Spear phishing is going to be a leading worry for banks in 2015, as hackers increasingly target bank employees to compromise credentials used to access consumer and business accounts as well as critical servers and systems.
A new report now claims the breach at JPMorgan Chase is linked to a server the bank's security team overlooked when upgrading to two-factor authentication controls. Why that oversight and a well-planned spear-phishing attack were all hackers needed.
Security experts see the FIDO Alliance's release of two universal authentication specifications as a positive move in the effort to eliminate passwords. But the standards' impact will be minimal unless they're widely adopted.
A recent blog post by Managing Editor Mathew J. Schwartz, "Why Are We So Stupid About Passwords?" raised a number of issues about the ongoing risks involved in using passwords for authentication. Read the strong reaction to the commentary and join the conversation.
The latest entrant into the password "hall of shame" is Sony Pictures Entertainment. As the ongoing dumps of Sony data by Guardians of Peace highlight, Sony apparently stored unencrypted passwords with inadequate access controls.
The development of authentication technologies that could replace the password is "nearing a tipping point," but there's still several years of work to do, says Jeremy Grant, who oversees the National Strategy for Trusted Identities in Cyberspace.
Israeli Prime Minister Benjamin Netanyahu may have been a bit premature to claim Israel has deployed a cyber "iron dome" to protect its critical IT and defense systems. But a new initiative under way will try to do just that.
Initial reports suggested that Russian hackers could behind an attack against JPMorgan Chase, and perhaps other U.S. banks. While it's still far from clear who the culprits are, experts discuss the potential hacking motivations of a nation-state.
Visa's new intelligent analytics service aims to help gas stations reduce card. But experts say the service could reduce fraud for other merchants, too, and bridge the gap between the mag-stripe and EMV.
Millions of user credentials are breached regularly - whether we hear of the incidents or not. So, why do we continue to rely on passwords? Derek Manky of Fortinet discusses authentication and data retention.
Using big data to fight fraud is a challenge for most organizations. Andreas Baumhof of ThreatMetrix explains how context-based authentication combines fraud and security to leverage the use of big data.