Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Google joins Apple and Microsoft in warning about zero-day flaws being exploited in the wild. This time the target is the popular Google Chrome browser. [Read More]
Hackers leaked online credentials stolen from 87,000 VPN devices, affecting roughly 22,500 victims worldwide, including nearly 3,000 in the United States. [Read More]
Tenable makes its priciest acquisition to date and expands its product portfolio with capabilities to detect security problems in code before they become operational security risks. [Read More]
Users will have an end-to-end encryption option when choosing to store their backups in Google Drive or iCloud. [Read More]
Cisco warns that these vulnerabilities could be exploited by attackers to reboot devices, elevate privileges, or overwrite and read arbitrary files. [Read More]
GitHub has published documentation on seven vulnerabilities in the Node.js packages and warned that exploitation could expose users to code execution attacks. [Read More]
The U.S. government's CISA and OMB are seeking the public’s opinion on draft zero trust strategic and technical documentation. [Read More]
Microsoft patches a vulnerability in Azure Container Instances that could allow access to other customers’ information. [Read More]
Zoho confirms attacks against an authentication bypass vulnerability in its ADSelfService Plus product. [Read More]
Howard University closed its physical campus and canceled classes this week after experiencing a ransomware attack. [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Torsten George's picture
As it has become clear that remote/hybrid work is here to stay, IT security practitioners must figure out how to enable a secure and resilient anywhere workforce to minimize their future risk exposure.
William Lin's picture
The most common “new project” in identity nowadays is in Zero Trust. This concept has been evolving for years, and is building controls around an interesting premise: the idea that every resource will one day be internet-facing.
Joshua Goldfarb's picture
Josh Goldfarb debunks the most common myths surrounding fraud, security and user experience.
Torsten George's picture
Domain controllers, Active Directory, and servers are prime reconnaissance targets to hunt for additional privileged credentials and privileged access.
Torsten George's picture
Ultimately, organizations must assume that bad actors are already in their networks. And consumers must realize they’re constant targets.
Torsten George's picture
Today’s dynamic threatscape requires security professionals to adjust to an ever-expanding attack surface.
Torsten George's picture
The tactics, techniques, and procedures (TTPs) used in the Twitter attack were not much different than in the majority of other data breaches and serve as valuable lessons for designing a modern cyber defense strategy.
Jim Ducharme's picture
Let’s look at some real-world examples of the identity management challenges remote work is creating, and at what it means to rethink identity governance and lifecycle to meet those challenges.
Torsten George's picture
The integration of identity with security is still work in progress, with less than half of businesses having fully implemented key identity-related access controls according to a research study.
Torsten George's picture
Today’s economic climate exacerbates risks of insider threats, as pending furloughs or pay cuts may tempt employees to exfiltrate data to secure a new job, make up for income losses, etc.