Security News

The FIDO Alliance, which operates with no smaller mission than to "Reduce the world's over-reliance on passwords", has announced the release of new user experience guidelines aimed at bringing the more technophobic on board. Launched back in 2013 as the Fast Identity Online Alliance, the FIDO Alliance aims to do away with passwords altogether through the introduction of standards-compliant "Authenticators" including USB security dongles, fingerprint readers, Trusted Platform Modules and more.

The FIDO Alliance announced its first user experience guidelines and new FIDO2 standards enhancements aimed at accelerating the world's move beyond passwords. The FIDO UX guidelines provide that path, allowing service providers to help consumers understand, adopt and benefit from logging in with FIDO. At the same time, the increase in remote work and subsequent increase in phishing attacks on their infrastructure is accelerating enterprises' digital transformation plans and making strong authentication a priority.

Facebook on Tuesday announced several new features for its bug bounty program, including an educational resource and payout guidelines. The payout guidelines provide insight into the process used by the company to determine rewards for certain vulnerability categories.

The EU Agency for Cybersecurity published a cybersecurity procurement guide for hospitals. The Procurement Guidelines for Cybersecurity in Hospitals published by the Agency is designed to support the healthcare sector in taking informative decisions on cybersecurity when purchasing new hospital assets.

"We are more interested in ransomware that models behavior that we saw in the WannaCry attacks, where ransomware can exploit a vulnerability and propagate across a network," Ekstrom, who helped work on the documents, tells Information Security Media Group. One significant reason why NIST created these practice guidelines now is that the nature of ransomware has changed over the last two years, Ekstrom says.

Enter European Digital Rights, a collection of human rights groups across Europe, which has published a set of guidelines for ethical website development. EDRi also includes website accessibility as a key ethical principle.

Automate Screening of Exposed Passwords and Password Policy EnforcementHere are four automated password policy options we recommend for NIST compliance.

Australia announced measures to combat foreign interference at its universities Thursday, setting new guidelines around the key areas of research collaboration, cybersecurity, and international...

As the specter of warrior robots looms large, the Pentagon has published a set of ethical guidelines for its use of artificial intelligence.

NIST Cyber Security FrameworkNIST guidelines often become the foundation for best practice recommendations across the security industry and are incorporated into other standards.