Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The DHS ordered federal agencies to fully implement DMARC by October 16, 2018. While there has been significant progress, many agencies failed to meet the deadline [Read More]
A new iPhone passcode bypass method that works on the latest version of iOS was disclosed just days after Apple patched a similar vulnerability [Read More]
All major web browsers will deprecate support for the older Transport Layer Security (TLS) 1.0 and 1.1 protocols in the first half of 2020 [Read More]
Industry professionals comment on recent Google+ security incident involving a bug that exposed personal information from 500,000 accounts [Read More]
Facebook provides update on recent hacker attack. The company says there is no evidence the attackers accessed any apps using the compromised tokens [Read More]
Twitter makes some changes in preparation for the upcoming midterm elections in the US, including updates to rules on fake accounts and the distribution of hacked materials [Read More]
A new lockscreen bypass method allows access to photos and contacts on the latest iPhone XS running iOS 12 [Read More]
Industry professionals comment on the Facebook data breach that affected 50 million accounts and resulted in the tokens of 90 million users being reset [Read More]
Facebook shares more details about the massive hack affecting 50 million accounts, including the exploited bugs, impact on users, attack timeline, and impact on Facebook [Read More]
The PureVPN client for Windows is impacted by a couple of vulnerabilities that result in user credential leak, a Trustwave security researcher has discovered. [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Torsten George's picture
The Reddit data breach illustrates the importance of rolling out an approach designed to verify the user, validate their device, limit access and privilege, and learn and adapt to new risks.
Torsten George's picture
Cyber attackers long ago figured out that the easiest way for them to gain access to sensitive data is by compromising an end user’s identity and credentials.
Travis Greene's picture
Privileged Access Management (PAM) can monitor and record user activity to offer misuse deterrence by collecting evidence for prosecution, and can provide more detailed compliance reporting than system logs.
Josh Lefkowitz's picture
It’s imperative that security practitioners acknowledge the often-confusing nature of insider threat, seek to dispel misconceptions, and provide clear, accurate insight whenever possible.
David Holmes's picture
There’s a popular attack vector among brute-force attackers right now that takes advantage of the 90-day password expirations commonly used by enterprises.
Travis Greene's picture
Closing the gaps in credential security requires awareness of what gaps exist and how to mitigate them.
Torsten George's picture
Implementing machine learning in the context of access control can help organizations reduce their reliance on passwords, and potentially get rid of them altogether.
Torsten George's picture
To limit exposure to privileged credential attacks, organizations need to rethink their enterprise security strategy and move to an identity-centric approach based on a Zero Trust model.
Marc Solomon's picture
How do you determine the amount and mix of data that’s “just right” for your organization? To answer this question it helps to understand what’s driving the need for data in the first place.
Markus Jakobsson's picture
While 2FA is a big step above and beyond the use of traditional passwords, it is not infallible, and thinking so makes the risk of failure even greater.