Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Robinhood, the company behind the popular stock trading app, informed some users that their passwords were stored in clear text. [Read More]
Hackers accessed the accounts of Sprint customers via a Samsung website, but it does not appear that they actually breached Sprint or Samsung systems. [Read More]
Hackers can manipulate media files transferred by users via WhatsApp and Telegram due to the way Android allows apps to access files on a device’s external storage. [Read More]
An Exploit Prevention update released recently by McAfee for Endpoint Security is blocking Windows users from logging on to their systems, and some major organizations appear to be affected. [Read More]
U.S. Coast Guard recently warned commercial vessel owners and operators of malware and phishing attacks and potential vulnerabilities in shipboard systems. [Read More]
Researchers noticed that the firmware for some Cisco switches contains X.509 certificates and associated private keys issued to a US-based subsidiary of Huawei. [Read More]
SIEM solutions provider Exabeam this week announced the acquisition of cloud application security company SkyFormation. [Read More]
Mozilla says the upcoming Firefox 68 will address TLS errors caused by antiviruses with a new mechanism that automatically changes the configuration of the browser when a MitM error is detected. [Read More]
Kaspersky researchers use vulnerabilities and social engineering to demonstrate that smart homes can be hacked. [Read More]
Poisoned certificates are in the OpenPGP SKS keyserver network after an unknown threat actor targeted the OpenPGP certificates of two high-profile community contributors. [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Jim Ducharme's picture
It’s time to address some myths about how facial recognition works, to help increase consumer comfort with biometric-authentication technology.
Torsten George's picture
Companies should consider moving to a Zero Trust approach, powered by additional security measures such as multi-factor authentication, to stay ahead of the security curve and leave passwords behind for good.
Jim Ducharme's picture
The ultimate goal for identity and access management (IAM) is not to find the unbreakable or “unhackable” code for authentication; rather, it’s to layer security to create a much stronger identity assurance posture.
David Holmes's picture
The debate about the deprecation of SMS as an authentication system is less about the agreed-upon insecurity of SMS and more about what can replace it. SMS survives because of its ubiquity, period.
Torsten George's picture
Shifting traditional perimeter-based enterprise security strategies to a Zero Trust approach provides more robust prevention, detection, and incident response capabilities to protect continuously expanding attack surfaces.
Torsten George's picture
The anatomy of a hack has been glorified and led to the common belief that data breaches typically exploit zero-day vulnerabilities and require a tremendous amount of code sophistication.
Erin O’Malley's picture
It’s important for IT security teams to understand the slight, but potentially significant difference between MFA and two-factor (2FA) authentication.
Torsten George's picture
Since multi-factor authentication requires several elements for identity verification, it’s one of the best ways to prevent unauthorized users from accessing sensitive data and moving laterally within the network.
Torsten George's picture
While implementing Zero Trust is a journey that cannot be achieved over night, it also doesn’t require a complete redesign of existing network architectures.
Torsten George's picture
With 2019 just around the corner, organizations should examine their overall cyber security and identity management strategies and align them to address the #1 cause of today’s data breach — privileged access abuse.