Apple previously scuttled plans to add end-to-end encryption to iCloud backups, Reuters reports, noting that such a move would have complicated law enforcement investigations. But the apparent olive branch hasn't caused the U.S. government to stop vilifying strong encryption and the technology giants that provide it.
In light of rising tensions between the U.S. and Iran, the Association of Executives in Healthcare Information Security recently issued new data security guidance to help the healthcare sector prepare for potential nation-state attacks, says CISO Christopher Frenz, one of the document's authors.
Proof-of-concept code has been released to exploit a severe Citrix vulnerability present in tens of thousands of enterprises. Citrix says it's developing permanent patches but that enterprises should use its mitigation guidance. In the meantime, attackers are hunting for vulnerable machines.
Adopting the policies in NIST 800-171 brings multiple security-related benefits, including best practices for data access policies, reduced risk of data breaches and insider threats, and a scalable approach to protecting sensitive data.
One of the largest fines to date for violating the EU's General Data Protection Regulation has been announced by Germany's federal privacy and data protection watchdog, the BfDI, against 1 & 1 Telecommunications, in part for inadequate authentication mechanisms. The company plans to appeal.
Multifactor authentication is gaining traction - but it also is causing additional user friction when deployed poorly. No matter whose research you cite, a startling high percentage of recent breaches are the result of stolen or weak credentials. Yet, enterprises still struggle to take advantage of multifactor...
Twitter users no longer have to supply a phone number in order to use two-step verification for authentication. The move will better protect accounts from SIM hijacking attempts and also means users don't have to sacrifice some of their privacy to enable a security feature.
U.S. Senator Ron Wyden is pushing the Federal Communications Commission to ensure that wireless carriers build new security measures, such as encryption and authentication, into 5G networks as they're rolled out over the next several years.
The latest edition of the ISMG Security Report offers an in-depth analysis of how to prevent data exposure in the cloud. Plus: why PCI's new contactless payment standard lacks PINs, and how to go beyond the hype to accurately define "zero trust."
Identity attacks such as phishing, credential stuffing, and brute-force-attacks are increasingly common and sophisticated methods for committing account takeovers. These attacks result in increased security risks, brand damage, and outright fraud.
Download this whitepaper to learn how to keep attackers at bay...
IT teams want to provision their workforces to cloud and on-prem apps with ease while avoiding unnecessary manual work. Employees want to move past the frustration of individual daily sign-ons. What's needed is a single solution that simultaneously automates provisioning for IT teams while simplifying sign-ins for...
What is a "reasonable" response to a cyber incident? Following a recent roundtable dinner discussion of the topic, Jonathan Nguyen-Duy of Fortinet discusses getting cyber right.
Nation-state attackers have been targeting known flaws that customers have yet to patch in their Pulse Secure, Palo Alto and Fortinet VPN servers, Britain's National Cyber Security Center warns, adding that any organization that didn't immediately apply patches should review logs for signs of hacking.
Users are often lax about their own passwords to the dismay of many employers and organizations they transact with. Strong authentication is critical and organizations must be careful about security measures for their online customer transaction accounts - but when users become too frustrated during the login process...
The sheer number and destructive nature of recent data breaches is both alarming and discouraging - but there's still cause to be hopeful. Nearly three-quarters of these attacks were due to the same vulnerability: weak or stolen credentials.
Download this white paper to learn:
What are strong authentication...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.
