Authentication

Application Security, Cloud Security, Software Security

Issued by: Dark Reading

Although only seeing tepid adoption to date, adaptive access and authentication is set to gain steam among businesses this year as organizations pursue zero-trust capabilities that grant and restrict access to data and systems based on context. In the latest sign of life in the evolving industry, startup company Oleria announced on March 21 that…

Software Security

Issued by: Dark Reading

Although the decentralized identity market is still in its infancy, it has been gaining traction in recent years and has the potential to change existing identity, authentication, and access for the better. In 2022, the decentralized identity market was projected to reach $270 million. Through decentralization and blockchain technology, there are an increasing number of…

Application Security

Issued by: Dark Reading

Businesses of all sizes and across all industries routinely rely on internal APIs to unite their line-of-business apps, and on external APIs to share data or services with vendors, customers, or partners. Because a single API may have access to multiple applications or services, compromising the API is an easy way to compromise a broad…

Malware & Threats

Issued by: Dark Reading

Nearly two dozen journalists and other staffers working for El Faro, a digital newspaper based in El Salvador, are suing NSO Group for unleashing Pegasus spyware — malware they say was used to steal their most sensitive information, putting their safety in danger. Along with ASO Group Technologies, its Israeli parent company, Q Cyber Technologies…

Software Security

Issued by: Help Net Security

Zero trust is a concept that’s easy to grasp but incredibly difficult to implement. It touches almost every system, component, application, and resource within an enterprise, and requires a strategic framework and specific tools and technologies to achieve best practice results. As organizations move Microsoft environments towards zero trust, it’s vital to ensure that all…

Vulnerabilities

Issued by: Dark Reading

Researchers have discovered a vulnerability in the remote procedure calls (RPC) for the Windows Server service, which could allow an attacker to gain control over the domain controller (DC) in a specific network configuration and execute remote code. Malicious actors could also exploit the vulnerability to modify a server’s certificate mapping to perform server spoofing….

Application Security, Software Security

Issued by: Help Net Security

In this video for Help Net Security, Christofer Hoff, Chief Secure Technology Officer at LastPass, talks about the benefits of passwordless authentication. The basic components needed to make passwordless authentication a reality are: An open, standard set of processes, technologies, APIs, etc., to enable all the various components to work together across devices, operating systems,…

Application Security

Issued by: Dark Reading

Authentication used to be binary: I give you access or I don’t give you access. But with the rise of remote/hybrid work and the growing number of cloud applications in use, organizations need an even more precise approach to authentication, says Ash Devata, vice-president and general manager of Cisco Zero Trust and Duo Security. “Every…

Application Security, Network Security

Issued by: Security Week

Launched to the public in 2013, iProov helps customers verify customer identity and protect against spoof attacks from photos, videos, masks, and even deepfakes. Used for onboarding and authentication, iProov says customers including the U.S. Department of Homeland Security, the UK Home Office, the UK National Health Service (NHS), the Australian Taxation Office, GovTech Singapore,…

Software Security

Issued by: Security Week

Designed to harvest real-time metrics from various endpoints, Prometheus enables organizations to keep a close eye on systems’ state, network usage, and the like. Close to 800 cloud-native platforms, including Slack and Uber, leverage the solution. In January 2021, Prometheus added support for Transport Layer Security (TLS) and basic authentication, to prevent access to the…