Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Google warned about a “government-backed entity based in North Korea” targeting security researchers with social engineering attacks and drive-by browser exploits from booby-trapped websites. [Read More]
Axiad, a provider of a cloud-based passwordless authentication solutions, has raised $20 million in growth funding from private equity firm Invictus Growth Partners. [Read More]
Unprotected Windows RDP servers have been abused to amplify DDoS attacks, with observed attacks ranging between 20 and 750 Gbps. [Read More]
FireEye has released an open source tool that checks Microsoft 365 tenants for the use of techniques associated with the SolarWinds hackers. [Read More]
An expired domain allowed a researcher to hijack the country code top-level domain (TLD) of Congo. [Read More]
The agency says poor cyber hygiene practices lead to compromise via cloud services. [Read More]
Mimecast learned from Microsoft that one of its certificates was compromised by sophisticated threat actors, but the email security firm says impact is limited. [Read More]
The Microsoft Defender for Endpoint on Linux hits GA milestone and now provides endpoint detection and response (EDR) capabilities to all users. [Read More]
The U.S. chipmaker is adding hardware to the arsenal of tools available to defend against destructive and costly ransomware attacks. [Read More]
Researchers show how Google’s Titan security keys can be cloned via a side-channel attack, but conducting an attack requires physical access to a device for hours and it’s not cheap. [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Torsten George's picture
Domain controllers, Active Directory, and servers are prime reconnaissance targets to hunt for additional privileged credentials and privileged access.
Torsten George's picture
Ultimately, organizations must assume that bad actors are already in their networks. And consumers must realize they’re constant targets.
Torsten George's picture
Today’s dynamic threatscape requires security professionals to adjust to an ever-expanding attack surface.
Torsten George's picture
The tactics, techniques, and procedures (TTPs) used in the Twitter attack were not much different than in the majority of other data breaches and serve as valuable lessons for designing a modern cyber defense strategy.
Jim Ducharme's picture
Let’s look at some real-world examples of the identity management challenges remote work is creating, and at what it means to rethink identity governance and lifecycle to meet those challenges.
Torsten George's picture
The integration of identity with security is still work in progress, with less than half of businesses having fully implemented key identity-related access controls according to a research study.
Torsten George's picture
Today’s economic climate exacerbates risks of insider threats, as pending furloughs or pay cuts may tempt employees to exfiltrate data to secure a new job, make up for income losses, etc.
Torsten George's picture
With IT budgets being cut back in response to the economic contraction caused by the current health crisis, security teams need to deliver more with less.
Torsten George's picture
Static passwords lack the ability to verify whether the user accessing data is authentic or just someone who bought a compromised password.
Jim Ducharme's picture
If there’s one thing you can be sure of about user authentication methods today, it’s that determining the best choice isn’t as simple or straightforward as it used to be.