For attackers, "credential stuffing" - using stolen usernames and passwords to log into any site for which a user reused their credentials - is the gift that keeps on giving, says security researcher Troy Hunt. Here's how organizations can mitigate the threat.
Leading the latest edition of the ISMG Security Report: An analysis of how distraction tactics were used during a $10 million SWIFT-related hack at Banco de Chile. Also, a wrapup of Infosecurity Europe.
Forrester recently surveyed 100 IT and IT security executives to understand the approaches and challenges your peers experience with user authentication and access management.
Curious to hear how you compare to your peers? Read the Forrester Report.
Although all the major credit card brands have dropped the requirement for obtaining signatures to verify point-of-sale transactions made with EMV payment cards, they're not pushing strongly for using PINs instead, leaving that authentication decision to card issuers, says Linda Kirkpatrick of Mastercard.
The geneology service MyHeritage says a security researcher found 92 million email addresses and hashed passwords for its users on a private external server. The company, however, says there's no evidence of abnormal account activity or indications family trees or DNA results were affected.
When fully automated, email authentication enforcement can be done in a seamless fashion that requires very little administrative work from the IT team.
Download this whitepaper and learn about these email authentication automation topics:
Accepting the reality of DNS as a legacy system;
Where manual processes go...
The Department of Homeland Security has yet again issued a warning about cybersecurity vulnerabilities in medical devices. These warnings have come after independent researchers, or the companies themselves, have reported the problems.
Some military health facilities haven't consistently implemented security controls, putting patient data at risk, according to a new watchdog agency report. But security experts say the weaknesses are quite common at civilian health facilities as well.
Data encryption, advanced authentication, digital signing and other cryptography-based security functions have come to play a vital role in organizations' cybersecurity and regulatory compliance initiatives.
To secure their digital assets effectively, organizations must protect their cryptographic keys, much like...
Payments are getting faster, and so is payments fraud. A robust fraud management strategy focusing on strong authentication, customer education and scalable responses can be instrumental in minimizing payment fraud risk.
Privacy regulations, user satisfaction concerns and the need to prevent data breaches are driving more organizations that must authenticate users to find "a better way of ensuring that people are who they are when they are accessing critical information," says Tony Smales, CEO of Forticode.
Ovum Research and Entrust Datacard experts discuss the transformation of identity and where it is headed.
Watch this video to learn more about:
Real-world examples of how organizations are embracing mobile and cloud platforms.
Despite the buzz about digital transformation, most enterprises remain overwhelmed by having to support and secure legacy technologies, says Mark Loveless of Duo Security. How can they simultaneously protect their legacy systems while securing their future?