Hackers stole customer information but not passwords when they broke into password manager LastPass' third-party cloud storage service, the company disclosed. An unauthorized party used information stolen during a dayslong incident in August to exfiltrate the data.
Okta has stemmed employee attrition and accelerated customer identity sales by clarifying product function but now has to grapple with longer sales cycles for small to midsized businesses. Okta says efforts to reposition its customer identity offering over the past quarter have borne fruit.
A longer sales cycle for small businesses and delayed subscription start dates for large enterprises have forced CrowdStrike to lower its sales forecast going forward. The Austin-based endpoint security company says deals with SMB clients took 11% longer to close in the fiscal quarter ended Oct. 31.
Successful account takeovers are one of the most common ways that organizations end up with attackers in their systems. But strong authentication can thwart even the most clever phishing campaigns, says Brett Winterford, regional chief security officer for APJ at Okta.
The divide between mobile app detection and IAM has fueled cyber incidents and breaches as remote work has expanded. Workers using personal smartphones don't want to install corporate endpoint management products but still need to ensure both user and device are protected, says RSA CEO Rohit Ghai.
Malware activity has increased 28% since last year, and botnet and exploit activity are up over 100%, according to CyberTheory's 2022 Third Quarter Review. CyberTheory Director Steve King says "a new approach to cybersecurity defense" is needed to fight today's cybercrime.
DropBox is the latest company to have employees fall for phishing emails tricking them into supplying login credentials and a one time password to threat actors. Hackers got away with copies of 130 code repositories. The company says it's speeding up an internal transition to Web Authentication.
Customer engagement platform Twilio says the number of customers affected by a phishing campaign that coaxed employees of the San Francisco company into permitting attackers to bypass multifactor authentication protections will stand at a final tally of 209.
Synthetic identity fraud is the fastest-growing financial crime in the country. By combining real and fabricated personal information, a synthetic identity is specifically designed to look and act like a valid identity - until it doesn’t, leaving financial losses and criminal activity in its wake.
In Part 3 of a three-part video series, CyberEdBoard member Andrew Abel, a cybersecurity and zero trust consultant, and Chase Cunningham, CSO at Ericom Software, describe the operational and business benefits of creating an identity strategy.
Health insurer EyeMed Vision Care will pay New York regulators $4.5 million to settle an investigation into its 2020 data breach incident. States are becoming more aggressive in applying enforcement actions against data breaches, say regulatory attorneys.
The chief executive of alcohol delivery app Drizly is set to come under a decadelong requirement imposed by the U.S. Federal Trade Commission to ensure whatever company he oversees has an information security program. A hacker stole customer records of 2.5 million individuals from Drizly in 2020.
In the latest weekly update, ISMG editors discuss the implications of the former Uber CSO's guilty verdict for the rest of the industry, the growing problem of keyless car theft, and the latest progress toward a passwordless future revealed at the annual FIDO Alliance conference.
If remote access to corporate networks is only as secure as the weakest link, only some dreadfully weak passwords now stand between hackers and many organizations' most sensitive data, according to new research from Rapid7 into the two most widely used remote access protocols - SSH and RDP.
Organizations can improve security with modern authentication protocols, but the big message to the marketplace is that FIDO Passkeys give customers more convenience and deliver a consistent user experience, according to panelists on the final day of FIDO Alliance's Authenticate 2022 Conference.