The world has experienced an unprecedented business disruption that instantly created the largest remote workforce - and largest attack surface - in history. How do you validate users and access in this new dynamic workforce? RSA's Steve Schlarman and Ben Smith preview an upcoming series of virtual roundtables.
An independent security researcher disclosed a zero-day vulnerability contained in the "Sign in with Apple" feature that, if exploited, could have resulted in a full account takeover. The vulnerability has been patched, and Apple says it found no account misuse tied to it.
Verizon's Data Breach Investigations Report 2020 highlights the leading causes of breaches last year, including credential theft, phishing, ransomware as well as issues linked to cloud implementations and web applications. In an interview, Verizon's Ashish Thapar offers an in-depth analysis.
Ransomware-wielding attackers are typically breaking into victims' networks using remote desktop protocol access, phishing emails or malware that's sometimes used in drive-by attacks against browsers, experts warn, advising organizations to make sure they have the right defenses in place.
A federal judge has ordered Capital One to turn over a forensics report covering its 2019 data breach, which has been sought by plaintiffs in a class action lawsuit. The report, if it becomes public, could shed light on one of last year's biggest breaches.
The latest edition of the ISMG Security Report analyzes why cyberattacks against banks have surged in recent weeks. Plus: The increasingly ruthless tactics of ransomware gangs; cybersecurity strategies for small businesses.
The remote workforce brings more flexibility. But it also comes with unique challenges such as VPN congestion, a greater attack surface and a lack of visibility for security. How can you help remote workers to be both productive and cybersecure? Menlo Security's Kowsik Guruswamy offers advice.
The Russian blogging platform LiveJournal confirmed this week that it suffered several brute-force attacks in 2011 and 2012. But it insists that the 26 million usernames and passwords that are now available for sale on darknet forums came from other sources.
Last week, security researcher Bill Demirkapi said that Trend Micro used a trick to get one of its drivers to pass Microsoft's approval process. Trend Micro has withdrawn the driver and says it's working with Microsoft on incompatibility issues that are unrelated to the researcher's findings.
The identity and access management strategy for the remote workforce should ensure contextual authentication to establish the credentials of the users, apply risk-based authentication for measuring user risk profiles, and establish a multifactor authentication mechanism, a panel of experts says.
Ransomware, wire transfer fraud, destructive attacks: In recent months, the financial sector has seen these and other online attacks surge by 238% as criminals continue to exploit the pandemic, warns Tom Kellermann of VMware Carbon Black, who shares findings from his firm's third "Modern Bank Heists" report.
Britain is reconsidering whether Huawei's technology will be used its national 5G rollout as a result of increased White House sanctions against the Chinese telecommunications giant, which could result in Huawei having to source semiconductors from less reliable sources.
As more organizations rely more heavily on cloud-based applications as a result of a remote workforce, they must avoid taking identity and access management shortcuts, says James Gosnold of the cloud consultancy CloudKubed, who calls for the addition of another layer of authentication.
Healthcare organizations need to diligently assess whether a security incident involving patient information truly qualifies as a reportable breach under HIPAA to avoid needlessly reporting it to federal regulators, says regulatory attorney Helen Oscislawski.
Shadow IT is a growing concerns during the work-from-home shift because endpoint security is not as well developed as network security, says Vikram Mehta, an information security specialist at MakeMyTrip, who offers risk mitigation insights.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.