Comments
Newest First | Oldest First | Threaded View
User training will never be enough
Great post, thanks! This attack shows once again that even sophisticated users will fall for phishing attacks. As security experts we need to give up on the idea that we can train our way out of this. While training is useful we need to create our tools under the assumption that user's will do nothing to contribute to their own protection.
White Papers
Video
1 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Well, if you hadn't made us skip the Lockpicking Village at DEF CON this year, MAYBE this wouldn't be an issue!"
Latest Comment: "Well, if you hadn't made us skip the Lockpicking Village at DEF CON this year, MAYBE this wouldn't be an issue!"
Current Issue
Building and Managing an IT Security Operations ProgramAs cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
How Enterprises Are Developing Secure Applications
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-7068
PUBLISHED: 2019-05-24
PUBLISHED: 2019-05-24
PUBLISHED: 2019-05-24
PUBLISHED: 2019-05-24
PUBLISHED: 2019-05-24
From DHS/US-CERT's National Vulnerability Database CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This
User Rank: Strategist
8/3/2015 | 11:34:25 AM
So what's the difference between the vault and the synchronized password? Surely only one password is more of a risk than several (even if they are all placed in a handy vault for the bad guy to get a hold of)?
First of all the level of complexity for that one password can be higher because now your user has only one password to remember.
Secondly remediation when the password is revealed or hacked is SO much easier with a synchronized password - you simply change one password to clean all systems connected to your Password Manager.
Compare that with the SSO world where users have multiple passwords they then have to change inside the SSO setup in order to restore the security of their password access.
Finally - no matter what method you choose, stale access rights are the next thing on your agenda as you try and strengthen your defences - users won't tell you what they DON'T need, nor will application owners tell you who should no longer have access.
Neccessity is the mother of invention, convenience is the father.