Identity Management

Identity Management news, information, and how-to advice

USB key
light from window

cloud security lock

File sync services provide covert way to control hacked computers

File synchronization services, used to accommodate roaming employees inside organizations, can also be a weak point that attackers could exploit to remain undetected inside compromised networks.

smartphone laptop

Report: Scam phone calls up 30%

Phone fraud aimed at finance and retail companies rose by 30 percent last year, according to a new analysis of several million calls by Pindrop Security.

kill password

FUD: Vendor claims their map-based password tool is unbreakable

Nova Spatial, the developer of a map-based authentication method called MapLogin, says their tool is unbreakable after a round of vulnerability testing with HackerOne. A bold claim, one that just isn't true based on the evidence.

single sign on tools review 1

Best tools for single sign-on

Single mindednessSince we last looked at single sign-on products in 2012, the field has gotten more crowded and more capable. For this round of evaluations, we looked at seven SSO services: Centrify’s Identity Service, Microsoft’s...

security fingerprints

Expert: Time to stop relying on PII for authentication

These days, the criminals often know more of our personal details than we know ourselves -- it's time to stop asking users for their personal details and to switch to more secure methods for authentication

telephone operators 1952

'Your PC may be infected!' Inside the shady world of antivirus telemarketing

Tech support schemes have barely slowed despite legal action by the FTC

Network resilient

6 steps to achieve cyber resilience

Slogging through the aftermath of a breachImage by DVIDSHUBData breaches and cyberattacks are now commonplace. Although the scope, severity and cost of an event varies by incident, even the smallest of them can be detrimental to a...

hitachi scanner

Memory scraping malware targets Oracle Micros point-of-sale customers

A new threat dubbed MalumPoS is being used against businesses in the hospitality, food and retail industries, researchers said

haunted hallway ghost

Do departed employees haunt your networks?

Many companies have ghosts in their systems. Employees who've gone on to a better place -- say, with better pay -- but are still wandering through company files, cloud services, and social media accounts

identity theft 000006030247

Heartland issues breach notification letters after computer theft

In a letter to the California Attorney General, Heartland Payment Systems has disclosed a data breach impacting personal information. The letter says that the data exposure is the result of a break-in at one of their offices, which...

wordpress dot org

Unusual Wordpress attack steals login credentials

Wordpress is a common target for criminals who redirect innocent users to malware download sites -- but a new type of malware steals user login credentials instead.

human analytics

Behavioral analytics vs. the rogue insider

User Behavior Analytics, its advocates say, not only detect insider threats - it can predict them. That may bring comfort to organizational leaders, but critics say it raises privacy concerns for employees.


Electronic lock maker clashes with security firm over software flaws

CyberLock said it wasn't given enough time before IOActive published a security advisory

About half of those responding to an online survey say their passwords are over five years old.

Identity as an attack surface

Mobile computing, cloud apps and tele-working have effectively made the de-perimeterization of IT security a “fait accompli”. In the process, these redrawn battle lines have created new challenges for CSOs and new points of entry for...

credit cards keyboard

Credit card terminals have used same password since 1990s, claim researchers

Many users never changed the password, thinking it was unique to them

rsa conf 2015

RSAC 2015: RSA Conference (Day 4)

All this week, Salted Hash is in San Francisco for the annual RSA Conference (RSAC). Each day we'll update the blog with breaking news and other details from the show. Today we're going to talk about passwords.

1 rsa opener

RSA Conference 2015: Criminals targeting gaps in user awareness training

Common Phishing techniques were less effective last year, so criminals changed their game in order to adapt

windows phone biometrics security eye fingerprint

18-year-old SMB vulnerability resurfaces, dozens of vendors affected

SPEAR, the research team at Cylance, has discovered new attack vectors for an 18-year-old vulnerability in Windows Server Message Block (SMB). The updated attack vector, called Redirect to SMB, impacts products from Microsoft, Apple,...

Load More