Authentication, Security and Training - Information Management Today

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

Perhaps not coincidently, it comes at a time when enterprises have begun adopting passwordless authentication systems in mission-critical parts of their internal operations. Excising passwords as the security linchpin to digital services is long, long overdue. Security + efficiency. Here are a few takeaways.

Authentication

Authentication Passwords Digital transformation Cloud

GUEST ESSAY: Taking a systematic approach to achieving secured, ethical AI model development

The Last Watchdog

MAY 31, 2024

AI has the potential to revolutionize industries and improve lives, but only if we can trust it to operate securely and ethically. Related: The key to the GenAI revolution By prioritizing security and responsibility in AI development, we can harness its power for good and create a safer, more unbiased future. Data security.

Artificial Intelligence

Artificial Intelligence Security Encryption Authentication

Remotely Stopping Polish Trains

Schneier on Security

AUGUST 28, 2023

Turns out that it’s easy to broadcast radio commands that force Polish trains to stop: …the saboteurs appear to have sent simple so-called “radio-stop” commands via radio frequency to the trains they targeted. “It is three tonal messages sent consecutively. “Everybody could do this.

Encryption

Encryption Authentication IT Cybersecurity

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

eSecurity Planet

AUGUST 19, 2022

One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). Even cloud infrastructures rely on cookies to authenticate their users. Browsers allow users to maintain authentication, remember passwords and autofill forms. HttpOnly, Secure attribute).

Authentication

Authentication Passwords Encryption Cybersecurity

News alert: Massachusetts pumps $1.1 million into state college cybersecurity training programs

The Last Watchdog

OCTOBER 5, 2023

5, 2023 – Today, the Healey-Driscoll Administration kicked off Cybersecurity Month in Massachusetts with the announcement of $1,136,911 in funding to develop a new cybersecurity training center at MassBay Community College and support the existing center at Bridgewater State University. Worcester, Mass.,

Cybersecurity

Cybersecurity Education Government Security

Problems with Multifactor Authentication

Schneier on Security

OCTOBER 21, 2021

Roger Grimes on why multifactor authentication isn’t a panacea : The first time I heard of this issue was from a Midwest CEO. Did the end user get trained as to what to do when an unexpected login arrived? His organization had been hit by ransomware to the tune of $10M.

Authentication

Authentication Ransomware IT Phishing

GUEST ESSAY: Essential cyber hygiene practices all charities must embrace to protect their donors

The Last Watchdog

MARCH 4, 2024

These worrying statistics underscore the need to be more proactive in preventing security breaches. Keeping these systems up to date and installing the latest security patches can help minimize the frequency and severity of data breaches among organizations. Strengthen authentication. Train staff regularly.

Cybersecurity

Cybersecurity Risk Authentication Data breaches

Not All Authentication Methods Are Equally Safe

Thales Cloud Protection & Licensing

FEBRUARY 9, 2022

Not All Authentication Methods Are Equally Safe. There is broad recognition by security leaders that stronger authentication is foundational to preventing data breaches. Implementing partial MFA for subsets of users will leave gaps and create security vulnerabilities. Distinct user authentication journeys.

Authentication

Authentication Sales Access Cloud

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. By using the services, cybercriminals can gain access to victims’ accounts to steal money.

Authentication

Authentication Phishing Financial Services Passwords

Ways to Develop a Cybersecurity Training Program for Employees

Security Affairs

APRIL 15, 2022

Cybersecurity experts would have you believe that your organization’s employees have a crucial role in bolstering or damaging your company’s security initiatives. Now is the moment to train your personnel on security best practices, if you haven’t already. Customize Your Security Training.

Cybersecurity

Cybersecurity Data Privacy Data breaches Privacy

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

.” To defend against ransomware campaign like this one, NJCCIC provided the following recommendations: Security Awareness Training : Engage in security awareness training to enhance defense mechanisms and recognize potential signs of malicious communications.

Phishing

Phishing Ransomware Security awareness Authentication

How Secure Is Cloud Storage? Features, Risks, & Protection

eSecurity Planet

JANUARY 18, 2024

When assessing the overall security of cloud storage and choosing a solution tailored to your business, it helps to determine its features, potential risks, security measures, and other considerations. It excels in remote access, scalability, and security, with distributed storage options and privacy adherence capabilities.

Cloud

Cloud Risk Security Encryption

NEW TECH: Devolutions’ ‘PAM’ solution helps SMBs deal with rising authentication risks

The Last Watchdog

MARCH 10, 2020

Poorly implemented authentication can also lead to network breaches and compliance headaches. The IT manager at an SMB must not only refresh company equipment, but they also have to plan and maintain IT and electronic data operations, and even recruit and train staff. Security is just one of many complex responsibilities.

Authentication

Authentication Risk Digital transformation Passwords

FBI Warns of Cyber Attacks on Multi-Factor Authentication

Adam Levin

OCTOBER 8, 2019

The FBI is warning businesses about a new series of cyberattacks that can circumvent multi-factor authentication (MFA). In a Private Industry Notification (PIN), the FBI warned businesses that “cyber actors” had been observed, “circumventing multi-factor authentication through common social engineering and technical attacks.”

Authentication

Authentication Phishing Passwords Cybersecurity

Why Do You Still Need Security Awareness Training If You Use Phishing-Resistant MFA?

KnowBe4

JUNE 7, 2023

For years, KnowBe4 has been a long-time proponent of everyone using PHISHING-RESISTANT multi-factor authentication (MFA) whenever possible.

Phishing

Phishing Security awareness Authentication Security

Securing AI Deployments: Striking the Balance

OpenText Information Management

MAY 10, 2024

If it’s not accurate, accessible, and secure, organizations won’t get the desired results. Since AI relies on data to learn and improve, organizations must ensure their data is accurate, accessible, and secure. It also enables change notifications, lifecycle management, security lockdown, and security fencing.

Security

Security Artificial Intelligence Privacy Compliance

Information Security vs Cyber Security: The Difference

IT Governance

SEPTEMBER 15, 2022

You’ll often see the terms cyber security and information security used interchangeably. In this blog, we explain what information security and cyber security are, the differences between them and how they fit into your data protection practices. What is information security? This is cyber security.

Information Security

Information Security Security Computer and Electronics Encryption

MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

The Last Watchdog

AUGUST 18, 2021

Meanwhile, native security is increasingly being built into popular operating systems, and there’s a trend toward beefing up application security, as well. They seem to be attempting to address the consumer security market more holistically, while also expanding their customer base and geographical regions.

Security

Security Marketing Privacy Personal data

16 Remote Access Security Best Practices to Implement

eSecurity Planet

AUGUST 22, 2023

Remote access security is critical for protecting increasingly distributed work environments, ensuring that only authorized users can access your valuable information regardless of their location. The technologies for secure remote access can range from VPNs and multi-factor authentication to more advanced access and zero trust controls.

Access

Access Security Passwords Blockchain

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

The Last Watchdog

SEPTEMBER 25, 2023

If you’re a small business looking for the secret sauce to cybersecurity, the secret is out: start with a cybersecurity policy and make the commitment to security a business-wide priority. Employee training is crucial. Security places a crucial role in your technology. The average cost of a cybersecurity breach was $4.45

Cybersecurity

Cybersecurity Data breaches Compliance Phishing

Public Cloud Security Explained: Everything You Need to Know

eSecurity Planet

OCTOBER 16, 2023

Public cloud security refers to protections put in place to secure data and resources in cloud environments shared by multiple users or organizations. Major cloud service providers have generally had good security , so cloud users can be pretty confident in the security of their data and applications if they get their part right.

Cloud

Cloud Security Encryption Compliance

GUEST ESSAY: An assessment of how ‘Gen-AI’ has begun to transform DevSecOps

The Last Watchdog

NOVEMBER 14, 2023

Related: The primacy of DevSecOps Through harnessing the power of Generative AI, enterprises can usher in a new era of DevSecOps, elevating development velocity, security, and robustness to unprecedented levels. AI engineers can train the AI model on a dataset of historical code changes.

Artificial Intelligence

Artificial Intelligence Cybersecurity Analytics Authentication

FCC Proposal Targets SIM Swapping, Port-Out Fraud

Krebs on Security

OCTOBER 1, 2021

30 , the FCC said it plans to move quickly on requiring the mobile companies to adopt more secure methods of authenticating customers before redirecting their phone number to a new device or carrier. In a long-overdue notice issued Sept. “The use of SMS as a 2nd factor in itself is a static defense.

Passwords

Passwords Authentication Communications Retail

Cisco Duo warns telephony supplier data breach exposed MFA SMS logs

Security Affairs

APRIL 15, 2024

Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers. The security breach occurred on April 1, 2024, the threat actors used a Provider employee’s credentials that illicitly obtained through a phishing attack.

Data breaches

Data breaches Metadata Authentication Phishing

Top 5 Cyber Security Risks for Businesses

IT Governance

JUNE 15, 2022

In an increasingly digital world, there are an escalating number of cyber security risks for business to address. IT Governance identified more than 1,200 publicly disclosed data breaches in 2021 , while another report found that security incidents cost almost £3 million on average. Poor patch management. Weak passwords.

Risk

Risk Security Passwords Phishing

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

The Last Watchdog

FEBRUARY 5, 2024

Fortunately, effective tools and wise best practices can help mitigate this this exposure enabling companies to indefinitely leverage Exchange Server as a productive, resilient and secure communications tool. Implement strong password policies and multi-factor authentication to prevent unauthorized access. Robust access control.

Risk

Risk Cloud Communications Education

Pokemon Company resets some users’ passwords

Security Affairs

MARCH 20, 2024

Credential stuffing is an attack in which hackers use automation and lists of compromised usernames and passwords to defeat authentication and authorization mechanisms, with the end goal of account takeover (ATO) and/or data exfiltration. Unfortunately, the Pokemon Company doesn’t support two-factor authentication on its platform.

Passwords

Passwords Authentication IT Security

UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations

Hunton Privacy

OCTOBER 25, 2022

million fine to Interserve Group Limited for failing to keep employee personal data secure, which violates Article 5(1)(f) and Article 32 of the EU General Data Protection Regulation (“GDPR”), during the period of March 2019 to December 2020. On October 24, 2022, the UK Information Commissioner’s Office (“ICO”) issued a £4.4

Security

Security Personal data GDPR Insurance

GUEST ESSAY: The Top 5 online privacy and data security threats faced by the elderly

The Last Watchdog

JUNE 9, 2022

And, let’s be honest , the deceptive writing phishing assaults and other cyber threats today employ are skilled enough to fool even the most trained, internet-savvy experts. Scams involving the Social Security Administration aren’t new, but they’re becoming more active and dangerous. Ever present threats.

Privacy

Privacy Security Phishing Insurance

Ivanti Policy Secure: NAC Product Review

eSecurity Planet

APRIL 14, 2023

As a spinoff of the network infrastructure leader, Juniper Networks, Ivanti’s Policy Secure provides effective network access control built on a foundation of deep understanding of networks. To compare Ivanti Policy Secure against their competition, see the complete list of top network access control (NAC) solutions. Who Is Ivanti?

Security

Security IoT Access Analytics

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

From the very beginning of the cloud computing era, security has been the biggest concern among enterprises considering the public cloud. In addition, 95 percent of survey respondents confirmed that they are extremely to moderately concerned about public cloud security. What is cloud security?

Cloud

Cloud Security Encryption Risk

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

The Last Watchdog

JULY 11, 2023

Related: Preserving the privacy of the elderly As more traders and investors engage in these investment avenues, it is crucial to adopt robust security measures to safeguard sensitive and regulated information. Continuous threat detection is a proactive approach to maintaining trading environment security.

IT

IT Encryption Risk Financial Services

What Are You Doing for Cyber Security Awareness Month?

IT Governance

OCTOBER 6, 2022

This October is Cyber Security Awareness Month, an event designed to educate people about information security and the steps they can take to stay safe online. Now in its nineteenth year, the campaign provides tools and resources to help people learn more about the cyber security industry and the ways they can get involved.

Security awareness

Security awareness Security Phishing Passwords

QR Codes: A Growing Security Problem

eSecurity Planet

FEBRUARY 21, 2022

Quick response (QR) codes are a convenient format for storing all kinds of information in a readable and secure way, at least when correctly implemented. QR logins (QRLs) are QR-code-based authentication methods designed to improve users’ login experiences. Also read: How to Defend Common IT Security Vulnerabilities.

Security

Security Encryption Authentication Phishing

The 14 Cloud Security Principles explained

IT Governance

DECEMBER 9, 2021

Cloud security is an essential part of today’s cyber security landscape. To mitigate these risks, the NCSC (National Cyber Security Centre) created the Cloud Security Principles , which outline 14 guidelines for protecting information stored online.

Cloud

Cloud Security Authentication Risk

SHARING INTEL: Here’s why it has become so vital to prioritize the security-proofing of APIs

The Last Watchdog

NOVEMBER 30, 2021

Yet, in bringing us here, APIs have also spawned a vast new tier of security holes. Yet, API security risks haven’t gotten the attention they deserve. It has become clear that API security needs to be prioritized as companies strive to mitigate modern-day cyber exposures. Thus security-proofing APIs has become a huge challenge.

IT

IT Security Big data Digital transformation

GUEST ESSAY: Making the case for leveraging automation to eradicate cybersecurity burnout

The Last Watchdog

MAY 2, 2023

Related: Training employees to mitigate phishing It pressures working analysts to perform 24 hours’ worth of work in an 8-hour day. Enforce strict authentication and verification measures for server access requests. The rising complexity and prevalence of cybersecurity threats are making experts anxious. Classify threat data.

Cybersecurity

Cybersecurity Risk Phishing Authentication

FTC Takes Action Against Chegg for Alleged Security Failures that Exposed Data of Employees and 40 Million Consumers

Hunton Privacy

NOVEMBER 2, 2022

The FTC found that Chegg failed to consistently implement basic security measures such as encryption and multi-factor authentication, and did not monitor company systems for security threats.

Authentication

Authentication Security Encryption Data collection

News alert: AppDirect poll reveals company leaders losing sleep over cyber risks, compliance

The Last Watchdog

NOVEMBER 28, 2023

The study, conducted by independent research firm Propeller Insights, dives into how IT business leaders feel about their security posture in a world where the technologies they embrace to grow and thrive are also vulnerable to constant and increasing threats. Human error is among the top causes of security breaches.

Compliance

Compliance Risk B2B Cybersecurity

Can two-factor authentication save us from our inability to create good passwords?

IT Governance

FEBRUARY 11, 2019

Perhaps it’s time we finally push for the widespread adoption of two-factor authentication. What is two-factor authentication? This may sound complicated, but anyone with a bank card has been using two-factor authentication for years. Authentication factor examples. Why you should use two-factor authentication.

Authentication

Authentication Passwords Phishing Access

GUEST ESSAY: ‘Nag attacks’ — this new phishing variant takes full advantage of notification fatigue

The Last Watchdog

NOVEMBER 29, 2022

The nag might be a spoofed multifactor authentication push or system error alert – a notification message that annoying repeats on a seemingly infinite loop. The most effective defense is alert, well-trained employees. Cybersecurity training needs to be timely and relevant. Spoofed alerts. About the essayist.

Phishing

Phishing Authentication Ransomware Marketing

GUEST ESSAY: A roadmap for wisely tightening cybersecurity in the modern workplace

The Last Watchdog

MAY 24, 2023

Related: Tapping hidden pools of security talent Sometimes hackers can encrypt your systems, holding them hostage and asking you to pay money to regain access to them. Sugar If the hacked businesses can show they’ve been trying to protect data by investing in security, then fines become less likely. Keep remediation costs in mind.

Cybersecurity

Cybersecurity Security awareness Access Data breaches

Join us for deep technical content and training at IBM TechU

Rocket Software

OCTOBER 25, 2020

These experts, along with other Rocketeers, will be participating in this year’s IBM TechU virtual training event. Diversity is a core principle at Rocket Software, which is why we’re exceptionally proud to have two of our female VPs join other IBM leaders to discuss authenticity, technology leadership, and advocating for women in technology.

Compliance

Compliance Authentication Cloud Passwords

Vulnerability Recap 4/1/24: Cisco, Fortinet & Windows Server Updates

eSecurity Planet

APRIL 1, 2024

While most issues can be fixed through prompt patching and updating, a few remain unfixed and may require more significant changes to the security stack to block possible attacks. March 22, 2024 Emergency Out-of-Band Windows Server Security Updates Type of vulnerability (or attack): Memory leak. out of 10), and calls it Shadow Ray.

Libraries

Libraries Authentication Artificial Intelligence Cloud

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

GUEST ESSAY: Taking a systematic approach to achieving secured, ethical AI model development

Trending Sources

Remotely Stopping Polish Trains

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

News alert: Massachusetts pumps $1.1 million into state college cybersecurity training programs

Problems with Multifactor Authentication

GUEST ESSAY: Essential cyber hygiene practices all charities must embrace to protect their donors

Not All Authentication Methods Are Equally Safe

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

Ways to Develop a Cybersecurity Training Program for Employees

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

How Secure Is Cloud Storage? Features, Risks, & Protection

NEW TECH: Devolutions’ ‘PAM’ solution helps SMBs deal with rising authentication risks

FBI Warns of Cyber Attacks on Multi-Factor Authentication

Why Do You Still Need Security Awareness Training If You Use Phishing-Resistant MFA?

Securing AI Deployments: Striking the Balance

Information Security vs Cyber Security: The Difference

MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

16 Remote Access Security Best Practices to Implement

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

Public Cloud Security Explained: Everything You Need to Know

GUEST ESSAY: An assessment of how ‘Gen-AI’ has begun to transform DevSecOps

FCC Proposal Targets SIM Swapping, Port-Out Fraud

Cisco Duo warns telephony supplier data breach exposed MFA SMS logs

Top 5 Cyber Security Risks for Businesses

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

Pokemon Company resets some users’ passwords

UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations

GUEST ESSAY: The Top 5 online privacy and data security threats faced by the elderly

Ivanti Policy Secure: NAC Product Review

Top 12 Cloud Security Best Practices for 2021

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

What Are You Doing for Cyber Security Awareness Month?

QR Codes: A Growing Security Problem

The 14 Cloud Security Principles explained

SHARING INTEL: Here’s why it has become so vital to prioritize the security-proofing of APIs

GUEST ESSAY: Making the case for leveraging automation to eradicate cybersecurity burnout

FTC Takes Action Against Chegg for Alleged Security Failures that Exposed Data of Employees and 40 Million Consumers

News alert: AppDirect poll reveals company leaders losing sleep over cyber risks, compliance

Can two-factor authentication save us from our inability to create good passwords?

GUEST ESSAY: ‘Nag attacks’ — this new phishing variant takes full advantage of notification fatigue

GUEST ESSAY: A roadmap for wisely tightening cybersecurity in the modern workplace

Join us for deep technical content and training at IBM TechU

Vulnerability Recap 4/1/24: Cisco, Fortinet & Windows Server Updates

Stay Connected