Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Enterprise identity management firm Okta has acquired ScaleFT, a company that offers a Zero Trust access control platform. [Read More]
NIST’s Computer Security Division decided to withdraw 11 outdated SP 800 publications on August 1, 2018 [Read More]
Microsoft announces new identity bug bounty program, with rewards of up to $100,000 for flaws that can be used to bypass multi-factor authentication and vulnerabilities in the design of OpenID and OAuth 2.0 standards [Read More]
Researchers find a way to stealthily manipulate road navigation systems. Successful test attacks conducted against users in China and US [Read More]
A CredSSP vulnerability affecting all versions of Windows and patched recently by Microsoft has been found to impact Pepperl+Fuchs HMI devices [Read More]
Private equity investment firm Thoma Bravo said it will acquire a majority interest in identity and access management (IAM) solutions firm Centrify. [Read More]
Hackers gained access to Timehop systems in December 2017, but the breach was only discovered on July 4. The incident affects 21 million users [Read More]
A recently detected Smoke Loader infection campaign is attempting to steal credentials from a broad range of applications, including web browsers, email clients, and more. [Read More]
Mozilla announces updated version of the Root Store Policy governing CAs trusted by its products [Read More]
Facebook notifies 800,000 users that people they had blocked were temporarily unblocked due to a bug. The company also detailed new API restrictions designed to protect user information [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Torsten George's picture
The Reddit data breach illustrates the importance of rolling out an approach designed to verify the user, validate their device, limit access and privilege, and learn and adapt to new risks.
Torsten George's picture
Cyber attackers long ago figured out that the easiest way for them to gain access to sensitive data is by compromising an end user’s identity and credentials.
Travis Greene's picture
Privileged Access Management (PAM) can monitor and record user activity to offer misuse deterrence by collecting evidence for prosecution, and can provide more detailed compliance reporting than system logs.
Josh Lefkowitz's picture
It’s imperative that security practitioners acknowledge the often-confusing nature of insider threat, seek to dispel misconceptions, and provide clear, accurate insight whenever possible.
David Holmes's picture
There’s a popular attack vector among brute-force attackers right now that takes advantage of the 90-day password expirations commonly used by enterprises.
Travis Greene's picture
Closing the gaps in credential security requires awareness of what gaps exist and how to mitigate them.
Torsten George's picture
Implementing machine learning in the context of access control can help organizations reduce their reliance on passwords, and potentially get rid of them altogether.
Torsten George's picture
To limit exposure to privileged credential attacks, organizations need to rethink their enterprise security strategy and move to an identity-centric approach based on a Zero Trust model.
Marc Solomon's picture
How do you determine the amount and mix of data that’s “just right” for your organization? To answer this question it helps to understand what’s driving the need for data in the first place.
Markus Jakobsson's picture
While 2FA is a big step above and beyond the use of traditional passwords, it is not infallible, and thinking so makes the risk of failure even greater.