Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
SSL/TLS certificates and related services can be easily acquired from dark web marketplaces, according to an academic study sponsored by Venafi. [Read More]
BlackBerry Cylance, the company that resulted from BlackBerry’s acquisition of Cylance, unveils CylancePERSONA, an endpoint behavioral analytics solution. [Read More]
Armor Scientific emerges from stealth mode with a platform that provides identity and authentication services through a combination of wearables and blockchain-enabled middleware. [Read More]
Tripwire launches Penetration Testing Assessment and Industrial Cybersecurity Assessment services to help organizations find vulnerabilities in their systems. [Read More]
Obsidian Security, an identity protection company led by founders of Cylance and Carbon Black, raises $20 million in a Series B funding round. [Read More]
Many PDF viewers and online validation services contain vulnerabilities that can be exploited to make unauthorized changes to signed PDF documents without invalidating the signature, researchers warn. [Read More]
Android becomes FIDO2 Certified, making it easier for developers to provide passwordless authentication for their Android apps and websites. [Read More]
The Face ID and Touch ID authentication feature introduced recently to WhatsApp for iOS can be easily bypassed, but a patch has been released. [Read More]
Pulse Secure unveils Software Defined Perimeter (SDP) solution designed to help enterprises securely access their applications and resources. [Read More]
Bot protection firm PerimeterX raises $43 million in a Series C funding round, which brings the total raised by the company to over $77 million. [Read More]
FEATURES, INSIGHTS // Identity & Access
Cyber attackers long ago figured out that the easiest way for them to gain access to sensitive data is by compromising an end user’s identity and credentials.
Privileged Access Management (PAM) can monitor and record user activity to offer misuse deterrence by collecting evidence for prosecution, and can provide more detailed compliance reporting than system logs.
It’s imperative that security practitioners acknowledge the often-confusing nature of insider threat, seek to dispel misconceptions, and provide clear, accurate insight whenever possible.
There’s a popular attack vector among brute-force attackers right now that takes advantage of the 90-day password expirations commonly used by enterprises.
Closing the gaps in credential security requires awareness of what gaps exist and how to mitigate them.
Implementing machine learning in the context of access control can help organizations reduce their reliance on passwords, and potentially get rid of them altogether.
To limit exposure to privileged credential attacks, organizations need to rethink their enterprise security strategy and move to an identity-centric approach based on a Zero Trust model.
How do you determine the amount and mix of data that’s “just right” for your organization? To answer this question it helps to understand what’s driving the need for data in the first place.
While 2FA is a big step above and beyond the use of traditional passwords, it is not infallible, and thinking so makes the risk of failure even greater.
Even the most knowledgeable users — the very CISOs and security professionals who may be reading this article — can be duped into taking the bait.
SecurityWeek Daily Briefing
- IoT Security Firm VDOO Raises $32 Million
- Facebook Anticipates an FTC Privacy Fine of up to $5 Billion
- Former DHS Head Took up Cyber Despite White House Aversion
- Digital Guardian Announces $30 Million Financing Round
- Government Officials Targeted With Trojanized TeamViewer
- BEC Fraud Losses Grew to $1.3 Billion in 2018: FBI
- DNSpionage Hackers Use New Malware in Recent Attacks
- Serious Vulnerabilities Found in Fujifilm X-Ray Devices
- Chrome 74 Patches 39 Vulnerabilities
- Rockwell Controller Flaw Allows Hackers to Redirect Users to Malicious Sites
Copyright © 2019 Wired Business Media. All Rights Reserved. Privacy Policy