Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Unprotected Cisco WebEx and Zoom meetings can be easily accessed by malicious actors due to an API enumeration vulnerability dubbed Prying-Eye. [Read More]
Dunkin' Donuts sued by New York's State Attorney General over data breaches that took place in 2015 and 2018. [Read More]
A vulnerability recently addressed in LastPass could be abused by attackers to expose the last site credentials filled by LastPass. [Read More]
Trustwave researchers discovered five new credential leaking vulnerabilities, two in a D-Link DSL modem and three in multiple Comba Telecom WiFi devices. [Read More]
Hackers posted offensive messages from the account of Twitter CEO Jack Dorsey after tricking his mobile services provider into handing over his phone number. [Read More]
Imperva learned recently that information belonging to Cloud WAF (Incapsula) customers who had accounts through September 2017 was exposed as a result of a security incident. [Read More]
Some of the airlines that manage booking systems themselves expose customer information, a researcher has warned. [Read More]
Privileged access management (PAM) solution provider Remediant has closed a $15 million Series A funding round co-led by Dell Technologies Capital and ForgePoint Capital. [Read More]
A Ruby software package that contained a malicious backdoor has been removed from the Ruby Gems repository after compromising over ten libraries. [Read More]
Apple, Google and Mozilla respond to Kazakhstan’s efforts to spy on its citizens by requiring them to install a root certificate on their devices. [Read More]
FEATURES, INSIGHTS // Identity & Access
It’s important for IT security teams to understand the slight, but potentially significant difference between MFA and two-factor (2FA) authentication.
Since multi-factor authentication requires several elements for identity verification, it’s one of the best ways to prevent unauthorized users from accessing sensitive data and moving laterally within the network.
While implementing Zero Trust is a journey that cannot be achieved over night, it also doesn’t require a complete redesign of existing network architectures.
With 2019 just around the corner, organizations should examine their overall cyber security and identity management strategies and align them to address the #1 cause of today’s data breach — privileged access abuse.
A Consumer Identity and Access Management (CIAM) approach can help your security organization gain a reputation as a business partner that drives heightened user experiences and business competitiveness.
Instead of relying solely on passwords, security professionals should consider implementing a Zero Trust approach to identity and access management based on the following best practices.
The Reddit data breach illustrates the importance of rolling out an approach designed to verify the user, validate their device, limit access and privilege, and learn and adapt to new risks.
Cyber attackers long ago figured out that the easiest way for them to gain access to sensitive data is by compromising an end user’s identity and credentials.
Privileged Access Management (PAM) can monitor and record user activity to offer misuse deterrence by collecting evidence for prosecution, and can provide more detailed compliance reporting than system logs.
It’s imperative that security practitioners acknowledge the often-confusing nature of insider threat, seek to dispel misconceptions, and provide clear, accurate insight whenever possible.
SecurityWeek Daily Briefing
- New Legislation Would Block US Firms From Storing Personal Data in China, Russia
- U.S. Senators Seek Answers on Facebook’s Handling of User Information
- Disney Plus Blames Past Hacks for User Accounts Sold Online
- Meet Phoenix Keylogger, a New Malware-as-a-Service Product Gaining Traction
- Email Security Firm Abnormal Security Exits Stealth Mode With $24M in Funding
- NSA Issues Advisory on Mitigation of Risks Associated With TLSI
- Army's Use of TikTok App Raises Concerns on Capitol Hill
- XSS Flaw in Gmail's Dynamic Email Feature Earns Researcher $5,000
- Cryptocurrency Stealer Delivered From Official Monero Website
- Bigger Rewards, New Targets Announced for Mozilla Bug Bounty Program
Copyright © 2019 Wired Business Media. All Rights Reserved. Privacy Policy