CISA, the FBI and the U.S. Coast Guard Cyber Command warn users of Zoho Corp.'s single sign-on and password management tool to patch for a vulnerability that nation-state groups may look to exploit. Attackers could use the bug to compromise credentials and exfiltrate data from Active Directory.
Microsoft has officially gone fully passwordless, allowing Windows users to replace their alphanumeric passwords with one of several substitute sign-in technologies to gain entry into a Microsoft product - a move received positively by industry insiders.
Travis CI, a Berlin-based continuous integration testing vendor, has patched a serious flaw that exposed signing keys, API keys and access credentials, potentially putting thousands of organizations at risk. Those using Travis CI should change their secrets immediately.
"There are so many basics we need to get right," says Daniel Dresner, professor of cyber security at Manchester University. In this interview, he discusses the cybersecurity practices that he recommends to make the task of securing small- to medium-sized enterprises less overwhelming.
As a strategy, organizations need to harness technologies that can provide real-time visibility to threats combined with intelligence-based automated technologies that can help contain the incidents, says Ajay Kumar, regional head of Cyber Security Services, Asia at Crowdstrike.
The pandemic has created the need for rapid digital transformation and the growing trend of working from home is pushing businesses to adopt "zero trust" and implement it within their own organizations, says Bobbet Castillo, chief technology officer and information security officer at Petnet.
In the 20 years since the Sept. 11, 2001, al Qaida terrorist attacks on targets in the U.S., the need to shore up critical infrastructure and build resilience into systems remains a priority. But over the past two decades, concerns about physical threats have been displaced by cyber concerns.
The White House is preparing executive branch agencies to adopt "zero trust" network architectures by 2024, with CISA and the OMB overseeing the creation of technology road maps that departments must follow. This is a major component of President Biden's cybersecurity executive order.
The Ragnar Locker ransomware operation has been threatening to dump victims' stolen data if they contact police, private investigators or professional negotiators before paying a ransom. But as one expert notes: "Perhaps the criminals watched too many TV shows, because this isn’t how the real world works."
To help balance security and user convenience, organizations should offer centralized user access to applications, says Krishnamurthy Rajesh, head of IT and information security at ICRA, an India-based credit rating agency.
At least 38 million records have been leaked by hundreds of online portals that were unwittingly misconfigured by organizations using Power Apps, a Microsoft service to quickly spin up web apps. Microsoft has now changed default settings for Power Apps to prevent inadvertent data exposures.
With more than 61% of breaches attributed to stolen passwords, a password manager can go a long way in helping enterprises enhance security, say Chandan Pani, CISO at Mindtree, and Lloyd Evans, identity lead, JAPAC, at LogMeIn.