Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Google this week announced that Google Authenticator users can now transfer 2-Step Verification (2SV) secrets between devices. [Read More]
An alert sent out this week by CISA reiterates previously issued recommendations on how organizations should properly secure Microsoft Office 365 deployments. [Read More]
Tel Aviv, Israel-based passwordless authentication provider Secret Double Octopus has raised $15 million in a Series B funding round. [Read More]
The number of attacks abusing RDP to compromise corporate environments has increased significantly over the past couple of months. [Read More]
Identity and access management solutions provider ForgeRock has raised $93.5 million in a Series E funding round that it expects to be the last before its IPO. [Read More]
Google this week announced the availability of a cloud-based solution meant to help work-from-home employees securely access enterprise resources. [Read More]
Identity verification and authentication provider Onfido today announced the closing of a $100 million funding round that brings the total raised by the company to date to $200 million. [Read More]
Internet icons Jim Clark and Tom Jermoluk (past founders of Netscape, Silicon Graphics and @Home Network) have launched a phone-resident personal certificate-based authentication and authorization solution that eliminates all passwords. [Read More]
Zoom has promised to improve security and privacy, but an increasing number of organizations have decided to ban the video conferencing application. [Read More]
Cisco has conducted a low-budget research project on bypassing fingerprint authentication and achieved a success rate of 80 percent, but they were unsuccessful against Windows devices. [Read More]
- 1 of 73
- ››
FEATURES, INSIGHTS // Identity & Access
Today’s economic climate exacerbates risks of insider threats, as pending furloughs or pay cuts may tempt employees to exfiltrate data to secure a new job, make up for income losses, etc.
With IT budgets being cut back in response to the economic contraction caused by the current health crisis, security teams need to deliver more with less.
Static passwords lack the ability to verify whether the user accessing data is authentic or just someone who bought a compromised password.
If there’s one thing you can be sure of about user authentication methods today, it’s that determining the best choice isn’t as simple or straightforward as it used to be.
As the technology and tools to leverage stolen credentials advance, defenders should seek out innovative new ways to proactively flag exposed passwords leveraging insights gleaned from illicit communities and open-web dumps.
As the workforce continues to evolve, a one-size-fits-all approach won’t work for different identity and access management needs across organizations.
Perimeter-based security, which focuses on securing endpoints, firewalls, and networks, provides no protection against identity- and credential-based threats.
Change may not always be on the docket, but when it is, how can we embrace it, understand it, and work to create a constructive environment around it?
In just about every case of digital identity, there seems to be a set of credential recovery mechanisms that are weaker than the authentication method itself.
Organizations should recognize that not all authenticators are equally vulnerable to the mechanisms used to break the trust chain, which range from simple guesswork to coercion.
- 1 of 9
- ››
Subscribe to the Daily Briefing
- Coronavirus Pandemic Claims Another Victim: Robocalls
- Free ImmuniWeb Tool Allows Organizations to Check Dark Web Exposure
- Ragnar Locker Ransomware Uses Virtual Machines for Evasion
- Industry Reactions to Verizon 2020 DBIR: Feedback Friday
- Data Breach Hits Florida Unemployment System
- Hackers Attempted to Deploy Ransomware in Attacks Targeting Sophos Firewalls
- Hackers Can Target Rockwell Industrial Software With Malicious EDS Files
- Bitter Israel-Iran Rivalry Takes New Forms Online
- Signal PINs Allow Users to Recover Data When Switching Phones
- Cisco Patches Critical Vulnerability in Contact Center Software
Copyright © 2020 Wired Business Media. All Rights Reserved. Privacy Policy