Most organizations recognize the need for least privilege but can stray off the path to full endpoint security after removing local admins, leaving points of access vulnerable for threat actors. How do you make sure your organization is fully secured without negatively impacting end user productivity and overall...
The data leak and negotiation sites for the Ragnar Locker ransomware group went offline Thursday after an international law enforcement operation, backed by the FBI and police in Europe, seized its infrastructure. Whether the disruption spells the end for Ragnar Locker remains unclear.
Eric Eddy, principal technical marketing engineer at Cisco, discusses critical aspects of user-centric security. From alleviating the security burden on users to the role of zero trust in granting access, Eric provides actionable insights for achieving a seamless and robust security posture.
A data security startup led by a Microsoft and Google veteran and backed by Samsung and CrowdStrike could soon be acquired by Palo Alto Networks. The company is in advanced talks to buy data security posture management startup Dig Security for between $300 million and $400 million.
CyberArk, BeyondTrust and Delinea maintained their spots atop Gartner's privileged access management Magic Quadrant, while One Identity, Wallix and Arcon fell from the leader ranks. Over the past half-decade, PAM has gone from being required for large companies to being an insurance prerequisite.
In the latest weekly update, four editors at ISMG discuss important cybersecurity and privacy issues, including how to keep assets secure in the quantum era, when common usernames pose a cybersecurity threat, and how to strike the right balance between regulation and innovation in AI.
In Part 1 of this three-part blog post, Nikko Asset Management's Marcus Rameke provides an introduction and defines the requirements for making the transformative journey to the cloud. Parts 2 and 3 will discuss more detailed aspects of making the shift to the cloud.
Honeypot data collected by CISO Jesse La Grew highlights how attackers continue to target default usernames - including for SSH - together with weak passwords to gain brute force remote access to their targets. Here are essential username, password and remote service practices for combating such attacks.
Has the cry of the Qakbot come to an end? While the pernicious, multifunction malware fell quiet last week thanks to Operation "Duck Hunt," lucrative cybercrime operations have a history of rebooting themselves. Rivals also offer ready alternatives to ransomware groups and other criminal users.
Cybersecurity doublespeak is never a good sign, especially when it comes in a letter this week addressed to half a million current and former employees of fast-fashion retailer Forever 21, warning them that their personal information was stolen in an eight-week breach discovered in March.
Ransomware and data exfiltration attacks continue to stick victims with serious bills to cover cleanup, legal and other resulting costs - to the tune of $10.8 million and counting for cloud computing giant Rackspace, for one. Rackspace was hit by the Play ransomware group last year.
Is the Akira ransomware story coming to an end? Security researchers say the group was competing in a competition designed by Royal to give it a new cryptolocker - but lost. Even with a free decryptor now available for Akira victims, however, it's too soon to say if the group might be doomed.
The crazy fluctuations in the stock market over the past 14 months can drive short-term thinking for publicly traded firms, said CEO Fran Rosch. A proposed $2.3 billion buy by Thoma Bravo would allow ForgeRock to think about the best long-term investments and opportunities in the identity market.
While self-proclaimed Russian hacktivist groups such as KillNet, Tesla Botnet and Anonymous Russia claim they're wreaking havoc on anti-Moscow targets, a fresh analysis of their attacks finds that despite rampant self-promotion, their real-world cybersecurity impact is typically negligible.
A finalist at this year's RSA Innovation Sandbox contest landed Series A funding to detect threats and secure access for nonhuman identities. The $25 million will enable Astrix Security to expand from managing access for nonhuman identities to understanding threats to services and applications.