Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Microsoft partners with Citizen Lab to identify a mysterious commercial surveillance company in Israel selling zero-days and high-end spyware to government hackers. [Read More]
Facebook's security team issues a warning about Tortoiseshell, an Iranian hacking group targeting military personnel and defense organizations in the United States. [Read More]
Palo Alto addresses vulnerabilities that could allow an attacker to execute arbitrary JavaScript code in the web console or to execute programs with SYSTEM privileges. [Read More]
The funds will help the company release more authentication options and launch additional user infrastructure features. [Read More]
Kaspersky issues a report on an advanced threat actor that has hit approximately 1,500 entities in Myanmar and the Philippines, including government entities. [Read More]
The German software maker has released patches for a pair of high-severity Netweaver vulnerabilities. [Read More]
Microsoft’s embattled security response unit uses Patch Tuesday to respond to a new set of Windows zero-day attacks. [Read More]
Mozilla has released Firefox 90 with several security improvements, including better protections against cross-origin threats, as well as an advanced tracker blocking mechanism. [Read More]
Adobe urged Windows and macOS users to treat the PDF Reader patch with the utmost priority, because the flaws expose machines to remote code execution and privilege escalation attacks. [Read More]
The deal will give Redmond an automatic entry point into the lucrative attack surface management and third party risk-intelligence space. [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

William Lin's picture
The most common “new project” in identity nowadays is in Zero Trust. This concept has been evolving for years, and is building controls around an interesting premise: the idea that every resource will one day be internet-facing.
Joshua Goldfarb's picture
Josh Goldfarb debunks the most common myths surrounding fraud, security and user experience.
Torsten George's picture
Domain controllers, Active Directory, and servers are prime reconnaissance targets to hunt for additional privileged credentials and privileged access.
Torsten George's picture
Ultimately, organizations must assume that bad actors are already in their networks. And consumers must realize they’re constant targets.
Torsten George's picture
Today’s dynamic threatscape requires security professionals to adjust to an ever-expanding attack surface.
Torsten George's picture
The tactics, techniques, and procedures (TTPs) used in the Twitter attack were not much different than in the majority of other data breaches and serve as valuable lessons for designing a modern cyber defense strategy.
Jim Ducharme's picture
Let’s look at some real-world examples of the identity management challenges remote work is creating, and at what it means to rethink identity governance and lifecycle to meet those challenges.
Torsten George's picture
The integration of identity with security is still work in progress, with less than half of businesses having fully implemented key identity-related access controls according to a research study.
Torsten George's picture
Today’s economic climate exacerbates risks of insider threats, as pending furloughs or pay cuts may tempt employees to exfiltrate data to secure a new job, make up for income losses, etc.
Torsten George's picture
With IT budgets being cut back in response to the economic contraction caused by the current health crisis, security teams need to deliver more with less.