While Facebook has invalidated 90 million users' single sign-on access tokens following a mega-breach, researchers warn that most access token hijacking victims still lack any reliable "single sign-off" capabilities that will revoke attackers' access to hyper-connected web services and mobile apps.
One mystery with the recently discovered payment card sniffing attacks against such organizations as British Airways and Newegg has been how attackers might have first gained access to the victims' networks. But a number of cybercrime markets sell such access, in some cases for as little as 50 cents.
Security technology innovations entering the market are getting attached as features to an infrastructure that is fundamentally broken and an enforcement model that cannot operate in real time, says Matthew Moynahan, CEO at Forcepoint.
With less than three months to go until the U.S. midterm elections, Alex Stamos, until recently Facebook's CSO, says there isn't time to properly safeguard this year's elections. But here's what he says can be done in time for 2020.
U.K. health and beauty retailer Superdrug Stores is warning customers that attackers may have compromised some of their personal information, apparently because they'd reused their credentials on other sites that were hacked. While Superdrug quickly notified victims, it stumbled in three notable ways.
A cryptocurrency investor is suing AT&T for $240 million, alleging he lost $24 million in virtual currency after the carrier failed to stop two separate attacks where his phone number was commandeered by attackers. The incident highlights the dangers of using a phone number as an authentication channel.
Forty-eight percent of customers drop the products and services of organizations that have had a publicly-disclosed data breach. This is but one of the findings of the new 2018 Global State of Online Digital Trust study commissioned by CA Technologies. CA's David Duncan analyzes the results.
Early experiments are demonstrating how blockchain, the distributed and immutable ledger behind virtual currencies, potentially could play an important role in identity management, says Avivah Litan, a Gartner Research analyst who will be a featured speaker at ISMG's Security Summit Aug. 14-15 in New York.
This edition of the ISMG Security Report includes an analysis by Executive Editor Matthew J. Schwartz on President Donald Trump's changing views on election meddling, plus an update on voter data being accidently exposed by a robocalling company.
As organizations are seeing higher numbers of people working remotely, including parts of their IT team, the need for stronger endpoint management is even more important. Automating routine tasks can also be great for business as it drives key business growth by increasing productivity through the automation of of...
Blockchain, the digital ledger used for cryptocurrency, can serve as an effective identity management platform, asserts Chris Boscolo, CEO of ZNO Labs, who describes an approach he calls "self-sovereign identity."
An Australian company that issues identity cards for access to airports has been notifying applicants and cardholders that their personal information may have been compromised, according to a news report. Australian federal police are investigating.
Humana is notifying individuals in multiple states that the company was a recent target of an "identity spoofing attack" that potentially compromised personal information of its members, including those participating in the health insurer's Go365 wellness programs.