News, Insight and Analysis
News
-
Telegram bots allowing hackers to steal OTP codes
A simplified new attack tool based on Telegram scripts is allowing criminals to steal one-time password credentials and take over user accounts and drain bank funds. Continue Reading
-
Beware of proxyware: Connection-sharing services pose risks
Cisco Talos warns that sharing internet connections with random people via third-party app like Honeygain and Peer2Profit could lead to malware installations and other threats. Continue Reading
-
Researchers discover critical flaw in Azure Cosmos DB
Wiz security researchers found a new attack vector in Microsoft Azure, which if exploited could allow an attacker to gain access to customers primary keys. Continue Reading
-
FBI watchlist exposed by misconfigured Elasticsearch cluster
A terrorist watchlist was found in an exposed database, and security researcher Bob Diachenko says there is no way of knowing just how long it was open to the public. Continue Reading
-
SonicWall warns of 'imminent' SMA 100/SRA ransomware attacks
SonicWall said that those who fail to update or disconnect their vulnerable SMA 100 and SRA devices are 'at imminent risk of a targeted ransomware attack.' Continue Reading
Get Started
-
Working with PowerShell Secret Management and Secret Vault
The two new PowerShell modules put API keys, credentials and other secrets under lock and key to protect sensitive information in automation and remoting scenarios. Continue Reading
-
Keycloak tutorial: How to secure different application types
IT pros and developers can secure applications with the open source IAM tool Keycloak. When you don't need to worry about passwords, it reduces the potential attack surface. Continue Reading
-
Secure applications with Keycloak authentication tool
As we look toward the future of authentication, open source tools, such as Keycloak, provide companies a way to secure applications to its specific needs. Continue Reading
-
Test yourself with this e-learning authentication quizlet
Integrity and authentication are two evergreen security topics. Try this quick quiz from Technic Publication's PebbleU, and see where to focus your continuing education. Continue Reading
-
Get a grasp on using group managed service accounts
When you create a group managed service account, it relieves some administrative duties and bolsters the security related to passwords for services in a Windows environment. Continue Reading
Evaluate
-
Blockchain for identity management: Implications to consider
Blockchain has changed the way IAM authenticates digital identities. Consider these 14 implications when asking how and where IAM can benefit your organization. Continue Reading
-
How cloud adoption is shaping digital identity trends in 2021
Expert Carla Roncato explains what organizations need to know about emerging digital identity and security trends for the cloud, including CASB, CIEM and zero trust. Continue Reading
-
Corral superuser access via SDP, privileged access management
Keeping control of superusers is an ongoing challenge. Employing SDP and privileged access management can make the job easier. But can SDP replace PAM? Continue Reading
-
RSA Conference 2021: 3 hot cybersecurity trends explained
In a lightning round session at RSA Conference, ESG analysts discussed three of the hottest topics in cybersecurity in 2021: zero trust, XDR and SASE. Continue Reading
-
Despite confusion, zero-trust journey underway for many
Zero trust is a catchy phrase with seemingly lofty goals. Uncover the reality behind one of infosec's hottest buzzphrases, and learn why it's within reach for many companies today. Continue Reading
Manage
-
3 steps to create a low-friction authentication experience
Passwords are no longer sufficient, but more secure authentication methods frustrate users. Explore how to create a low-friction authentication process for improved UX and trust. Continue Reading
-
How to implement machine identity management for security
In IAM, companies must consider whether machines, applications and devices have the appropriate identities and access authorizations when communicating behind the scenes. Continue Reading
-
5 steps to secure the hybrid workforce as offices reopen
Companies must now face the security challenges of overseeing a hybrid workforce as employees return to the office. Continue Reading
-
5 cybersecurity testing areas CISOs need to address
With increasing board interest in cybersecurity risk, CISOs need to explain the preventive steps they are taking to have the right cybersecurity testing in place to minimize risk. Continue Reading
-
Utilizing existing tech to achieve zero-trust security
A zero-trust security model can immediately be used to address current gaps and provide a secure foundation for managing risk going forward, from both internal and external threats. Continue Reading
Problem Solve
-
6 types of insider threats and how to prevent them
From disgruntled employees to compromised users to third-party vendors, here are six types of insider threats and best practices to mitigate the issues. Continue Reading
-
Learn how to mitigate container security issues
The more companies embrace application containerization, the more they need to know about container security issues and attack prevention methods. Continue Reading
-
Adopting containers and preventing container security risks
When it comes to container security risks, organizations often worry about container escapes, but as expert Liz Rice explains, they should focus on prevention and patching. Continue Reading
-
Securing Active Directory also involves good backup practices
The 'Active Directory Administration Cookbook' covers what admins can do in advance to bring the identity and access management platform back online after an attack. Continue Reading
-
6 persistent enterprise authentication security issues
Some authentication factors are considered more secure than others but still come with potential drawbacks. Learn about the most common enterprise authentication security issues. Continue Reading