Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Microsoft announced a series of changes to the security capabilities of Windows 10, including expanded capabilities for Windows Hello, the end-to-end multi-factor authentication solution. [Read More]
Google is rolling out new 2-Step Verification (2SV) functionality, to make it easier for users with the additional security feature enabled to log into their accounts. [Read More]
Security researchers have found 5,275 employee email and clear text password combinations from FTSE 100 companies available in various cybercriminal channels. [Read More]
Microsoft is banning weak and common passwords from Microsoft Account and Azure AD system and implementing a feature called smart password lockout. [Read More]
It took Microsoft only 7 hours to patch a serious Office 365 vulnerability that could have been exploited to hack into accounts [Read More]
Mobile phone-based two-factor authentication (2FA) mechanisms are plagued by synchronization vulnerabilities that allow attackers intercept One-Time Passwords and bypass the security of many financial services. [Read More]
A group of security researchers has discovered vulnerabilities in the reCaptcha systems of Google and Facebook, and have created an attack that is highly successful at automatically bypassing the protection system. [Read More]
Passwords remain the bedrock of authentication, increasingly supported by SMS passcodes. But many companies won't introduce that second factor simply because of the increased user friction. [Read More]
Microsoft has paid a $13,000 reward for a vulnerability that could have been exploited to hijack Outlook, Office and Azure accounts [Read More]
CloudFlare says it blocks Tor traffic because 94% of it is malicious, but Tor believes most of it comes from a tiny fraction of users [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Travis Greene's picture
Yahoo's “Account Key” uses push notifications to their Yahoo Mail app on mobile devices. Will this securely replace passwords and two-factor authentication?
Travis Greene's picture
The true value of identity is not in creating more defense in depth, which means that identity is not the new perimeter.
Travis Greene's picture
As much fun as it is to wake up to patches waiting to be unwrapped, we don’t want the regret of “exploit Wednesday”, which is far more embarrassing than becoming a victim of a zero-day exploit.
Travis Greene's picture
Can IT security find a way to coexist with wearables faster than the first BYOD war and avoid a second war?
Travis Greene's picture
No IT organization has a seemingly unlimited budget the way that Team Oracle did in the 2013 America’s Cup race. But look closer at why spending on America’s Cup racing seems so out of control and it starts to look a bit more familiar.
Travis Greene's picture
Security teams must bear equal, if not more responsibility, for reducing the risk of credential fatigue leading to inadvertent exposure.
Wade Williamson's picture
Network administrators have to remember that they are not just the protectors of the organization – they are also the most valuable targets.
Travis Greene's picture
Just like fumbles and interceptions derail a playbook plan, there are two ways that access certifications today are insufficient.
Travis Greene's picture
Like those college recruiting compliance departments that are constantly training, monitoring, and enforcing policies, the IT compliance activity of access certifications needs to become more intelligent and real-time.
Travis Greene's picture
It’s time for targeted complexity that balances the convenience that users demand with the security that organizations need. It’s a bit like teaching a new dog old tricks.