Citing recent data leakage incidents, some security experts are questioning whether the Reserve Bank of India's recent decision to mandate a migration to Aadhaar-based biometric authentication for electronic payment transactions is a good move.
More than15 years ago, the nation of Estonia rolled out a digital identity program for all citizens, allowing access to government services, banking, shopping - even voting. What lessons can global businesses learn from Estonia's example? Joseph Carson of Thycotic offers insight.
Enterprise security leaders largely understand the business problems posed by a lack of privileged access management. But understanding and overcoming the obstacles to deploying a successful PAM rollout? That's the real challenge, says Alex Mosher of CA Technologies.
Businesses that fail to block former employees' server access or spot any other unauthorized access are asking for trouble. While the vast majority of ex-employees will behave scrupulously, why leave such matters to chance?
MeitY has issued draft rules to develop a security framework for prepaid payment instruments following the government's drive toward cashless transaction. Security leaders offer suggestions on the essential security controls.
More than 60,000 servers running Microsoft's out-of-support IIS 6.0 server software may be vulnerable to a newly revealed zero-day exploit. No patch will be produced, but a workaround can blunt an attack.
Password manager LastPass has deployed a server-side fix to repair a vulnerability that could have allowed an attacker to steal a victim's passwords. It's the latest finding from Tavis Ormandy of Google's Project Zero, who's since reported another flaw in LastPass.
RBI has mandated that all banks migrate to Aadhaar-based biometric authentication for electronic payment transactions by June 30. But some information security experts question whether the the technology can handle the potential volume of transactions.
McDonald's home food delivery app in India leaked sensitive personal information relating to 2.2 million users. But the restaurant giant only addressed the insecure API after a researcher went public one month after informing McDonald's about the problem.
With apologies to Troy Hunt, the last thing you want to see in the morning as you're having your first cup of coffee and scanning the interwebz for cat videos is a notice from his "Have I Been Pwned" breach-alert service.
Hackers have been targeting the likes of AOL and Yahoo, in part, because a certain generation of users - including many senior U.S. officials - continue to use the services to send and store state secrets. Let's make sure future generations don't make similar mistakes.
A groundbreaking study from RAND Corporation quantifies the stakes around how zero-day software vulnerabilities get discovered and persist, bringing hard facts to bear on related - and contentious - debates surrounding vulnerability disclosure and public safety.
A coding error by Cloudflare exposed data relating to more than 2,500 Singapore websites owned by various organizations in private and public sectors. SingCERT has issued a related security advisory with mitigation steps, but do such alerts prompt action?
Confide, an encrypted messaging application, received a surge of attention after White House officials began using it for leaks. But a teardown of the app by two security firms revealed a raft of serious security issues.