Identity & Access Management

Kaspersky finds dozens of VNC remote access vulnerabilities

• Frank Crast
• November 26, 2019
• Identity & Access Management / Security Monitoring / Vulnerabilities & Exploits

Security experts from Kaspersky have discovered 37 vulnerabilities in four VNC implementations, some that have gone undetected since 1999.

Continue Reading

YubiKey FIPS devices recalled after security issue found

• Frank Crast
• June 17, 2019
• Cryptography / Identity & Access Management / Vulnerabilities & Exploits

Yubico has issued a recall of certain models of its YubiKey FIPS series devices after the company discovered security issues.

Continue Reading

First American Financial Corp. leaks hundreds of millions of customer records

• Frank Crast
• May 27, 2019
• Application Security / Data Breach / Data Privacy / Identity & Access Management

First American Financial Corp., one of the world's largest real estate title insurance companies, exposed hundreds of millions of title insurance customer financial records.

Continue Reading

EU votes to approve massive biometrics tracking database

• Frank Crast
• April 22, 2019
• Data Privacy / Identity & Access Management / Regulations & Laws

The European Parliament voted in favor of a massive database to unify and track biometrics data of EU and non-EU citizens, as part of approved Interoperability Legislation.

Continue Reading

Hackers target European think tanks and non-profit organizations

• Frank Crast
• February 20, 2019
• Cybersecurity Attacks / Identity & Access Management / Phishing / Security Monitoring

Microsoft has seen a rise in recent cyberattack activity against European think tanks and non-profit organizations. The warning comes as European leaders warn attacks will continue across Europe in 2019.

Continue Reading

WordPress plugin maker WPML website hacked

• Frank Crast
• January 22, 2019
• Data Breach / Identity & Access Management / Password Management / Server Security

Popular WordPress plugin maker WPML said their website was hacked over the weekend and led to the loss of customer data. The culprit was an ex-employee who exploited a backdoor planted on an unsecured web server.

Continue Reading

Hacker breaks into Reddit systems via SMS-based 2FA

• Frank Crast
• August 2, 2018
• Data Breach / Identity & Access Management / Password Management

Reddit, a popular social news aggregation and discussion website, suffered from a security breach between June 14 and June 18 of this year. The incident was discovered on June 19 and linked to weaknesses in SMS-based two-factor authentication (2FA).

Continue Reading

Single account blamed for Clarksons breach

• Frank Crast
• July 31, 2018
• Data Breach / Identity & Access Management / Third-Party Security
• 0 Comments

Clarkson PLC ("Clarksons"), a British shipping company, recently revealed a single and isolated user account compromise was the cause of a data breach and theft of confidential information last year.

Continue Reading

Gentoo reveals hacking root cause of its GitHub repository

• Frank Crast
• July 5, 2018
• Application Security / Identity & Access Management / Password Management

Gentoo provided a new security update that describes the impact and root cause of its recent GitHub Linux distribution repository hacking incident.

Continue Reading

SAML vulnerabilities affect multiple SSO implementations

• Frank Crast
• February 27, 2018
• Application Security / Identity & Access Management / Vulnerabilities & Exploits
• 0 Comments

Duo Labs has found SAML protocol vulnerabilities that impact multiple vendor single sign-on (SSO) systems.

Continue Reading