Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
SolarWinds said a single threat actor exploited flaws in its Serv-U Managed File Transfer and Serv-U Secure FTP products to launch malware attacks against “a limited, targeted set of customers.” [Read More]
Commercial insurer CNA has started notifying customers that threat actors did access some personal data during a ransomware attack in March. [Read More]
Cisco issues an advisory with a warning that the vulnerabilities could be exploited by authenticated, remote attackers to gain elevated privileges. [Read More]
The Republican National Committee says no RNC data was compromised in a cyberattack that involved B2B IT services provider Synnex. [Read More]
Sophos has acquired Capsule8 to beef up the Linux protection capabilities to its endpoint detection and response product stack. [Read More]
The transaction gives HPE Zerto’s journal-based continuous data protection (CDP) technology to expand its GreenLake cloud data services. [Read More]
Versa Networks this week announced it raised $84 million in Series D funding. To date, the company has received $196 million in funding. [Read More]
Microsoft researchers find multiple gaping security holes in firmware shipped on NETGEAR routers, warning that exploitation could lead to identity theft and full system compromise. [Read More]
Users can enroll one or more security keys and use those as the only form of 2FA for their accounts. [Read More]
Big Blue contributes the Kestrel open-source programming language, which is aimed at Security Operations Center (SOC) analysts and other cybersecurity professionals. [Read More]
FEATURES, INSIGHTS // Identity & Access
Static passwords lack the ability to verify whether the user accessing data is authentic or just someone who bought a compromised password.
If there’s one thing you can be sure of about user authentication methods today, it’s that determining the best choice isn’t as simple or straightforward as it used to be.
As the technology and tools to leverage stolen credentials advance, defenders should seek out innovative new ways to proactively flag exposed passwords leveraging insights gleaned from illicit communities and open-web dumps.
As the workforce continues to evolve, a one-size-fits-all approach won’t work for different identity and access management needs across organizations.
Perimeter-based security, which focuses on securing endpoints, firewalls, and networks, provides no protection against identity- and credential-based threats.
Change may not always be on the docket, but when it is, how can we embrace it, understand it, and work to create a constructive environment around it?
In just about every case of digital identity, there seems to be a set of credential recovery mechanisms that are weaker than the authentication method itself.
Organizations should recognize that not all authenticators are equally vulnerable to the mechanisms used to break the trust chain, which range from simple guesswork to coercion.
Now is the time to evaluate what methods of authentication will best serve your organization on the path to a passwordless future.
If you want to succeed with FIDO, you have to be ready. Now is the time to assess your organization’s authentication needs, how they are evolving, and the dynamics of your user population.
Get the Daily Briefing
- Amnesty Urges Moratorium on Surveillance Technology in Pegasus Scandal
- What We Learn from MITRE's Most Dangerous Software Weaknesses List
- 'Holy Moly!': Inside Texas' Fight Against a Ransomware Hack
- Leading Threat to Industrial Security is Not What You Think
- GitLab Releases Open Source Tool for Hunting Malicious Code in Dependencies
- Enterprises Warned of New PetitPotam Attack Exposing Windows Domains
- Threat Actors Target Kubernetes Clusters via Argo Workflows
- House Passes Several Critical Infrastructure Cybersecurity Bills
- TikTok fined €750,000 for Violating Children's Privacy
- Dutch Police Arrest Alleged Member of 'Fraud Family' Cybercrime Gang
Copyright © 2021 Wired Business Media. All Rights Reserved. Privacy Policy