Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Unprotected Cisco WebEx and Zoom meetings can be easily accessed by malicious actors due to an API enumeration vulnerability dubbed Prying-Eye. [Read More]
Dunkin' Donuts sued by New York's State Attorney General over data breaches that took place in 2015 and 2018. [Read More]
A vulnerability recently addressed in LastPass could be abused by attackers to expose the last site credentials filled by LastPass. [Read More]
Trustwave researchers discovered five new credential leaking vulnerabilities, two in a D-Link DSL modem and three in multiple Comba Telecom WiFi devices. [Read More]
Hackers posted offensive messages from the account of Twitter CEO Jack Dorsey after tricking his mobile services provider into handing over his phone number. [Read More]
Imperva learned recently that information belonging to Cloud WAF (Incapsula) customers who had accounts through September 2017 was exposed as a result of a security incident. [Read More]
Some of the airlines that manage booking systems themselves expose customer information, a researcher has warned. [Read More]
Privileged access management (PAM) solution provider Remediant has closed a $15 million Series A funding round co-led by Dell Technologies Capital and ForgePoint Capital. [Read More]
A Ruby software package that contained a malicious backdoor has been removed from the Ruby Gems repository after compromising over ten libraries. [Read More]
Apple, Google and Mozilla respond to Kazakhstan’s efforts to spy on its citizens by requiring them to install a root certificate on their devices. [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Erin O’Malley's picture
It’s important for IT security teams to understand the slight, but potentially significant difference between MFA and two-factor (2FA) authentication.
Torsten George's picture
Since multi-factor authentication requires several elements for identity verification, it’s one of the best ways to prevent unauthorized users from accessing sensitive data and moving laterally within the network.
Torsten George's picture
While implementing Zero Trust is a journey that cannot be achieved over night, it also doesn’t require a complete redesign of existing network architectures.
Torsten George's picture
With 2019 just around the corner, organizations should examine their overall cyber security and identity management strategies and align them to address the #1 cause of today’s data breach — privileged access abuse.
Travis Greene's picture
A Consumer Identity and Access Management (CIAM) approach can help your security organization gain a reputation as a business partner that drives heightened user experiences and business competitiveness.
Torsten George's picture
Instead of relying solely on passwords, security professionals should consider implementing a Zero Trust approach to identity and access management based on the following best practices.
Torsten George's picture
The Reddit data breach illustrates the importance of rolling out an approach designed to verify the user, validate their device, limit access and privilege, and learn and adapt to new risks.
Torsten George's picture
Cyber attackers long ago figured out that the easiest way for them to gain access to sensitive data is by compromising an end user’s identity and credentials.
Travis Greene's picture
Privileged Access Management (PAM) can monitor and record user activity to offer misuse deterrence by collecting evidence for prosecution, and can provide more detailed compliance reporting than system logs.
Josh Lefkowitz's picture
It’s imperative that security practitioners acknowledge the often-confusing nature of insider threat, seek to dispel misconceptions, and provide clear, accurate insight whenever possible.