Identity and access management

Identity is often considered the perimeter in infosec, especially as traditional enterprise perimeters dissolve. Identity and access management is critical to maintain data security. From passwords to multifactor authentication, SSO to biometrics, get the latest advice on IAM here.

Top Stories

Tip 11 Feb 2025
Benefits and challenges of passkeys in the enterprise

Passkeys overcome some of the critical security vulnerabilities plaguing passwords. But enterprises face some new challenges when deploying the authentication technology. Continue Reading
By
- Jerald Murphy, Nemertes Research
Answer 07 Feb 2025
7 key identity and access management benefits

Identity and access management benefits users, security and IT admins, and it also improves an organization's security posture. Read up on seven key advantages of IAM. Continue Reading
By
- Sharon Shea, Executive Editor
- Andrew Froehlich, West Gate Networks

Definition 11 Feb 2025
What is privileged access management (PAM)?

Privileged access management (PAM) is a security framework designed to protect organizations against cyberthreats by controlling and monitoring access to critical information and resources. Continue Reading
By
- Kinza Yasar, Technical Writer
- Sarah Lewis
Answer 07 Feb 2025
7 key identity and access management benefits

Identity and access management benefits users, security and IT admins, and it also improves an organization's security posture. Read up on seven key advantages of IAM. Continue Reading
By
- Sharon Shea, Executive Editor
- Andrew Froehlich, West Gate Networks
Tip 04 Feb 2025
Cloud PAM benefits, challenges and adoption best practices

Cloud PAM helps organizations manage access to privileged accounts to keep cloud data and applications secured. Is it right for your organization? Continue Reading
By
- Dave Shackleford, Voodoo Security
Definition 31 Jan 2025
What is a certificate revocation list (CRL) and how is it used?

A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their actual or assigned expiration date. Continue Reading
By
- Rahul Awati
- Michael Cobb
Definition 31 Jan 2025
What is biometric verification?

Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits. Continue Reading
By
- Michael Cobb
- Alexander S. Gillis, Technical Writer and Editor
- Rahul Awati
Definition 31 Jan 2025
What is biometrics?

Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
- Alexander S. Gillis, Technical Writer and Editor
- Peter Loshin, Former Senior Technology Editor
Definition 30 Jan 2025
What is a password?

A password is a string of characters used to verify the identity of a user during the authentication process. Continue Reading
By
- Rahul Awati
- Madelyn Bacon, TechTarget
Tip 27 Jan 2025
How to change the password of an RDP session

Password expiration policies are key to maintaining data security, so users need easy access to a password change utility whether they are on a local PC or a remote desktop. Continue Reading
By
- Chris Twiest, RawWorks
Definition 24 Jan 2025
What is SAML (Security Assertion Markup Language)?

Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems. Continue Reading
By
- Kinza Yasar, Technical Writer
- Peter Loshin, Former Senior Technology Editor
Definition 23 Jan 2025
What is SSL (Secure Sockets Layer)?

SSL (Secure Sockets Layer) is a networking protocol that secures connections between web clients and web servers over internal networks or the internet by encrypting the data sent between those clients and servers. Continue Reading
By
- Rahul Awati
- Michael Cobb
- Peter Loshin, Former Senior Technology Editor
News 21 Jan 2025
Threat actors abusing Microsoft Teams in ransomware attacks

Sophos researchers observed two separate threat campaigns in which attackers used Microsoft Teams to pose as IT support personnel and gain access to victims' systems. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 17 Jan 2025
Adopt passkeys over passwords to improve UX, drive revenue

Password use leads to higher UX friction and lost sales because customers want a smoother sign-in experience. Passkeys can simplify authentication and improve UX. Continue Reading
By
- Andrew Shikiar, Dhiraj Kumar
News 16 Jan 2025
Threat actor publishes data of 15K hacked FortiGate firewalls

Although the threat actor published the alleged stolen Fortinet FortiGate firewall data this week, the data is apparently tied to older zero-day exploitation from 2022. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Jan 2025
FBI removes Chinese PlugX malware from 4,258 U.S. computers

The FBI did not inform individuals that it deleted PlugX malware from users' computers beforehand, citing the possibility of Chinese state-sponsored hackers making adjustments. Continue Reading
By
- Alexander Culafi, Senior News Writer
Opinion 03 Jan 2025
The basics drive 2025 identity security investments

New identity security tech might steal headlines, but Informa TechTarget's Enterprise Strategy Group analyst Todd Thiemann shows the basics get the most attention from businesses. Continue Reading
By
- Todd Thiemann, Senior Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 02 Jan 2025
Dozens of Chrome extensions hacked in threat campaign

Although data security vendor Cyberhaven disclosed that its Chrome extension was compromised on Dec. 24, additional research suggests the broader campaign could be months older. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 23 Dec 2024
What is a public key and how does it work?

In cryptography, a public key is a large numerical value that is used to encrypt data. Continue Reading
By
- Rahul Awati
Feature 20 Dec 2024
Identity and access management tools and features for 2025

The IAM tool marketplace is complex and ever-changing. Learn about key features and how to discern what your organization needs before approaching potential providers. Continue Reading
By
- Ed Moyle, SecurityCurve
News 19 Dec 2024
BeyondTrust SaaS instances breached in cyberattack

BeyondTrust, a privileged access management vendor, patched two vulnerabilities this week after attackers compromised SaaS instances for a 'limited number' of customers. Continue Reading
By
- Arielle Waldman, News Writer
Feature 19 Dec 2024
10 cybersecurity predictions for 2025

AI will still be a hot topic in 2025, but don't miss out on other trends, including initial access broker growth, the rise of vCISOs, tech rationalization and more. Continue Reading
By
- Kyle Johnson, Technology Editor
Answer 19 Dec 2024
How bad is generative AI data leakage and how can you stop it?

Mismanaged training data, weak models, prompt injection attacks can all lead to data leakage in GenAI, with serious costs for companies. The good news? Risks can be mitigated. Continue Reading
By
- Chris Tozzi
Definition 19 Dec 2024
What is a public key certificate?

A public key certificate is a digitally signed document that serves to validate the sender's authorization and name. Continue Reading
By
- Rahul Awati
News 18 Dec 2024
CISA issues mobile security guidance following China hacks

Following the Salt Typhoon attacks, CISA offers advice to 'highly targeted' individuals, such as using end-to-end encryption and moving away from purely SMS-based MFA. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tutorial 18 Dec 2024
How to use the Hydra password-cracking tool

Ethical hackers: Need help brute-forcing passwords? Get started by learning how to use the open source Hydra tool with this step-by-step tutorial and companion video. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 17 Dec 2024
Are password managers safe for enterprise use?

Password managers have benefits, but they are also subject to attacks that can put organizations at substantial risk. So, are they safe? Continue Reading
By
- Matthew Smith, Seemless Transition LLC
Tip 17 Dec 2024
The pros and cons of biometric authentication

Biometric authentication can be a solid supplement to passwords when securing data and systems. But understanding potential drawbacks, and planning to minimize them, is essential. Continue Reading
By
- Char Sample, ICF International
Definition 17 Dec 2024
What is PKI (public key infrastructure)?

PKI (public key infrastructure) is the underlying framework that enables the secure exchange of information over the internet using digital certificates and public key encryption. Continue Reading
By
- Rahul Awati
Definition 17 Dec 2024
What is passwordless authentication?

Passwordless authentication allows a user to sign into a service without using a password. This is often done using certificates, security tokens, one-time passwords (OTPs) or biometrics. Continue Reading
By
- Kinza Yasar, Technical Writer
- Gavin Wright
- Alexander S. Gillis, Technical Writer and Editor
Guest Post 13 Dec 2024
Migrate to passwordless to enhance security and UX

Transitioning to passwordless authentication enables organizations to strengthen user account and sensitive data security without adding UX friction for end users. Continue Reading
By
- Ant Allan
Tip 12 Dec 2024
9 identity and access management trends to watch in 2025

Identity threats continue to change and so, too, do the defenses developed to address those security challenges. Be ready for what's coming next in IAM. Continue Reading
By
- Phil Sweeney, Industry Editor
Tip 12 Dec 2024
7 must-know IAM standards in 2025

Does your IAM program need OAuth or OpenID Connect? Or maybe both? Let's look at the various standards and protocols that make identity management function. Continue Reading
By
- Sean Michael Kerner
Opinion 12 Dec 2024
Nonhuman identity security is getting board-level attention

Has your organization addressed nonhuman identity security? NHI attacks are becoming more prevalent and need to be a part of enterprise security strategies. Continue Reading
By
- Todd Thiemann, Senior Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Definition 11 Dec 2024
What is identity and access management? Guide to IAM

No longer just a good idea, IAM is a crucial piece of the cybersecurity puzzle. It's how an organization regulates access to information and meets its compliance obligations. Continue Reading
By
- Phil Sweeney, Industry Editor
- Sandra Gittlen
News 10 Dec 2024
Citrix NetScaler devices targeted in brute force campaign

Citrix advised NetScaler customers to ensure that their devices are fully updated and properly configured to defend against the recent spike in brute force attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 09 Dec 2024
What is user authentication?

User authentication refers to the process of verifying the identity of a user attempting to gain access to a computer network, system or device. This process runs in the background and can be done through different means, such as asking the user to enter a password, provide a PIN or provide a fingerprint. Continue Reading
By
- Rahul Awati
Feature 06 Dec 2024
Passkey vs. password: What is the difference?

Companies are turning to passkeys as a secure login for consumers. Passkeys make it more difficult for thieves to steal information, and they are also more convenient for users. Continue Reading
By
- Amanda Hetler, Senior Editor
News 04 Dec 2024
FBI: Criminals using AI to commit fraud 'on a larger scale'

As AI technology becomes more widely adopted, attackers are abusing it for their scams, which the FBI says are becoming increasingly more difficult to detect. Continue Reading
By
- Arielle Waldman, News Writer
News 04 Dec 2024
FOSS security concerns increase amid widespread adoption

A new report from the Linux Foundation, OpenSSF and Harvard University calls for transparency and standardization to address growing security risks in open source software. Continue Reading
By
- Arielle Waldman, News Writer
Tip 02 Dec 2024
8 best practices for a bulletproof IAM strategy

IAM systems help to enable secure access to applications and resources. But to benefit from IAM -- and avoid a security failure -- teams must be ready to meet the challenges. Continue Reading
By
- Sean Michael Kerner
Tip 20 Nov 2024
4 types of access control

Access management is the gatekeeper, making sure a device or person can gain entry only to the systems or applications to which they have been granted permission. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
Tip 20 Nov 2024
User provisioning and deprovisioning: Why it matters for IAM

Overprivileged and orphaned user identities pose risks. Cybersecurity teams should be sure user profiles grant only appropriate access -- and only for as long as necessary. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 19 Nov 2024
What skills are needed for a successful career in IAM?

In the zero-trust era, identity management is critical to an organization's cybersecurity posture. What skills are required to transition into a career in IAM? Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
Tip 19 Nov 2024
Biometric privacy and security challenges to know

Fingerprints and facial scans can make identity access more convenient than passwords, but biometric tools present significant ethical and legal challenges. Continue Reading
By
- Mary K. Pratt
News 18 Nov 2024
Chinese APT exploited unpatched Fortinet zero-day flaw

Volexity reported that a Chinese APT actor exploited a zero-day vulnerability in Fortinet's Windows VPN FortiClient software that enables credentials to be stolen from a system. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 18 Nov 2024
What is acceptable use policy (AUP)?

An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to or use of a corporate network, the internet or other computing resources. Continue Reading
By
- Paul Kirvan
News 15 Nov 2024
MFA required for AWS Organizations member accounts in 2025

AWS is one of several cloud providers that will implement MFA requirements over the next year, with other relevant names including Google Cloud and Microsoft Azure. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 14 Nov 2024
What is identity governance and administration (IGA)?

Identity governance and administration (IGA) is the collection of processes and practices used to manage user digital identities and their access throughout the enterprise. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
Answer 12 Nov 2024
Identity management vs. authentication: Know the difference

Learn how authentication and identity management are both intrinsic to an identity and access management framework. Learn how they differ and the role each one plays. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Answer 12 Nov 2024
Top 10 identity and access management risks

Organizational security is undermined by a number of identity and access management problems. Learn what those risks are and get ideas on how to solve them. Continue Reading
By
- Dave Shackleford, Voodoo Security
Feature 07 Nov 2024
15 IAM interview questions to prep for your next career move

The job market for identity and access management positions is strong right now, but the competition could be tough. Use these 15 questions to guide your interview prep. Continue Reading
By
- Kathleen Richards
News 05 Nov 2024
Google Cloud to roll out mandatory MFA for all users

Google's three-phase plan for mandatory MFA, which will culminate in late 2025, follows similar efforts from other cloud providers such as AWS and Microsoft. Continue Reading
By
- Arielle Waldman, News Writer
Definition 28 Oct 2024
What is authentication, authorization and accounting (AAA)?

Authentication, authorization and accounting (AAA) is a security framework for controlling and tracking user access within a computer network. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Definition 28 Oct 2024
What is two-factor authentication (2FA)?

Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves. Continue Reading
By
- Paul Kirvan
- Peter Loshin, Former Senior Technology Editor
- Michael Cobb
Definition 17 Oct 2024
What is tailgating (piggybacking)?

Tailgating, sometimes referred to as piggybacking, is a type of physical security breach in which an unauthorized person follows an authorized individual to enter secured premises while avoiding detection by an electronic or human access control (or alarm) system. Continue Reading
By
- Rahul Awati
Definition 17 Oct 2024
What is information rights management (IRM)?

Information rights management (IRM) is a discipline that involves managing, controlling and securing content from unwanted access. Continue Reading
By
- Paul Kirvan
- Lauren Horwitz, Cisco
News 15 Oct 2024
FIDO unveils new specifications to transfer passkeys

The proposed FIDO Alliance specifications would enable users and organizations to securely transfer credentials from one identity provider to another. Continue Reading
By
- Arielle Waldman, News Writer
News 10 Oct 2024
FTC orders Marriott to pay $52M and enhance security practices

The Federal Trade Commission says an investigation revealed that poor security practices led to three data breaches at Marriott and Starwood hotels between 2014 and 2020. Continue Reading
By
- Arielle Waldman, News Writer
News 03 Oct 2024
Microsoft SFI progress report elicits cautious optimism

Infosec experts say the Secure Future Initiative progress report shows Microsoft has made important changes to its policies, practices and accountability structures. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 30 Sep 2024
Risk & Repeat: Inside the Microsoft SFI progress report

The first Secure Future Initiative progress report highlighted improvements to Microsoft's security posture. But the company still faces major SecOps challenges. Continue Reading
By
- Rob Wright, Senior News Director
Definition 27 Sep 2024
What is access control?

Access control is a security technique that regulates who or what can view or use resources in a computing environment. Continue Reading
By
- Gavin Wright
- Ben Lutkevich, Site Editor
News 23 Sep 2024
Microsoft issues first Secure Future Initiative report

In the first progress report since the launch of its Secure Future Initiative, Microsoft said it's made key improvements to identity and supply chain security. Continue Reading
By
- Arielle Waldman, News Writer
News 19 Sep 2024
Platform engineers embrace secrets management tool

Pulumi's ESC, now GA, filled an automation gap in multi-cloud identity and permissions management for platform engineers well-versed in general-purpose programming languages. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 18 Sep 2024
Huntress warns of attacks on Foundation Software accounts

The cybersecurity company observed a brute force attack campaign targeting Foundation customers that did not change default credentials in their accounting software. Continue Reading
By
- Arielle Waldman, News Writer
Definition 17 Sep 2024
What is passive keyless entry (PKE)?

Passive keyless entry (PKE) is an automotive security system that operates automatically when the user is in proximity to the vehicle, unlocking the door on approach or when the door handle is pulled, and locking it when the user walks away or touches the car on exit. Continue Reading
By
- Katie Terrell Hanna
Tip 11 Sep 2024
How to prevent vendor email compromise attacks

Vendor email compromise is one of the latest email attacks to hit headlines. Learn how to prevent becoming a victim to this potentially expensive scheme. Continue Reading
By
- Amanda Scheldt
Definition 06 Sep 2024
What is identity threat detection and response (ITDR)?

Identity threat detection and response (ITDR) is a collection of tools and best practices aimed at defending against cyberattacks that specifically target user identities or identity and access management (IAM) infrastructure. Continue Reading
By
- Mary K. Pratt
News 04 Sep 2024
White House unveils plan to improve BGP security

The Office of the National Cyber Director has published a roadmap for internet routing security that outlines recommendations for mitigating BGP hijacking and other threats. Continue Reading
By
- Rob Wright, Senior News Director
News 03 Sep 2024
FBI: North Korean hackers targeting cryptocurrency employees

North Korean state-sponsored threat actors have been conducting successful social engineering campaigns against cryptocurrency employees over the last several months. Continue Reading
By
- Arielle Waldman, News Writer
News 29 Aug 2024
Russia's APT29 using spyware exploits in new campaigns

A new report from Google TAG suggests that Russia's APT29 is using vulnerability exploits first developed from spyware vendors to target Mongolian government websites. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 27 Aug 2024
What is LDAP (Lightweight Directory Access Protocol)?

LDAP (Lightweight Directory Access Protocol) is a software protocol used for locating data about organizations, individuals and other resources, such as files and devices, on public and corporate networks. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
- Alexander S. Gillis, Technical Writer and Editor
Tip 22 Aug 2024
How frictionless authentication works in online payments

Online retailers face a challenge: Make the payment process quick and easy for legitimate customers but not for fraudsters. Frictionless authentication can help. Continue Reading
By
- Rob Shapland
- Alissa Irei, Senior Site Editor
News 19 Aug 2024
Microsoft to roll out mandatory MFA for Azure

Following several high-profile attacks across the globe on MFA-less accounts, Microsoft will make the security measure mandatory for Azure sign-ins beginning in October. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 14 Aug 2024
Black Hat USA 2024 takeaways for data security and IAM

Black Hat USA 2024 showcased recurring themes of data security and IAM, encompassing the platform vs. point product debate, cleaning identity data and GenAI security. Continue Reading
By
- Todd Thiemann, Senior Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 08 Aug 2024
Zenity CTO on dangers of Microsoft Copilot prompt injections

Zenity's CTO describes how hidden email code can be used to feed malicious prompts to a victim's Copilot instance, leading to false outputs and even credential harvesting. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 Aug 2024
Nvidia AI security architect discusses top threats to LLMs

Richard Harang, Nvidia's principal AI and ML security architect, said two of the biggest pain points for LLMs right now are insecure plugins and indirect prompt injections. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 07 Aug 2024
The dangers of voice deepfakes in the November election

The growth of generative AI has led to more audio cloning technology. This could affect the U.S. election. Recent incidents show that existing safeguards are not effective. Continue Reading
By
- Esther Shittu, News Writer
News 30 Jul 2024
Microsoft: Ransomware gangs exploiting VMware ESXi flaw

VMware ESXi has proven to be a popular target for ransomware threat actors and a challenge for enterprises to patch. Continue Reading
By
- Arielle Waldman, News Writer
Definition 29 Jul 2024
What is SSH (Secure Shell) and How Does It Work?

SSH (Secure Shell or Secure Socket Shell) is a network protocol that gives users -- particularly systems administrators -- a secure way to access a computer over an unsecured network. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Peter Loshin, Former Senior Technology Editor
- Michael Cobb
News 15 Jul 2024
Experts weigh in on Snowflake database MFA features

In response to a wave of recent attacks on customers, Snowflake introduces new authentication offerings that enable administrators to require MFA for all user accounts. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 12 Jul 2024
AT&T breach affects 'nearly all' customers' call, text records

Fallout from the attacks on Snowflake customers continues as AT&T is the latest victim organization to disclose a data breach stemming from a compromised cloud instance. Continue Reading
By
- Arielle Waldman, News Writer
Tip 09 Jul 2024
Use these 6 user authentication types to secure networks

One layer of security that all networks and applications need is authentication. Read up on six authentication types, from 2FA to biometrics to certificates. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 03 Jul 2024
RSA security conference video roundup: 2024 perspectives

We chatted on camera with attendees and presenters at RSAC 2024. To get the highlights of one of the world's major cybersecurity conferences, check out this video collection. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
News 28 Jun 2024
TeamViewer breached by Russian state actor Midnight Blizzard

TeamViewer says a Russian state-sponsored threat actor known as Midnight Blizzard gained accessed to the company's corporate network via compromised employee credentials. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 25 Jun 2024
digital signature

A digital signature is a mathematical technique used to validate the authenticity and integrity of a digital document, message or software. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
- Alexander S. Gillis, Technical Writer and Editor
- Ben Lutkevich, Site Editor
News 24 Jun 2024
Corvus: Cyber insurance premiums see 'stabilization'

Corvus Insurance's Peter Hedberg provided insight into the cyber insurance landscape after a tumultuous 2023 and what enterprises can expect moving forward. Continue Reading
By
- Arielle Waldman, News Writer
Definition 21 Jun 2024
OpenID (OpenID Connect)

OpenID Connect is an open specification for authentication and single sign-on (SSO). Continue Reading
By
- Rahul Awati
News 20 Jun 2024
How Amazon's decision to ditch Active Directory paid off

Amazon's decision to build its own identity and access management system was an expensive one, but an infamous supply chain attack validated the move. Continue Reading
By
- Rob Wright, Senior News Director
Tip 17 Jun 2024
How deepfakes threaten biometric security controls

Biometric security controls are under attack by deepfakes -- convincing images, videos and audio created by generative AI. But all is not lost. Learn how to mitigate the risk. Continue Reading
By
- Jerald Murphy, Nemertes Research
Opinion 12 Jun 2024
Identiverse 2024: Key takeaways in identity security

The 2024 Identiverse conference addressed identity access management challenges, AI's ability to streamline IAM workflows and nonhuman identity management for identity pros. Continue Reading
By
- Todd Thiemann, Senior Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 10 Jun 2024
Mandiant: 'Exposed credentials' led to Snowflake attacks

According to new threat research, Mandiant is reporting that UNC5537 conducted attacks against Snowflake database customers at least as early as April 14. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 04 Jun 2024
Tenable warns of vulnerability in Azure service tags

Microsoft disagreed with Tenable's assessment, saying the security issue in Azure service tags is not a vulnerability and that additional authentication layers are required. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 03 Jun 2024
Hugging Face tokens exposed, attack scope unknown

After detecting unauthorized access on its Spaces platform, Hugging Face disclosed that customer secrets might have been exposed and began revoking access tokens. Continue Reading
By
- Arielle Waldman, News Writer
News 03 Jun 2024
Snowflake: No evidence of platform breach

Snowflake on Saturday issued a joint statement with third-party investigators Mandiant and CrowdStrike denying reports that its platform had been breached. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 31 May 2024
Threat actor compromising Snowflake database customers

A threat actor tracked as UNC5537 is using stolen credentials against Snowflake database customers to conduct data theft and extortion attacks, cloud security firm Mitiga said. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 28 May 2024
Check Point warns of threat actors targeting VPNs

Check Point said threat actors were targeting a small number of customers by attempting to compromise local VPN accounts that only utilized passwords for authentication. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 20 May 2024
CyberArk to acquire Venafi from Thoma Bravo for $1.5B

CyberArk said it intends to help enterprises with the growing number of machine identities, which the company said surpasses human identities by a ratio of 40 to 1. Continue Reading
By
- Arielle Waldman, News Writer
Definition 15 May 2024
out-of-band authentication

Out-of-band authentication is a type of two-factor authentication (2FA) that requires a secondary verification method through a separate communication channel along with the typical ID and password. Continue Reading
By
- Nick Barney, Technology Writer
Tip 14 May 2024
RSAC panel debates confidence in post-quantum cryptography

The Cryptographers' Panel at RSAC offered opinions on their confidence in PQC following the release of a paper questioning lattice-based encryption's viability. Continue Reading
By
- Kyle Johnson, Technology Editor
News 09 May 2024
Dell 'security incident' might affect millions

Dell notified customers that a company portal connected to customer data exposed orders, names and addresses, while reports indicate the data is now up for sale on the dark web. Continue Reading
By
- Tim McCarthy, News Writer
Tutorial 07 May 2024
How to configure sudo privilege and access control settings

Learn how to use the sudo command for access control configurations, from granting full administrative privileges to delegating roles. Continue Reading
By
- Damon Garn, Cogspinner Coaction