In the latest weekly update, ISMG editors discuss the implications of the former Uber CSO's guilty verdict for the rest of the industry, the growing problem of keyless car theft, and the latest progress toward a passwordless future revealed at the annual FIDO Alliance conference.
Palo Alto Networks has scaled back its M&A ambitions, walking away from a $600 million deal for Apiiro in favor of buying Cider Security for $200 million. Palo Alto says it abandoned the negotiations over irreconcilable differences in the valuation of Apiiro's code risk platform business.
If remote access to corporate networks is only as secure as the weakest link, only some dreadfully weak passwords now stand between hackers and many organizations' most sensitive data, according to new research from Rapid7 into the two most widely used remote access protocols - SSH and RDP.
Russell Shupert of Veeva Systems explains the challenges faced in securing a complex environment. He discusses how his team overcame these challenges, the benefits they achieved and how Threat Stack's Cloud Workload Protection and Application Infrastructure Protection tool helped along the way.
Australia's data breach debacle expanded on Thursday. Cyber extortionists who attacked Australian health insurer Medibank provided proof of their hack of medical data. Also, stolen data from Australian wine retailer Vinomofo was put up for sale on a Russian-language forum.
More Russian-speaking, ransomware-wielding attackers are gunning for Russian businesses and government agencies, researchers report. The unwritten rule of Russian cybercrime has historically been to never attack inside Russia or neighboring allies.
Hacking capabilities once reserved for nation-states are filtering down to the level of crimeware, warns Kaspersky researcher Sergey Lozhkin. Darknet forums are filled with self-taught hackers selling advanced capabilities for a good price, he says.
Certificate heavyweight DigiCert has landed Zscaler second-in-command Amit Sinha as its new leader and tasked him with boosting trust around connected device and user authentication. DigiCert brought in Sinha following a 12-year stint at Zscaler, where he became company president and a board member.
Multifactor authentication needs to move away from one-time passwords sent via text message and embrace modern standards that prevent man-in-the-middle attacks. Plus, excessive identity challenges online lead to 20% of e-commerce transactions being abandoned, say experts at Authenticate 2022.
The Abnormal Security team just launched a new threat intel site named Abnormal Intelligence. Crane Hassold shares resources available, including an attack library, semiannual threat intel reports, a glossary and exclusive insights from the Abnormal team.
Multifactor authentication was supposed to be the standard, but the sharp rise in highly successful MFA bypass attacks shows the industry needs to go further in verifying identities. Keynote speakers at Authenticate 2022 said the future of passwordless technology could answer this latest threat.
Decentralized finance exchange Mango Markets is set to pay $47 million as a bug bounty to the hacker who stole $117 million in digital assets on Wednesday, after 96% of the governance voted in favor of the deal. Mango Markets is a trading platform riding on the Solana blockchain.
Perennial leaders ForgeRock, Ping Identity and IBM, along with a surging Okta, set themselves apart from the pack of CIAM vendors in the latest report by KuppingerCole analysts. Ping Identity leapfrogged ForgeRock to capture the gold in product leadership, and IBM once again took the bronze.
Looking to rationalize their security stacks and narrow their lists of critical suppliers, cybersecurity leaders are eyeing new consolidation strategies. WatchGuard's Corey Nachreiner opens up on the benefits of working with a single vendor or a small group of vendors.