Archive for the ‘Access Control’ Category

OpenSSL Project released 1.1.1k version to fix two High-severity flaws

Leave a Comment

Using IAM Solutions to Beat Deepfakes and Fraud

AI and ML technologies have made great strides in helping organizations with cybersecurity, as well as with other tasks like chatbots that help with customer service. Cybercriminals have also made great strides in using AI and ML for fraud. “Today, fraud can happen without stealing someone else’s identity because fraudsters can create ‘synthetic identities’ with […]

Leave a Comment

External Remote Services

Adversaries may leverage external-facing remote services to initially access and/or persist within a network. Remote services such as VPNs, Citrix, and other access mechanisms allow users to connect to internal enterprise network resources from external locations. There are often remote service gateways that manage connections and credential authentication for these services. Services such as Windows Remote […]

Leave a Comment

Credential stuffing attack hit RIPE NCC: Members have to enable 2FA

RIPE NCC announced to have suffered a credential stuffing attack attempting to gain access to single sign-on (SSO) accounts. The RIPE NCC is a not-for-profit membership association, a Regional Internet Registry and the secretariat for the RIPE community supporting the Internet through technical coordination. It has over 20,000 members from over 75 countries who act as Local […]

Leave a Comment

Cisco engineer resigns then nukes 16k WebEx accounts, 456 VMs

A former Cisco employee pleaded guilty to accessing the company’s cloud infrastructure in 2018, five months after resigning, to deploy code that led to the shut down of more than 16,000 WebEx Teams accounts and the deletion of 456 virtual machines. According to a plea agreement filed on July 30, 2020, 30-year-old Sudhish Kasaba Ramesh accessed […]

Leave a Comment

Tech firms suspend use of ‘biased’ facial recognition technology

Amazon, IBM and now Microsoft ban the sale of facial recognition technology to police departments and are urging for federal laws to regulate its use. Source: Tech firms suspend use of ‘biased’ facial recognition technology Download a Security Risk Assessment steps paper! Download a vCISO template Subscribe to DISC InfoSec blog by Email Why Cities […]

Leave a Comment

Live and let live InfoSec

User vs Security Live and let live InfoSec The average person’s take on security control: they have real jobs to do, and security isn’t one of them. so remember ‘usability vs bypass security control’ when designing a new control. Please feel free to share your opinion on this. Funny business meeting illustrating how hard it […]

Leave a Comment

Facial ID payment

Leave a Comment

Secure File Sharing from any device

Easy Desktop Access to Cloud Files Ditch Email Attachments. With your files in the cloud, you can easily share them with anyone — even if they’re outside your company firewall — with a simple link via email or straight from Box. Keep Everybody on the Same Page. Easily share files and folders, and add, move or edit […]

Leave a Comment

Why You Should Be Using a Password Manager

Password managers such as LastPass offer a simple service: They will store all your annoying passwords (and help you generate new ones if needed) and then give them out to whatever service you’re logging into through the use of browser add-ons and apps. They’re much like the password tools already built into your browser itself—the […]

Leave a Comment

What to Log for Authentication and Access Control

Authentication and access control plays a critical role in web application security.  Mostly for logging, all authentication and access control events should be logged which includes but not limited to successes and failures. If  we are logging only the successful events, someone may brute force attack the passwords without any detection or notice. On the […]

Leave a Comment

Compartmentalizing and Segmenting Privileged Passwords

By Liberman Software @ Identity Week If you’re a fan of old war movies – and especially if you’re a child of the Cold War – then you no doubt recall watching scenes where prior to launching a nuclear missile, two operators will turn their launch keys simultaneously in order to initiate the launch. The […]

Leave a Comment

Looking for a secure USB stick with hardware encryption

CESG Approved USB Stick CESG is the UK Government’s National Technical Authority for Information Assurance Over 1 million SafeSticks are now in use in the NHS helping to keep patient data and other confidential data secure! Buy your SafeStick today! SafeStick is a secure USB stick with AES 256 bit hardware encryption and is FIPS […]

Comments (5)

TSA Is NOT Security It’s A JOKE!

“Security measures that just force the bad guys to change tactics and targets are a waste of money,” said Bruce Schneier, “It would be better to put that money into investigations and intelligence.” The security boss of Amsterdam’s Schiphol Airport is calling for an end to endless investment in new technology to improve airline security. […]

Comments (1)

Network Access Control and Security

The purpose of network access control is to protect and safeguard assets attached to network from threats of unauthorized users gaining access to organization’s assets. Network Access Control (NAC) authenticate users to make sure they are authorized to login and following the policies and procedures for login before authorized to use organization assets. Some of […]

Comments (2)

Access control fraud and countermeasures

These days access to the internet is a business requirement. Most businesses are selling their products and services on the internet which sometimes requires customers to have access to the critical assets such as applications and databases. The global growth of the internet has increased complexity and potential risks to these assets. In some cases, […]

Comments (2)