Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

NIST has published a draft Zero Trust Architecture (ZTA) special publication (SP.800.207) to develop a technology-neutral lexicon of the logical components of a zero trust strategy. [Read More]
A researcher has developed and open source intelligence (OSINT) to show how easy it is for adversaries to gather intelligence on critical infrastructure in the United States. [Read More]
Google is adding its Password Checkup tool to the Account password manager and Chrome, and it has unveiled some new privacy features for YouTube, Maps and Assistant. [Read More]
Unprotected Cisco WebEx and Zoom meetings can be easily accessed by malicious actors due to an API enumeration vulnerability dubbed Prying-Eye. [Read More]
Dunkin' Donuts sued by New York's State Attorney General over data breaches that took place in 2015 and 2018. [Read More]
A vulnerability recently addressed in LastPass could be abused by attackers to expose the last site credentials filled by LastPass. [Read More]
Trustwave researchers discovered five new credential leaking vulnerabilities, two in a D-Link DSL modem and three in multiple Comba Telecom WiFi devices. [Read More]
Hackers posted offensive messages from the account of Twitter CEO Jack Dorsey after tricking his mobile services provider into handing over his phone number. [Read More]
Imperva learned recently that information belonging to Cloud WAF (Incapsula) customers who had accounts through September 2017 was exposed as a result of a security incident. [Read More]
Some of the airlines that manage booking systems themselves expose customer information, a researcher has warned. [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Jim Ducharme's picture
Now is the time to evaluate what methods of authentication will best serve your organization on the path to a passwordless future.
Jim Ducharme's picture
If you want to succeed with FIDO, you have to be ready. Now is the time to assess your organization’s authentication needs, how they are evolving, and the dynamics of your user population.
Jim Ducharme's picture
It’s time to address some myths about how facial recognition works, to help increase consumer comfort with biometric-authentication technology.
Torsten George's picture
Companies should consider moving to a Zero Trust approach, powered by additional security measures such as multi-factor authentication, to stay ahead of the security curve and leave passwords behind for good.
Jim Ducharme's picture
The ultimate goal for identity and access management (IAM) is not to find the unbreakable or “unhackable” code for authentication; rather, it’s to layer security to create a much stronger identity assurance posture.
David Holmes's picture
The debate about the deprecation of SMS as an authentication system is less about the agreed-upon insecurity of SMS and more about what can replace it. SMS survives because of its ubiquity, period.
Torsten George's picture
Shifting traditional perimeter-based enterprise security strategies to a Zero Trust approach provides more robust prevention, detection, and incident response capabilities to protect continuously expanding attack surfaces.
Torsten George's picture
The anatomy of a hack has been glorified and led to the common belief that data breaches typically exploit zero-day vulnerabilities and require a tremendous amount of code sophistication.
Erin O’Malley's picture
It’s important for IT security teams to understand the slight, but potentially significant difference between MFA and two-factor (2FA) authentication.
Torsten George's picture
Since multi-factor authentication requires several elements for identity verification, it’s one of the best ways to prevent unauthorized users from accessing sensitive data and moving laterally within the network.