Nupur Goyal, senior product marketing manager at Microsoft, told SecurityWeek that the tool is free and available to anyone. “Our assessment tool will help orgs assess readiness across identities, devices, apps, infrastructure, network and data, and then provide go-dos and deployment guidance to help them reach key milestones,” Goyal said. Due to the COVID-19 coronavirus…

Like rust, risk never sleeps. As mobile devices flood the enterprise (especially for a younger generation of workers), the internet of things (IoT) expands, and cybercriminals grow in both numbers and sophistication, many security professionals think zero trust is the safest approach to defending against constantly evolving network and data security threats. Network vulnerabilities can…

The capability is enabled by the recently introduced 2-Step Verification (2SV) method that allows users to protect accounts with a security key built into their Android phones. Previously, the technology could be used to verify sign-ins to Google and Google Cloud services on Bluetooth-enabled devices running Chrome OS, macOS, and Windows 10, and can now…

Retail Security Hygiene: The Case for Seasonal Checkups

The winter holidays offer big potential for retailers, with some companies earning around 30 percent of their annual revenue during the season, according to the National Retail Federation. Big sales numbers, however, also drive increased risks of fraud and theft, and businesses are now spending on extra security measures to keep physical stores safe. But…

Facebook Increases Rewards for Account Hacking Vulnerabilities

According to Facebook, researchers can earn up to $40,000 if they report an account hijacking flaw that does not require any user interaction, and $25,000 if minimum user interaction is required for the exploit to work. The bounty applies to Facebook and other services owned by the company, including Instagram, WhatsApp and Oculus. “By increasing…

New Open Source Tools Help Find Large Twitter Botnets

Duo Security has created open source tools and disclosed techniques that can be useful in identifying automated Twitter accounts, which are often used for malicious purposes. The trusted access solutions provider, which Cisco recently agreed to acquire for $2.35 billion, has collected and studied 88 million Twitter accounts and over half-a-billion tweets. Based on this…

Insider Threat: Common Myths and Misconceptions

Insider threat is a growing area of concern and confusion among security practitioners. Typically accustomed to concentrating their resources on combating external threats, many security teams are eager yet unsure of how to combat threats that arise internally. This uncertainty, unfortunately, is often exacerbated by numerous common myths and misconceptions about insider threat, some of…

Senator Asks DoD to Secure Its Websites

Senator Ron Wyden (D-Ore.) on Tuesday asked the chief information officer at the U.S. Department of Defense (DoD) to take immediate action to ensure that the organization’s websites use HTTPS. The senator noted that some of the DoD’s websites, such as the ones belonging to the NSA, the Army, and the Air Force, do use…

GitHub Exposed Passwords of Some Users

GitHub has instructed some users to reset their passwords after a bug caused internal logs to record passwords in plain text. Several users posted screenshots on Twitter of the security-related email they received from GitHub on Tuesday. The company told impacted customers that the incident was discovered during a regular audit. GitHub claims only a “small number”…