Air Canada is forcing 1.7 million mobile app account users to reset their passwords after it detected unusual login behavior that it says may have exposed 20,000 accounts, including passport information. But the company is enforcing password complexity rules that experts advise against.
Microsoft appears set to patch a zero-day local privilege escalation vulnerability after a researcher published proof-of-concept exploit code for the flaw. That's a relatively rare turn of events these days, owing to Microsoft's bug bounty program rules.
Three months after the EU's General Data Protection Regulation went into full effect, the U.K.'s data privacy watchdog says that the number of data protection complaints it has received from individuals has nearly doubled.
Managing the cost of compliance is becoming an increasing concern for financial institutions. The dearth of experienced compliance professionals, the growing influence of big data, and escalating risk are contributing to the challenges these organizations face. There are proven strategies that can be executed to...
Industry analysts first coined the term Identity-as-a-Service, IDaaS in 2006. But today, the vast majority of IDaaS implementations still focus on the "A" - access management - leaving organizations to piece together the rest. IBM's Michael Bunyard discusses how to put "Identity" back in IDaaS.
Cloud services are a pillar of a digital transformation,
but they have also become a thorn in the side of
security architects. As data and applications that were
once behind the enterprise firewall began roaming
free-on smartphones, between Internet-of-Things
(IoT) devices, and in the cloud-the threat...
We're in an era of fastpaced
digital transformation that broadens the attack surface, increases workloads, and pushes the
complexity of security management to new heights. All while, the threat landscape is becoming
increasingly more difficult to defend against. While operational teams in the Network Operations...
Unprotected web-based applications are often the easiest point of entry for hackers and
are vulnerable to a number of attack techniques. Traditional technologies, including firewalls
and intrusion prevention systems (IPS), cannot provide complete protection from these
threats. Web application firewalls (WAFs) have...
SamSam has taken in nearly $6 million in ransom, and its victims have
been diverse. They haven't all been healthcare and government agencies,
as has been reported in a lot of the media - the majority of the victims were
actually regular private-sector businesses.
The takeaway: Everyone needs to be careful because...
A previously unnamed U.S. energy company that agreed to a record $2.7 million settlement after it left 30,000 records about its information security assets exposed online for 70 days in violation of energy sector cybersecurity regulations has been named as California utility PG&E.
Public cloud use is increasing as organizations leverage IaaS environments to improve operational agility and increase efficiency.
However, security teams are still struggling to maintain security visibility of dynamic, IaaS computing environments due to decentralization of IT, the expanding cloud attack surface,...
A website that appeared to be part of a phishing campaign designed to gain access to the Democratic National Committee's voter database has turned out to be part of an uncoordinated security exercise. The false alarm has highlighted the benefit of actively monitoring for election interference.