Catalin Cimpanu reports Microsoft is urging users to abandon telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security keys. The warning comes from Alex Weinert, Director of Identity Security at Microsoft. For the past year, Weinert has been…
Category: Commentaries and Analyses
Biden Is Expected to Keep Scrutiny of Tech Front and Center
Cecilia Kang, David McCabe and Jack Nicas report: The tech industry had it easy under President Barack Obama. Regulators brought no major charges, executives rotated in and out of the administration, and efforts to strengthen privacy laws fizzled out. The industry will have it much harder under president-elect Joseph R. Biden Jr. Bipartisan support to…
Senior U.S. cybersecurity official asked to resign amid Trump transition tumult
Christopher Bing reports: A senior U.S. cybersecurity official is leaving government after being asked to resign, an official familiar with the matter said Thursday, part of a wider thinning of President Donald Trump’s administration following Joe Biden’s election win. Bryan Ware, the Assistant Director for Cybersecurity for the Department of Homeland Security’s Cybersecurity and Infrastructure…
“Email Appender” Implants Malicious Emails Directly Into Mailboxes
As if we didn’t have enough breaches that start by compromising an employee’s email account, now there’s more to worry about. Imagine that despite training your employees to be careful, and despite using updated AV or other software to detect nasties, a threat actor could deliver malware-laden emails directly into your employees’ inboxes. Will employees…
PROOF POINTS: What happens when private student information leaks
Drawing upon the incredible work of Doug Levin and his K-12 Cybersecurity Resource Center, Jill Barshay of The Hechinger Report highlights some of Doug’s findings — findings the GAO relied heavily upon in their recent report. How you tabulate breaches can make a huge difference in the public’s — and Congress’s — understanding of the…
Cyber Consulting Firms Get Tied Up in Post-Breach Lawsuits
Jake Holland and Andrea Vittorio report: Cybersecurity consultants could be on the hook for data breaches at companies they contract with after two recent court rulings in consumer class actions. Accenture Plc’s U.S. unit in October failed to escape claims made against the consultant in a consumer lawsuit over a hack of Marriott International Inc.’s hotel reservations database….