Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Privileged access management (PAM) solution provider Remediant has closed a $15 million Series A funding round co-led by Dell Technologies Capital and ForgePoint Capital. [Read More]
A Ruby software package that contained a malicious backdoor has been removed from the Ruby Gems repository after compromising over ten libraries. [Read More]
Apple, Google and Mozilla respond to Kazakhstan’s efforts to spy on its citizens by requiring them to install a root certificate on their devices. [Read More]
All Sphinx servers that are exposed to the Internet are prone to abuse by cybercriminals, as they can be accessed by anyone. [Read More]
Yubico announces general availability of YubiKey 5Ci, a security key that has both USB-C and Lightning connectors. [Read More]
GitHub announced that its token scanning service now also checks commits for accidentally shared Atlassian, Dropbox, Discord, Proctorio and Pulumi tokens. [Read More]
Google’s Password Checkup extension warns users if their password has been compromised, but many don’t change their password after being alerted. [Read More]
The latest update released by Mozilla for Firefox patches a vulnerability that can be exploited to bypass the master password of the built-in password manager and obtain stored passwords. [Read More]
Slack has unveiled new enterprise security tools that give admins more control over who can access Slack and how it can be used. [Read More]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn of multiple vulnerabilities access control systems made by Prima Systems. [Read More]
- 1 of 66
- ››
FEATURES, INSIGHTS // Identity & Access
If you want to succeed with FIDO, you have to be ready. Now is the time to assess your organization’s authentication needs, how they are evolving, and the dynamics of your user population.
It’s time to address some myths about how facial recognition works, to help increase consumer comfort with biometric-authentication technology.
Companies should consider moving to a Zero Trust approach, powered by additional security measures such as multi-factor authentication, to stay ahead of the security curve and leave passwords behind for good.
The ultimate goal for identity and access management (IAM) is not to find the unbreakable or “unhackable” code for authentication; rather, it’s to layer security to create a much stronger identity assurance posture.
The debate about the deprecation of SMS as an authentication system is less about the agreed-upon insecurity of SMS and more about what can replace it. SMS survives because of its ubiquity, period.
Shifting traditional perimeter-based enterprise security strategies to a Zero Trust approach provides more robust prevention, detection, and incident response capabilities to protect continuously expanding attack surfaces.
The anatomy of a hack has been glorified and led to the common belief that data breaches typically exploit zero-day vulnerabilities and require a tremendous amount of code sophistication.
It’s important for IT security teams to understand the slight, but potentially significant difference between MFA and two-factor (2FA) authentication.
Since multi-factor authentication requires several elements for identity verification, it’s one of the best ways to prevent unauthorized users from accessing sensitive data and moving laterally within the network.
While implementing Zero Trust is a journey that cannot be achieved over night, it also doesn’t require a complete redesign of existing network architectures.
- 1 of 8
- ››
SecurityWeek Daily Briefing
- GitHub Becomes CVE Numbering Authority, Acquires Semmle
- 300 More Chinese Arrested in Philippines Crackdown
- Emotet Returns, Spreads via Hijacked Email Conversations
- U.S. Could Launch Cyberattack on Iran in Response to Saudi Oil Attack
- Top 10 Tactical Recommendations for SMB Cybersecurity
- Facebook Takes Down Misleading Campaigns From Iraq, Ukraine
- Code Execution Vulnerabilities Found in Aspose PDF Processing Product
- Supply Chain Likely Target in Attacks by Tortoiseshell Group on Saudi IT Firms
- 'Panda' Group Makes Thousands of Dollars Using RATs, Crypto-Miners
- US Justice Department Sues Snowden Over New Book
Copyright © 2019 Wired Business Media. All Rights Reserved. Privacy Policy