Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Users Have Risky Security Habits, but Security Pros Aren't Much Better
Researchers spot gaps in users' and IT practitioners' security habits, and between security tools and user preferences.
Zero-Factor Authentication: Owning Our Data
Are you asking the right questions to determine how well your vendors will protect your data? Probably not.
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
How Device-Aware 2FA Can Defeat Social Engineering Attacks
While device-aware two-factor authentication is no panacea, it is more secure than conventional SMS-based 2FA. Here's why.
Weathering the Privacy Storm from GDPR to CCPA & PDPA
A general approach to privacy, no matter the regulation, is the only way companies can avoid a data protection disaster in 2020 and beyond.
Cybersecurity Lessons Learned from 'The Rise of Skywalker'
They're especially relevant regarding several issues we face now, including biometrics, secure data management, and human error with passwords.
ADP Users Hit with Phishing Scam Ahead of Tax Season
Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links.
Active Directory Needs an Update: Here's Why
AD is still the single point of authentication for most companies that use Windows. But it has some shortcomings that should be addressed.
Google Lets iPhone Users Turn Device into Security Key
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
Mechanics of a Crypto Heist: How SIM Swappers Can Steal Cryptocurrency
The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges' and email providers' variable implementation of 2FA.
The Night Before 'Breachmas'
What does identity management have to do with Charles Dickens' classic 'A Christmas Carol'? A lot more than you think.
IoT Security: How Far We've Come, How Far We Have to Go
As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.
Ambiguity Around CCPA Will Lead to a Slow Start in 2020
But longer term, compliance to California's new privacy law represents an opportunity for companies to increase customer trust and market share.
Google Cloud External Key Manager Now in Beta
Cloud EKM is designed to separate data at rest from encryption keys stored in a third-party management system.
How a Password-Free World Could Have Prevented the Biggest Breaches of 2019
If history has taught us anything, it's that hackers can (and will) compromise passwords. Innovation in authentication technology is poised to change that in the coming year.
5 Security Resolutions to Prevent a Ransomware Attack in 2020
Proactively consider tools to detect anomalous behavior, automatically remediate, and segment threats from moving across the network.
'Password' Falls in the Ranks of Favorite Bad Passwords
Facebook, Google named worst password breach offenders.
7 Tips to Keep Your Family Safe Online Over the Holidays
Security experts offer key cyber advice for family members.
Google Chrome Now Automatically Alerts Users on Compromised Passwords
A series of security enhancements seek to protect users from phishing and warn them when credentials have been compromised.
VPN Flaw Allows Criminal Access to Everything on Victims' Computers
Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.
(Literally) Put a Ring on It: Protecting Biometric Fingerprints
Kaspersky creates a prototype ring you can wear on your finger for authentication.
Navigating Security in the Cloud
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
Time to Warn Users About Black Friday & Cyber Monday Scams
Warn your employees to avoid the inevitable scams associated with these two "holidays," or you risk compromising your company's network.
Why Multifactor Authentication Is Now a Hacker Target
SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
A feature that's supposed to make your account more secure -- adding a cellphone number -- has become a vector of attack in SIM-swapping incidents. Here's how it's done and how you can protect yourself.
A Security Strategy That Centers on Humans, Not Bugs
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
Windows Hello for Business Opens Door to New Attack Vectors
Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation.
The Myths of Multifactor Authentication
Organizations without MFA are wide open to attack when employees fall for phishing scams or share passwords. What's holding them back?
Report: 2020 Presidential Campaigns Still Vulnerable to Web Attacks
Nine out of 12 Democratic candidates have yet to enable DNSSEC, a simple set of extensions that stops most targeted domain-based attacks.
8 Tips for More Secure Mobile Computing
Mobile devices are a huge part of enterprise IT. Here's what to advise their users to do to keep their devices — and critical business data — best protected.
A Realistic Threat Model for the Masses
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
The Future of Account Security: A World Without Passwords?
First step: Convince machines that we are who we say we are with expanded biometrics, including behaviors, locations, and other information that makes "us" us.
The Fight Against Synthetic Identity Fraud
Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.
@jack Got Hacked: Twitter CEO's Tweets Hijacked
Twitter CEO Jack Dorsey's Twitter account was, apparently, hijacked for roughly 20 minutes and used for a racist rant.
6 Ways Airlines and Hotels Can Keep Their Networks Secure
As recent news can attest, travel and hospitality companies are prime targets for cybercriminals. Here are six privacy and security tips that can help lock down privacy and security.
5 Identity Challenges Facing Today’s IT Teams
To take control over your company's security, identify and understand the biggest identity and access management challenges facing IT teams today and start addressing them.
BioStar 2 Leak Exposes 23GB Data, 1M Fingerprints
Thousands of organizations, including banks, governments, and the UK Metropolitan Police, use the biometric security tool to authenticate users.
2019 Pwnie Award Winners (And Those Who Wish They Weren't)
This year's round-up includes awards into two new categories: most under-hyped research and epic achievement.
More Focus on Security as Payment Technologies Proliferate
Banks and merchants are expanding their payment offerings but continue to be wary of the potential fraud risk.
State Farm Reports Credential-Stuffing Attack
The insurer has informed customers a third party used a list of user IDs and passwords to attempt access into online accounts.
It's (Still) the Password, Stupid!
The best way to protect your identity in cyberspace is the simplest: Use a variety of strong passwords, and never, ever, use "123456" no matter how easy it is to type.
Researchers Show Vulnerabilities in Facial Recognition
The algorithms that check for a user's 'liveness' have blind spots that can lead to vulnerabilities.
Mimecast Rejected Over 67 Billion Emails. Here's What It Learned
New research warns that security pros must guard against updates to older malware and more manipulative social-engineering techniques.
Demystifying New FIDO Standards & Innovations
Staying on top of the latest cybersecurity risks and preferred attack methods can feel impossible, but standards like FIDO2 are designed to help relieve the burden.
Google Cloud Debuts New Security Capabilities
Updates include Advanced Protection Program for the enterprise and general availability of password vaulted apps in Cloud Identity and G Suite.
More Companies Don't Rely on Passwords Alone Anymore
New research shows how enterprises are adding additional layers of authentication.
8 Free Tools to Be Showcased at Black Hat and DEF CON
Expect a full slate of enterprise-class open source tools to take the spotlight when security researchers share their bounties with the community at large.
Transforming 'Tangible Security' into a Competitive Advantage
Today's consumers want to see and touch security. Meeting this demand will be a win-win for everyone, from users to vendors to security teams.
A Password Management Report Card
New research on password management tools identifies the relative strengths and weaknesses of 12 competing offerings.
Security Snapshot: OS, Authentication, Browser & Cloud Trends
New research shows cloud apps are climbing, SMS authentication is falling, Chrome is the enterprise browser favorite, and Android leads outdated devices.
|
6 Emerging Cyber Threats That Enterprises Face in 2020This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Tweet This
6 Comments
