Step away from the social media single sign-on services, cybersecurity experts say, citing numerous privacy and security risks. Instead, they recommend that everyone use password managers to create unique and complex passwords for every site, service or app they use.
While Facebook has invalidated 90 million users' single sign-on access tokens following a mega-breach, researchers warn that most access token hijacking victims still lack any reliable "single sign-off" capabilities that will revoke attackers' access to hyper-connected web services and mobile apps.
Facebook says that whoever hacked 50 million user accounts, putting the privacy of those users' personal data at risk, did so by abusing its "View As" privacy feature. Facebook says the attack successfully targeted three separate bugs in its video-uploading functionality.
U.K. health and beauty retailer Superdrug Stores is warning customers that attackers may have compromised some of their personal information, apparently because they'd reused their credentials on other sites that were hacked. While Superdrug quickly notified victims, it stumbled in three notable ways.
The Forum of Incident Response and Security Teams recently announced the release of new training resources to help organizations build and improve product security incident response teams. Damir "Gaus" Rajnovic of FIRST discusses the global need for these resources.
The hacking of an email account of a medical clinic employee during travels overseas demonstrates the risks posed to data when workers travel. Security experts offer insights on mitigating those risks.
Getting employees involved in data security requires explaining the benefits, such as avoiding service interruptions, says Paul Bowen of Arbor Networks, who offers insights on making security part of the daily routine.
It's a fair question: Can you trust the fraud advice you're given from a former fraudster? Especially one who's betrayed law enforcement before? Brett Johnson says he's abandoned crime for good, and he shares insight on the types of fraud schemes he once practiced.
Leading the latest edition of the ISMG Security Report: Cybersecurity expert Brian Honan provides insights on why organizations that are not yet compliant with GDPR need to focus on several key steps. Also: An assessment of the progress women are making in building careers in information security.
Cybersecurity challenges and solutions have evolved greatly since 2002. And so has the Executive Women's Forum, which was founded that year to advance female leaders in the profession. Founder Joyce Brocaglia reflects on the forum's accomplishments and challenges.
Spectre and Meltdown: It's déjà vu all over again as Intel is reportedly prepping a coordinated vulnerability disclosure announcement for eight new speculative execution flaws. One of the new flaws is apparently worse than any of the three Spectre/Meltdown variants that came to light in January.
What can be done to address the shortage of personnel to fill the ever-expanding roster of cybersecurity jobs - from entry-level positions through the CISO role? (ISC)2's John McCumber describes organizational and governmental efforts to lower barriers to entry and build tomorrow's workforce.
Great news: "SunTrust to offer free identity protection ... at no cost on an ongoing basis." Of course, nothing comes for free, at least for 1.5 million customers of the Atlanta bank, whose personal details may have been sold to criminals by a former employee.
Employees are the first line of defense for any organization, and Paul Bowen of Arbor Networks believes we don't do nearly enough to deputize them to support our security efforts. He offers tips for using technology to train end users.
Australia's real-time payments platform, which launched last week, includes a feature designed to reduce fraud and erroneous payments. Ironically, the feature may also expose users to social engineering attacks.