Police in Germany say a 20-year-old student has confessed to stealing and leaking personal details from 1,000 German politicians, celebrities and journalists, allegedly after bragging about the crime. More advanced attackers rarely make so much noise.
German police arrested a 20-year-old student - living at home with his parents - who they say confessed to leaking contact details and sensitive information for an estimated 1,000 German celebrities, journalists and politicians, including Chancellor Angela Merkel.
Leading the latest edition of the ISMG Security Report: Microsoft's Joram Borenstein highlights his top three areas of focus for 2019. Plus, Randy Vanderhoof of the US Payments Forum on securing card transactions in the coming year.
The latest version of the NIST Cybersecurity Framework - Version 1.1 - includes more information on supply chain risk management, authentication, authorization, identity proofing and self-assessing cybersecurity risk management, says Matthew Barrett of the National Institute of Standards and Technology.
A database security blunder revealed on Friday serves as a reminder that the days of SMS-based authentication should be over. The exposed database, which wasn't protected by a password, contained 26 million text messages, many of which were two-step verification codes and account-reset links.
As we approach 2019, is it realistic to think the end of our dependency on traditional user names and passwords is in sight? Shane Weeden, and authentication expert with IBM Security, discusses the future of authentication and why he's encouraged by the FIDO2 initiative.
Identity and access management is not about compliance anymore - It's really about security, says Gartner's Felix Gaehtgens. With cloud, virtualization, DevOps and other IT trends, IAM has evolved from being a one-off project to an ongoing initiative.
Attention admins: If you use libSSH - one of the open-source flavors of Secure Shell, or SSH - patch now. The advice follows the disclosure of a vulnerability that one expert, Paul Ducklin of Sophos, terms "comically bad."
Warning: Attackers behind the recently revealed Facebook mega-breach may still be able to access victims' accounts at some third-party web services and mobile apps, and Facebook has offered no timeline for when a full lockdown might occur - although there are no signs of third-party account takeovers.
Security technology innovations entering the market are getting attached as features to an infrastructure that is fundamentally broken and an enforcement model that cannot operate in real time, says Matthew Moynahan, CEO at Forcepoint.
Intelligence adaptive authentication represents the latest advance in authentication and risk analysis - with a dose of machine learning - to help organizations authenticate users and battle fraud in real time, says OneSpan's Will LaSala.
Security thought leaders have long called for organizations to shift from a conventional "peacetime" view of cybersecurity to more of a "wartime" mindset. Aetna CSO Jim Routh now says it's time for enterprises to shift from conventional to unconventional security controls.
The FIN7 cybercrime gang regularly phoned victims, posing as buyers, to trick victims into opening phishing emails and attachments with malware, federal prosecutors allege. The group's success - 15 million stolen payment cards and counting - is one measure of how difficult these types of attacks are to block.