Security folks (like me) have been telling people for years that passwords are just not secure enough anymore. Now we have another reason that is true. Companies have been promoting single sign on as a way around the insecurity of passwords, but now, even that is not secure anymore. Multifactor authentication helps, but even that […]
Continue reading → [DISPLAY_ACURAX_ICONS]Incident and Ransomware Reporting Requirement in Just Passed Spending Bill President Biden signed a bill that requires critical infrastructure operators to report significant cyber incidents to CISA within 72 hours after they reasonably believe an incident has occurred and within 24 hours of making a ransomware payment. The ransomware reporting requirement applies even if it […]
Continue reading → [DISPLAY_ACURAX_ICONS]The National Institute of Standards and Technology (NIST) announced the final version of a special publication focusing on helping manufacturers improve the cybersecurity of their industrial control system (ICS) environments. The guide, titled Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector, is a collaboration between NIST and many […]
Continue reading → [DISPLAY_ACURAX_ICONS]Here is an interesting effect of the sanctions against Russia. According to the Russian news outlet Kommersant, which claims to have sources confirming this proposal, the parties estimated they have roughly two months left before running out of available storage space. Russian firms were forced, as a result of sanctions, to turn to domestic cloud providers […]
Continue reading → [DISPLAY_ACURAX_ICONS]GitGuardian reported yesterday that organizations leaked more than 6 million passwords, API keys and other secrets last year. That is just in the code that they scanned. This is double the number found the year before. In part, this is due to better software that can sniff out these secrets. That translates to 3 out […]
Continue reading → [DISPLAY_ACURAX_ICONS]Scammers Figure out How to Fake Out Facial Biometrics Multi-factor authentication is not magic. For the most part, it is software. And if software is not well written, it can be fooled. That means that we should not be surprised if scammers try to use deep fakes and other techniques to fool automated facial recognition. […]
Continue reading → [DISPLAY_ACURAX_ICONS]