Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Critical vulnerabilities in enterprise VPNs from Palo Alto Networks, Fortinet and Pulse Secure allow attackers to infiltrate corporate networks, obtain sensitive information, and eavesdrop on communications. [Read More]
Robinhood, the company behind the popular stock trading app, informed some users that their passwords were stored in clear text. [Read More]
Hackers accessed the accounts of Sprint customers via a Samsung website, but it does not appear that they actually breached Sprint or Samsung systems. [Read More]
Hackers can manipulate media files transferred by users via WhatsApp and Telegram due to the way Android allows apps to access files on a device’s external storage. [Read More]
An Exploit Prevention update released recently by McAfee for Endpoint Security is blocking Windows users from logging on to their systems, and some major organizations appear to be affected. [Read More]
U.S. Coast Guard recently warned commercial vessel owners and operators of malware and phishing attacks and potential vulnerabilities in shipboard systems. [Read More]
Researchers noticed that the firmware for some Cisco switches contains X.509 certificates and associated private keys issued to a US-based subsidiary of Huawei. [Read More]
SIEM solutions provider Exabeam this week announced the acquisition of cloud application security company SkyFormation. [Read More]
Mozilla says the upcoming Firefox 68 will address TLS errors caused by antiviruses with a new mechanism that automatically changes the configuration of the browser when a MitM error is detected. [Read More]
Kaspersky researchers use vulnerabilities and social engineering to demonstrate that smart homes can be hacked. [Read More]
FEATURES, INSIGHTS // Identity & Access
With 2019 just around the corner, organizations should examine their overall cyber security and identity management strategies and align them to address the #1 cause of today’s data breach — privileged access abuse.
A Consumer Identity and Access Management (CIAM) approach can help your security organization gain a reputation as a business partner that drives heightened user experiences and business competitiveness.
Instead of relying solely on passwords, security professionals should consider implementing a Zero Trust approach to identity and access management based on the following best practices.
The Reddit data breach illustrates the importance of rolling out an approach designed to verify the user, validate their device, limit access and privilege, and learn and adapt to new risks.
Cyber attackers long ago figured out that the easiest way for them to gain access to sensitive data is by compromising an end user’s identity and credentials.
Privileged Access Management (PAM) can monitor and record user activity to offer misuse deterrence by collecting evidence for prosecution, and can provide more detailed compliance reporting than system logs.
It’s imperative that security practitioners acknowledge the often-confusing nature of insider threat, seek to dispel misconceptions, and provide clear, accurate insight whenever possible.
There’s a popular attack vector among brute-force attackers right now that takes advantage of the 90-day password expirations commonly used by enterprises.
Closing the gaps in credential security requires awareness of what gaps exist and how to mitigate them.
Implementing machine learning in the context of access control can help organizations reduce their reliance on passwords, and potentially get rid of them altogether.
SecurityWeek Daily Briefing
- Oracle Launches New Services to Secure the Cloud
- Australia Knows China Hacked Its Parliament: Report
- SOHOpelessly Broken 2.0: 125 Vulnerabilities Found in Routers, NAS Devices
- Security Firm: Data Breach Exposes Millions of Ecuadorians
- InnfiRAT Targets Personal Data, Cryptocurrency Wallets
- Snowden Says He Would Return to US If He Can Get a Fair Trial
- Saudi Attacks Expose Threat to Critical Infrastructure
- LastPass Patches Bug Leaking Last-Used Credentials
- Serious Flaws in CODESYS Products Expose Industrial Systems to Remote Attacks
- Securing the 2020 Elections From Multifarious Threats
Copyright © 2019 Wired Business Media. All Rights Reserved. Privacy Policy