Security Now Merges With Dark Reading

Readers of Security Now will join the Dark Reading community, gaining access to a wide range of cybersecurity content.

Apple joins industry effort to eliminate passwords

In a somewhat unusual move for Apple, the company has joined the Fast IDentity Online (FIDO) Alliance, an authentication standards group dedicated to replacing passwords with another, faster and more secure method for logging into online services and apps.

Apple is among the last tech bigwigs to join FIDO, whose members now include Amazon, Facebook, Google, Intel, Microsoft, RSA, Samsung, Qualcomm and VMware. The group also boasts more than a dozen financial service firms such as American Express, ING, Mastercard, PayPal, Visa and Wells Fargo.

“Apple is not usually up front in joining new organizations and often waits to see if they gain enough traction before joining in. This is fairly atypical for them,” said Jack Gold, president and principal analyst at J. Gold Associates. "Apple is often trying to present [its] own proposed industry standards for wide adoption, but is generally not an early adopter of true multi-vendor industry standards.

To read this article in full, please click here

Popular Mobile Document-Management Apps Put Data at Risk

Most iOS and Android apps that Cometdocs has published on Google and Apple app stores transmit entire documents - unencrypted.

Microsoft Announces General Availability of Threat Protection, Insider Risk Management

Microsoft made several security announcements ahead of RSA Conference, including its decision to bring Microsoft Defender to iOS and Android.

Ransomware Damage Hit $11.5B in 2019

A new report shows the scale of ransomware's harm and the growth of that damage year-over-year -- an average of $141,000 per incident.

It’s Time to Break the ‘Rule of Steve’

Today, in a room full of cybersecurity professionals, there are still more people called Steve than there are women.

Personal Info of 10.6M MGM Resort Guests Leaked Online

Data published on a hacking forum includes phone numbers and email addresses of travelers ranging from everyday tourists to celebrities and tech CEOs.

The mess behind Microsoft’s yanked UEFI patch KB 4524244

Remember the warning about watching how sausage is made? This is an electronic sausage-making story with lots of dirty little bits.

First, the chronology. On February’s Patch Tuesday, Microsoft released a bizarre standalone security patch, KB 4524244, which was then called “Security update for Windows 10, version 1607, 1703, 1709, 1803, 1809, and 1903: Feb. 11, 2020.” The name has changed, but bear with me.

The original problems with KB 4524244

That patch had all sorts of weird hallmarks as I discussed at the time:

To read this article in full, please click here

10 Tough Questions CEOs Are Asking CISOs

CEOs today are prepared with better questions than 'Are we secure,' and chief information security officers had better be ready to answer.

Firms Improve Threat Detection but Face Increasingly Disruptive Attacks

In addition, more third parties are discovering the attacks rather than the companies themselves.