The FIDO Alliance, which is developing and promoting authentication standards designed to help reduce reliance on passwords, has unveiled user experience guidelines and new FIDO2 standards enhancements, says Andrew Shikiar, executive director.
Ransomware-wielding criminals continue to hone their illicit business models, as demonstrated by the strike against customers of Kaseya. A full postmortem of the attack has yet to be issued, but one question sure to be leveled at the software vendor is this: Should it have fixed the flaw more quickly?
The REvil ransomware operation behind the massive attack centering on Kaseya, which develops software used by managed service providers, has offered to decrypt all victims - MSPs as well as their customers - for $70 million in bitcoins. Experts note this isn't the first time REvil has hit MSPs, or even Kaseya.
U.S. President Joe Biden has ordered federal intelligence agencies to investigate the incident involving IT management software vendor Kaseya. Attackers reportedly compromised Kaseya's remote monitoring system, VSA, potentially affecting scores of managed service providers and their clients.
Since Friday afternoon, Mark Loman of Sophos has been immersed in studying the scope and impact of the ransomware attack spread through Kaseya VSA's remote management platform. And he's learned enough about it to say without reservation: This the largest ransomware attack he's seen.
Failure to take basic security steps - such as avoiding using end-of-life software and default passwords - can create serious national security risks, CISA stresses. The agency is in the early stages of developing a catalog of "bad practices" that should be avoided.
Google says it's investigating how a text advertisement was injected into SMS messages containing two-step verification security codes. The text advertisement contained a link that redirected to a VPN product from antivirus vendor Avira.
The University Medical Center of Southern Nevada acknowledged it had been the victim of a cyberattack after a newspaper discovered stolen data had been posted on the darknet site of ransomware-as-a-service gang REvil.
In a multinational effort led by the Dutch National Police, authorities seized servers and web domains used by DoubleVPN, a Russia-based company that allegedly provided a safe operating infrastructure for cybercriminals, according to Europol.
The Justice Department has filed seven new criminal charges against Paige Thompson, who is suspected of hacking Capital One in 2019, compromising the data of 100 million Americans, including exposing hundreds of thousands of Social Security numbers. If convicted, She now faces a possible 20-year sentence.
During the past year-plus of digital transformation, we've seen many enterprises not just migrate to the cloud, but to hybrid cloud environments. Yet, David Hill of Veeam says there are two security measures often overlooked: data portability and protection.
Taiwanese networking device manufacturer Zyxel is notifying customers about an ongoing series of attacks on some of its enterprise firewall and VPN products and is advising users to maintain proper remote access security policies as it prepares a hotfix.
The saga around how scores of aging Western Digital NAS devices were remotely erased has deepened with the discovery of a new, unknown software vulnerability. The situation underscores the problems of still-used devices that have been abandoned by manufacturers.