Cyber Security Informer

Security in the 'new normal': Passwordless is the way forward

Tech Republic Security

AUGUST 12, 2020

Moving on from passwords to strong authentication and adaptive access policies is key to improving security without hurting productivity, especially given the increase in remote working.

Authentication

Authentication Passwords

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

The Last Watchdog

FEBRUARY 5, 2024

Related: The need for robust data recovery policies. Fortunately, effective tools and wise best practices can help mitigate this this exposure enabling companies to indefinitely leverage Exchange Server as a productive, resilient and secure communications tool. Robust access control. Comprehensive monitoring.

Risk

Risk Backups Software Education

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

Cisco warns that a zero-day vulnerability (CVE-2023-20269) in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) is actively exploited by ransomware groups to gain initial access to corporate networks. The group now is targeting Cisco VPN products to gain initial access to corporate networks.

Ransomware

Ransomware VPN Authentication Hacking

Experts warn of a surge of attacks targeting Ivanti SSRF flaw

Security Affairs

FEBRUARY 5, 2024

Last week Ivanti warned of two new high-severity vulnerabilities in its Connect Secure and Policy Secure solutions respectively tracked as CVE-2024-21888 (CVSS score: 8.8) x), Policy Secure (9.x, An authenticated attacker can exploit the issue to access certain restricted resources. and CVE-2024-21893 (CVSS score: 8.2).

Software

Software Authentication Internet Internet

Scaling BeyondCorp with AI-Assisted Access Control Policies

Google Security

OCTOBER 10, 2023

Ayush Khandelwal, Software Engineer, Michael Torres, Security Engineer, Hemil Patel, Technical Product Expert, Sameer Ladiwala, Software Enginner In July 2023, four Googlers from the Enterprise Security and Access Security organizations developed a tool that aimed at revolutionizing the way Googlers interact with Access Control Lists - SpeakACL.

Engineering

Engineering Software Risk

The Evolving Role of Cyber Insurance in Mitigating Ransomware Attacks

SecureWorld News

MARCH 20, 2024

Traditionally these policies have covered expenses related to incident response, data recovery, legal fees, and sometimes the ransom payment itself. The scarcity of data here forces insurers to depend on a range of indirect factors to estimate risks and price policies.

Cyber Insurance

Cyber Insurance Insurance Ransomware Risk

Delegated User Management: The Key to Secure Online Collaboration

Thales Cloud Protection & Licensing

FEBRUARY 14, 2024

At the heart of this challenge is user identity and access management. Delegated User Management comes in place whenever an organization needs to deliver access to selected applications they centrally manage to users belonging to suppliers or partner organizations. These demands are where Delegated User Management comes to the rescue.

B2B

B2B Banking Data breaches Risk

VulnRecap 2/19/2024: News from Microsoft, Zoom, SolarWinds

eSecurity Planet

FEBRUARY 19, 2024

While this week was a little light on vulnerability news, it’s still been significant, with Microsoft’s Patch Tuesday happening as well as updates for major products, like Zoom. Also keep an eye on the last few weeks’ vulnerability recaps, especially because we’ve seen repeat products that continue to be exploited.

VPN

VPN DNS Ransomware Software

GUEST ESSAY: Taking a fresh approach to privileged access management — to curtail abuse

The Last Watchdog

JUNE 21, 2023

To be productive in an interconnected work environment, employees need immediate access to numerous platforms, both on- and off-premises. Some nine out of ten cyberattacks are estimated to begin with a threat actor gaining unauthorized access to a computer system via poorly managed access credentials.

Cyber Attacks

Cyber Attacks Cybersecurity Network Security Software

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

Yet, the tech titans recently agreed to adopt a common set of standards supporting passwordless access to websites and apps. Companies in the throes of digital transformation, and especially post Covid19, have never been more motivated to adapt a new authentication paradigm – one that eliminates shared secrets. One bank in the U.S.

Authentication

Authentication Passwords Banking Digital transformation

Top 9 Network Access Control (NAC) Solutions

eSecurity Planet

MARCH 14, 2021

Network Access Control (NAC) helps enterprises implement policies for controlling devices and user access to their networks. NAC can set policies for resource, role, device and location-based access and enforce security compliance with security and patch management policies, among other controls.

Education

Education Authentication Healthcare Engineering

RSAC insights: ‘SaaS security posture management’ — SSPM — has emerged as a networking must-have

The Last Watchdog

JUNE 2, 2022

I visited with Maor Bin, co-founder and CEO of Tel Aviv-based Adaptive Shield , a pioneer in a new security discipline referred to as SaaS Security Posture Management (SSPM.) Caught up in chasing the productivity benefits of cloud computing, many companies looked past doing any security due diligence, Bin says. Why wouldn’t they?

Cloud Migration

Cloud Migration CISO Technology Security Awareness

Modernizing Secure Remote Access for a Hybrid Workforce

Duo's Security Blog

MARCH 25, 2022

Problem: The Traditional VPN Is No Longer Enough Since the 1990s, virtual private networks (VPNs) have been well-suited for the purpose they were built for – to grant employees temporary access to corporate networks and resources when they weren't logging in from an office. Users only see the applications to which they have access.

VPN

VPN Architecture Authentication Software

NEW TECH: Silverfort helps companies carry out smarter human and machine authentications

The Last Watchdog

MAY 26, 2020

You need to get into the application itself, into the code, and adapt it in order to support modern authentication protocols. Tamir Having a way to enforce secure authentication on access to any migrated app, without changing it and adapting it to use modern authentication protocols, allows easy and secure cloud migration.

Authentication

Authentication Cloud Migration Accountability Digital transformation

Thales and Palo Alto Networks collaborate to offer mid-markets the enterprise protection

Thales Cloud Protection & Licensing

AUGUST 1, 2022

Through three technology integrations, businesses will gain access to their internal resources, protected by a robust, highly resilient security architecture. Introducing Adaptive MFA. Adaptive MFA removes the end-user pain points often associated with the need to authenticate multiple times a day to numerous services and application.

Marketing

Marketing Digital transformation Cloud Migration Authentication

These Two Identity Juggernauts Identified Zscaler as a Leader in Zero Trust for Remote Work

Security Boulevard

FEBRUARY 10, 2021

For years, we have talked about the importance of zero trust for access to apps and its two key foundational elements: identity, and the use of business policies (that can adapt as needed) when it comes to securing user access to critical business services. to revoke access. FIGHT THE URGE TO DO THIS.

VPN

VPN Business Services Marketing Malware

Modern Identity and Access Security - Keeping the Good Guys In and the Bad Guys Out

Thales Cloud Protection & Licensing

JUNE 6, 2023

Modern Identity and Access Security - Keeping the Good Guys In and the Bad Guys Out madhav Tue, 06/06/2023 - 07:27 Regarding identity and access, it's becoming harder and harder, if not impossible, to distinguish the "good guys" from the "bad guys." Access security and authentication play an important role.

Authentication

Authentication Identity Theft Marketing Risk

Ready for Take-off: Rising Above Airport Cybersecurity Challenges

Thales Cloud Protection & Licensing

NOVEMBER 15, 2023

Traditionally, airport security focused on physical access and the perimeter; however, in the years since 9/11, the digital footprint of the vast interconnected systems contains valuable assets that must be protected. Airports are high-risk locations and more vulnerable to cyber-attacks than airlines.

Cybersecurity

Cybersecurity Authentication Digital transformation Cyber Insurance

Next-Generation Firewalls: A comprehensive guide for network security modernization

CyberSecurity Insiders

JUNE 20, 2023

Over the years, the traditional firewall has transformed to meet the demands of the modern workplace and adapt to an evolving threat landscape. Adaptability to the hybrid workplace: Even before the pandemic, businesses have been rapidly embracing hybrid work models, with teams working from everywhere, using a myriad of devices.

Firewall

Firewall Network Security Architecture Digital transformation

How we fought bad apps and developers in 2020

Google Security

APRIL 21, 2021

Posted by Krish Vitaldevara, Director of Product Management Trust & Safety, Google Play Providing safe experiences to billions of users and millions of Android developers has been one of the highest priorities for Google Play for many years. Last year, we continued to reduce developer access to sensitive permissions.

Data privacy

Data privacy Healthcare Education Accountability

Unlocking Success: Safeguarding Your Business with Cloud-Based Solutions

Jane Frankland

OCTOBER 10, 2023

It’s a hard balancing act between protecting valuable data, increasing productivity, controlling costs – especially when technology often seems to be outpacing security measures. Now ITDMs can enable the storing and accessing of data and applications remotely, allowing for increased agility and flexibility in their organisation’s operations.

Risk

Risk Technology Cybersecurity Encryption

Stronger Protection & Frictionless Access Can Coexist (Really)

Duo's Security Blog

JULY 21, 2023

If endless false positives and reactive security models have been threatening your productivity and that of your users, you’re not alone. Here, we explore how Cisco Duo’s risk-based authentication can decrease false positives, accelerate frictionless trusted access, and help you assess risk at the point of login.

Authentication

Authentication Risk Engineering Phishing

MY TAKE: CASBs help companies meet ‘shared responsibility’ for complex, rising cloud risks

The Last Watchdog

OCTOBER 10, 2019

Cloud Access Security Brokers – aka “caz-bees” — have come a long way in a short time. CASBs, a term coined by tech industry consultancy Gartner, first cropped about seven years ago to help organizations enforce security and governance policies as they commenced, in earnest, their march into the cloud.

Risk

Risk Cloud Migration Engineering Cyber Risk

InfoExpress CyberGatekeeper: NAC Product Review

eSecurity Planet

APRIL 20, 2023

InfoExpress CyberGatekeeper has expanded into a series of products marketed under three brands, but always with the promise of rapid, uncomplicated installation and integration. These products enable IT teams to quickly deploy network access control (NAC) security easily and with full internal control. Who Is InfoExpress?

VPN

VPN Software Wireless Marketing

The Clock is Ticking for PCI DSS 4.0 Compliance

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

mandates that account data storage is kept to a minimum by implementing data retention and disposal policies, procedures, and processes. These policies should enforce data storage volume and retention time reduction to an absolute minimum to meet legal and business requirements. Requirement 3.2 Requirement 12.5

Financial Services

Financial Services Data breaches Accountability Encryption

Integrating GRC with Emerging Technologies: AI and IoT

SecureWorld News

JANUARY 7, 2024

Let's take a look at how businesses are adapting and expanding their GRC frameworks to accommodate the new capabilities offered by these cutting-edge technologies, addressing the unique risks they bring , and capitalizing on their potential for enhanced governance and compliance.

IoT

IoT Technology Artificial Intelligence Government

It’s Time for Banks to Release the Brakes and Accelerate Their Digital Transformation

Security Boulevard

FEBRUARY 16, 2021

From internal requirements that demanded secure yet efficient access for remote workforces, to external pressures such as the rise of cashless payments and other forms of frictionless financial processes, the pandemic required banks to examine and overhaul many of their processes. Addressing financial services’ key pain points.

Digital transformation

Digital transformation Banking Financial Services Internet

Identity Management Day Underpins the Importance of Securing Digital Identities

Thales Cloud Protection & Licensing

APRIL 13, 2021

In an era where security strategies are adapting to the “trust no one, verify everywhere” mantra, validating that only authorized and authenticated individuals gain access to corporate assets and data is a necessity. Therefore first and foremost, identity and access to sensitive data and applications must be protected.

Authentication

Authentication Digital transformation Data breaches Technology

Top Single Sign-On (SSO) Solutions for 2022

eSecurity Planet

FEBRUARY 8, 2022

Single sign-on is a capability that allows an end-user to login once and get access to all the resources they need. The IDP hands off a token, assertion, or ticket to an application in order to gain access without asking the user to re-authenticate. Gartner sees access management eventually becoming about decentralized identity.

Authentication

Authentication Passwords Risk Digital transformation

Enabling Easy and Secure Access for All

Cisco Security

NOVEMBER 9, 2021

Organizations sustained and thrived in the recent past by rapidly adopting digital transformation technologies and adapting to remote work. And a zero trust approach to secure access across corporate resources and applications offers the needed security without impacting the user experience and workforce productivity. .

VPN

VPN Authentication Digital transformation Technology

Cybersecurity is a Successfully Failure

Security Boulevard

OCTOBER 10, 2022

Something must have gone wrong with one of the hundred adaptive controls, security policies, and the eleven MSSPs we have hired to cover the twenty cloud-based applications linking back to our centralized Zero-trust running inside a SASE cloud remote access for people working on-premise. What Could Go Wrong?

Cybersecurity

Cybersecurity Digital transformation CISO Firewall

Digital Risk Types Demystified: A Strategic Insight into Online Threats

Centraleyes

APRIL 23, 2024

The Importance of Technology in Business Flexibility and Adaptability Embracing digital technology allows businesses to adapt their models to market changes. The orchestration of product movements by algorithms and robots and drones highlights how automation can revolutionize supply chain processes.

Risk

Risk Technology Artificial Intelligence Data privacy

Zero Trust Speeds Ransomware Response, Illumio-Bishop Fox Test Finds

eSecurity Planet

AUGUST 10, 2022

From mass production of cheap malware to ransomware as a service (RaaS) , cyber criminals have industrialized cybercrime, and a new HP Wolf Security report warns that cybercriminals are adapting advanced persistent threat (APT) tactics too. Group Policy Discover, Simulation Attack Scenario 1: No ZTS deployed.

Ransomware

Ransomware Digital transformation Malware Internet

GUEST ESSAY: A roadmap to achieve a better balance of network security and performance

The Last Watchdog

OCTOBER 31, 2022

But there’s something you can do to get better at striking it: build that balance into your network testing and policy management. Today, users could be working anywhere, accessing applications and data from any number of potential vulnerable public and private clouds. It’s a delicate balance. Navigating threats.

Network Security

Network Security Encryption Firewall Telecommunications

The Differences in How CASB vs. SSPM Secures SaaS Apps

IT Security Guru

APRIL 5, 2022

There is often confusion between Cloud Access Security Brokers (CASB) and SaaS Security Posture Management (SSPM) solutions, as both are designed to address security issues within SaaS applications. CASBs protect sensitive data by implementing multiple security policy enforcements to safeguard critical data.

Risk

Risk Threat Detection Cybersecurity

The Security Startup Ecosystem and the Trends Cisco is Watching

Cisco Security

JULY 21, 2021

As co-founder of Duo, the leading provider of Zero Trust access security, I know what it means to dedicate yourself fully to a vision, to your customers, and to your team. SASE is not an end-state target or product. Data access control is the #1 priority for CISOs in privacy and compliance. I know, I’ve been there.

CISO

CISO Phishing Architecture Marketing

Frictionless Zero Trust Security – How minimizing friction can lower risks and boost ROI

CyberSecurity Insiders

SEPTEMBER 9, 2021

By Narendran Vaideeswaran, Director Product Marketing, Identity & Zero Trust, CrowdStrike. Organizations have had no choice but to adapt and build on their existing cybersecurity systems. Whether users are requesting access on or off-premises, the ideology remains the same. It isn’t all bad news, however.

Risk

Risk Authentication Marketing Accountability

Is The Cost Of Predictive Cyber Security Worth The Investment?

Security Boulevard

MAY 12, 2022

In the early 1990s, the Internet industry needed to move packets as fast as possible because some marketing genius came up with the idea that everyone could have “Unlimited Internet Access” for $9.95 Overnight, Internet traffic under the Dulles access road in Northern Virginia virtually blew up and became “well over subscribed.”

Cyber Insurance

Cyber Insurance Insurance Marketing Firewall

Weekly Vulnerability Recap – September 18, 2023 – Patch Tuesday Also For Adobe, Apple and More

eSecurity Planet

SEPTEMBER 18, 2023

Active exploits also lead to new versions of all major browsers as well as older versions of Apple products. However, HDInsight will not support in-place upgrades so security teams need to check for delays in the creation of new clusters with the updated version in some production environments. and iPadOS 15.7.9 (as

Firewall

Firewall Security Defenses Risk Cybersecurity

Digital Resilience is the New Digital Transformation KPI

Security Boulevard

APRIL 14, 2021

As IDC points out , organizations are realizing that digital transformation depends on digital resilience to rapidly adapt to business disruptions by leveraging digital capabilities to not only restore business operations, but also capitalize on the changed conditions. Digital resilience is more than just security.

Digital transformation

Digital transformation Data privacy Marketing Architecture

CISCO warn of a zero-day DoS flaw that is being actively exploited in attacks

Security Affairs

NOVEMBER 2, 2018

The flaw, tracked as CVE-2018-15454, affects the Session Initiation Protocol (SIP) inspection engine of Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD). The following products running ASA 9.4 Adaptive Security Virtual Appliance (ASAv). policy-map global_policy. and above, and FTD 6.0

Advertising

Advertising Software Engineering Firewall

Trick or Treat: The Choice is Yours with Multifactor Authentication

Thales Cloud Protection & Licensing

OCTOBER 28, 2021

The Japanese video game company Nintendo suffered a data breach in 2020 in which hackers used credential stuffing techniques to access user accounts belonging to at least 160,000 Nintendo registered users. The hacker simply reused the password and gained access to the VPN. Be Careful with Your Lockout Policy.

Authentication

Authentication VPN Passwords Accountability

Email Security Guide: Protecting Your Organization from Cyber Threats

CyberSecurity Insiders

APRIL 16, 2023

Acknowledging the potential for internal security breaches highlights the importance of proper employee training and access control measures. Supply chain attacks: In supply chain attacks, cybercriminals target third-party vendors to access sensitive information of their clients.

Cyber threats

Cyber threats Phishing Encryption Small Business

Growing Security Safely in Canada

Duo's Security Blog

JUNE 14, 2021

Prisma Clouds’ 2021 Cloud Threat Report and Verizon’s 2021 DBIR Report show how companies have needed to adapt and expand cloud workloads and how this has affected their cybersecurity. Companies worked to adapt quickly to ensure their work could be done effectively while their employees’ environments changed.

Passwords

Passwords Authentication Phishing Threat Reports

Security in the 'new normal': Passwordless is the way forward

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

Trending Sources

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Experts warn of a surge of attacks targeting Ivanti SSRF flaw

Scaling BeyondCorp with AI-Assisted Access Control Policies

The Evolving Role of Cyber Insurance in Mitigating Ransomware Attacks

Delegated User Management: The Key to Secure Online Collaboration

VulnRecap 2/19/2024: News from Microsoft, Zoom, SolarWinds

GUEST ESSAY: Taking a fresh approach to privileged access management — to curtail abuse

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

Top 9 Network Access Control (NAC) Solutions

RSAC insights: ‘SaaS security posture management’ — SSPM — has emerged as a networking must-have

Modernizing Secure Remote Access for a Hybrid Workforce

NEW TECH: Silverfort helps companies carry out smarter human and machine authentications

Thales and Palo Alto Networks collaborate to offer mid-markets the enterprise protection

These Two Identity Juggernauts Identified Zscaler as a Leader in Zero Trust for Remote Work

Modern Identity and Access Security - Keeping the Good Guys In and the Bad Guys Out

Ready for Take-off: Rising Above Airport Cybersecurity Challenges

Next-Generation Firewalls: A comprehensive guide for network security modernization

How we fought bad apps and developers in 2020

Unlocking Success: Safeguarding Your Business with Cloud-Based Solutions

Stronger Protection & Frictionless Access Can Coexist (Really)

MY TAKE: CASBs help companies meet ‘shared responsibility’ for complex, rising cloud risks

InfoExpress CyberGatekeeper: NAC Product Review

The Clock is Ticking for PCI DSS 4.0 Compliance

Integrating GRC with Emerging Technologies: AI and IoT

It’s Time for Banks to Release the Brakes and Accelerate Their Digital Transformation

Identity Management Day Underpins the Importance of Securing Digital Identities

Top Single Sign-On (SSO) Solutions for 2022

Enabling Easy and Secure Access for All

Cybersecurity is a Successfully Failure

Digital Risk Types Demystified: A Strategic Insight into Online Threats

Zero Trust Speeds Ransomware Response, Illumio-Bishop Fox Test Finds

GUEST ESSAY: A roadmap to achieve a better balance of network security and performance

The Differences in How CASB vs. SSPM Secures SaaS Apps

The Security Startup Ecosystem and the Trends Cisco is Watching

Frictionless Zero Trust Security – How minimizing friction can lower risks and boost ROI

Is The Cost Of Predictive Cyber Security Worth The Investment?

Weekly Vulnerability Recap – September 18, 2023 – Patch Tuesday Also For Adobe, Apple and More

Digital Resilience is the New Digital Transformation KPI

CISCO warn of a zero-day DoS flaw that is being actively exploited in attacks

Trick or Treat: The Choice is Yours with Multifactor Authentication

Email Security Guide: Protecting Your Organization from Cyber Threats

Growing Security Safely in Canada

Stay Connected