Attackers implanted malware into Click Studios' Passwordstate password manager update process, potentially exposing 29,000 users to exfiltration of passwords and other data, the company reports.
Rapid7 has acquired Velociraptor, an open-source endpoint-monitoring organization and community that will continue to operate as a stand-alone entity while the security firm adopts some of its technology. Meanwhile, Zscaler had announced a deal to buy Trustdome.
More use cases are emerging for self-sovereign identity, which gives individuals more control over their digital identities, according to Heather Dahl and Ken Ebert of Indicio.tech.
No script, no filter: Just Microsoft’s Edna Conway and Cisco’s Wendy Nather gathering with privacy leader Michelle Dennedy to discuss the impact of the SolarWinds supply chain attack and to play Buzzword Mystery Date with SASE, CIAM and "passwordless" authentication - are these trends dreamboats or duds?
Loving your pet and creating tough-to-crack passwords should remain two distinctly separate activities. Unfortunately, Britain's National Cyber Security Center reports that more than 1 in 6 Brits admit to using the name of a pet as their password. And the problem is global.
Synthetic identity fraud is a pervasive yet ill-defined crime – hard to define as well as to detect. Greg Woolf of FiVerity discusses a recent initiative by the Federal Reserve in Boston to better define and therefore better manage SIF.
Four editors at Information Security Media Group discuss important cybersecurity issues, including dealing with attacks targeting the aging Accellion File Transfer appliance and taking steps to enhance employee authentication.
The zero-day attacks against Accellion's File Transfer Appliance show that a number of big-name firms continued to use the legacy technology - even though more secure, cloud-based options were available. Evidently, many CISOs didn't see a compelling reason to move on. Of course, now they do.
Identity crimes are up, but data breaches are down. What does this mean for risk mitigation strategies? Jim Van Dyke and Al Pascual of Sontiq offer an analysis.
Many organizations have updated the authentication process for customers to help ensure frictionless transactions. Now, some are starting to take similar steps to streamline and enhance authentication of their employees - especially those working remotely.
The SolarWinds supply chain attackers manipulated OAuth app certificates to maintain persistence and access privileged resources, including email, according to researchers at Proofpoint.
Organizations should go beyond one-time passwords to include other layers of authentication as they strive to mitigate the risk of synthetic ID fraud, says Amy Walraven, president of Turnkey Risk Solutions, a Newark, Delaware-based risk management company.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.