Top

Category: Access control


Access control, Security

Data watchdog tells off outsourcing giant for scanning staff biometrics despite ‘power imbalance’

February 26, 2024

Via: The Register

A data protection watchdog in the UK has issued an enforcement notice to stop Serco from using facial recognition tech and fingerprint scanning to monitor staff at 38 leisure centers it runs. During an investigation, the Information Commissioner’s Office, Britain’s […]


Access control, Security

The double-edged sword of zero trust

February 19, 2024

Via: Help Net Security

In an era defined by relentless cyber threats and evolving attack vectors, traditional security models are proving increasingly inadequate to safeguard sensitive information. Unlike conventional systems that often rely on perimeter defenses, zero trust adopts a more discerning philosophy, treating […]


Access control, Security

A Question of Identity: The Evolution of Identity & Access Management

February 9, 2024

Via: SecureWorld

The cloud is the de facto platform for delivery of applications and services in the modern digital era. Identity as the new digital perimeter is the cornerstone for assuring secure “Anytime, Anywhere, Authorized” access to protect enterprise security and privacy. […]


Access control, Security

1Kosmos BlockID 1Key secures users in restricted environments

January 25, 2024

Via: Help Net Security

1Kosmos announced BlockID 1Key, a biometric security key to provide a phishing-resistant passwordless multi-factor authentication option for Sensitive Compartmented Information Facilities (SCIF), manufacturing clean rooms, customer help desks, higher education labs, retail bank branches, healthcare providers and other restricted environments […]


Access control, Security

IT consultant fined for daring to expose shoddy security

January 19, 2024

Via: The Register

A security researcher in Germany has been fined €3,000 ($3,300, £2,600) for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records. Back in June 2021, according to our pals at Heise, an contractor identified elsewhere […]


Access control, Network security, Security

Mandiant’s brute-forced X account exposes perils of skimping on 2FA

January 11, 2024

Via: The Register

Google-owned security house Mandiant’s investigation into how its X account was taken over to push cryptocurrency scams concludes the “likely” cause was a successful brute-force password attack. The natural reaction to this would be to ask why two/multi-factor authentication didn’t […]


Access control, Security

Adding Security Keys to Your Authentication Toolbox

January 10, 2024

Via: SecurityWeek

I have always known about physical security keys, also called hard tokens, but never actually used one despite my curiosity. So, I was kind of excited when I got my hands on two cool things: a YubiKey 5 and a […]


Access control, Security

Your password hygiene remains atrocious, says NordPass

November 20, 2023

Via: The Register

It’s that time of year again – NordPass has released its annual list of the most common passwords. And while it seems some of you took last year’s chiding to heart, most of you arguably swapped bad for worse. Password […]


Access control, Security

Google Workspace weaknesses allow plaintext password theft

November 15, 2023

Via: The Register

Novel weaknesses in Google Workspace have been exposed by researchers, with exploits potentially leading to ransomware attacks, data exfiltration, and password decryption. Researchers at Bitdefender say the methods could also be used to access Google Cloud Platform (GCP) with custom […]


Access control, Security

Preventing data theft with ADX technology

November 8, 2023

Via: The Register

Daily incursions are underway with the aim of removing every bit of data that you’ve got – the cyber criminals’ aim is to break in and get out again laden with digital booty. But without that data exfiltration there’s no […]


Access control, Security

AI, Confidential Computing, Quantum Computing & Homomorphic Encryption

November 1, 2023

Via: SecureWorld

In today’s digital era, the nexus between advanced computation, security, and privacy has transformed into a complex tapestry. As artificial intelligence (AI) takes center stage in reshaping industries, ensuring the confidentiality and security of our data has never been more […]


Access control, Security

New Tool Checks if Your Organization’s Secrets Have Leaked on GitHub

October 19, 2023

Via: SecureWorld

Securing secrets such as API keys, passwords, and credentials is a major challenge for developers today. It’s far too easy for these secrets to get exposed in public code repositories, logs, docker images, etc. To help solve this issue, GitGuardian […]


Access control, Security

CISA and NSA Issue Recommendations for Secure IAM

October 9, 2023

Via: SecureWorld

In the ever-evolving landscape of cybersecurity, protecting sensitive data and ensuring secure access to digital assets have become paramount concerns for organizations worldwide. Recognizing the significance of these challenges, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National […]


Access control, Security

Windows 11 is officially killing off passwords and bringing in passkeys

September 22, 2023

Via: TechRadar

Microsoft is expanding passkey support with Windows 11, meaning users will soon be able to take better advantage of the new technology. In a blog post on its site, the company said that with the upcoming update to the operating […]


Access control, Security

Way Too Vulnerable: Join this Webinar to Understand and Strengthen Identity Attack Surface

September 5, 2023

Via: The Hacker News

In today’s digital age, it’s not just about being online but how securely your organization operates online. Regardless of size or industry, every organization heavily depends on digital assets. The digital realm is where business takes place, from financial transactions […]


Access control, Security

The power of passive OS fingerprinting for accurate IoT device identification

August 31, 2023

Via: Help Net Security

The number of IoT devices in enterprise networks and across the internet is projected to reach 29 billion by the year 2030. This exponential growth has inadvertently increased the attack surface. Each interconnected device can potentially create new avenues for […]


Access control, Security

Encryption Flaws in Popular Chinese Language App Put Users’ Typed Data at Risk

August 10, 2023

Via: The Hacker News

A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that could allow a malicious interloper to decipher the text typed by users. The findings from the University of Toronto’s Citizen […]


Access control, Security

New ‘Deep Learning Attack’ Deciphers Laptop Keystrokes with 95% Accuracy

August 7, 2023

Via: The Hacker News

A group of academics has devised a “deep learning-based acoustic side-channel attack” that can be used to classify laptop keystrokes that are recorded using a nearby phone with 95% accuracy. “When trained on keystrokes recorded using the video conferencing software […]


Access control, Security

Zenbleed: New Flaw in AMD Zen 2 Processors Puts Encryption Keys and Passwords at Risk

July 25, 2023

Via: The Hacker News

A new security vulnerability has been discovered in AMD’s Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords. Discovered by Google Project Zero researcher Tavis Ormandy, the flaw – codenamed Zenbleed […]


Access control, Security

A Few More Reasons Why RDP is Insecure (Surprise!)

July 20, 2023

Via: The Hacker News

If it seems like Remote Desktop Protocol (RDP) has been around forever, it’s because it has (at least compared to the many technologies that rise and fall within just a few years.) The initial version, known as “Remote Desktop Protocol […]