Many organizations have updated the authentication process for customers to help ensure frictionless transactions. Now, some are starting to take similar steps to streamline and enhance authentication of their employees - especially those working remotely.
The SolarWinds supply chain attackers manipulated OAuth app certificates to maintain persistence and access privileged resources, including email, according to researchers at Proofpoint.
“Passwordless” has become the holy grail for user authentication. But there are different interpretations of what passwordless is – and is not. Tom “TJ” Jermoluk, CEO of Beyond Identity, addresses some of the myths,the realities and how passwordless is deployed today.
Tales of poorly secured internet-connected cameras come along regularly. But the latest installment seems especially egregious because it involves Verkada, a widely used "surveillance camera as a service" startup, and led to remote hackers being able to spy on customers via their own cameras.
The SolarWinds supply chain attack should prompt federal agencies and others to rethink how they approach security issues - especially identity and access management, according to a breakdown of the attack presented this week by NIST and CISA.
The security firm Okta shook up the identity and access management market Wednesday by announcing a $6.5 billion deal to acquire the customer IAM technology supplier Auth0. Two other cybersecurity M&A deals were also announced this week.
New authentication models, including dynamic authorization and continuous authentication, that work well for consumers can be adopted for employees as well, says Thomas Malta, head of identity and access management at the Virginia-based Navy Federal Credit Union.
In this era of "work from anywhere," identity and access management solutions are challenged more than ever. What are the strategies and solutions recommended by top CEOs and CISOs in the cybersecurity sector? An expert panel weighs in.
The SolarWinds supply chain attack is another example of the damage that lateral movement by system intruders can cause. Tim Keeler of Remediant describes why detecting lateral movement is so challenging.
SonicWall was recently attacked via a zero-day flaw in one of its own products. Curiously, SonicWall hasn't said much about the extent and damage of the breach since its announcement. But there are strong indications it may have been targeted by an extortion attempt.
Broken object level authorization, or BOLA, vulnerabilities are among the most common and worrisome weaknesses contained in dozens of mobile health applications used by patients and clinicians, posing security and privacy risks to health information, says cybersecurity researcher Alissa Knight.
Security firms Crowdstrike, Palo Alto Networks and Sailpoint are making acquisitions to bolster their product portfolios. Here's a rundown of the deals.
This edition of the ISMG Security Report features an analysis of the impact of a hacking campaign linked to Russia’s Sandworm that targeted companies using Centreon IT monitoring software. Also featured: a discussion of CIAM trends; a critique of Bloomberg's update on alleged Supermicro supply chain hack.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.