Security Experts:

long dotted


By combining different contextual factors, the Okta Adaptive multi-factor authentication (MFA) product is able to make dynamic access decisions. [Read More]
Senator Ron Wyden instructs the U.S. Department of Defense (DoD) to implement HTTPS and other cybersecurity best practices on all its websites and web services [Read More]
FireEye has launched a new platform to allow organizations and pentesters check their ability to detect and respond to OAuth abuse attacks. [Read More]
Cisco has found and patched three critical unauthorized access vulnerabilities in Digital Network Architecture (DNA) Center [Read More]
Identity-as-a-Service (IDaaS) company Auth0 has raised $55 million in Series D funding led by Sapphire Ventures. [Read More]
Hackers target a couple of recently disclosed vulnerabilities affecting Dasan routers. One million potentially vulnerable devices accessible directly from the Internet [Read More]
A malicious package masquerading as a cookie parsing library but delivering a backdoor instead was unpublished from the npm Registry along with three other packages [Read More]
Twitter warned users that an internal software bug unintentionally exposed "unmasked" passwords by storing them in an internal log. [Read More]
Study conducted by Positive Technologies shows that industrial networks are often easy to hack from corporate systems [Read More]
Unpatched vulnerabilities expose more than one million GPON home routers made by Dasan to remote hacking. Dasan routers are known to be targeted by cybercriminals [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

David Holmes's picture
There’s a popular attack vector among brute-force attackers right now that takes advantage of the 90-day password expirations commonly used by enterprises.
Travis Greene's picture
Closing the gaps in credential security requires awareness of what gaps exist and how to mitigate them.
Torsten George's picture
Implementing machine learning in the context of access control can help organizations reduce their reliance on passwords, and potentially get rid of them altogether.
Torsten George's picture
To limit exposure to privileged credential attacks, organizations need to rethink their enterprise security strategy and move to an identity-centric approach based on a Zero Trust model.
Marc Solomon's picture
How do you determine the amount and mix of data that’s “just right” for your organization? To answer this question it helps to understand what’s driving the need for data in the first place.
Markus Jakobsson's picture
While 2FA is a big step above and beyond the use of traditional passwords, it is not infallible, and thinking so makes the risk of failure even greater.
Preston Hogue's picture
Even the most knowledgeable users — the very CISOs and security professionals who may be reading this article — can be duped into taking the bait.
Alastair Paterson's picture
By using best practices to protect credentials, while at the same time monitoring for leaked credentials and changes in the tools attackers use, you can mitigate the risk of account takeovers to your organization.
Travis Greene's picture
Having served aboard the USS Carl Vinson in the late 1990s, I can assure you that the World War II slogan, “loose lips sink ships” is still very much a part of Navy life.
Scott Simkin's picture
Training employees to be aware of credential-based attacks and how to avoid them, as well as adopting the right prevention-based measures, can have a material impact on stopping a common and effective attack techniques.