CIAM awareness has grown exponentially in 2020. Maturity? Not at quite the same pace. Keith Casey of Okta has authored a CIAM playbook, and in this interview offers potential benefits and challenges at each step of the journey.
Until May, all Apple iOS devices were vulnerable to a "zero-click exploit" that would have allowed hackers to remotely gain complete control and view all emails, photos, private messages and more, says Google security researcher Ian Beer. He alerted Apple to multiple vulnerabilities - all now patched.
K12, a company offering online school curricula, says it paid a ransom after a recent ransomware attack in exchange for the hackers agreeing not to release stolen data.
Fraudsters are increasingly exploiting the auto-forwarding feature in compromised email accounts to help conduct business email compromise scams, the FBI warns.
Security education for employees is worthless unless it's highly targeted, says Angela Sasse, a professor of human-centered security at Ruhr University Bochum in Germany, who offers tips.
A botnet called DarkIRC is exploiting a remote execution vulnerability in Oracle WebLogic, according to Juniper Threat Labs. Meanwhile, the malware used to create the botnet is being offered for sale on a darknet hacking forum.
As part of a cyberespionage campaign, the Russian hacking group known as Turla deployed a backdoor called "Crutch" that uses Dropbox resources to help gather stolen data, according to the security firm ESET.
Fraud in the interactive voice response channel was growing before the pandemic. Since? IVR fraud has become "a fraudsters' playground," says Mark Horne, CMO of Pindrop. He shares a new account-centric defensive solution.
Citi, Equifax, Capital One - the list of financial institutions that have suffered high-profile cyber incidents is long, and the penalties they've incurred have been steep. To Scott Kannry, CEO of Axio, it all comes down to cyber risk - and he has new ideas for redefining it.
The gang behind the Conti ransomware variant has posted data to its darknet website that it says it stole during a ransomware attack on industrial IoT chipmaker Advantech last month. The company reportedly confirmed the attack on Monday.
Check Point Research has identified new variants of the long-dormant Bandook spyware that are being used for espionage campaigns across the world targeting government, financial, energy, food industry, healthcare, education, IT and legal organizations.
A recent data breach at a Colorado-based mental health clinic that exposed data on nearly 300,000 individuals is the latest of several in the mental health sector this year.
New Zealand's refreshed Privacy Act, which came into effect Tuesday, introduces breach notification requirements and civil penalties. It also holds data handlers to higher responsibilities to counter new threats to personal data. But the law doesn't impose financial penalties as severe as the EU's GDPR.
Trend Micro researchers have uncovered a macOS backdoor variant - designed to bypass security tools - that's linked to an advanced persistent threat group operating from Vietnam.
A hacking campaign in Germany is using compromised websites and social engineering tactics to deliver the Gootkit banking Trojan or REvil ransomware, according to Malwarebytes.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
