Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Cisco patches a critical vulnerability in an SD-WAN software product but warned that a different high-risk bug in end-of-life small business routers will remain unpatched. [Read More]
Proofpoint warns that attackers are leveraging compromised supplier accounts and supplier impersonation to send malware, steal credentials and perpetrate invoicing fraud. [Read More]
Researchers have discovered FlixOnline, new Android malware that uses Netflix as its lure and spreads malware via auto-replies to WhatsApp messages. [Read More]
A joint report from SAP and Onapsis warns that advanced threat actors are targeting new vulnerabilities in SAP applications within days after the availability of security patches. [Read More]
Researchers report that a subgroup of the Molerats APT is employing voice changing software in attacks targeting regional adversaries and political opponents. [Read More]
In a new pilot program, the U.S. DoD invites the HackerOne community to remotely test the participating DoD contractors’ assets and report on any identified vulnerabilities. [Read More]
The U.S. government's Cybersecurity and Infrastructure Security Agency (CISA) warns that APT actors are exploiting Fortinet FortiOS vulnerabilities in attacks targeting commercial, government, and technology services networks. [Read More]
VMWare fixes a serious URL-handling vulnerability in the Carbon Black administrative interface and warns of authentication bypass and potential code execution risks. [Read More]
Researchers warns that tens of thousands of QNAP SOHO NAS devices potentially impacted by unpatched remote code execution flaws. [Read More]
The U.S. Department of Justice this week announced official charges against Wyatt A. Travnichek, a Kansas man accused of accessing and tampering with a public water system. [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Joshua Goldfarb's picture
Josh Goldfarb debunks the most common myths surrounding fraud, security and user experience.
Torsten George's picture
Domain controllers, Active Directory, and servers are prime reconnaissance targets to hunt for additional privileged credentials and privileged access.
Torsten George's picture
Ultimately, organizations must assume that bad actors are already in their networks. And consumers must realize they’re constant targets.
Torsten George's picture
Today’s dynamic threatscape requires security professionals to adjust to an ever-expanding attack surface.
Torsten George's picture
The tactics, techniques, and procedures (TTPs) used in the Twitter attack were not much different than in the majority of other data breaches and serve as valuable lessons for designing a modern cyber defense strategy.
Jim Ducharme's picture
Let’s look at some real-world examples of the identity management challenges remote work is creating, and at what it means to rethink identity governance and lifecycle to meet those challenges.
Torsten George's picture
The integration of identity with security is still work in progress, with less than half of businesses having fully implemented key identity-related access controls according to a research study.
Torsten George's picture
Today’s economic climate exacerbates risks of insider threats, as pending furloughs or pay cuts may tempt employees to exfiltrate data to secure a new job, make up for income losses, etc.
Torsten George's picture
With IT budgets being cut back in response to the economic contraction caused by the current health crisis, security teams need to deliver more with less.
Torsten George's picture
Static passwords lack the ability to verify whether the user accessing data is authentic or just someone who bought a compromised password.