Identity and access management
Identity is often considered the perimeter in infosec, especially as traditional enterprise perimeters dissolve. Identity and access management is critical to maintain data security. From passwords to multifactor authentication, SSO to biometrics, get the latest advice on IAM here.
Top Stories
-
Feature
06 Dec 2024
Passkey vs. password: What is the difference?
Companies are turning to passkeys as a secure login for consumers. Passkeys make it more difficult for thieves to steal information, and they are also more convenient for users. Continue Reading
By- Amanda Hetler, Senior Editor
-
News
04 Dec 2024
FBI: Criminals using AI to commit fraud 'on a larger scale'
As AI technology becomes more widely adopted, attackers are abusing it for their scams, which the FBI says are becoming increasingly more difficult to detect. Continue Reading
By- Arielle Waldman, News Writer
-
News
04 Dec 2024
FBI: Criminals using AI to commit fraud 'on a larger scale'
As AI technology becomes more widely adopted, attackers are abusing it for their scams, which the FBI says are becoming increasingly more difficult to detect. Continue Reading
By- Arielle Waldman, News Writer
-
News
04 Dec 2024
FOSS security concerns increase amid widespread adoption
A new report from the Linux Foundation, OpenSSF and Harvard University calls for transparency and standardization to address growing security risks in open source software. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
02 Dec 2024
8 best practices for a bulletproof IAM strategy
IAM systems help to enable secure access to applications and resources. But to benefit from IAM -- and avoid a security failure -- teams must be ready to meet the challenges. Continue Reading
-
Tip
20 Nov 2024
4 types of access control
Access management is the gatekeeper, making sure a device or person can gain entry only to the systems or applications to which they have been granted permission. Continue Reading
By- Amy Larsen DeCarlo, GlobalData
-
Tip
20 Nov 2024
User provisioning and deprovisioning: Why it matters for IAM
Overprivileged and orphaned user identities pose risks. Cybersecurity teams should be sure user profiles grant only appropriate access -- and only for as long as necessary. Continue Reading
By- Dave Shackleford, Voodoo Security
-
Tip
19 Nov 2024
What skills are needed for a successful career in IAM?
In the zero-trust era, identity management is critical to an organization's cybersecurity posture. What skills are required to transition into a career in IAM? Continue Reading
By- Amy Larsen DeCarlo, GlobalData
-
Tip
19 Nov 2024
Biometric privacy and security challenges to know
Fingerprints and facial scans can make identity access more convenient than passwords, but biometric tools present significant ethical and legal challenges. Continue Reading
-
News
18 Nov 2024
Chinese APT exploited unpatched Fortinet zero-day flaw
Volexity reported that a Chinese APT actor exploited a zero-day vulnerability in Fortinet's Windows VPN FortiClient software that enables credentials to be stolen from a system. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
18 Nov 2024
What is acceptable use policy (AUP)?
An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to or use of a corporate network, the internet or other computing resources. Continue Reading
By -
News
15 Nov 2024
MFA required for AWS Organizations member accounts in 2025
AWS is one of several cloud providers that will implement MFA requirements over the next year, with other relevant names including Google Cloud and Microsoft Azure. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
14 Nov 2024
What is identity governance and administration (IGA)?
Identity governance and administration (IGA) is the collection of processes and practices used to manage user digital identities and their access throughout the enterprise. Continue Reading
By- Stephen J. Bigelow, Senior Technology Editor
-
Answer
12 Nov 2024
Top 10 identity and access management risks
Organizational security is undermined by a number of identity and access management problems. Learn what those risks are and get ideas on how to solve them. Continue Reading
By- Dave Shackleford, Voodoo Security
-
Answer
12 Nov 2024
Identity management vs. authentication: Know the difference
Learn how authentication and identity management are both intrinsic to an identity and access management framework. Learn how they differ and the role each one plays. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Feature
07 Nov 2024
15 IAM interview questions to prep for your next career move
The job market for identity and access management positions is strong right now, but the competition could be tough. Use these 15 questions to guide your interview prep. Continue Reading
-
News
05 Nov 2024
Google Cloud to roll out mandatory MFA for all users
Google's three-phase plan for mandatory MFA, which will culminate in late 2025, follows similar efforts from other cloud providers such as AWS and Microsoft. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
28 Oct 2024
What is two-factor authentication (2FA)?
Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves. Continue Reading
By- Paul Kirvan
- Peter Loshin, Former Senior Technology Editor
- Michael Cobb
-
Definition
28 Oct 2024
What is authentication, authorization and accounting (AAA)?
Authentication, authorization and accounting (AAA) is a security framework for controlling and tracking user access within a computer network. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
Definition
17 Oct 2024
What is tailgating (piggybacking)?
Tailgating, sometimes referred to as piggybacking, is a type of physical security breach in which an unauthorized person follows an authorized individual to enter secured premises while avoiding detection by an electronic or human access control (or alarm) system. Continue Reading
By -
Definition
17 Oct 2024
What is information rights management (IRM)?
Information rights management (IRM) is a discipline that involves managing, controlling and securing content from unwanted access. Continue Reading
By- Paul Kirvan
- Lauren Horwitz, Cisco
-
News
15 Oct 2024
FIDO unveils new specifications to transfer passkeys
The proposed FIDO Alliance specifications would enable users and organizations to securely transfer credentials from one identity provider to another. Continue Reading
By- Arielle Waldman, News Writer
-
News
10 Oct 2024
FTC orders Marriott to pay $52M and enhance security practices
The Federal Trade Commission says an investigation revealed that poor security practices led to three data breaches at Marriott and Starwood hotels between 2014 and 2020. Continue Reading
By- Arielle Waldman, News Writer
-
News
03 Oct 2024
Microsoft SFI progress report elicits cautious optimism
Infosec experts say the Secure Future Initiative progress report shows Microsoft has made important changes to its policies, practices and accountability structures. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
30 Sep 2024
Risk & Repeat: Inside the Microsoft SFI progress report
The first Secure Future Initiative progress report highlighted improvements to Microsoft's security posture. But the company still faces major SecOps challenges. Continue Reading
By- Rob Wright, Senior News Director
-
Definition
27 Sep 2024
What is access control?
Access control is a security technique that regulates who or what can view or use resources in a computing environment. Continue Reading
By- Gavin Wright
- Ben Lutkevich, Site Editor
-
News
23 Sep 2024
Microsoft issues first Secure Future Initiative report
In the first progress report since the launch of its Secure Future Initiative, Microsoft said it's made key improvements to identity and supply chain security. Continue Reading
By- Arielle Waldman, News Writer
-
News
19 Sep 2024
Platform engineers embrace secrets management tool
Pulumi's ESC, now GA, filled an automation gap in multi-cloud identity and permissions management for platform engineers well-versed in general-purpose programming languages. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
18 Sep 2024
Huntress warns of attacks on Foundation Software accounts
The cybersecurity company observed a brute force attack campaign targeting Foundation customers that did not change default credentials in their accounting software. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
17 Sep 2024
What is passive keyless entry (PKE)?
Passive keyless entry (PKE) is an automotive security system that operates automatically when the user is in proximity to the vehicle, unlocking the door on approach or when the door handle is pulled, and locking it when the user walks away or touches the car on exit. Continue Reading
-
Tip
11 Sep 2024
How to prevent vendor email compromise attacks
Vendor email compromise is one of the latest email attacks to hit headlines. Learn how to prevent becoming a victim to this potentially expensive scheme. Continue Reading
-
Definition
06 Sep 2024
What is identity threat detection and response (ITDR)?
Identity threat detection and response (ITDR) is a collection of tools and best practices aimed at defending against cyberattacks that specifically target user identities or identity and access management (IAM) infrastructure. Continue Reading
-
News
04 Sep 2024
White House unveils plan to improve BGP security
The Office of the National Cyber Director has published a roadmap for internet routing security that outlines recommendations for mitigating BGP hijacking and other threats. Continue Reading
By- Rob Wright, Senior News Director
-
News
03 Sep 2024
FBI: North Korean hackers targeting cryptocurrency employees
North Korean state-sponsored threat actors have been conducting successful social engineering campaigns against cryptocurrency employees over the last several months. Continue Reading
By- Arielle Waldman, News Writer
-
News
29 Aug 2024
Russia's APT29 using spyware exploits in new campaigns
A new report from Google TAG suggests that Russia's APT29 is using vulnerability exploits first developed from spyware vendors to target Mongolian government websites. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
27 Aug 2024
What is LDAP (Lightweight Directory Access Protocol)?
LDAP (Lightweight Directory Access Protocol) is a software protocol used for locating data about organizations, individuals and other resources, such as files and devices, on public and corporate networks. Continue Reading
By- Cameron Hashemi-Pour, Site Editor
- Alexander S. Gillis, Technical Writer and Editor
-
Tip
22 Aug 2024
How frictionless authentication works in online payments
Online retailers face a challenge: Make the payment process quick and easy for legitimate customers but not for fraudsters. Frictionless authentication can help. Continue Reading
By- Rob Shapland
- Alissa Irei, Senior Site Editor
-
News
19 Aug 2024
Microsoft to roll out mandatory MFA for Azure
Following several high-profile attacks across the globe on MFA-less accounts, Microsoft will make the security measure mandatory for Azure sign-ins beginning in October. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
14 Aug 2024
Black Hat USA 2024 takeaways for data security and IAM
Black Hat USA 2024 showcased recurring themes of data security and IAM, encompassing the platform vs. point product debate, cleaning identity data and GenAI security. Continue Reading
By- Todd Thiemann, Senior Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
08 Aug 2024
Zenity CTO on dangers of Microsoft Copilot prompt injections
Zenity's CTO describes how hidden email code can be used to feed malicious prompts to a victim's Copilot instance, leading to false outputs and even credential harvesting. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
07 Aug 2024
Nvidia AI security architect discusses top threats to LLMs
Richard Harang, Nvidia's principal AI and ML security architect, said two of the biggest pain points for LLMs right now are insecure plugins and indirect prompt injections. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
07 Aug 2024
The dangers of voice deepfakes in the November election
The growth of generative AI has led to more audio cloning technology. This could affect the U.S. election. Recent incidents show that existing safeguards are not effective. Continue Reading
By- Esther Ajao, News Writer
-
News
30 Jul 2024
Microsoft: Ransomware gangs exploiting VMware ESXi flaw
VMware ESXi has proven to be a popular target for ransomware threat actors and a challenge for enterprises to patch. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
29 Jul 2024
What is SSH (Secure Shell) and How Does It Work?
SSH (Secure Shell or Secure Socket Shell) is a network protocol that gives users -- particularly systems administrators -- a secure way to access a computer over an unsecured network. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
- Peter Loshin, Former Senior Technology Editor
- Michael Cobb
-
News
15 Jul 2024
Experts weigh in on Snowflake database MFA features
In response to a wave of recent attacks on customers, Snowflake introduces new authentication offerings that enable administrators to require MFA for all user accounts. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
12 Jul 2024
AT&T breach affects 'nearly all' customers' call, text records
Fallout from the attacks on Snowflake customers continues as AT&T is the latest victim organization to disclose a data breach stemming from a compromised cloud instance. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
09 Jul 2024
Use these 6 user authentication types to secure networks
One layer of security that all networks and applications need is authentication. Read up on six authentication types, from 2FA to biometrics to certificates. Continue Reading
By- Kyle Johnson, Technology Editor
-
Feature
03 Jul 2024
RSA security conference video roundup: 2024 perspectives
We chatted on camera with attendees and presenters at RSAC 2024. To get the highlights of one of the world's major cybersecurity conferences, check out this video collection. Continue Reading
By- Brenda L. Horrigan, Executive Managing Editor
-
News
28 Jun 2024
TeamViewer breached by Russian state actor Midnight Blizzard
TeamViewer says a Russian state-sponsored threat actor known as Midnight Blizzard gained accessed to the company's corporate network via compromised employee credentials. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
25 Jun 2024
digital signature
A digital signature is a mathematical technique used to validate the authenticity and integrity of a digital document, message or software. Continue Reading
By- Cameron Hashemi-Pour, Site Editor
- Alexander S. Gillis, Technical Writer and Editor
- Ben Lutkevich, Site Editor
-
News
24 Jun 2024
Corvus: Cyber insurance premiums see 'stabilization'
Corvus Insurance's Peter Hedberg provided insight into the cyber insurance landscape after a tumultuous 2023 and what enterprises can expect moving forward. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
21 Jun 2024
OpenID (OpenID Connect)
OpenID Connect is an open specification for authentication and single sign-on (SSO). Continue Reading
By -
News
20 Jun 2024
How Amazon's decision to ditch Active Directory paid off
Amazon's decision to build its own identity and access management system was an expensive one, but an infamous supply chain attack validated the move. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
17 Jun 2024
How deepfakes threaten biometric security controls
Biometric security controls are under attack by deepfakes -- convincing images, videos and audio created by generative AI. But all is not lost. Learn how to mitigate the risk. Continue Reading
By- Jerald Murphy, Nemertes Research
-
Opinion
12 Jun 2024
Identiverse 2024: Key takeaways in identity security
The 2024 Identiverse conference addressed identity access management challenges, AI's ability to streamline IAM workflows and nonhuman identity management for identity pros. Continue Reading
By- Todd Thiemann, Senior Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
10 Jun 2024
Mandiant: 'Exposed credentials' led to Snowflake attacks
According to new threat research, Mandiant is reporting that UNC5537 conducted attacks against Snowflake database customers at least as early as April 14. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
04 Jun 2024
Tenable warns of vulnerability in Azure service tags
Microsoft disagreed with Tenable's assessment, saying the security issue in Azure service tags is not a vulnerability and that additional authentication layers are required. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
03 Jun 2024
Hugging Face tokens exposed, attack scope unknown
After detecting unauthorized access on its Spaces platform, Hugging Face disclosed that customer secrets might have been exposed and began revoking access tokens. Continue Reading
By- Arielle Waldman, News Writer
-
News
03 Jun 2024
Snowflake: No evidence of platform breach
Snowflake on Saturday issued a joint statement with third-party investigators Mandiant and CrowdStrike denying reports that its platform had been breached. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
31 May 2024
Threat actor compromising Snowflake database customers
A threat actor tracked as UNC5537 is using stolen credentials against Snowflake database customers to conduct data theft and extortion attacks, cloud security firm Mitiga said. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
28 May 2024
Check Point warns of threat actors targeting VPNs
Check Point said threat actors were targeting a small number of customers by attempting to compromise local VPN accounts that only utilized passwords for authentication. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
20 May 2024
CyberArk to acquire Venafi from Thoma Bravo for $1.5B
CyberArk said it intends to help enterprises with the growing number of machine identities, which the company said surpasses human identities by a ratio of 40 to 1. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
15 May 2024
out-of-band authentication
Out-of-band authentication is a type of two-factor authentication (2FA) that requires a secondary verification method through a separate communication channel along with the typical ID and password. Continue Reading
By- Nick Barney, Technology Writer
-
Tip
14 May 2024
RSAC panel debates confidence in post-quantum cryptography
The Cryptographers' Panel at RSAC offered opinions on their confidence in PQC following the release of a paper questioning lattice-based encryption's viability. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
09 May 2024
Dell 'security incident' might affect millions
Dell notified customers that a company portal connected to customer data exposed orders, names and addresses, while reports indicate the data is now up for sale on the dark web. Continue Reading
By- Tim McCarthy, News Writer
-
Tutorial
07 May 2024
How to configure sudo privilege and access control settings
Learn how to use the sudo command for access control configurations, from granting full administrative privileges to delegating roles. Continue Reading
By- Damon Garn, Cogspinner Coaction
-
Definition
02 May 2024
What is role-based access control (RBAC)?
Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
- Linda Rosencrance
-
Definition
02 May 2024
What is a SSL (secure sockets layer)?
Secure sockets layer (SSL) is a networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet. Continue Reading
By- TechTarget Contributor
- Michael Cobb
- Peter Loshin, Former Senior Technology Editor
-
Definition
29 Apr 2024
digital identity
A digital identity is the body of information about an individual, organization or electronic device that exists online. Continue Reading
-
Tip
24 Apr 2024
Traditional MFA isn't enough, phishing-resistant MFA is key
Not every MFA technique is effective in combating phishing attacks. Enterprises need to consider new approaches to protect end users from fraudulent emails. Continue Reading
By- Amy Larsen DeCarlo, GlobalData
-
Feature
18 Apr 2024
3 Keycloak authorization strategies to secure app access
Keycloak, an open source IAM tool, offers authorization methods, including RBAC, GBAC and OAuth 2.0, that limit what users can access. Continue Reading
By- Kyle Johnson, Technology Editor
- Packt Publishing
-
Definition
12 Apr 2024
OAuth (Open Authorization)
OAuth (Open Authorization) is an open standard authorization framework for token-based authorization on the internet. Continue Reading
-
Definition
11 Apr 2024
identity management (ID management)
Identity management (ID management) is the organizational process for ensuring individuals have the appropriate access to technology resources. Continue Reading
-
Opinion
10 Apr 2024
Identity, data security expectations for RSA Conference 2024
Security practitioners can expect to hear about key issues at this year's RSA Conference, including identity and data security, AI and DSPM. Continue Reading
By- Todd Thiemann, Senior Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Definition
10 Apr 2024
single sign-on (SSO)
Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a username and password -- to access multiple applications. Continue Reading
-
Podcast
05 Apr 2024
Risk & Repeat: Cyber Safety Review Board takes Microsoft to task
This podcast episode discusses the Cyber Safety Review Board's report on Microsoft and its conclusion that the software giant must overhaul its security culture. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
28 Mar 2024
retina scan
Retina scanning is a biometric authentication technology that uses an image of an individual's retinal blood vessel pattern as a unique identifying trait for access to secure installations. Continue Reading
By -
News
27 Mar 2024
Unpatched flaw in Anyscale's Ray AI framework under attack
Oligo Security researchers say thousands of Ray servers have been compromised through the flaw, but Anyscale said it has received no reports of exploitation. Continue Reading
By- Arielle Waldman, News Writer
- Rob Wright, Senior News Director
-
Tutorial
27 Mar 2024
Use sudo insults to add spice to incorrect password attempts
The life of an admin doesn't have to be dry. When a user enters a wrong password, for example, why not respond with a message that says, 'You're fired!' With sudo insults, you can. Continue Reading
By- Damon Garn, Cogspinner Coaction
-
News
26 Mar 2024
Top.gg supply chain attack highlights subtle risks
Threat actors used fake Python infrastructure and cookie stealing to poison multiple GitHub code repositories, putting another spotlight on supply chain risks. Continue Reading
By- Alexander Culafi, Senior News Writer
- Beth Pariseau, Senior News Writer
-
Opinion
26 Mar 2024
Top 6 data security posture management use cases
Data security posture management is a top 10 security issue for 2024, according to research. Check out the top six use cases for DSPM and weigh in on other possibilities. Continue Reading
By- Todd Thiemann, Senior Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
21 Mar 2024
AWS fixes 'FlowFixation' vulnerability for account hijacking
A Tenable researcher discovered a session fixation flaw in AWS Managed Workflows for Apache Airflow that, combined with a misconfiguration, could enable account hijacking. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
19 Mar 2024
Risk & Repeat: Microsoft's Midnight Blizzard mess
This podcast episode discusses the latest disclosure from Microsoft regarding Midnight Blizzard, which accessed internal systems, source code and some cryptographic secrets. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
13 Mar 2024
Researchers warn devs of vulnerabilities in ChatGPT plugins
OpenAI and two third-party providers fixed vulnerabilities in the experimental ChatGPT plugins framework, but Salt Security researchers caution devs that security risks persist. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Definition
13 Mar 2024
What is cryptography?
Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is intended can read and process it. Continue Reading
-
News
12 Mar 2024
Sophos: Remote ransomware attacks on SMBs increasing
According to new research from Sophos, small businesses are seeing a rise in threats such as remotely executed ransomware attacks, malvertising, driver abuse and more. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
11 Mar 2024
identity provider
An identity provider (IdP) is a system component that provides an end user or internet-connected device with a single set of login credentials that ensures the entity is who or what it says it is across multiple platforms, applications and networks. Continue Reading
By- Ben Lutkevich, Site Editor
-
News
08 Mar 2024
Midnight Blizzard accessed Microsoft systems, source code
Microsoft said Midnight Blizzard used data stolen from a breach of its corporate email system to access other parts of the company's network, including source code repositories. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
08 Mar 2024
How to create a local admin account with Microsoft Intune
Local admin accounts can cause problems for Windows administrators due to their lack of oversight and privileged account status. Learn how IT can manage these accounts with Intune. Continue Reading
By -
News
07 Mar 2024
Former Google engineer charged with stealing AI trade secrets
Linwei Ding, a Chinese national, allegedly evaded Google's data loss prevention systems and stole confidential information to start his own China-based AI company. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
29 Feb 2024
phishing
Phishing is a fraudulent practice in which an attacker masquerades as a reputable entity or person in an email or other form of communication. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
News
26 Feb 2024
CISA: APT29 targeting cloud accounts for initial access
U.K. and U.S. government agencies have observed the Russian nation-state group increasingly target dormant and inactive cloud service accounts to gain initial access. Continue Reading
By- Arielle Waldman, News Writer
-
News
13 Feb 2024
Proofpoint: 'Hundreds' of Azure accounts compromised
Proofpoint researchers found that the attackers manipulated the MFA of compromised accounts, registering their own methods to maintain persistent access. Continue Reading
By- Rob Wright, Senior News Director
-
Definition
12 Feb 2024
password spraying
Password spraying is a cyberattack tactic that involves a hacker using a single password to try and break into multiple target accounts. Continue Reading
By- Ben Lutkevich, Site Editor
-
Tip
09 Feb 2024
Understand the pros and cons of enterprise password managers
Almost half of breaches occur because of compromised credentials. Using a password manager to control how users create their IDs may be a good step to protect enterprise assets. Continue Reading
By- Amy Larsen DeCarlo, GlobalData
-
News
06 Feb 2024
Linux group announces Post-Quantum Cryptography Alliance
The Post-Quantum Cryptography Alliance aims to 'drive the advancement and adoption of post-quantum cryptography' and respond to security threats introduced by the emerging tech. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
05 Feb 2024
AnyDesk hacked, details unclear
Of the hack, AnyDesk said it found 'no evidence that any end-user devices have been affected.' But researchers said they saw AnyDesk customer credentials for sale on the dark web. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
05 Feb 2024
6 multi-cloud identity management tips and best practices
The more cloud services organizations adopt, the more identity challenges they face. Follow these five tips to improve multi-cloud identity management. Continue Reading
By- Dave Shackleford, Voodoo Security
-
News
02 Feb 2024
Cloudflare discloses breach related to stolen Okta data
Cloudflare initially believed it contained an attempted cyberattack last October by a threat actor using an access token stolen in a breach of Okta's customer support system. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
01 Feb 2024
Top 8 cloud IAM best practices to implement
Cloud adds a level of complexity to identity and access management. Be sure to follow these cloud IAM best practices to prevent identity-related security issues. Continue Reading
By- Dave Shackleford, Voodoo Security
-
Tip
31 Jan 2024
7 cloud IAM challenges and how to address them
Cloud use affects how organizations manage access and identity governance. Learn about seven cloud IAM challenges and how to handle them. Continue Reading
By- Dave Shackleford, Voodoo Security
-
Tip
29 Jan 2024
Cybersecurity skills gap: Why it exists and how to address it
The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity