In the latest weekly update, ISMG editors discuss the industrywide implications of a teenager hacking into Uber's internal systems, key trends in the new Gartner SD-WAN Magic Quadrant report, and how ethics and security culture are center stage due to recent CISO revelations at Uber and Twitter.
Uber is fingering adolescent extortion hacking group Lapsus$ for the disruption to its internal systems. A self-proclaimed 18-year-old last week spammed the company with vulgar messages and shared online screenshots of the company's cloud storage and code repositories. The FBI is investigating.
Password manager LastPass says the attackers behind the August security incident had access to its systems for four days. LastPass CEO Karim Toubba, sharing details about last month's breach, confirms that there is no evidence of any threat actor activity beyond the established timeline.
The latest edition of the ISMG Security Report discusses the appearance at a Senate hearing this week by the former head of security for Twitter; the top-performing web application and API protection vendors, according to Gartner's Magic Quadrant 2022; and threat trends to watch for in 2023.
Apple issued a patch for a zero-day vulnerability likely exploited in the wild that allows a malicious iPhone app to execute arbitrary code with kernel-level privileges, marking the second smartphone kernel code execution bug fixed by the company in as many months.
Security researchers revealed yet another method for stealing a Tesla although the brand is one of the least-stolen cars and among the most recovered once pilfered. The newest example comes from internet of things security company IOActive in an attack involving two people and customized gear.
The latest ISMG Security Report discusses a new phishing-as-a-service toolkit designed to bypass multifactor authentication, the decision by Lloyd's of London to exclude nation-state attacks from cyber insurance policies, and challenges at Okta after it acquired customer identity giant Auth0.
Bitwarden has raised $100 million to expand into new product areas including developer secrets, passwordless and privileged access management. The investment will help the firm debut new features for individual and business users and expand its footprint in Japan, Germany, France and South America.
A recent survey sponsored by Rockwell Automation finds that critical infrastructure organizations miss basic protections for operational technology, with 80% failing to conduct frequent asset inventory audits, 63% lacking real-time threat monitoring and 42% needing effective patch management.
Not all forms of MFA are created equal—at protecting against cyberattacks, in terms of the friction created for end users or IT support teams, or the ability to seamlessly work with the technology stack.
Download the Yubico white paper; Graduating from Legacy MFA to Modern Authentication to learn about:
Despite the growing tide and sophistication of cyber attacks, many organizations continue to rely on legacy authentication methods such as usernames and passwords and mobile-based authentication, to secure access to critical and sensitive applications and data.
While any form of multi-factor authentication...
Did you know 90% of all internet breaches are due to stolen login credentials? SMS, mobile authentication apps, and legacy one-time passcodes (OTPs) are vulnerable to today’s advanced threats.
To stop modern threats you must have modern phishing-resistant multi-factor authentication (MFA).
A month after his firm was taken private in a $6.9 billion deal, SailPoint founder and CEO Mark McClain discusses the prospect of consolidation, emerging competition and plans to expand "more quickly and aggressively" in the identity governance space - thanks to Thoma Bravo's financial backing.
Research by Dun & Bradstreet says business identity fraud jumped 254% in 2020. Tools can help prevent this fraud but may create greater friction, say Andrew La Marca, senior director at Dun & Bradstreet, and Ralph Gagliardi, agent in charge, High Tech Crimes Unit, Colorado Bureau of Investigation.
The average person believes using Multi-Factor Authentication (MFA) makes them significantly less likely to be hacked. That is simply not true! Hackers can bypass 90-95% of MFA solutions much easier than you would think. Using a regular looking phishing email, they can bypass MFA just as easily as if it were a simple...