Identity & Access

Network Security

Issued by: Security Intelligence

Identifying Named Pipe Impersonation and Other Malicious Privilege Escalation Techniques

Privilege escalation is one of the key components of any attack that involves penetrating a system. If threat actors have limited access due to a current user’s privilege levels, they will naturally aim to escalate their privileges before expanding the scope of the attack. How can security professionals detect malicious escalation techniques before adversaries get…

Network Security

Issued by: Security Intelligence

In Case of Emergency, Break Glass: Protecting User Credentials in the Event of a Data Breach

There have been countless cyberbreaches over the past few years in which personal data, such as user IDs and passwords, have been compromised. These range from attacks against government agencies, such as two recent incidents affecting the national identity systems in Spain and Estonia, to corporate breaches exposing data belonging to millions of customers. In…

Vulnerabilities

Issued by: Security Week

Windows Hello Face Recognition Tricked by Photo

The facial recognition-based authentication system in Windows Hello has been bypassed by researchers using a printed photo, but the method does not work in the latest versions of Windows 10. Windows Hello, a feature available in Windows 10, allows users to quickly and easily log into their devices using their face or fingerprints. The face…

Malware & Threats

Issued by: Security Week

Hackers Target U.K. Shipping Giant Clarkson

Clarkson, one of the world’s largest providers of shipping services, informed the public on Tuesday that it has suffered a security breach and the hackers may release some data taken from its systems. Clarkson provided only few details citing the ongoing law enforcement investigation, but the information it made public suggests that it was targeted…

Application Security

Issued by: Security Intelligence

Don’t Be Catfished: Protecting Yourself From New Account Fraud

Catfishing, the practice of pretending to be someone else online, became a cultural phenomenon through MTV’s popular TV show “Catfish,” driving more attention to our obsession with our online personas. However, it’s not just social media that needs additional scrutiny. In the wake of several recent major data breaches of personally identifiable information (PII) such…

Network Security

Issued by: Security Week

Security Pros Admit Snooping on Corporate Network: Survey

IT security professionals, particularly executives, often access information that is not relevant to their day-to-day work, according to a new One Identity study focusing on “snooping” on the corporate network. Dimensional Research polled more than 900 IT security professionals on behalf of One Identity. The respondents were from various types of companies in the United…

Application Security

Issued by: Security Week

Researchers Use Heart Rhythms for Continuous Authentication

Researchers from the University at Buffalo SUNY, and the Department of Electrical and Computer Engineering at Texas Tech University have proposed a novel new continuous user authentication method using cardiac motion (a heart-based function determined by users’ unique heart geometry). Their paper, ‘Cardiac Scan: A Non-Contact and Continuous Heart-Based User Authentication System’ (PDF), will be…

Network Security

Issued by: Security Intelligence

IDaaS Providers: This Is How Cloud Identity Service Rapidly Responded to IoT and Mobile Demands

Accelerated identity and access management (IAM) is the mantra of many identity-as-a-service (IDaaS) providers, and IBM is no exception. Cloud Identity Service, a market-leading full-stack IDaaS solution, provides speedy deployment, lightning-fast onboarding of software-as-a-service (SaaS) applications, increased time to value and on-demand scalability to IBM’s largest enterprise clients. IBM’s enterprise clients are looking at the…