Air Canada is forcing 1.7 million mobile app account users to reset their passwords after it detected unusual login behavior that it says may have exposed 20,000 accounts, including passport information. But the company is enforcing password complexity rules that experts advise against.
Microsoft appears set to patch a zero-day local privilege escalation vulnerability after a researcher published proof-of-concept exploit code for the flaw. That's a relatively rare turn of events these days, owing to Microsoft's bug bounty program rules.
Three months after the EU's General Data Protection Regulation went into full effect, the U.K.'s data privacy watchdog says that the number of data protection complaints it has received from individuals has nearly doubled.
As general manager for payments and fraud prevention at Amazon Web Services, Keith Carlson has a unique perspective on detecting and preventing compromises in the cloud. He shares insights gleaned from dealing with scores of customers and their concerns.
Industry analysts first coined the term Identity-as-a-Service, IDaaS in 2006. But today, the vast majority of IDaaS implementations still focus on the "A" - access management - leaving organizations to piece together the rest. IBM's Michael Bunyard discusses how to put "Identity" back in IDaaS.
Spain's central bank says its website was intermittently offline as it struggled to repel a distributed denial-of-service attack. The temporary disruption is a reminder "stresser/booter" DDoS-on-demand services remain inexpensive, easy to procure and often effective.
A previously unnamed U.S. energy company that agreed to a record $2.7 million settlement after it left 30,000 records about its information security assets exposed online for 70 days in violation of energy sector cybersecurity regulations has been named as California utility PG&E.
Security thought leaders have long called for organizations to shift from a conventional "peacetime" view of cybersecurity to more of a "wartime" mindset. Aetna CSO Jim Routh now says it's time for enterprises to shift from conventional to unconventional security controls.
A website that appeared to be part of a phishing campaign designed to gain access to the Democratic National Committee's voter database has turned out to be part of an uncoordinated security exercise. The false alarm has highlighted the benefit of actively monitoring for election interference.
Leading the latest edition of the ISMG Security Report: An analysis of why it may be too late to secure the 2018 U.S. midterm elections. Also: A close look at the Anthem breach lawsuit settlement and a report on ransomware recovery lessons learned.