Cybercriminals are continuing to take advantage of unsecured Amazon S3 buckets, with RiskIQ researchers recently finding card skimming code and redirects to a long-running malvertising campaign infecting several websites.
A proposed class action lawsuit filed against an accounting firm in the wake of a 2019 ransomware incident that allegedly exposed patient data to potential cybercriminals serves as the latest reminder of the security and privacy risks posed by vendors.
As Roger Sels of BlackBerry assesses cybersecurity risk, he sees chaos - both cyber and endpoint chaos - as well as enterprises trying to defend automated attacks at human speed. It makes him ask: Isn't it time we rebooted our approach to cybersecurity risk prevention?
Perceived wisdom is that mobile voting will be open to significant opportunities for interception, manipulation and nation-state interference. Nimit Sawney, CEO of Voatz, describes the architecture of a secure mobile voting system.
Payment fraud continues to evolve during the COVID-19 pandemic, exploiting changing habits and behaviors of consumers. Melissa Gaddis of TransUnion, who has been tracking these changes, says one of the surprising changes concerns millennials: They're now fraudsters' top target.
An ongoing phishing campaign has targeted top officials at a German multinational company tasked with procuring personal protective equipment during the COVID-19 pandemic, according to IBM. While it's not clear if these attacks were successful, they contain the hallmarks of a nation-state group.
With internet connectivity getting added to an increasing number of products, privacy and security risks abound. But buyers may be unaware. A team of Carnegie Mellon University researchers aims to change that, by clear labeling of connected devices and the risks they may pose.
For an upcoming virtual roundtable, Alex Laurie of ForgeRock discusses the importance of digital identity management, the need for organizations to quickly and accurately register people, comply with privacy regulations and define and manage the level of risk involved.
Ransomware gangs keep innovating: Maze has begun leaking data on behalf of both Lockbit and RagnarLocker, while REvil has started auctioning data - from victims who don't meet its ransom demands - to the highest bidder. Thankfully, security experts continue to release free decryptors for some strains.
The prolific Maze ransomware gang has been tied to yet more attacks, including against Singapore-based defense contractor ST Engineering's North American subsidiary, VT San Antonio Aerospace. Separately, the ransomware gang breached systems at nuclear missile contractor Westech.
A robust customer identity and access management strategy is critical to digital success for today's financial institutions. Eugenio Pace of Auth0 and Paul Bedi of IDMWORKS discuss CIAM in the age of the remote worker.
Too many enterprises remain chained to outdated and vulnerable identity and access management technologies - legacy systems that rely on passwords, eat budgets and kill productivity. Baber Amin of Ping Identity and Cody Cook of ProofID preview a new virtual roundtable on Modern IAM.
Bobby Ford, CISO of Unilever, a multinational consumer goods firm, says the shift to a work-from-home environment requires an intensified focus on email security as well as identity and access management.
The latest edition of the ISMG Security Report sizes up progress made so far on identity management and the work yet to be done. Also featured: how security concerns are holding back IoT projects and the privacy issues raised by recording videoconferences.
How big is the step from humans using drones to kill other humans to building lethal autonomous weapons systems that can kill on their own? Ethically and technologically, that's a huge leap. But military planners are working to build what some call "killer robots." And the UN wants them banned.