Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Microsoft this week announced the public preview of a new feature that allows enterprise users to check their Azure Active Directory sign-ins for any unusual activity. [Read More]
The presidential campaign website of Donald Trump exposed information that may have allowed hackers to send out emails on behalf of the organization. [Read More]
Researchers discovered over 550 fake presidential election-themed domains targeting Republicans, Democrats and their funding websites. [Read More]
Safari does use Tencent to ensure that users in China do not navigate to malicious websites, but it never sends the actual URL of a visited site to the Chinese company, Apple says. [Read More]
Starting today, October 15, users in the United States have a new 2FA method at their disposal in the form of Google’s USB-C Titan Security Key. [Read More]
The key to mitigating Pass the Hash attacks is the issuance of single-use passwords for privileged accounts. [Read More]
NIST has published a draft Zero Trust Architecture (ZTA) special publication (SP.800.207) to develop a technology-neutral lexicon of the logical components of a zero trust strategy. [Read More]
A researcher has developed and open source intelligence (OSINT) to show how easy it is for adversaries to gather intelligence on critical infrastructure in the United States. [Read More]
Google is adding its Password Checkup tool to the Account password manager and Chrome, and it has unveiled some new privacy features for YouTube, Maps and Assistant. [Read More]
Unprotected Cisco WebEx and Zoom meetings can be easily accessed by malicious actors due to an API enumeration vulnerability dubbed Prying-Eye. [Read More]
- 1 of 68
- ››
FEATURES, INSIGHTS // Identity & Access
In just about every case of digital identity, there seems to be a set of credential recovery mechanisms that are weaker than the authentication method itself.
Organizations should recognize that not all authenticators are equally vulnerable to the mechanisms used to break the trust chain, which range from simple guesswork to coercion.
Now is the time to evaluate what methods of authentication will best serve your organization on the path to a passwordless future.
If you want to succeed with FIDO, you have to be ready. Now is the time to assess your organization’s authentication needs, how they are evolving, and the dynamics of your user population.
It’s time to address some myths about how facial recognition works, to help increase consumer comfort with biometric-authentication technology.
Companies should consider moving to a Zero Trust approach, powered by additional security measures such as multi-factor authentication, to stay ahead of the security curve and leave passwords behind for good.
The ultimate goal for identity and access management (IAM) is not to find the unbreakable or “unhackable” code for authentication; rather, it’s to layer security to create a much stronger identity assurance posture.
The debate about the deprecation of SMS as an authentication system is less about the agreed-upon insecurity of SMS and more about what can replace it. SMS survives because of its ubiquity, period.
Shifting traditional perimeter-based enterprise security strategies to a Zero Trust approach provides more robust prevention, detection, and incident response capabilities to protect continuously expanding attack surfaces.
The anatomy of a hack has been glorified and led to the common belief that data breaches typically exploit zero-day vulnerabilities and require a tremendous amount of code sophistication.
- 1 of 9
- ››
SecurityWeek Daily Briefing
- Fears Grow on Digital Surveillance: US Survey
- New GitHub Security Lab Aims to Secure Open Source Software
- Two Massachusetts Men Arrested and Charged in SIM Swapping Scheme
- Undocumented Access Feature Exposes Siemens PLCs to Attacks
- InfoTrax Settles With FTC Over Data Breach
- Over 100,000 Fake Domains With Valid TLS Certificates Target Major Retailers
- LINE Launches Public Bug Bounty Program on HackerOne
- Corellium: Apple Sued Us After Failed Acquisition Attempt
- Securing Autonomous Vehicles Paves the Way for Smart Cities
- DLL Hijacking Flaw Impacts Symantec Endpoint Protection
Copyright © 2019 Wired Business Media. All Rights Reserved. Privacy Policy