Dark Reading Confidential: Stop Secrets Creep Across Developer Platforms
Dark Reading Confidential Episode 13: Developers are exposing their organizations' most sensitive information; our guests explain why it's happening and how to stop it.
Sensitive information includes data whose exposure can enable identity theft, fraud, privacy violations, or targeted cyberattacks.
Search across headline titles and summaries.
Background for this topic.
Sensitive information is data whose unauthorized access, disclosure, alteration, or loss could harm people, organizations, or public interests. It can include personal identifiers, authentication secrets, financial and health records, proprietary business data, and information protected by law or contractual duty. Sensitivity depends on context: a data set may be restricted because of privacy obligations, competitive value, safety concerns, or national-security classification.
For security practitioners, the key issue is controlling the data throughout its lifecycle—from collection and use to storage, sharing, archiving, and deletion. Excessive privileges, exposed databases, insecure transfers, application logs, backups, and compromised accounts can all reveal sensitive data. Useful controls include data classification, least-privilege access, strong authentication, encryption in transit and at rest, retention limits, and monitoring for inappropriate access or transfer. A suspected exposure requires identifying what data was affected, preserving relevant evidence, containing access, and assessing privacy or regulatory notification duties.
Weekly headline count for the current query.
Dark Reading Confidential Episode 13: Developers are exposing their organizations' most sensitive information; our guests explain why it's happening and how to stop it.
Attackers targeted admin accounts, and once authenticated, exported device configurations including hashed credentials and other sensitive information.
The suit alleges the Chinese retailer's app secretly accesses and harvests users' sensitive information without their knowledge or consent.
In a potential gift to geopolitical adversaries, the encrypted messaging app uses a leaky custom protocol that allows message replays, impersonation attacks, and sensitive information exposure from chats.
A researcher-developed framework could enable attackers to conduct real-time conversations using simulated audio to compromise organizations and extract sensitive information.
At one point, Al-Tahery Al-Mashriky was hacking thousands of websites within the span of three months while stealing personal data and sensitive information.
The company acknowledged that cybercriminals had taken sensitive information on more than 8 million users, including names, phone numbers, car registration numbers, addresses, and emails.
The company reports that no sensitive information was breached or stolen in the cyber intrusion and that its operations are running normally again.
Businesses need to find a balance between harnessing the benefits of AI assistants and safeguarding sensitive information — maintaining trust with employees and clients.
AT&T denies any evidence of unauthorized access but admits that a data set released on the Dark Web including Social Security numbers and other sensitive information on tens of millions of customers is genuine.
Companies trust lawyers with the most sensitive information they've got. Attackers are aiming to exploit that bond to deliver malware.
Like Spectre, the new GhostRace exploit could give attackers a way to access sensitive information from system memory and take other malicious actions.
Like ChatGPT and other GenAI tools, Gemini is susceptible to attacks that can cause it to divulge system prompts, reveal sensitive information, and execute potentially malicious actions.
An attack on a technology partner claimed by LockBit ransomware exposed sensitive information, including Social Security numbers, of more than 57,000 banking customers.
The "Leaksmus" event on the Dark Web exposed some 50 million records containing sensitive information from people all around the world.
Cryptocurrency apps were the most high risk for exposing sensitive information, a reverse-engineering study shows.
Not only do insurance companies collate sensitive information from their clients, but they also generate their own corporate data to protect.
The Russian-speaking ransomware gang continues to update its tactics while managing to steal highly sensitive information from its victims.
Guardrails need to be set in place to ensure confidentiality of sensitive information, while still leveraging AI as a force multiplier for productivity.
Law firms have an ethical responsibility to protect their clients' sensitive information, but a recent swell of cyberattacks does not seem to be enough to convince law firms to shore up cybersecurity.