Twitter accounts that use SMS for two-factor authentication are at a heightened risk of account takeover with the disclosure that texting "STOP" to the verification service results in it being turned off. The vulnerability opens the door to a password reset attack or a password stuffing attack.
Apple, Google and Microsoft supported a new common passwordless sign-in standard, and a key Senate committee approved the Improving Digital Identity Act of 2022. How will these moves pay off in 2023? Identity security expert Jeremy Grant weighs in on trends and predictions for the new year.
As the world transitions into a more permanent hybrid workforce, the flexibility it brings results in both benefits and challenges for employers and workers. Whether your team is working in the office, remotely, or something in-between, you don’t need to compromise your security to gain more flexibility. Join Cisco...
Ninety-four percent of recent survey respondents are concerned that TLS 1.3 will break their existing security controls. With the ever-expanding amount of encrypted network traffic mandated, it’s important to understand how to balance user and customer privacy with security controls. Join experts from Cisco Security...
The shift to remote work during COVID-19 has prompted hackers to dramatically boost phishing attacks. The pandemic has led to users reading more corporate email on personal devices and opening messages while distracted by children or pets, increasing the chances they'll click on something malicious.
In the latest weekly update, ISMG editors discuss implications of the seizure of $3.36 billion in stolen bitcoin, whether the EU is complicit in the spread of advanced spyware, and the departure of the U.K.'s Dr. Ian Levy, technical director of NCSC, with some important parting words.
A U.S. federal district judge said users would be "shocked to realize" that Facebook collects patient data. Plaintiffs suing the social media giant asked the judge to enjoin the company from intercepting health data and communications through its Pixel web tracking tool embedded into patent portals.
Embattled social media platform Twitter lost its chiefs of security, privacy and compliance, and the resignations put the company and its new owner, Elon Musk, at greater risk of regulatory enforcement. The company signed a binding two-decade agreement with the U.S. Federal Trade Commission in May.
This edition of the ISMG Security Report discusses how Australian health insurer Medibank is facing stark consequences for not paying a ransom to a group of cyber extortionists, how to limit unnecessary cybersecurity exposure during M&A, and how to manage challenges in hybrid environments.
Microsoft released patches fixing a pair of Exchange vulnerabilities revealed publicly in late September and collectively known as ProxyNotShell. The computing giant assesses with "medium confidence" that state-sponsored hackers have exploited the now-squashed bugs.
Detection tools can potentially overwhelm security operation center analysts with alerts, many of which are false positives, leading to ticket fatigue and missed attacks. Jesse Trucks, minister of magic at Splunk, says the latest risk-based alerting technology is helping SOCs focus on the threats that really...
Aging medical imaging devices are among those most vulnerable to security incidents, often due to misconfigurations and a lack of security controls, says Elisa Costante, vice president of research at security firm Forescout. She discusses how vendors can reduce security risks in connected products.
The British data watchdog says the U.K. Department for Education shouldn't have allowed a private company to use student records to check whether new users of gambling apps were underage. A departmental spokesperson said it will ensure such misuse of the database doesn't reoccur.
A hack of an Australian legal aid group this week may have exposed the personal information of domestic violence, sexual assault victims and other vulnerable people around the nation’s capital. Legal Aid ACT says systems are disrupted and an investigation will find out if data was stolen.
Over the past year, "enterprises continue to increase their use of AIOps platforms across various aspects of IT operations management (ITOM) and mature their use cases across DevOps and site reliability engineering (SRE) practices, according to Gartner. By doing so, enterprises are replacing some traditional...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.