PayPal is notifying 34,942 Americans that a hacker accessed their personal information during a two-day credential stuffing attack in early December. The San Jose, California-based company says it has not detected unauthorized transactions emanating from affected accounts.
Essential reading for network defenders: CircleCI's report into its recent breach, which began when malware infected an engineer's laptop. After stealing "a valid, 2FA-backed" single sign-on session cookie, attackers stole customers' secrets and gained unauthorized access to third-party systems.
Attackers have caught up with legacy multifactor authentication tools that use push technology or one-time passcodes, boosting the need for phishing-resistant MFA, says Jeremy Grant. In response, government officials such as CISA Director Jen Easterly have championed FIDO since it's mature and open.
Moving from certificate-based to FIDO authentication reduces overhead and complications for enterprises looking to move away from passwords, says Microsoft's Libby Brown. FIDO allows organizations to go passwordless by simply buying a FIDO key and turning it on in their Azure Active Directory.
Gen Digital, owner of the Norton LifeLock brand, is notifying more than 6,000 U.S. individuals that hackers might have the valid credentials for logging onto their Norton Password Manager after the company detected a credential stuffing attack in December.
Passwordless authentication will gain traction once it addresses edge cases such as logging into Netflix using a remote control, says Hypr CEO Bojan Simic. He shares how a QR code and a biometric identifier on a smartphone can transform the way someone accesses the Wi-Fi at a friend's house.
The FIDO2 standard has driven the adoption of multifactor authentication as well as the embrace of passkeys and conditional UI, says Superlunar's Nick Steele. FIDO2 will help users adopt passwordless flows while protecting websites with public key credentials in a way that hadn't been possible.
Sift has landed top Ping Identity lieutenant Kris Nagel as its new CEO and tasked him with driving more account takeover and bot detection engagements. The San Francisco-based digital trust and safety vendor has directed Nagel to build out more technology partnerships in the fraud community.
Authentication, that foundational control upon which virtually all other cybersecurity measures rely, tends to be a complex, cumbersome workload in the enterprise. Using multiple solutions creates silos – and ultimately inefficient administration, end-user frustration, and risk.
Contemporary enterprises are...
SailPoint has made its first acquisition since joining Thoma Bravo, scooping up a third-party identity risk startup established by a Massachusetts Air National Guard veteran. Buying SecZetta will give customers more visibility into employee, third-party contractor and temporary worker identities.
Simeio has added SailPoint and IBM to its identity and access management line card through the purchase of identity services provider PathMaker Group. The first acquisition in its 17-year history will give Simeio access to senior-level personnel with deep knowledge in identity governance.
Appgate has promoted CISO and Federal President Leo Taddeo to CEO and tasked him with capturing zero trust deployment opportunities with the U.S. Defense Department. Appgate has tapped Taddeo to help the Defense Department grant access to users based on context as part of a new zero trust strategy.
A class action lawsuit against LastPass alleges that a data breach in August resulted in the theft of $53,000 in bitcoin. An unnamed plaintiff alleges that negligence in the password management company's data security practices led to the Thanksgiving weekend theft.
High risk users are the top quartile of users in an organization who have had at least one instance of risky behavior or event. They are responsible for 41% of all simulated phishing clicks, 42% of all malware events, and 54% of all secure-browsing incidents.
View this webinar to learn more about:
Over the last few years, cloud acceleration, security threats, and constant technology transformation, bombarded enterprises. For many, inflexible IGA technology worsened the challenges brought on by constant business shifts. The lack of comprehensive identity controls or policies puts organizations at risk.