The shift to the cloud has made the perimeter-centric view of security obsolete and led to the creation of the "zero trust" approach. But how do we best manage identity as the new security perimeter? Teju Shyamsundar of Okta shares insights.
Many ransomware-wielding attackers continue to hack into organizations via remote desktop protocol. But some Sodinokibi ransomware-as-a-service affiliates have shifted instead to targeting victims via botnets, saying hackers' use of RDP exploits has grown too common.
So far, Norweigan aluminum company Norsk Hydro has received just $3.6 million from its cyber insurer to cover expenses related to the LockerGoga ransomware attack it suffered in March that led to losses of $50 million to $71 million, the company revealed in its third quarter report.
UniCredit, an Italian banking and financial services company, sustained a data breach exposing information on 3 million customers that went undetected for four years, the company has acknowledged. Find out what data was exposed.
A trio of domain name registrars are mandating a password reset after a breach affecting about 22 million accounts occurred in late August. Web.com and two of its brands, Network Solutions and Register.com are contacting victims via email.
The latest edition of the ISMG Security Report offers an in-depth analysis of how to prevent data exposure in the cloud. Plus: why PCI's new contactless payment standard lacks PINs, and how to go beyond the hype to accurately define "zero trust."
Two hackers have pleaded guilty in connection with an extortion campaign tied to the theft of data on about 57 million Uber customers and drivers. The incident led to a massive fine against the ride-sharing company for its tardy breach notification and weak security.
It's one thing to plan for a cybersecurity incident, but quite another to have proper insurance coverage to prepare for such an event. Mark Singer of Beazley shares an overview of the cyber insurance myths and realities.
Facebook is suing NSO Group, a spyware company, alleging it developed a potent exploit to spy on WhatsApp messages sent by diplomats, journalists, human rights activists and political dissidents. Facebook is seeking damages and an injunction forbidding NSO Group from accessing its infrastructure.
Russian attack group Turla has been named and shamed for hijacking Iranian nation-state attackers' infrastructure. The aim of GCHQ and NSA's attribution is, in part, to make Turla's future cyber espionage efforts more costly and time-consuming.
Big data analytics and search tools give organizations the ability to analyze information faster than ever before. But too many organizations deactivate security controls built into Elasticsearch, Amazon S3 buckets and MongoDB when they deploy, leaving their data exposed, says Elastic's James Spiteri.
Agile environments benefit from development platforms and open-source software, but that also raises the risks of attacks seeded in those supply chains, says Chet Wisniewski of Sophos, who describes steps that organizations can take to mitigate the risks.
Now that the deadline for all e-commerce card-based transactions in the EU to comply with the new PSD2 "strong customer authentication" requirement has officially been extended to Dec. 31, 2020, authorities are emphasizing the need to make a smooth, uniform migration to the new forms of authentication.
Zappos is close to settling a long-running class action lawsuit filed by consumers over a 2012 data breach. The online shoe and clothing retailer's proposed compensation would be a 10 percent discount on a future online purchase. A federal judge has granted preliminary approval to the deal.