Forget "whitelists" and "blacklists" in cybersecurity. So recommends Britain's National Cyber Security Center, in a bid to move beyond the racial connotations inherent to the terminology. Henceforth, NCSC - part of intelligence agency GCHQ - will use the terms "allow list" and "deny list." Will others follow?
Over the course of three days, ISMG and SecureAuth teamed up for a series of virtual roundtable discussions on the future of identity security. Bil Harmer of SecureAuth reflects on these discussions and how they inform his view of the factors influencing both the present and future of identity.
The Department of Health and Human Services has yet to implement dozens of "high priority" recommendations, including several related to enhancing its cybersecurity and reducing the risk of fraud, according to a new report from the GAO, which made the recommendations.
Declaring that threats to the United States' power grid are a national emergency, President Donald Trump is taking steps designed to help defend the grid from foreign interference by focusing on the supply chain.
Gamers are poring over a massive leak of Nintendo data, including source code for older gaming systems, prototypes of games and extensive software and hardware documentation. The data likely dates from a 2018 network intrusion at Nintendo.
In an apparent attempt to spread TrickBot malware, cybercriminals are sending fake emails designed to look like notifications from the Labor Department concerning changes to the Family and Medical Leave Act, according to IBM X-Force.
Done right, a zero trust architecture can reduce the complexity of one's environment while also improving cybersecurity protection and efficiency. Bob Reny of ForeScout focuses on three critical considerations: visibility, compliance and control.
Technology is no panacea, including for combating COVID-19. While that might sound obvious, it's worth repeating because some governments continue to hype contact-tracing apps. Such apps won't magically identify every potential exposure. But they could make manual contact-tracing programs more effective.
A recently uncovered phishing campaign is spoofing notifications from Microsoft's Teams collaboration platform in order to harvest Office 365 credentials from employees working from home offices because of the COVID-19 pandemic, according to research from Abnormal Security.
The Cybersecurity and Infrastructure Security Agency is reminding government agencies to continue using an approved DNS resolution service at a time when a large portion of the federal workforce has been shifted to home offices because of the COVID-19 pandemic.
A sophisticated, highly targeted phishing campaign has hit high-level executives at more than 150 businesses, stealing confidential documents and contact lists, says security firm Group-IB. The campaign, which targets Office 365 users, appears to trace to attackers operating from Nigeria and South Africa.
Researchers are seeing a spike in opportunism by fraudsters and cybercriminals seeking to profit from the COVID-19 crisis. Underground online markets are offering a range of pandemic-related goods, from face masks to fraudulent vaccines.
The shift to working at home is opening the door to cybersecurity incidents. Some 23% of respondents to a small survey conducted by the training organization (ISC)2 say their organization has experienced an increase in cybersecurity incidents since transitioning to remote work.