News & Commentary
Latest Content tagged with Authentication
|
Account Takeover Attacks Become a Phishing Fave
More than three-quarters of ATOs resulted in a phishing email, a new report shows.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct.
The Top 5 Security Threats & Mitigations for Industrial Networks
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
IoT Threats Triple Since 2017
Rapidly evolving malware is posing an ever-greater threat to the IoT – and business users of the Internet.
Military, Government Users Just as Bad About Password Hygiene as Civilians
New report comes out just as group of US senators chastise Secretary of State Mike Pompeo for not using multifactor authentication.
4 Trends Giving CISOs Sleepless Nights
IoT attacks, budget shortfalls, and the skills gap are among the problems keeping security pros up at night.
4 Practical Measures to Improve Election Security Now
It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.
Authentication Grows Up
Which forms of multi-factor authentication (MFA) are working, which are not, and where industry watchers think the market is headed.
How to Gauge the Effectiveness of Security Awareness Programs
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
Shadow IT: Every Company's 3 Hidden Security Risks
Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.
IT Managers: Are You Keeping Up with Social-Engineering Attacks?
Increasingly sophisticated threats require a mix of people, processes, and technology safeguards.
Is SMS 2FA Enough Login Protection?
Experts say Reddit breach offers a prime example of the risks of depending on one-time passwords sent via text.
London Calling with New Strategies to Stop Ransomware
The new London Protocol from the Certificate Authority Security Council/Browser Forum aims to minimize the possibility of phishing activity on high-value identity websites.
Beyond Passwords: Why Your Company Should Rethink Authentication
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.
Bomgar Acquires Avecto
Purchase adds layers to privileged access management system.
Reactive or Proactive? Making the Case for New Kill Chains
Classic kill chain models that aim to find and stop external attacks don't account for threats from insiders. Here what a modern kill chain should include.
Consumers Rank Security High in Payment Decisions
Security is a top priority when it comes to making decisions on payment methods and technologies.
iOS 12 2FA Feature May Carry Bank Fraud Risk
Making two-factor authentication faster could also make it less secure.
10 Tips for More Secure Mobile Devices
Mobile devices can be more secure than traditional desktop machines - but only if the proper policies and practices are in place and in use.
Secure Code: You Are the Solution to Open Source’s Biggest Problem
Seventy-eight percent of open source codebases examined in a recent study contain at least one unpatched vulnerability, with an average of 64 known vulnerabilities per codebase.
Inside a SamSam Ransomware Attack
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
3 Tips for Driving User Buy-in to Security Policies
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
Survey Shows Florida at the Bottom for Consumer Cybersecurity
A new survey shows that residents of the Sunshine State engage in more risky behavior than their counterparts in the other 49 states.
Fortinet Completes Bradford Networks Purchase
NAC and security firm added to Fortinet's portfolio.
5 Tips for Protecting SOHO Routers Against the VPNFilter Malware
Most home office users need to simply power cycle their routers and disable remote access; enterprises with work-at-home employees should move NAS behind the firewall.
The Good News about Cross-Domain Identity Management
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours
The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
6 Ways Third Parties Can Trip Up Your Security
Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
More Than Half of Users Reuse Passwords
Users are terrible at passwords and the problem is only getting worse, according to an expansive study of more than 100 million passwords and their owners.
What Should Post-Quantum Cryptography Look Like?
Researchers are tackling the difficult problem of transitioning toward a new mode of cryptographic protections that won't break under the pressure of quantum computing power.
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
How to Hang Up on Fraud
Three reasons why the phone channel is uniquely vulnerable to spoofing and what call centers are doing about it.
California Teen Arrested for Phishing Teachers to Change Grades
The student faces 14 felony counts for using a phishing campaign to steal teachers' credentials and alter students' grades.
Why Isn't Integrity Getting the Attention It Deserves?
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
FIDO Alliance Appoints Facebook to Board of Directors
Facebook joins Google, Microsoft, Amazon, and Intel, all among major influential tech companies backing FIDO authentication.
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
10 Lessons From an IoT Demo Lab
The Demo Lab at InteropITX 2018 was all about IoT and the traffic - legitimate and malicious - it adds to an enterprise network.
6 Enterprise Password Managers That Lighten the Load for Security
EPMs offer the familiar password wallet with more substantial administrative management and multiple deployment models.
Spring Clean Your Security Systems: 6 Places to Start
The sun is shining and you have an extra kick in your step. Why not use that newfound energy to take care of those bothersome security tasks you've put off all winter?
A Data Protection Officer's Guide to GDPR 'Privacy by Design'
These five steps can show you how to start building your foundational privacy program for the EU's General Data Protection Regulation.
'Zero Login:' The Rise of Invisible Identity
Will new authentication technologies that recognize users on the basis of their behaviors finally mean the death of the despised password?
12 Trends Shaping Identity Management
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
Despite Risks, Nearly Half of IT Execs Don't Rethink Cybersecurity after an Attack
A recent survey reveals a troubling degree of security inertia lurking among scores of organizations. But there are a few bright spots.
Why Information Integrity Attacks Pose New Security Challenges
To fight information integrity attacks like the ones recently perpetrated by bots on the FCC's website, we need to change our stance and look for the adversaries hiding in plain sight.
'Stresspaint' Targets Facebook Credentials
New malware variant goes after login credentials for popular Facebook pages.
Digital Identity Makes Headway Around the World
The US is lagging behind the digital ID leaders.
Biometrics Are Coming & So Are Security Concerns
Could these advanced technologies be putting user data at risk?
8 Ways Hackers Monetize Stolen Data
Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.
Companies Still Suffering From Poor Credential Hygiene: New Report
Credentials are being mis-handled and it's hurting most companies, according to a new report out today.
Cisco, ISARA to Test Hybrid Classic, Quantum-Safe Digital Certificates
Goal is to make it easier for organizations to handle the migration to quantum computing when it becomes available.
|
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Are you sure this is how we get our data into the cloud?
Latest Comment: Are you sure this is how we get our data into the cloud?
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-17368
PUBLISHED: 2018-09-23
PUBLISHED: 2018-09-23
PUBLISHED: 2018-09-23
PUBLISHED: 2018-09-23
PUBLISHED: 2018-09-23
From DHS/US-CERT's National Vulnerability Database CVE-2018-17368
PUBLISHED: 2018-09-23
An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.
CVE-2018-17369PUBLISHED: 2018-09-23
An issue was discovered in springboot_authority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter.
CVE-2018-17400PUBLISHED: 2018-09-23
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application.
CVE-2018-17401PUBLISHED: 2018-09-23
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature.
CVE-2018-17402PUBLISHED: 2018-09-23
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This