Members of Parliament in Britain have had their remote email access suspended following an apparent brute-force hack attempt aimed at exploiting weak passwords to gain access to their accounts. Officials say fewer than 90 email accounts appear to have been breached.
It's easy to draw a direct link between high-profile breaches and the compromise of user credentials. But it requires a phased approach to actually improve privileged access management, says Barak Feldman of CyberArk.
Data breaches feed the market for fraudsters to steal identities, which challenges traditional approaches to identifying the genuine from the fraudster. We hear that knowledge-based authentication is dead. But trust in any single defense is flawed. No single route to "trust" should be applied. We should never lose...
To encourage individuals to improve their security practices, begin by not blaming them. That was one takeaway from security experts at the Infosecurity Europe conference, who offered practical tips for changing user behavior and creating a culture of security.
Security practitioners in India need to have a better perception of threats and risks to build successful detection and defense strategies. That was one of the key lessons offered at ISMG's Fraud & Breach Prevention Summit in Bengaluru June 7.
A discussion analyzing the difficulty of striking a balance between IT functionality and cybersecurity leads the latest edition of the ISMG Security Report. Also featured: Updates on sizing up weaknesses in biometrics and the potential to exploit LED lights to leak sensitive data from routers.
In an in-depth interview about a new study that identifies thousands of vulnerabilities in cardiac devices, security researcher Billy Rios calls on manufacturers to more carefully consider the compromises they make in balancing the usability benefits to patient care versus the cybersecurity risks.
Retailers and financial institutions are dealing with the changing face of customer interactions. For many businesses, mobile logins have surpassed online logins, and consumers are voicing their demands for more mobile services. Consumers expect to bank, pay, buy, transfer and more via their mobile devices - and they...
Leading the latest edition of the ISMG Security Report: Secretary John Kelly's congressional testimony on how DHS led government efforts to mitigate the WannaCry ransomware attacks. Also, reports on ransomware defenses as well as big data and machine learning combining to secure IT.
Target has reached a record settlement agreement with 47 states' attorneys general over its 2013 data breach. The breach resulted in hackers compromising 41 million customers' payment card details and contact details for more than 60 million customers being exposed.
DSCI is working with the FIDO Alliance in an effort to eliminate the use of passwords for authentication in India. But some security practitioners question whether that's a realistic approach that will prove effective. go
Voice biometrics: Is it good enough to protect people's bank accounts? Also, the ISMG Security Report goes to Belfast, Northern Ireland, for this year's OWASP AppSec Europe conference, including a visit to the Titanic museum - hopefully not a metaphor for the discipline.
With a dispersed business development staff that spends their days out of the office working directly with agents and customers, Frederick Mutual's IT team was challenged to find technology that could increase responsiveness to customers and overall productivity. After testing iPads in the field, both IT and employees...
Hackers have reportedly exploited the SS7 mobile telecommunications signaling protocol to drain money from online bank accounts used by O2 mobile phone subscribers. Despite rising security worries relating to SS7, many telcos have yet to explore related fixes.