Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Critical vulnerabilities in enterprise VPNs from Palo Alto Networks, Fortinet and Pulse Secure allow attackers to infiltrate corporate networks, obtain sensitive information, and eavesdrop on communications. [Read More]
Robinhood, the company behind the popular stock trading app, informed some users that their passwords were stored in clear text. [Read More]
Hackers accessed the accounts of Sprint customers via a Samsung website, but it does not appear that they actually breached Sprint or Samsung systems. [Read More]
Hackers can manipulate media files transferred by users via WhatsApp and Telegram due to the way Android allows apps to access files on a device’s external storage. [Read More]
An Exploit Prevention update released recently by McAfee for Endpoint Security is blocking Windows users from logging on to their systems, and some major organizations appear to be affected. [Read More]
U.S. Coast Guard recently warned commercial vessel owners and operators of malware and phishing attacks and potential vulnerabilities in shipboard systems. [Read More]
Researchers noticed that the firmware for some Cisco switches contains X.509 certificates and associated private keys issued to a US-based subsidiary of Huawei. [Read More]
SIEM solutions provider Exabeam this week announced the acquisition of cloud application security company SkyFormation. [Read More]
Mozilla says the upcoming Firefox 68 will address TLS errors caused by antiviruses with a new mechanism that automatically changes the configuration of the browser when a MitM error is detected. [Read More]
Kaspersky researchers use vulnerabilities and social engineering to demonstrate that smart homes can be hacked. [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Torsten George's picture
With 2019 just around the corner, organizations should examine their overall cyber security and identity management strategies and align them to address the #1 cause of today’s data breach — privileged access abuse.
Travis Greene's picture
A Consumer Identity and Access Management (CIAM) approach can help your security organization gain a reputation as a business partner that drives heightened user experiences and business competitiveness.
Torsten George's picture
Instead of relying solely on passwords, security professionals should consider implementing a Zero Trust approach to identity and access management based on the following best practices.
Torsten George's picture
The Reddit data breach illustrates the importance of rolling out an approach designed to verify the user, validate their device, limit access and privilege, and learn and adapt to new risks.
Torsten George's picture
Cyber attackers long ago figured out that the easiest way for them to gain access to sensitive data is by compromising an end user’s identity and credentials.
Travis Greene's picture
Privileged Access Management (PAM) can monitor and record user activity to offer misuse deterrence by collecting evidence for prosecution, and can provide more detailed compliance reporting than system logs.
Josh Lefkowitz's picture
It’s imperative that security practitioners acknowledge the often-confusing nature of insider threat, seek to dispel misconceptions, and provide clear, accurate insight whenever possible.
David Holmes's picture
There’s a popular attack vector among brute-force attackers right now that takes advantage of the 90-day password expirations commonly used by enterprises.
Travis Greene's picture
Closing the gaps in credential security requires awareness of what gaps exist and how to mitigate them.
Torsten George's picture
Implementing machine learning in the context of access control can help organizations reduce their reliance on passwords, and potentially get rid of them altogether.