More results...
Fragmented access policies are top security concern in multi-cloud environments, with more than 75% of enterprises reporting they do not know where applications are deployed and who has access to them, according to Strata Identity. Cloud security conce…
From understanding the challenges of disparate OT protocols and the increasing convergence with IT to grappling with the monumental role of human error, our latest interview with Rohit Bohara, CTO at asvin, delves deep into the landscape of OT security…
Password security remains highly relevant even as cybersecurity strategies move toward a passwordless future. Of the 100 Black Hat USA 2023 attendees Delinea polled, 54% said passwordless is a viable concept, while 79% agreed that passwords are evolvin…
A bunch of networks, including US Government networks, have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers. The phrase “negligent security practices” is being tossed about—and with good reason. Master signing keys are not supposed to be left around, waiting to be stolen.
Actually, two things went badly wrong here. The first is that Azure accepted an expired signing key, implying a vulnerability in whatever is supposed to check key validity. The second is that this key was supposed to remain in the the system’s Hardware Security Module—and not be in software. This implies a really serious breach of good security practice. The fact that Microsoft has not been forthcoming about the details of what happened tell me that the details are really bad…
Zero trust is here to stay, with 82% of experts currently working on implementing zero trust, and 16% planning to begin within 18 months, according to Beyond Identity. Over 90% of those working on zero trust cited that the 2022 Federal Zero Trust Strat…
The first compromise didn’t get the crooks as far as they wanted, so they found a second one that did…
Researchers from Ruhr University Bochum and the CISPA Helmholtz Center for Information Security in Saarbrücken have assessed the security mechanisms of satellites currently orbiting the Earth from an IT perspective. Moritz Schloegel (left) and Johannes…
Many organizations agree in theory that passwordless authentication is the future, but getting there represents a significant change management challenge. The migration to passwordless requires forethought and planning. For example, an organization nee…
In this Help Net Security video, Michael Crandell, CEO of Bitwarden, discusses the future of passwords and authentication. Although interest in passwordless technology, which aims to eliminate the need for passwords, is relatively low, 65% of consumers…
Digital key technology allows mobile devices to streamline approval for everyday access points, making it a fitting solution for the automotive industry. While there are a few different approaches to implementing digital keys for automotive use, a secu…