For attackers, "credential stuffing" - using stolen usernames and passwords to log into any site for which a user reused their credentials - is the gift that keeps on giving, says security researcher Troy Hunt. Here's how organizations can mitigate the threat.
Leading the latest edition of the ISMG Security Report: An analysis of how distraction tactics were used during a $10 million SWIFT-related hack at Banco de Chile. Also, a wrapup of Infosecurity Europe.
Although all the major credit card brands have dropped the requirement for obtaining signatures to verify point-of-sale transactions made with EMV payment cards, they're not pushing strongly for using PINs instead, leaving that authentication decision to card issuers, says Linda Kirkpatrick of Mastercard.
The geneology service MyHeritage says a security researcher found 92 million email addresses and hashed passwords for its users on a private external server. The company, however, says there's no evidence of abnormal account activity or indications family trees or DNA results were affected.
The Department of Homeland Security has yet again issued a warning about cybersecurity vulnerabilities in medical devices. These warnings have come after independent researchers, or the companies themselves, have reported the problems.
Some military health facilities haven't consistently implemented security controls, putting patient data at risk, according to a new watchdog agency report. But security experts say the weaknesses are quite common at civilian health facilities as well.
Payments are getting faster, and so is payments fraud. A robust fraud management strategy focusing on strong authentication, customer education and scalable responses can be instrumental in minimizing payment fraud risk.
Privacy regulations, user satisfaction concerns and the need to prevent data breaches are driving more organizations that must authenticate users to find "a better way of ensuring that people are who they are when they are accessing critical information," says Tony Smales, CEO of Forticode.
Despite the buzz about digital transformation, most enterprises remain overwhelmed by having to support and secure legacy technologies, says Mark Loveless of Duo Security. How can they simultaneously protect their legacy systems while securing their future?
How might blockchain improve digital identity proofing in the healthcare sector? The National Health Information Sharing and Analysis Center and security vendor Trusted Key are testing that out with a proof-of-concept application.
New PCI requirements that go into effect June 30 are pushing payment card acquirers, processors, gateways and service providers worldwide to implement more secure encryption protocols for transactions. But are they ready?