Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Google this week will start inviting 2-Step Verification (2-SV) SMS users to try Google Prompt, its year-old method of approving sign-in requests on smartphones. [Read More]
Over 750 domains hijacked and pointed to RIG exploit kit after attackers accessed a web portal belonging to a technical partner of French registrar Gandi [Read More]
Boundary protection weaknesses remain the most prevalent in critical infrastructure sectors, according to assessments conducted in 2016 by ICS-CERT [Read More]
An old Kerberos authentication bypass vulnerability dubbed Orpheus' Lyre has been patched in Windows and some Linux distributions [Read More]
Join this webinar to learn how organizations are moving from simple two-factor authentication to modern, mobile multi-factor authentication for better identity assurance. [Read More]
Google warns websites using WoSign and StartCom certificates - they will no longer be trusted by Chrome starting in September [Read More]
Dell EMC provides patches and workarounds for vulnerabilities found in its Data Protection Advisor and ESRS Policy Manager products [Read More]
WikiLeaks publishes documents on BothanSpy and Gyrfalcon, tools used by the CIA to steal SSH credentials from Windows and Linux systems [Read More]
The group behind last week’s destructive NotPetya attack was able to access M.E.Doc’s update server and use it for their nefarious purposes courtesy of stolen credentials, Cisco has discovered. [Read More]
Authentication bypass vulnerability related to the TSIG protocol patched in BIND and Knot DNS [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Alastair Paterson's picture
By using best practices to protect credentials, while at the same time monitoring for leaked credentials and changes in the tools attackers use, you can mitigate the risk of account takeovers to your organization.
Travis Greene's picture
Having served aboard the USS Carl Vinson in the late 1990s, I can assure you that the World War II slogan, “loose lips sink ships” is still very much a part of Navy life.
Scott Simkin's picture
Training employees to be aware of credential-based attacks and how to avoid them, as well as adopting the right prevention-based measures, can have a material impact on stopping a common and effective attack techniques.
David Holmes's picture
What are the possible threat vectors if you were doing a threat model assessment for any of cloud passwords management models?
Rafal Los's picture
If you’re tired of changing your passwords using complex formulas you’ll never remember and have found yourself wondering just what your corporate security team is thinking, this post is for you.
David Holmes's picture
Password proliferation is bad, for many, many, many reasons. But the worst reason is that people tend to re-use passwords all over the place.
Travis Greene's picture
Two-factor authentication (2FA) is becoming more mainstream for businesses; however, businesses need to consider how 2FA should be implemented to maintain both external and internal control.
Travis Greene's picture
As the demand for identity governance in Asian companies grows, the key differentiator is that it’s going to come from a need to reduce risk.
Travis Greene's picture
While Identity and access management (IAM) is a mature discipline supporting internal employee access to applications, what is the future of IAM in support of end customer interactions?
Travis Greene's picture
Like all security measures, MFA is not an instant fix to safeguard credentials. But, understanding the risks of MFA limitations is the first step towards mitigation.