Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

A password recovery firm has claimed that the overall security of password managers is debatable, and not necessarily more secure than keeping a list of passwords in a single Excel spreadsheet. [Read More]
A CSRF vulnerability in the PACER court system could have been exploited by hackers to access legal documents via the accounts of legitimate users [Read More]
Researchers examined the password security criteria of 37 popular consumer sites, and 11 popular enterprise sites. The conclusion? Most don't care what password you choose. [Read More]
Microsoft finally announces decision on WoSign and StartCom certificates: new certificates issued after September 2017 will not be trusted [Read More]
Cisco patches high severity vulnerabilities in Videoscape Distribution Suite for Television (VDS TV) and Identity Services Engine (ISE) [Read More]
G Suite administrators can now directly manage X.509 certificates associated with their Security Assertion Markup Language (SAML) applications. [Read More]
Following its agreement with Google, Symantec has decided to sell its certificate business to DigiCert for $950 million plus stock [Read More]
Google releases final proposal in the case of Symantec’s CA business – all certificates must be replaced by Chrome 70 [Read More]
Researchers from China-based Tencent managed to remotely hack a Tesla Model X. The carmaker patched the flaws they exploited [Read More]
Mitigations put in place by Google in May 2017 to help block phishing attacks such as the recent OAuth worm weren’t enough to completely mitigate the issue, security firm Proofpoint says. [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Alastair Paterson's picture
By using best practices to protect credentials, while at the same time monitoring for leaked credentials and changes in the tools attackers use, you can mitigate the risk of account takeovers to your organization.
Travis Greene's picture
Having served aboard the USS Carl Vinson in the late 1990s, I can assure you that the World War II slogan, “loose lips sink ships” is still very much a part of Navy life.
Scott Simkin's picture
Training employees to be aware of credential-based attacks and how to avoid them, as well as adopting the right prevention-based measures, can have a material impact on stopping a common and effective attack techniques.
David Holmes's picture
What are the possible threat vectors if you were doing a threat model assessment for any of cloud passwords management models?
Rafal Los's picture
If you’re tired of changing your passwords using complex formulas you’ll never remember and have found yourself wondering just what your corporate security team is thinking, this post is for you.
David Holmes's picture
Password proliferation is bad, for many, many, many reasons. But the worst reason is that people tend to re-use passwords all over the place.
Travis Greene's picture
Two-factor authentication (2FA) is becoming more mainstream for businesses; however, businesses need to consider how 2FA should be implemented to maintain both external and internal control.
Travis Greene's picture
As the demand for identity governance in Asian companies grows, the key differentiator is that it’s going to come from a need to reduce risk.
Travis Greene's picture
While Identity and access management (IAM) is a mature discipline supporting internal employee access to applications, what is the future of IAM in support of end customer interactions?
Travis Greene's picture
Like all security measures, MFA is not an instant fix to safeguard credentials. But, understanding the risks of MFA limitations is the first step towards mitigation.