PayPal is notifying 34,942 Americans that a hacker accessed their personal information during a two-day credential stuffing attack in early December. The San Jose, California-based company says it has not detected unauthorized transactions emanating from affected accounts.
Attackers have caught up with legacy multifactor authentication tools that use push technology or one-time passcodes, boosting the need for phishing-resistant MFA, says Jeremy Grant. In response, government officials such as CISA Director Jen Easterly have championed FIDO since it's mature and open.
Moving from certificate-based to FIDO authentication reduces overhead and complications for enterprises looking to move away from passwords, says Microsoft's Libby Brown. FIDO allows organizations to go passwordless by simply buying a FIDO key and turning it on in their Azure Active Directory.
Passwordless authentication will gain traction once it addresses edge cases such as logging into Netflix using a remote control, says Hypr CEO Bojan Simic. He shares how a QR code and a biometric identifier on a smartphone can transform the way someone accesses the Wi-Fi at a friend's house.
The FIDO2 standard has driven the adoption of multifactor authentication as well as the embrace of passkeys and conditional UI, says Superlunar's Nick Steele. FIDO2 will help users adopt passwordless flows while protecting websites with public key credentials in a way that hadn't been possible.
Darknet markets offering illegal drugs and fraudster tools and services are thriving, despite the constant threat of law enforcement infiltration, disruption, takedown and arrests. In response, multiple drug markets have launched customized Android apps to handle buying, selling and fulfillment.
Many ransomware-wielding attackers are expert at preying on their victims' compulsion to clean up the mess. Witness victims' continuing willingness to pay a ransom - separate to a decryptor - in return from a promise from extortionists that they will delete stolen data. As if.
According to Accenture Security's Cyber Threat Intelligence team, information stealer malware - malicious software designed to steal information, including passwords - became one of the most discussed malware types on the cybercriminal underground in 2022.
The latest edition of the ISMG Security Report shares tips for security leaders to navigate the threat landscape next year, discusses cybersecurity and privacy policy shifts to watch, and explains why global political and economic instability should not be cause for cybersecurity budgets to drop.
Information Security Media Group asked some of the industry's leading cybersecurity experts about the trends to watch in 2023. Responses covered a variety of emerging threats and evolving trends affecting security technologies, leadership and regulation. Here is a look at the year ahead.
Data resilience stalwarts Commvault, Rubrik and Cohesity have pulled ahead of rivals Veeam Software and Veritas atop the latest Forrester Wave. Commvault, Rubrik and Veritas took the gold, silver and bronze, respectively, for the strength of their current data resilience offerings.
The attack earlier this year that compromised systems and data at LastPass is more extensive than the password management software provider previously revealed. LastPass says the attacker downloaded from the cloud backups of multiple users' encrypted password vaults, as well as unencrypted URLs.
With so many cybersecurity technologies and services available, how do organizations get started with evaluating the managed detection and response option that is right for them? Lyndon Brown of Pondurance weighs in on how to select the MDR provider that fits your needs best.
As the world looks into adapting 5G and studying 6G, satellite IoT is opening a new front for connectivity. There will be a demand for more LEO-based satellites for low-power communication, and these satellites will require completely new kinds of security, says Krishnamurthy Rajesh of GreyOrange.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.