Asian organizations are beginning to look at extending digital identity beyond the traditional internal enterprise IAM stack to customer identity and access management, or CIAM, says Alex Laurie, senior vice president at ForgeRock.
Broken object level authorization, or BOLA, vulnerabilities are among the most common and worrisome weaknesses contained in dozens of mobile health applications used by patients and clinicians, posing security and privacy risks to health information, says cybersecurity researcher Alissa Knight.
This edition of the ISMG Security Report features an analysis of the impact of a hacking campaign linked to Russia’s Sandworm that targeted companies using Centreon IT monitoring software. Also featured: a discussion of CIAM trends; a critique of Bloomberg's update on alleged Supermicro supply chain hack.
Banking institutions, cryptocurrency exchanges and other companies have begun implementing video-based identity verification. But deepfake technology can be used to circumvent these security checks, says Ilya Volovik, a researcher at Gemini Advisory.
A hacker breached a Florida city's water treatment network, increasing the amount of lye that would be added to the water to a dangerous level. Officials say they caught the change immediately and reversed it. Reuters reports that the system was accessed via the city's TeamViewer remote access software.
Microsoft's security team says the company's Office 365 suite of products did not serve as an initial entry point for the hackers who waged the SolarWinds supply chain attack. And SolarWinds' CEO says that no Office 365 vulnerability has been identified that would have opened the door to the attack.
Moving to the cloud offers your enterprise a variety of benefits, including increased flexibility, agility, and modern DevOps delivery practices. It also opens you up to new security threats and vulnerabilities. 95% of industry professionals agree—there are good reasons to be concerned.
However, with the right...
In this eBook, we offer a detailed exploration of four key requirements that we think are critical to cloud workload security based on the Forrester Wave: Cloud Workload Security, Q419 Report. By reading this eBook, you’ll gain an understanding of these areas of importance, and you’ll see why we think Forrester...
The evolution of IaaS (Infrastructure as a Service) has introduced a new spectrum of benefits for enterprises. The speed, scalability, and ease of set up have made the virtualized computing services of public cloud extremely attractive to enterprises.
Unfortunately, the very nature of these dynamic, distributed, and...
Multi-cloud and hybrid cloud solutions are great enablers for organizations, but managing IAM across multiple entities that are ever expanding in capability and use? Big challenges. But here's an opportunity to re-do enterprise IAM. Join Tom Malta of Navy Federal Credit Union for insight on business requirements,...
The latest edition of the ISMG Security Report features an analysis of this week’s police takedowns of Emotet and Netwalker cybercrime operations. Also featured: Updates on passwordless authentication and the use of deception technology.
What really makes a "strong" password? And why are your end-users tortured with them in the first place? How do hackers crack your passwords with ease? And what can/should you do about your authentication methods?
For decades, end-users have borne the brunt of the password tyranny, a result of the IT industries'...
Organizations with largely remote workforces must strengthen their dynamic authentication processes to enhance security, says Sridhar Sidhu, senior vice president and head of the information security services group at Wells Fargo.