Attackers implanted malware into Click Studios' Passwordstate password manager update process, potentially exposing 29,000 users to exfiltration of passwords and other data, the company reports.
Rapid7 has acquired Velociraptor, an open-source endpoint-monitoring organization and community that will continue to operate as a stand-alone entity while the security firm adopts some of its technology. Meanwhile, Zscaler had announced a deal to buy Trustdome.
More use cases are emerging for self-sovereign identity, which gives individuals more control over their digital identities, according to Heather Dahl and Ken Ebert of Indicio.tech.
No script, no filter: Just Microsoft’s Edna Conway and Cisco’s Wendy Nather gathering with privacy leader Michelle Dennedy to discuss the impact of the SolarWinds supply chain attack and to play Buzzword Mystery Date with SASE, CIAM and "passwordless" authentication - are these trends dreamboats or duds?
Loving your pet and creating tough-to-crack passwords should remain two distinctly separate activities. Unfortunately, Britain's National Cyber Security Center reports that more than 1 in 6 Brits admit to using the name of a pet as their password. And the problem is global.
The revelation that 533 million previously stolen Facebook account records have been made public on a darknet forum should inspire organizations to take aggressive action to further protect customer data security, some security experts say.
Synthetic identity fraud is a pervasive yet ill-defined crime – hard to define as well as to detect. Greg Woolf of FiVerity discusses a recent initiative by the Federal Reserve in Boston to better define and therefore better manage SIF.
Four editors at Information Security Media Group discuss important cybersecurity issues, including dealing with attacks targeting the aging Accellion File Transfer appliance and taking steps to enhance employee authentication.
The zero-day attacks against Accellion's File Transfer Appliance show that a number of big-name firms continued to use the legacy technology - even though more secure, cloud-based options were available. Evidently, many CISOs didn't see a compelling reason to move on. Of course, now they do.
Identity crimes are up, but data breaches are down. What does this mean for risk mitigation strategies? Jim Van Dyke and Al Pascual of Sontiq offer an analysis.
Many organizations have updated the authentication process for customers to help ensure frictionless transactions. Now, some are starting to take similar steps to streamline and enhance authentication of their employees - especially those working remotely.
The SolarWinds supply chain attackers manipulated OAuth app certificates to maintain persistence and access privileged resources, including email, according to researchers at Proofpoint.
The SolarWinds supply chain attack should push federal government agencies to adopt the "zero trust" model and deploy better endpoint detection and response tools, according to the new federal CISO and the acting director of the U.S. Cybersecurity and Infrastructure Security Agency.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.