Security Experts:

long dotted


Luminate emerges from stealth with $14 million in funding and a platform that secures access to enterprise applications and resources in hybrid cloud environments [Read More]
Researcher discovered Facebook vulnerabilities that exposed users’ friend lists and partial payment card information. One of the flaws was patched in 4 hours [Read More]
Researchers showed how Cortana could have been abused to bypass the Windows lock screen and hack into enterprise systems. Microsoft released a patch, but variations of the attack may still be possible and other voice assistants could also be affected [Read More]
Corero finds “kill switch” for the Memcached vulnerability that has fueled some of the largest distributed DDoS attacks in history [Read More]
Philips working on patches for dozens of flaws affecting IntelliSpace Portal, a visualization and analysis solution designed for healthcare organizations [Read More]
A behavioral quirk in SAML libraries has left many single-sign-on (SSO) implementations vulnerable and allows an attacker that has gained any authenticated access to trick the system into granting further access as a different user without knowledge of that user's password. [Read More]
NIST has published 'Attribute Metadata: a Proposed Schema for Evaluating Federated Attributes' in order to provide the basis for the evolution of a standardized approach to entity attributes. [Read More]
Dispel launches platform designed to help secure elections, including voter, ballot and campaign information [Read More]
Schneider Electric patches vulnerabilities in IGSS automation system, including in SCADA software and mobile applications [Read More]
Two more misconfigured databases exposing the personal details of thousands of people were disclosed late last week [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Torsten George's picture
To limit exposure to privileged credential attacks, organizations need to rethink their enterprise security strategy and move to an identity-centric approach based on a Zero Trust model.
Marc Solomon's picture
How do you determine the amount and mix of data that’s “just right” for your organization? To answer this question it helps to understand what’s driving the need for data in the first place.
Markus Jakobsson's picture
While 2FA is a big step above and beyond the use of traditional passwords, it is not infallible, and thinking so makes the risk of failure even greater.
Preston Hogue's picture
Even the most knowledgeable users — the very CISOs and security professionals who may be reading this article — can be duped into taking the bait.
Alastair Paterson's picture
By using best practices to protect credentials, while at the same time monitoring for leaked credentials and changes in the tools attackers use, you can mitigate the risk of account takeovers to your organization.
Travis Greene's picture
Having served aboard the USS Carl Vinson in the late 1990s, I can assure you that the World War II slogan, “loose lips sink ships” is still very much a part of Navy life.
Scott Simkin's picture
Training employees to be aware of credential-based attacks and how to avoid them, as well as adopting the right prevention-based measures, can have a material impact on stopping a common and effective attack techniques.
David Holmes's picture
What are the possible threat vectors if you were doing a threat model assessment for any of cloud passwords management models?
Rafal Los's picture
If you’re tired of changing your passwords using complex formulas you’ll never remember and have found yourself wondering just what your corporate security team is thinking, this post is for you.
David Holmes's picture
Password proliferation is bad, for many, many, many reasons. But the worst reason is that people tend to re-use passwords all over the place.