Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

SafeBreach warns of a new PowerShell backdoor that pretends to be part of the Windows update process. [Read More]
European venture capital and private equity firm Smartfin has acquired Hex-Rays, the company behind the widely deployed IDA Pro software disassembler. [Read More]
Zimbra has rushed out patches to provide cover for a code execution flaw that has already been exploited to plant malware on target machines. [Read More]
Zoom has rolled out a high-priority patch for macOS users with a warning that hackers could abuse the software flaw to connect to and control Zoom Apps. [Read More]
Google brings passkeys to Android and Chrome to protect users from credential leaks and phishing attacks. [Read More]
IAM solutions provider ForgeRock will be acquired by private equity firm Thoma Bravo for $2.3 billion. [Read More]
Adobe ships security patches for 29 documented vulnerabilities across multiple enterprise-facing products. [Read More]
Oort raises $15 million in Seed and Series A funding for its Identity Threat Detection and Response (ITDR) platform. [Read More]
A new Silicon Valley startup called Endor Labs has closed a $25 million seed-stage funding round to build a dependency lifecycle management platform to secure software supply chain. [Read More]
A San Francisco jury on Wednesday found former Uber security chief Joe Sullivan guilty of covering up a 2016 data breach and concealing information on a felony from law enforcement. [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Torsten George's picture
The tactics, techniques, and procedures (TTPs) used in the Twitter attack were not much different than in the majority of other data breaches and serve as valuable lessons for designing a modern cyber defense strategy.
Jim Ducharme's picture
Let’s look at some real-world examples of the identity management challenges remote work is creating, and at what it means to rethink identity governance and lifecycle to meet those challenges.
Torsten George's picture
The integration of identity with security is still work in progress, with less than half of businesses having fully implemented key identity-related access controls according to a research study.
Torsten George's picture
Today’s economic climate exacerbates risks of insider threats, as pending furloughs or pay cuts may tempt employees to exfiltrate data to secure a new job, make up for income losses, etc.
Torsten George's picture
With IT budgets being cut back in response to the economic contraction caused by the current health crisis, security teams need to deliver more with less.
Torsten George's picture
Static passwords lack the ability to verify whether the user accessing data is authentic or just someone who bought a compromised password.
Jim Ducharme's picture
If there’s one thing you can be sure of about user authentication methods today, it’s that determining the best choice isn’t as simple or straightforward as it used to be.
Josh Lefkowitz's picture
As the technology and tools to leverage stolen credentials advance, defenders should seek out innovative new ways to proactively flag exposed passwords leveraging insights gleaned from illicit communities and open-web dumps.
Jim Ducharme's picture
As the workforce continues to evolve, a one-size-fits-all approach won’t work for different identity and access management needs across organizations.
Torsten George's picture
Perimeter-based security, which focuses on securing endpoints, firewalls, and networks, provides no protection against identity- and credential-based threats.