Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Verizon patches a potentially serious command injection vulnerability affecting its Fios Quantum Gateway routers, but exploitation is not straightforward. [Read More]
Fleetsmith, a company that provides Apple device management solutions, raises $30 million in a Series B funding round. [Read More]
Facebook has been asking users for their email passwords and telling them that their email address needed to be confirmed in order to update their contact information. [Read More]
Universal identity provider Proxy came out of stealth this week with $13.6 million in Series A funding, which brings the company’s total funding to $16.6M to date. [Read More]
Facebook said it stored the passwords of hundreds of millions of its users in plain text, including the passwords of Facebook Lite, Facebook, and Instagram users. [Read More]
Firefox 66 includes support for Windows Hello for Web Authentication on Windows 10, and brings patches for 21 vulnerabilities. [Read More]
Chinese e-commerce giant Gearbest exposed user data through unprotected databases. The company has downplayed the incident and blamed it on an error made by a member of its security team. [Read More]
Threat actors have been increasingly targeting Office 365 and G Suite cloud accounts that are using the legacy IMAP protocol in an attempt to bypass multi-factor authentication (MFA). [Read More]
Google informs G Suite administrators that they can now remove phone-based 2-step verification methods to further improve account security. [Read More]
Researcher discovers that Cisco’s CSPC product, which collects information from Cisco devices installed on a network, has a default account that can provide access to unauthorized users. [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Torsten George's picture
The anatomy of a hack has been glorified and led to the common belief that data breaches typically exploit zero-day vulnerabilities and require a tremendous amount of code sophistication.
Erin O’Malley's picture
It’s important for IT security teams to understand the slight, but potentially significant difference between MFA and two-factor (2FA) authentication.
Torsten George's picture
Since multi-factor authentication requires several elements for identity verification, it’s one of the best ways to prevent unauthorized users from accessing sensitive data and moving laterally within the network.
Torsten George's picture
While implementing Zero Trust is a journey that cannot be achieved over night, it also doesn’t require a complete redesign of existing network architectures.
Torsten George's picture
With 2019 just around the corner, organizations should examine their overall cyber security and identity management strategies and align them to address the #1 cause of today’s data breach — privileged access abuse.
Travis Greene's picture
A Consumer Identity and Access Management (CIAM) approach can help your security organization gain a reputation as a business partner that drives heightened user experiences and business competitiveness.
Torsten George's picture
Instead of relying solely on passwords, security professionals should consider implementing a Zero Trust approach to identity and access management based on the following best practices.
Torsten George's picture
The Reddit data breach illustrates the importance of rolling out an approach designed to verify the user, validate their device, limit access and privilege, and learn and adapt to new risks.
Torsten George's picture
Cyber attackers long ago figured out that the easiest way for them to gain access to sensitive data is by compromising an end user’s identity and credentials.
Travis Greene's picture
Privileged Access Management (PAM) can monitor and record user activity to offer misuse deterrence by collecting evidence for prosecution, and can provide more detailed compliance reporting than system logs.