Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
The DHS ordered federal agencies to fully implement DMARC by October 16, 2018. While there has been significant progress, many agencies failed to meet the deadline [Read More]
A new iPhone passcode bypass method that works on the latest version of iOS was disclosed just days after Apple patched a similar vulnerability [Read More]
All major web browsers will deprecate support for the older Transport Layer Security (TLS) 1.0 and 1.1 protocols in the first half of 2020 [Read More]
Industry professionals comment on recent Google+ security incident involving a bug that exposed personal information from 500,000 accounts [Read More]
Facebook provides update on recent hacker attack. The company says there is no evidence the attackers accessed any apps using the compromised tokens [Read More]
Twitter makes some changes in preparation for the upcoming midterm elections in the US, including updates to rules on fake accounts and the distribution of hacked materials [Read More]
A new lockscreen bypass method allows access to photos and contacts on the latest iPhone XS running iOS 12 [Read More]
Industry professionals comment on the Facebook data breach that affected 50 million accounts and resulted in the tokens of 90 million users being reset [Read More]
Facebook shares more details about the massive hack affecting 50 million accounts, including the exploited bugs, impact on users, attack timeline, and impact on Facebook [Read More]
The PureVPN client for Windows is impacted by a couple of vulnerabilities that result in user credential leak, a Trustwave security researcher has discovered. [Read More]
- 1 of 53
- ››
FEATURES, INSIGHTS // Identity & Access
The Reddit data breach illustrates the importance of rolling out an approach designed to verify the user, validate their device, limit access and privilege, and learn and adapt to new risks.
Cyber attackers long ago figured out that the easiest way for them to gain access to sensitive data is by compromising an end user’s identity and credentials.
Privileged Access Management (PAM) can monitor and record user activity to offer misuse deterrence by collecting evidence for prosecution, and can provide more detailed compliance reporting than system logs.
It’s imperative that security practitioners acknowledge the often-confusing nature of insider threat, seek to dispel misconceptions, and provide clear, accurate insight whenever possible.
There’s a popular attack vector among brute-force attackers right now that takes advantage of the 90-day password expirations commonly used by enterprises.
Closing the gaps in credential security requires awareness of what gaps exist and how to mitigate them.
Implementing machine learning in the context of access control can help organizations reduce their reliance on passwords, and potentially get rid of them altogether.
To limit exposure to privileged credential attacks, organizations need to rethink their enterprise security strategy and move to an identity-centric approach based on a Zero Trust model.
How do you determine the amount and mix of data that’s “just right” for your organization? To answer this question it helps to understand what’s driving the need for data in the first place.
While 2FA is a big step above and beyond the use of traditional passwords, it is not infallible, and thinking so makes the risk of failure even greater.
- 1 of 7
- ››
SecurityWeek Daily Briefing
- Flaws Open Telepresence Robots to Prying Eyes
- NFCdrip Attack Proves Long-Range Data Exfiltration via NFC
- Apple's Revamped Privacy Website Offers Users Access to Their Data
- Google Pixel 3 Improves Data Protection with Security Chip
- 'Operation Oceansalt' Reuses Code from Chinese Group APT1
- 3 Public Cloud Security Myths Debunked
- Facebook Launches 'War Room' to Combat Manipulation
- Ex-Virginia Teacher Charged in 2014 'Celebgate' Hacking
- Tumblr Vulnerability Exposed User Account Information
- Ex-Equifax Manager Gets Home Confinement for Insider Trading
Copyright © 2018 Wired Business Media. All Rights Reserved. Privacy Policy