Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Cloud-based identity and access management (IAM) provider OneLogin has raised $100 million in financing in a recent funding round. The company has now secured over $170 million in funding to date. [Read More]
Unpatched vulnerabilities discovered by researchers in IDenticard’s PremiSys building access control system can be exploited to create fake badges, disable door locks, and collect/modify user data. [Read More]
Many .gov domains, including ones belonging to NASA and the DoJ, have not had their TLS certificates renewed during the U.S. government shutdown. [Read More]
Reddit this week decided to lock down some of its users’ accounts, after detecting unusual activity on those accounts. [Read More]
Transmute is targeting larger enterprises with customized solutions for streamlining identity verification and management. [Read More]
Akamai acquires Janrain, a company specializing in customer identity and access management (CIAM) solutions. [Read More]
A vulnerability in Skype for Android allows a hacker to bypass the phone’s lockscreen and view photos and contacts, and even open links in the browser. [Read More]
USB Implementers Forum announces new USB Type-C authentication protocol designed to protect host systems against non-compliant chargers and malicious devices. [Read More]
Phishing attacks have become more targeted and sophisticated and also show a focus on enterprises, Cyren reports. [Read More]
Critical and high severity flaws found in Pluto gateways for ABB safety PLCs. No firmware updates will be released as the impacted products are EOL. [Read More]
FEATURES, INSIGHTS // Identity & Access
Closing the gaps in credential security requires awareness of what gaps exist and how to mitigate them.
Implementing machine learning in the context of access control can help organizations reduce their reliance on passwords, and potentially get rid of them altogether.
To limit exposure to privileged credential attacks, organizations need to rethink their enterprise security strategy and move to an identity-centric approach based on a Zero Trust model.
How do you determine the amount and mix of data that’s “just right” for your organization? To answer this question it helps to understand what’s driving the need for data in the first place.
While 2FA is a big step above and beyond the use of traditional passwords, it is not infallible, and thinking so makes the risk of failure even greater.
Even the most knowledgeable users — the very CISOs and security professionals who may be reading this article — can be duped into taking the bait.
By using best practices to protect credentials, while at the same time monitoring for leaked credentials and changes in the tools attackers use, you can mitigate the risk of account takeovers to your organization.
Having served aboard the USS Carl Vinson in the late 1990s, I can assure you that the World War II slogan, “loose lips sink ships” is still very much a part of Navy life.
Training employees to be aware of credential-based attacks and how to avoid them, as well as adopting the right prevention-based measures, can have a material impact on stopping a common and effective attack techniques.
What are the possible threat vectors if you were doing a threat model assessment for any of cloud passwords management models?
SecurityWeek Daily Briefing
- Cryptojacking Applications Land in Microsoft Store
- US Says Ex-intel Official Defected to Iran, Revealed Secrets
- DHS Cyber Leader Says 2020 Security Preparations Underway
- CSRF Vulnerability in Facebook Earns Researcher $25,000
- Mozilla, Others Want Big Retailers to Pledge Minimum IoT Security
- Facebook Taps User Data to Defend Workers From Threats
- Hackers Target WordPress Sites via WP Cost Estimation Plugin
- New Variant of Shlayer macOS Malware Discovered
- Germany to Let NATO Use its Cyber Skills
- Google Paid Out $3.4 Million for Vulnerabilities Reported in 2018
Copyright © 2019 Wired Business Media. All Rights Reserved. Privacy Policy