Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Cloudflare releases a new free API designed to help CAs securely issue certificates by ensuring that malicious actors cannot complete the domain control validation process via BGP hijacking and DNS spoofing attacks. [Read More]
Some U.S. government agencies still rely on knowledge-based identity verification despite the fact that the OPM and Equifax breaches have made this system insecure. [Read More]
Yubico is in the process of replacing YubiKey FIPS security keys following the discovery of a cryptography-related issue. [Read More]
Android phones can now be used to verify sign-ins on Apple iPads and iPhones. [Read More]
Microsoft wants to make its Windows platform passwordless and the latest Windows 10 release marks one step closer to that goal. [Read More]
macOS 10.15 Catalina brings several security-related improvements, including an enhanced Gatekeeper, a dedicated read-only volume for the OS, data protections, and support for Activation Lock. [Read More]
NLA feature of Windows Remote Desktop Services can allow a hacker to bypass the lockscreen on remote sessions and there is no patch from Microsoft, CERT/CC warns. [Read More]
Apple announces “Sign in with Apple,” a new authentication system advertised as fast, secure and privacy friendly, but some experts are skeptical. [Read More]
AttackIQ, a company that specializes in continuous security validation, raised $17.6 million in a Series B funding round, which brings the total raised by the firm to roughly $35 million. [Read More]
Financial services giant First American Financial exposed hundreds of millions of customer mortgage documents containing sensitive information. [Read More]
FEATURES, INSIGHTS // Identity & Access
Instead of relying solely on passwords, security professionals should consider implementing a Zero Trust approach to identity and access management based on the following best practices.
The Reddit data breach illustrates the importance of rolling out an approach designed to verify the user, validate their device, limit access and privilege, and learn and adapt to new risks.
Cyber attackers long ago figured out that the easiest way for them to gain access to sensitive data is by compromising an end user’s identity and credentials.
Privileged Access Management (PAM) can monitor and record user activity to offer misuse deterrence by collecting evidence for prosecution, and can provide more detailed compliance reporting than system logs.
It’s imperative that security practitioners acknowledge the often-confusing nature of insider threat, seek to dispel misconceptions, and provide clear, accurate insight whenever possible.
There’s a popular attack vector among brute-force attackers right now that takes advantage of the 90-day password expirations commonly used by enterprises.
Closing the gaps in credential security requires awareness of what gaps exist and how to mitigate them.
Implementing machine learning in the context of access control can help organizations reduce their reliance on passwords, and potentially get rid of them altogether.
To limit exposure to privileged credential attacks, organizations need to rethink their enterprise security strategy and move to an identity-centric approach based on a Zero Trust model.
How do you determine the amount and mix of data that’s “just right” for your organization? To answer this question it helps to understand what’s driving the need for data in the first place.
SecurityWeek Daily Briefing
- AMCA Breach Impacts 2.2 Million Patients of Clinical Pathology Laboratories
- EvilGnome Malware Helps Hackers Spy on Linux Users
- SLUB Backdoor Spreads via Newly Patched Vulnerability
- BMC Firmware Vulnerabilities Affect Lenovo, Gigabyte Servers
- Endpoint Security Evolving Against Airport Searches, GDPR
- Bulgarian IT Specialist Held Over Taxpayer Data Hack
- Oracle's July 2019 CPU Includes 319 Fixes
- SWEED Hackers Target Manufacturing, Logistics Organizations
- Hackers Access Sprint Accounts via Samsung Website
- Boost Infrastructure Immunity Against the Ransomware Epidemic
Copyright © 2019 Wired Business Media. All Rights Reserved. Privacy Policy