If you browsed the latest security headlines, you'd probably think the majority of data breaches were related to hackers, political activists, malware or phishing. While the latter two hint at it, the truth is that nearly half of all data breaches can be traced back to insiders in some capacity.
After a year of brainstorming on blockchain technology, Microsoft says it will add support in its Authenticator app for a decentralized identity system that's designed to put users in control of their personal information.
Following the alert over Meltdown and Spectre vulnerabilities, the U.K. Information Commissioner's Office is warning that failures to patch today could be punished with fines under GDPR once enforcement of the data protection law begins later this year.
Two-factor authentication solutions face two problems: They are not widely adopted, and attackers find them far too easy to crack. What's the answer? New risk-based multifactor solutions, says Jim Wangler of SecureAuth.
The face-off between security researchers and biometric authentication continues, with a group from Vietnam claiming to have fooled the facial-recognition system, called Face ID, that's built into Apple's latest iPhone by using a handmade mask that includes 3D printouts and a silicone nose.
Many enterprises use remote desktop protocol to remotely administer their PCs and mobile devices. But security experts warn that weak RDP credentials are in wide circulation on darknet marketplaces and increasingly used by ransomware attackers.
A new directive from the U.S. Department of Homeland Security elevates federal agencies' email security to the DMARC standard that's widely adopted by commercial email providers, including Google, Yahoo and Microsoft.
A Belgian security researcher has discovered a "serious weakness" in the WPA2 security protocols used to encrypt many WiFi communications. Attackers can exploit the flaws to eavesdrop as well as potentially inject code such as malware or ransomware into WiFi-connected systems. Prepare for patches.
In response to nation-state attackers targeting its account users, Google reportedly is planning to offer stronger authentication to politicians, corporate executives and other at-risk individuals as part of a service called the Advanced Protection Program.