Just one click: That's all it takes for a victim to inadvertently grant attackers access to their email account via a third-party application. Here's how to spot signs of OAuth-related hacking and how to defend against it.
Twitter has apologized after it discovered that it had been inadvertently storing users' passwords in plaintext in an internal log, potentially putting them at risk. Twitter has blamed a bug for the fault and recommends all users change their passwords immediately.
Over 55 percent of people will reuse passwords despite acknowledging the risks, says Amber Steel of LastPass. In the enterprise context, this bad behavior needs to be addressed without burdening employees with policies which could impact productivity, she says.
How do we establish and maintain digital trust without burdening our users? What are the critical questions that need to be addressed by anyone managing identity and access management in a modern enterprise? David Duncan of CA Technologies offers answers to these questions.
The U.S. and U.K. warned Monday that Russian hackers have compromised critical internet infrastructure with the aim of spying, extracting intellectual property and gaining footholds for future cyberattacks.
A handful of popular music videos published on YouTube were defaced on Tuesday, with two hackers claiming credit. But Google, which owns YouTube, says that tampering didn't occur directly on its platform.
The technology and operating models for identity and access management have evolved with time, but the way many enterprises approach IAM has not. How can security leaders modernize their IAM strategy in this era of unprecedented complexity? Patrick Wardrop of IBM Security shares insights.
If you browsed the latest security headlines, you'd probably think the majority of data breaches were related to hackers, political activists, malware or phishing. While the latter two hint at it, the truth is that nearly half of all data breaches can be traced back to insiders in some capacity.
A U.S. power company, unnamed by regulators, has been fined a record $2.7 million for violating energy sector cybersecurity regulations after sensitive data - including cryptographic information for usernames and passwords - was exposed online for 70 days.
Blockchain technology already underpins the boom in cryptocurrencies, but it is also being rigorously tested and developed for other applications, including identity and access management. Such projects could make personal data easier to secure and less vulnerable to data breaches.
Technologists are wrangling with an identity puzzle: Is it possible to create a single digital identity that can be seamlessly and securely used at a bank, a hospital or consumer websites? It's the holy grail of identity. But experts say blockchain is likely not the answer right now.