Enterprise security leaders largely understand the business problems posed by a lack of privileged access management. But understanding and overcoming the obstacles to deploying a successful PAM rollout? That's the real challenge, says Alex Mosher of CA Technologies.
Password manager LastPass has deployed a server-side fix to repair a vulnerability that could have allowed an attacker to steal a victim's passwords. It's the latest finding from Tavis Ormandy of Google's Project Zero, who's since reported another flaw in LastPass.
RBI has mandated that all banks migrate to Aadhaar-based biometric authentication for electronic payment transactions by June 30. But some information security experts question whether the the technology can handle the potential volume of transactions.
With Verizon's data breach investigations team finding that 90 percent of breaches trace to a phishing or other social engineering attack, lead investigator Chris Novak says that using multifactor authentication should be a no-brainer for all organizations.
The technology and know-how exists to build a hack-proof computer, but doing so won't be easy, says Howard Shrobe, principal research scientist at the Massachusetts Institute of Technology's Computer Science and Artificial Intelligence Laboratory.
The Russian government appears to be doubling down on its information warfare success to date, publicly confirming that it has a "cyber army" designed to wage psychological operations and propaganda campaigns. While there are defenses, too few are using them.
Attackers are increasingly targeting mobile channels, driving banks to seek better ways of verifying the authenticity and integrity of not just users, but also mobile devices and transactions, says John Gunn of cybersecurity technology firm Vasco Data Security.
A report on passage by the House of Representatives of a bill aimed at toughening insider threat defenses at the Department of Homeland Security leads the latest edition of the ISMG Security Report. Also, analyzing the use of blockchain technology to secure healthcare data.
Facebook is aiming to make account recovery and password resets more secure with a new, updated approach that eliminates outdated weaknesses such as emailed reset links, SMS messages and security questions.
Most organizations that enable users to perform online transactions have implemented security measures to address fraud. Currently, one of the most common safeguards used in a wide array of products/services is two-factor authentication (2FA).
In recent years, 2FA has become employed by global tech leaders like...
Behavioral biometrics has been getting a lot of attention recently due to its ability to uniquely address the challenges posed by social engineering, account takeovers and malware. It is already considered the third most popular biometric technology (after finger and face) and tied with iris.
Nonetheless, as an...
As mobile devices eclipse computers and laptops as the preferred method of going online, fraudsters have followed users, porting their modus operandi -account takeover, social engineering, and malware based remote control attacks - to the mobile arena. Thus, hackers have many more opportunities to perpetrate fraud and...
Many IT professionals use remote administration tools to troubleshoot and fix PC problems remotely, just as if they were sitting behind the keyboard themselves. But these tools are also used for different purposes today. Both nation states and hacktivists use modified these tools, creating Remote Access Trojan's...
Yet another study reveals that millions of people are picking weak passwords, with "123456" remaining our collective favorite. Rules requiring stronger passwords and not forcing passwords to expire both could help boost security.
Seven state insurance commissioners conclude in a new in-depth report that the massive cyberattack on Anthem Inc. was carried out by a hacker on behalf of a nation-state. But they stop short of naming the nation involved or penalizing Anthem for the breach that affected 80 million.