Security Experts:

long dotted


The OctoPrint web interface of thousands of 3D printers is exposed to remote, unauthenticated attacks from the Internet due to misconfigurations [Read More]
Instagram this week announced new features to boost account security and provide users with increased visibility into accounts with a large number of followers. [Read More]
Researchers disclosed the details of two serious vulnerabilities affecting ATM dispenser controllers from NCR. The flaws could have been exploited to install vulnerable firmware and get ATMs to dispense cash [Read More]
Duo Security creates open source tools and discloses techniques for identifying large-scale Twitter botnets – based on the analysis of 88 million accounts and over half-a-billion tweets [Read More]
Cisco will pay $2.35 billion in cash to acquire cloud-based identity and access management solutions provider Duo Security. [Read More]
Customer identity and access management (cIAM) firm LoginRadius has raised $17 million Series A funding led by ForgePoint Capital and Microsoft's venture fund, M12. [Read More]
A serious Bluetooth vulnerability can allow an attacker to monitor and manipulate traffic. Intel, Apple and Broadcom have already released patches [Read More]
Enterprise identity management firm Okta has acquired ScaleFT, a company that offers a Zero Trust access control platform. [Read More]
NIST’s Computer Security Division decided to withdraw 11 outdated SP 800 publications on August 1, 2018 [Read More]
Microsoft announces new identity bug bounty program, with rewards of up to $100,000 for flaws that can be used to bypass multi-factor authentication and vulnerabilities in the design of OpenID and OAuth 2.0 standards [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Torsten George's picture
The Reddit data breach illustrates the importance of rolling out an approach designed to verify the user, validate their device, limit access and privilege, and learn and adapt to new risks.
Torsten George's picture
Cyber attackers long ago figured out that the easiest way for them to gain access to sensitive data is by compromising an end user’s identity and credentials.
Travis Greene's picture
Privileged Access Management (PAM) can monitor and record user activity to offer misuse deterrence by collecting evidence for prosecution, and can provide more detailed compliance reporting than system logs.
Josh Lefkowitz's picture
It’s imperative that security practitioners acknowledge the often-confusing nature of insider threat, seek to dispel misconceptions, and provide clear, accurate insight whenever possible.
David Holmes's picture
There’s a popular attack vector among brute-force attackers right now that takes advantage of the 90-day password expirations commonly used by enterprises.
Travis Greene's picture
Closing the gaps in credential security requires awareness of what gaps exist and how to mitigate them.
Torsten George's picture
Implementing machine learning in the context of access control can help organizations reduce their reliance on passwords, and potentially get rid of them altogether.
Torsten George's picture
To limit exposure to privileged credential attacks, organizations need to rethink their enterprise security strategy and move to an identity-centric approach based on a Zero Trust model.
Marc Solomon's picture
How do you determine the amount and mix of data that’s “just right” for your organization? To answer this question it helps to understand what’s driving the need for data in the first place.
Markus Jakobsson's picture
While 2FA is a big step above and beyond the use of traditional passwords, it is not infallible, and thinking so makes the risk of failure even greater.