attempt to steal or access sensitive information. The information stolen during an attack can also open the door to other types of cyberattacks such as social engineering scams. Continue reading to learn more about cyberattacks and what you can do to protect yourself against them, both in your personal life and at your workplace.
Researchers at the Lookout Threat Lab have discovered a new Android surveillance tool which we attribute with moderate confidence to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). Named BouldSpy for the “BoulderApplication” class which configures the tool’s command and control (C2), we have been tracking the spyware since March 2020.
Vulnerability scanning and penetration testing should be an essential part of your cybersecurity strategy. This blog discusses the above methods in the context of securing your web applications, including the benefits, drawbacks, and compliance implications. Table of contents: What is a vulnerability scan? What is a penetration test? What are the drawbacks of the traditional pen test model? Should I only to pen tests, vulnerability scans, or both?
Read also: The iSpoof scam website founder pleads guilty, Google is suing the distributors of CryptoBot malware, and more.
