Phishing is the number one way to compromise accounts, and Google's Christiaan Brand says passkeys have emerged as a great technical solution to the issue. He wants to ensure what FIDO Alliance has built benefits and is relevant to how Google wants to see passkeys implemented for its own accounts.
The LockBit group has gone from denying it had any involvement in the ransomware attack on Britain's Royal Mail to trying to bargain for a ransom. The ransomware group's site now lists Royal Mail as a victim and demands it pay a ransom or see stolen data get dumped.
Security practitioners are putting cognitive psychology and customer experience at the forefront of new product development in a push for usability, says Trusona's Kevin Goldman. Getting user experience designers familiar with products allows them to speak meaningfully with the security team.
The guardrails organizations use to protect employee identities are often ineffective for contractors, business partners or vendors since they bring their own devices. Many businesses struggle to implement identity safeguards in a setting that's more heterogeneous and offers fewer controls.
Bad news for ransomware groups: Experts find it's getting tougher to earn a crypto-locking payday at the expense of others. The bad guys can blame a move by law enforcement to better support victims, and more organizations having robust defenses in place, which makes them tougher to take down.
PayPal is notifying 34,942 Americans that a hacker accessed their personal information during a two-day credential stuffing attack in early December. The San Jose, California-based company says it has not detected unauthorized transactions emanating from affected accounts.
Attackers have caught up with legacy multifactor authentication tools that use push technology or one-time passcodes, boosting the need for phishing-resistant MFA, says Jeremy Grant. In response, government officials such as CISA Director Jen Easterly have championed FIDO since it's mature and open.
Moving from certificate-based to FIDO authentication reduces overhead and complications for enterprises looking to move away from passwords, says Microsoft's Libby Brown. FIDO allows organizations to go passwordless by simply buying a FIDO key and turning it on in their Azure Active Directory.
Passwordless authentication will gain traction once it addresses edge cases such as logging into Netflix using a remote control, says Hypr CEO Bojan Simic. He shares how a QR code and a biometric identifier on a smartphone can transform the way someone accesses the Wi-Fi at a friend's house.
The FIDO2 standard has driven the adoption of multifactor authentication as well as the embrace of passkeys and conditional UI, says Superlunar's Nick Steele. FIDO2 will help users adopt passwordless flows while protecting websites with public key credentials in a way that hadn't been possible.
Darknet markets offering illegal drugs and fraudster tools and services are thriving, despite the constant threat of law enforcement infiltration, disruption, takedown and arrests. In response, multiple drug markets have launched customized Android apps to handle buying, selling and fulfillment.
Cybercrime on a global scale is spiraling out of control, and one industry above all seems to be in the crosshairs often: healthcare. Javvad Malik of KnowBe4 discusses how to improve a healthcare organization's security culture and the security awareness of its employees.
Many ransomware-wielding attackers are expert at preying on their victims' compulsion to clean up the mess. Witness victims' continuing willingness to pay a ransom - separate to a decryptor - in return from a promise from extortionists that they will delete stolen data. As if.
According to Accenture Security's Cyber Threat Intelligence team, information stealer malware - malicious software designed to steal information, including passwords - became one of the most discussed malware types on the cybercriminal underground in 2022.
The latest edition of the ISMG Security Report shares tips for security leaders to navigate the threat landscape next year, discusses cybersecurity and privacy policy shifts to watch, and explains why global political and economic instability should not be cause for cybersecurity budgets to drop.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.