The situation at LastPass keeps getting worse: The company says hackers implanted keylogger software on a DevOps employee's home computer to obtain access to the corporate vault. Customer vault data can be decrypted only with the end user master password, which LastPass doesn't store.
According to Gartner Research, nearly half of IGA projects are in distress, and some fail to get off the ground entirely due to identity data quality and accessibility challenges.
All identity projects must start with an understanding of all requirements. Getting this data right is at the heart of a successful...
Fraud is a growing industry globally. According to research from Technology Research Institute, businesses are seeing more than 50% of their new user accounts with false or incorrect data and an increase in fraud losses over the past 12 months.
Part of the reasons is because many businesses in Asia Pacific...
A few months after its release, attackers are already exploring ways to leverage ChatGPT’s ability to generate custom code and humanlike writing in response to prompts. Security researchers are anticipating that ChatGPT will only add to the volume and velocity of attacks, both new and repurposed.
But...
Twitter says it will turn off SMS second-factor authentication for all but paying customers starting March 20 in a decision provoking concerns that many customers will be less secure than before. Twitter says 2.6% of active Twitter accounts have activated second-factor authentication.
Organizations across every industry are failing to address Active Directory (AD) security gaps that can leave them open to cyberattacks, according to results from a survey of IT and security leaders who have deployed the Purple Knight free AD security assessment tool in their environments.
Read the Purple Knight...
Most Fortune 1000 companies use Active Directory or Azure AD—and AD is involved in ~90% of cyberattacks. How can you protect your organization?
Download this guide to learn more about:
Following identity best practices in 2023;
Restricting privileged access;
Using SID filtering or selective...
Before healthcare entities can promise advanced identity and access management technologies and practices, their IAM programs need to address important fundamentals, which many entities still struggle with due to the complexity of healthcare itself, says Erik Decker, CISO of Intermountain Health.
Identity verification and lack of WebAuthn implementation in legacy applications and smartphones are two of the biggest challenges associated with adopting FIDO authentication. Merck Germany's Andreas Pellenghar also says the current setup of jumping to a browser to log in is turning people off.
Reddit says hackers penetrated its internal systems via a phishing attack but that user passwords and accounts appear safe. The self-proclaimed "front page of the internet" says the hackers gained access to its internal documents, code and some internal business systems.
Phishing is the number one way to compromise accounts, and Google's Christiaan Brand says passkeys have emerged as a great technical solution to the issue. He wants to ensure what FIDO Alliance has built benefits and is relevant to how Google wants to see passkeys implemented for its own accounts.
CyberArk will promote Matt Cohen, 47, to CEO on April 3. Cohen, who is credited with optimizing CyberArk's go-to-market organization and leading its transition to a subscription business model, will replace Udi Mokady, 54, who co-founded CyberArk in 1999 and has served as its CEO since 2005.
Cybersecurity leaders must address high levels of complexity regarding authentication and identity security – in fact, 70% say they are overwhelmed by their authentication practices. A survey conducted by Censuswide explore why, as how to get ahead of the challenge.
Download the latest consensus from...
Security practitioners are putting cognitive psychology and customer experience at the forefront of new product development in a push for usability, says Trusona's Kevin Goldman. Getting user experience designers familiar with products allows them to speak meaningfully with the security team.
Organizations today struggle with both new attack surface challenges such as cloud configuration and exposed buckets and long-standing ones around vulnerable ports and infrastructure. CEO George Kurtz says CrowdStrike's recent purchase of Reposify will help customers defend their priority assets.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.