Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
BEC, Domain Jacking Help Criminals Disrupt Cash Transfers
The two hacking methods occur independently but are being used in concert to steal funds that are part of online payments and transactions.
FBI Warns of BEC Dangers
A new PSA warns of attacks launched against users of two popular cloud-based email systems.
Why Humans Are Phishing's Weakest Link
And it's not just because they click when they shouldn't... they also leave a trail of clues and details that make them easy to spoof
Active Directory Attacks Hit the Mainstream
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
Five Indicted on Romance and Lottery Fraud Charges
Fraudsters allegedly targeted elderly victims, ultimately wringing more than $4 million from their bank accounts.
How Microsoft Disabled Legacy Authentication Across the Company
The process was not smooth or straightforward, employees say in a discussion of challenges and lessons learned during the multi-year project.
Avoiding the Perils of Electronic Communications
Twitter, Slack, etc., have become undeniably important for business today, but they can cause a lot of damage. That's why an agile communications strategy is so important.
Cryptographers Panel Tackles Espionage, Elections & Blockchain
Encryption experts gave insights into the Crypto AG revelations, delved into complexities of the "right to be forgotten," and more at RSA Conference.
7 Tips to Improve Your Employees' Mobile Security
Security experts discuss the threats putting mobile devices at risk and how businesses can better defend against them.
Users Have Risky Security Habits, but Security Pros Aren't Much Better
Researchers spot gaps in users' and IT practitioners' security habits, and between security tools and user preferences.
Zero-Factor Authentication: Owning Our Data
Are you asking the right questions to determine how well your vendors will protect your data? Probably not.
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
How Device-Aware 2FA Can Defeat Social Engineering Attacks
While device-aware two-factor authentication is no panacea, it is more secure than conventional SMS-based 2FA. Here's why.
Weathering the Privacy Storm from GDPR to CCPA & PDPA
A general approach to privacy, no matter the regulation, is the only way companies can avoid a data protection disaster in 2020 and beyond.
Cybersecurity Lessons Learned from 'The Rise of Skywalker'
They're especially relevant regarding several issues we face now, including biometrics, secure data management, and human error with passwords.
ADP Users Hit with Phishing Scam Ahead of Tax Season
Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links.
Active Directory Needs an Update: Here's Why
AD is still the single point of authentication for most companies that use Windows. But it has some shortcomings that should be addressed.
Google Lets iPhone Users Turn Device into Security Key
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
Mechanics of a Crypto Heist: How SIM Swappers Can Steal Cryptocurrency
The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges' and email providers' variable implementation of 2FA.
The Night Before 'Breachmas'
What does identity management have to do with Charles Dickens' classic 'A Christmas Carol'? A lot more than you think.
IoT Security: How Far We've Come, How Far We Have to Go
As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.
Ambiguity Around CCPA Will Lead to a Slow Start in 2020
But longer term, compliance to California's new privacy law represents an opportunity for companies to increase customer trust and market share.
Google Cloud External Key Manager Now in Beta
Cloud EKM is designed to separate data at rest from encryption keys stored in a third-party management system.
How a Password-Free World Could Have Prevented the Biggest Breaches of 2019
If history has taught us anything, it's that hackers can (and will) compromise passwords. Innovation in authentication technology is poised to change that in the coming year.
5 Security Resolutions to Prevent a Ransomware Attack in 2020
Proactively consider tools to detect anomalous behavior, automatically remediate, and segment threats from moving across the network.
'Password' Falls in the Ranks of Favorite Bad Passwords
Facebook, Google named worst password breach offenders.
7 Tips to Keep Your Family Safe Online Over the Holidays
Security experts offer key cyber advice for family members.
Google Chrome Now Automatically Alerts Users on Compromised Passwords
A series of security enhancements seek to protect users from phishing and warn them when credentials have been compromised.
VPN Flaw Allows Criminal Access to Everything on Victims' Computers
Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.
(Literally) Put a Ring on It: Protecting Biometric Fingerprints
Kaspersky creates a prototype ring you can wear on your finger for authentication.
Navigating Security in the Cloud
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
Time to Warn Users About Black Friday & Cyber Monday Scams
Warn your employees to avoid the inevitable scams associated with these two "holidays," or you risk compromising your company's network.
Why Multifactor Authentication Is Now a Hacker Target
SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
A feature that's supposed to make your account more secure -- adding a cellphone number -- has become a vector of attack in SIM-swapping incidents. Here's how it's done and how you can protect yourself.
A Security Strategy That Centers on Humans, Not Bugs
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
Windows Hello for Business Opens Door to New Attack Vectors
Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation.
The Myths of Multifactor Authentication
Organizations without MFA are wide open to attack when employees fall for phishing scams or share passwords. What's holding them back?
Report: 2020 Presidential Campaigns Still Vulnerable to Web Attacks
Nine out of 12 Democratic candidates have yet to enable DNSSEC, a simple set of extensions that stops most targeted domain-based attacks.
8 Tips for More Secure Mobile Computing
Mobile devices are a huge part of enterprise IT. Here's what to advise their users to do to keep their devices — and critical business data — best protected.
A Realistic Threat Model for the Masses
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
The Future of Account Security: A World Without Passwords?
First step: Convince machines that we are who we say we are with expanded biometrics, including behaviors, locations, and other information that makes "us" us.
The Fight Against Synthetic Identity Fraud
Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.
@jack Got Hacked: Twitter CEO's Tweets Hijacked
Twitter CEO Jack Dorsey's Twitter account was, apparently, hijacked for roughly 20 minutes and used for a racist rant.
6 Ways Airlines and Hotels Can Keep Their Networks Secure
As recent news can attest, travel and hospitality companies are prime targets for cybercriminals. Here are six privacy and security tips that can help lock down privacy and security.
5 Identity Challenges Facing Today’s IT Teams
To take control over your company's security, identify and understand the biggest identity and access management challenges facing IT teams today and start addressing them.
BioStar 2 Leak Exposes 23GB Data, 1M Fingerprints
Thousands of organizations, including banks, governments, and the UK Metropolitan Police, use the biometric security tool to authenticate users.
2019 Pwnie Award Winners (And Those Who Wish They Weren't)
This year's round-up includes awards into two new categories: most under-hyped research and epic achievement.
More Focus on Security as Payment Technologies Proliferate
Banks and merchants are expanding their payment offerings but continue to be wary of the potential fraud risk.
State Farm Reports Credential-Stuffing Attack
The insurer has informed customers a third party used a list of user IDs and passwords to attempt access into online accounts.
It's (Still) the Password, Stupid!
The best way to protect your identity in cyberspace is the simplest: Use a variety of strong passwords, and never, ever, use "123456" no matter how easy it is to type.
|
Latest Comment: This comment is waiting for review by our moderators.
6 Emerging Cyber Threats That Enterprises Face in 2020This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Tweet This
7 Comments
