CISA, the FBI and the U.S. Coast Guard Cyber Command warn users of Zoho Corp.'s single sign-on and password management tool to patch for a vulnerability that nation-state groups may look to exploit. Attackers could use the bug to compromise credentials and exfiltrate data from Active Directory.
Microsoft has officially gone fully passwordless, allowing Windows users to replace their alphanumeric passwords with one of several substitute sign-in technologies to gain entry into a Microsoft product - a move received positively by industry insiders.
Travis CI, a Berlin-based continuous integration testing vendor, has patched a serious flaw that exposed signing keys, API keys and access credentials, potentially putting thousands of organizations at risk. Those using Travis CI should change their secrets immediately.
"There are so many basics we need to get right," says Daniel Dresner, professor of cyber security at Manchester University. In this interview, he discusses the cybersecurity practices that he recommends to make the task of securing small- to medium-sized enterprises less overwhelming.
The pandemic has created the need for rapid digital transformation and the growing trend of working from home is pushing businesses to adopt "zero trust" and implement it within their own organizations, says Bobbet Castillo, chief technology officer and information security officer at Petnet.
In the 20 years since the Sept. 11, 2001, al Qaida terrorist attacks on targets in the U.S., the need to shore up critical infrastructure and build resilience into systems remains a priority. But over the past two decades, concerns about physical threats have been displaced by cyber concerns.
The White House is preparing executive branch agencies to adopt "zero trust" network architectures by 2024, with CISA and the OMB overseeing the creation of technology road maps that departments must follow. This is a major component of President Biden's cybersecurity executive order.
At least 38 million records have been leaked by hundreds of online portals that were unwittingly misconfigured by organizations using Power Apps, a Microsoft service to quickly spin up web apps. Microsoft has now changed default settings for Power Apps to prevent inadvertent data exposures.
The rise of ransomware as a criminal moneymaking powerhouse parallels the services offered by initial access brokers, who continue to offer affordable access to victims' networks - often via brute-forced remote desktop protocol or VPN credentials - to help attackers hit more targets in search of larger profits.
The threat of ransomware and other credential theft attacks has only grown over the last year. According to the Verizon Data Breach Incident Report, credential theft accounted for 89% of web application breaches, and phishing attacks increased by 44% across 2020. The recent attack against the Colonial Pipeline company...
More than ever before, there’s a much larger reliance on conducting our business and personal lives digitally. Consumers and businesses embracing digital-only services, product delivery and work has resulted in increased fraud and identity theft.
As bad actors continue to expose weaknesses in new digital...
Remote work isn’t a trend, but rather the new normal. We have now entered the work from anywhere era. This means seamless, secure access for employees and security for the business, no matter where employees are working from. The reality of work from anywhere means IT has to facilitate secure access for employees...
Love them or loathe them, passwords are still relied upon for security. Although widespread MFA adoption may have improved the authentication process, as most MFA methods are built on top of passwords, password problems remain at an all-time high. Weak passwords, credential stuffing, account takeovers and phishing are...
How can insurers take advantage of face authentication to verify customer identity online and prevent fraud?
We've all heard gruesome stories of people hiding a corpse so they can continue to claim a friend or relative's pension. Unfortunately, deepfakes and other technology make it much easier for fraudsters to...
CyberArk Identity Single Sign-On (SSO) is an easy-to-manage solution for one-click access to your cloud, mobile, and legacy apps. CyberArk SSO enables a secure and frictionless sign-in experience for both internal and external users that adjusts based on risk. Users simply sign in to a web portal using their existing...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.
