Air Canada is forcing 1.7 million mobile app account users to reset their passwords after it detected unusual login behavior that it says may have exposed 20,000 accounts, including passport information. But the company is enforcing password complexity rules that experts advise against.
Microsoft appears set to patch a zero-day local privilege escalation vulnerability after a researcher published proof-of-concept exploit code for the flaw. That's a relatively rare turn of events these days, owing to Microsoft's bug bounty program rules.
Industry analysts first coined the term Identity-as-a-Service, IDaaS in 2006. But today, the vast majority of IDaaS implementations still focus on the "A" - access management - leaving organizations to piece together the rest. IBM's Michael Bunyard discusses how to put "Identity" back in IDaaS.
Machine data and machine learning have the potential to connect disparate data sources, enabling better fraud detection and prevention, says Matthew Joseff of Splunk, who highlights real-world examples of fighting fraud with better data.
T-Mobile has suffered a breach that may have exposed personal data for 2.3 million of its 77 million customers, and one security researcher says the hacker appears to be keen to sell the stolen data.
The Srikrishna Committee's recommendation in its draft of a data protection bill that foreign companies be required to only store domestically certain "critical" data of Indians is impractical and will not help prevent breaches.
Too many organizations leverage advanced threat intelligence merely to detect indicators of compromise. But Brian Hussey of Trustwave wants to help them mine actionable threat intelligence to truly bolster enterprise defenses.
Unsupervised machine learning is essential to mitigate the sophisticated cross-channel fraud techniques attackers are using to take advantage of the multiple silos and security gaps at financial institutions, says ThetaRay's James Heinzman
Apache has released an emergency fix for its Struts web application framework to patch a flaw that attackers can exploit to take full control of the application. Some incident response experts, based on the severity of breaches they've investigated, recommend dropping Struts altogether.
Microsegmentation is an effective way for defenders to limit the amount of access an attacker has inside a data center and stop lateral movement, says Stanley Hsu of Illumio.
Blockchain has potential for identity-based applications, but there are many aspects of identity and access management that a blockchain alone doesn't solve, says Ian Yip of McAfee.
Artificial intelligence can be used to create a model of an organization's infrastructure that can make detecting ransomware easier, says Alberto Pelliccione of ReaQta.
The quality and completeness of data is key to being able to perform meaningful analytics to detect malicious events, says Damien Smith of Australia's ANZ Bank.
Business intelligence technologies are increasingly being used with artificial intelligence to extract events that defenders need to know about, says Anurag Sanghai of Intellicus.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.