Apple previously scuttled plans to add end-to-end encryption to iCloud backups, Reuters reports, noting that such a move would have complicated law enforcement investigations. But the apparent olive branch hasn't caused the U.S. government to stop vilifying strong encryption and the technology giants that provide it.
Proof-of-concept code has been released to exploit a severe Citrix vulnerability present in tens of thousands of enterprises. Citrix says it's developing permanent patches but that enterprises should use its mitigation guidance. In the meantime, attackers are hunting for vulnerable machines.
An advanced persistent threat espionage campaign with suspected ties to the Chinese government quietly targeted businesses and governments in 10 countries for two years, bypassing two-factor authentication, according to a report by Fox-IT.
To help enhance security, Firefox extension developers will be required to set up their accounts to support two-factor authentication beginning early next year, Mozilla, the open source community that supports the browser, has announced.
One of the largest fines to date for violating the EU's General Data Protection Regulation has been announced by Germany's federal privacy and data protection watchdog, the BfDI, against 1 & 1 Telecommunications, in part for inadequate authentication mechanisms. The company plans to appeal.
Multifactor authentication is gaining traction - but it also is causing additional user friction when deployed poorly. No matter whose research you cite, a startling high percentage of recent breaches are the result of stolen or weak credentials. Yet, enterprises still struggle to take advantage of multifactor...
Twitter users no longer have to supply a phone number in order to use two-step verification for authentication. The move will better protect accounts from SIM hijacking attempts and also means users don't have to sacrifice some of their privacy to enable a security feature.
Cyber threat actors are trans-national, well-funded and highly organized, they are utilizing leading-edge technology to attack merchants and stealing data at a large scale. Join us as we walk you through our research on what happens after the attacks. We will highlight when that stolen payment card data appears on the...
The healthcare sector is especially susceptible to ever-evolving cybercrimes, says attorney Jason G. Weiss, a former FBI special agent and forensics expert, who describes critical steps to take to avoid falling victim.
Agile environments benefit from development platforms and open-source software, but that also raises the risks of attacks seeded in those supply chains, says Chet Wisniewski of Sophos, who describes steps that organizations can take to mitigate the risks.
Now that the deadline for all e-commerce card-based transactions in the EU to comply with the new PSD2 "strong customer authentication" requirement has officially been extended to Dec. 31, 2020, authorities are emphasizing the need to make a smooth, uniform migration to the new forms of authentication.
Passwords have failed, so what's next?
Password security is one of the most important issues facing information security today, and multi-factor authentication (MFA) technology mitigates the risk of password-only security today when providing access to corporate networks. But unfortunately, traditional MFA...
Passwords are no longer sufficient to secure logins, with 81% of breaches involving weak or stolen passwords. Multi-factor authentication (MFA) protects users from attacks by ensuring that only the intended, authorized users can access critical, secure information.
Download this whitepaper to learn:
Identity attacks such as phishing, credential stuffing, and brute-force-attacks are increasingly common and sophisticated methods for committing account takeovers. These attacks result in increased security risks, brand damage, and outright fraud.
Download this whitepaper to learn how to keep attackers at bay...