Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Cloudflare releases a new free API designed to help CAs securely issue certificates by ensuring that malicious actors cannot complete the domain control validation process via BGP hijacking and DNS spoofing attacks. [Read More]
Some U.S. government agencies still rely on knowledge-based identity verification despite the fact that the OPM and Equifax breaches have made this system insecure. [Read More]
Yubico is in the process of replacing YubiKey FIPS security keys following the discovery of a cryptography-related issue. [Read More]
Android phones can now be used to verify sign-ins on Apple iPads and iPhones. [Read More]
Microsoft wants to make its Windows platform passwordless and the latest Windows 10 release marks one step closer to that goal. [Read More]
macOS 10.15 Catalina brings several security-related improvements, including an enhanced Gatekeeper, a dedicated read-only volume for the OS, data protections, and support for Activation Lock. [Read More]
NLA feature of Windows Remote Desktop Services can allow a hacker to bypass the lockscreen on remote sessions and there is no patch from Microsoft, CERT/CC warns. [Read More]
Apple announces “Sign in with Apple,” a new authentication system advertised as fast, secure and privacy friendly, but some experts are skeptical. [Read More]
AttackIQ, a company that specializes in continuous security validation, raised $17.6 million in a Series B funding round, which brings the total raised by the firm to roughly $35 million. [Read More]
Financial services giant First American Financial exposed hundreds of millions of customer mortgage documents containing sensitive information. [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Torsten George's picture
Instead of relying solely on passwords, security professionals should consider implementing a Zero Trust approach to identity and access management based on the following best practices.
Torsten George's picture
The Reddit data breach illustrates the importance of rolling out an approach designed to verify the user, validate their device, limit access and privilege, and learn and adapt to new risks.
Torsten George's picture
Cyber attackers long ago figured out that the easiest way for them to gain access to sensitive data is by compromising an end user’s identity and credentials.
Travis Greene's picture
Privileged Access Management (PAM) can monitor and record user activity to offer misuse deterrence by collecting evidence for prosecution, and can provide more detailed compliance reporting than system logs.
Josh Lefkowitz's picture
It’s imperative that security practitioners acknowledge the often-confusing nature of insider threat, seek to dispel misconceptions, and provide clear, accurate insight whenever possible.
David Holmes's picture
There’s a popular attack vector among brute-force attackers right now that takes advantage of the 90-day password expirations commonly used by enterprises.
Travis Greene's picture
Closing the gaps in credential security requires awareness of what gaps exist and how to mitigate them.
Torsten George's picture
Implementing machine learning in the context of access control can help organizations reduce their reliance on passwords, and potentially get rid of them altogether.
Torsten George's picture
To limit exposure to privileged credential attacks, organizations need to rethink their enterprise security strategy and move to an identity-centric approach based on a Zero Trust model.
Marc Solomon's picture
How do you determine the amount and mix of data that’s “just right” for your organization? To answer this question it helps to understand what’s driving the need for data in the first place.