Identity & Access Management

Guidance for CISOs to improve remote worker security, free access to small business online collaboration tools

• Post Author:Frank Crast
• Post published:March 16, 2020
• Post Category:Cloud Security / Identity & Access Management

In the wake of Coronavirus / COVID-19 pandemic, Microsoft has issued sound guidance for security leaders to improve remote worker security. Tech companies are also offering small businesses free access to online collaboration tools during the outbreak.

Continue Reading Guidance for CISOs to improve remote worker security, free access to small business online collaboration tools

Organizations need heightened level of Enterprise VPN security in the wake of Coronavirus Pandemic

• Post Author:Frank Crast
• Post published:March 14, 2020
• Post Category:Business Continuity & Resiliency / Identity & Access Management / Network Security / Vulnerabilities & Exploits

To prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), more organizations are electing to have their employees work remotely from home. With that responsibility, more organizations will need to adopt a heightened level of security to protect themselves from attackers who look to exploit weaknesses in enterprise virtual private networks (VPNs).

Continue Reading Organizations need heightened level of Enterprise VPN security in the wake of Coronavirus Pandemic

Guidelines for securing Content Management Systems

• Post Author:Frank Crast
• Post published:March 5, 2020
• Post Category:Application Security / Configuration Management / Cybersecurity Articles / Identity & Access Management / Vulnerabilities & Exploits

The Australian Cyber Security Centre (ACSC) has released new guidelines to assist organizations in securing Content Management Systems (CMS). The guidelines include good mitigation advice in areas of patching, account management, hardening and monitoring to name a few.

Continue Reading Guidelines for securing Content Management Systems

Kaspersky finds dozens of VNC remote access vulnerabilities

• Post Author:Frank Crast
• Post published:November 26, 2019
• Post Category:Identity & Access Management / Security Monitoring / Vulnerabilities & Exploits

Security experts from Kaspersky have discovered 37 vulnerabilities in four VNC implementations, some that have gone undetected since 1999.

Continue Reading Kaspersky finds dozens of VNC remote access vulnerabilities

YubiKey FIPS devices recalled after security issue found

• Post Author:Frank Crast
• Post published:June 17, 2019
• Post Category:Cryptography / Identity & Access Management / Vulnerabilities & Exploits

Yubico has issued a recall of certain models of its YubiKey FIPS series devices after the company discovered security issues.

Continue Reading YubiKey FIPS devices recalled after security issue found

First American Financial Corp. leaks hundreds of millions of customer records

• Post Author:Frank Crast
• Post published:May 27, 2019
• Post Category:Application Security / Data Breach / Data Privacy / Identity & Access Management

First American Financial Corp., one of the world's largest real estate title insurance companies, exposed hundreds of millions of title insurance customer financial records.

Continue Reading First American Financial Corp. leaks hundreds of millions of customer records

EU votes to approve massive biometrics tracking database

• Post Author:Frank Crast
• Post published:April 22, 2019
• Post Category:Data Privacy / Identity & Access Management / Regulations & Laws

The European Parliament voted in favor of a massive database to unify and track biometrics data of EU and non-EU citizens, as part of approved Interoperability Legislation.

Continue Reading EU votes to approve massive biometrics tracking database

Hackers target European think tanks and non-profit organizations

• Post Author:Frank Crast
• Post published:February 20, 2019
• Post Category:Cybersecurity Attacks / Identity & Access Management / Phishing / Security Monitoring

Microsoft has seen a rise in recent cyberattack activity against European think tanks and non-profit organizations. The warning comes as European leaders warn attacks will continue across Europe in 2019.

Continue Reading Hackers target European think tanks and non-profit organizations

WordPress plugin maker WPML website hacked

• Post Author:Frank Crast
• Post published:January 22, 2019
• Post Category:Data Breach / Identity & Access Management / Password Management / Server Security

Popular WordPress plugin maker WPML said their website was hacked over the weekend and led to the loss of customer data. The culprit was an ex-employee who exploited a backdoor planted on an unsecured web server.

Continue Reading WordPress plugin maker WPML website hacked

AWS S3 error exposes data on 31K GoDaddy servers

• Post Author:Frank Crast
• Post published:August 10, 2018
• Post Category:Cloud Security / Configuration Management / Identity & Access Management

Cybersecurity firm UpGuard has discovered an error in Amazon AWS bucket configuration that led to the exposure of internal GoDaddy infrastructure data.

Continue Reading AWS S3 error exposes data on 31K GoDaddy servers