News & Commentary
Latest Content tagged with Identity & Access Management
|
3 Tips for Driving User Buy-in to Security Policies
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
Dark Reading Launches Second INsecurity Conference
To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions
Fortinet Completes Bradford Networks Purchase
NAC and security firm added to Fortinet's portfolio.
5 Tips for Protecting SOHO Routers Against the VPNFilter Malware
Most home office users need to simply power cycle their routers and disable remote access; enterprises with work-at-home employees should move NAS behind the firewall.
The Good News about Cross-Domain Identity Management
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours
The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
6 Security Investments You May Be Wasting
Not all tools and services provide the same value. Some relatively low-cost practices have a major payoff while some of the most expensive tools make little difference.
6 Ways Third Parties Can Trip Up Your Security
Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
Why Isn't Integrity Getting the Attention It Deserves?
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
6 Enterprise Password Managers That Lighten the Load for Security
EPMs offer the familiar password wallet with more substantial administrative management and multiple deployment models.
Spring Clean Your Security Systems: 6 Places to Start
The sun is shining and you have an extra kick in your step. Why not use that newfound energy to take care of those bothersome security tasks you've put off all winter?
'Zero Login:' The Rise of Invisible Identity
Will new authentication technologies that recognize users on the basis of their behaviors finally mean the death of the despised password?
12 Trends Shaping Identity Management
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
Despite Risks, Nearly Half of IT Execs Don't Rethink Cybersecurity after an Attack
A recent survey reveals a troubling degree of security inertia lurking among scores of organizations. But there are a few bright spots.
Biometrics Are Coming & So Are Security Concerns
Could these advanced technologies be putting user data at risk?
8 Ways Hackers Monetize Stolen Data
Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.
20 Ways to Increase the Efficiency of the Incident Response Workflow
Despite all the good intentions of some great security teams, we are still living in a "cut-and-paste" incident management world.
Protect Yourself from Online Fraud This Tax Season
Use these tips to stay safe online during everyone's least-favorite time of the year.
One-Third of Internal User Accounts Are 'Ghost Users'
Attackers and malware can easily move laterally through an organization, thanks to inadequate access controls on file systems and a proliferation of inactive but enabled users.
Francisco Partners Buys Bomgar
Private equity firm Francisco Partners plans to acquire Bomgar, a privileged access and identity management company.
Deconstructing the DOJ Iranian Hacking Indictment
The alleged attackers used fairly simple tools, techniques and procedures to compromise a new victim organization on an almost weekly basis for over five years.
A Data Protection Officer's Guide to the GDPR Galaxy
Impending deadline got you freaking out? These five tips might help you calm down, at least a little.
Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack
The problem with having smart speakers and digital assistants in the workplace is akin to having a secure computer inside your office while its wireless keyboard is left outside for everyone to use.
Segmentation: The Neglected (Yet Essential) Control
Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.
DevSecOps: The Importance of Building Security from the Beginning
Here are four important areas to tackle in order to master DevSecOps: code, privacy, predictability, and people.
Privilege Abuse Attacks: 4 Common Scenarios
It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.
Identity Management: Where It Stands, Where It's Going
How companies are changing the approach to identity management as people become increasingly digital.
What Enterprises Can Learn from Medical Device Security
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
How to Secure 'Permissioned' Blockchains
At the heart of every blockchain is a protocol that agrees to the order and security of transactions in the next block. Here's how to maintain the integrity of the chain.
Leveraging Security to Enable Your Business
When done right, security doesn't have to be the barrier to employee productivity that many have come to expect. Here's how.
C-Suite Divided Over Security Concerns
Survey shows 60% of CEOs plan to invest the most resources in malware prevention, but CISOs, CIOs, and CTOs are on a different page.
IRS Reports Steep Decline in Tax-Related ID Theft
Research group Javelin confirms that the numbers are trending in the right direction, with total fraud losses dropping more than 14% to $783 million.
Back to Basics: AI Isn't the Answer to What Ails Us in Cyber
The irony behind just about every headline-grabbing data breach we've seen in recent years is that they all could have been prevented with simple cyber hygiene.
20 Signs You Need to Introduce Automation into Security Ops
Far too often, organizations approach automation as a solution looking for a problem rather than the other way around.
Identity Fraud Hits All-Time High in 2017
Survey reports that the number of fraud victims topped 16 million consumers last year, and much of that crime has moved online.
Lieberman Software Acquired by Bomgar
Deal combines privileged access management products, technologies.
Google Cloud Least-Privilege Function Goes Live
Custom Roles for Cloud IAM now available in production from Google.
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Authentication security methods are getting better all the time, but they are still not infallible.
K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online
Survey says local school districts and education departments lack even the most basic security and privacy safeguards.
6 Tips for Building a Data Privacy Culture
Experts say it's not enough to just post data classification guidelines and revisit the topic once a year. Companies have to build in privacy by design.
New Voice MFA Tool Uses Machine Learning
Pindrop claims its new multi-factor authentication solution that uses the "Deep Voice" engine could save call centers up to $1 per call.
Facebook Buys Identity Verification Firm
Facebook has purchased startup Confirm, which uses pattern analysis to confirm identities.
GDPR: Ready or Not, Here It Comes
As organizations all over the world look ahead to May 25 when Europe's General Data Protection Regulation takes effect, many will fall short.
One Identity Acquires Balabit
Union expands One Identity's privileged access management and analytics offerings.
1 in 9 Online Accounts Created in 2017 Was Fraudulent
Account takeovers hot, stolen credit cards not.
6 Tips to Protect Against Technical Support Fraud
Just when you’re having fun over the holidays and not paying attention, you can be hit with a tech support scam. Here's how to stay safe into the new year.
Oracle Product Rollout Underscores Need for Trust in the Cloud
Oracle updates its Identity SOC and management cloud with security tools to verify and manage users trusted with access to cloud-based data and applications.
|
White Papers
Video
0 Comments
Current Issue
Flash Poll
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-12580
PUBLISHED: 2018-06-19
PUBLISHED: 2018-06-19
PUBLISHED: 2018-06-19
PUBLISHED: 2018-06-19
PUBLISHED: 2018-06-19
From DHS/US-CERT's National Vulnerability Database CVE-2018-12580
PUBLISHED: 2018-06-19
library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature.
CVE-2018-12578PUBLISHED: 2018-06-19
There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.
CVE-2018-1061PUBLISHED: 2018-06-19
python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
CVE-2018-1073PUBLISHED: 2018-06-19
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.
CVE-2018-12557PUBLISHED: 2018-06-19
An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could ...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This