Access Control
Access Control | News, how-tos, features, reviews, and videos
Beyond Identity launches Zero Trust Authentication to align verification with zero-trust principles
Zero Trust Authentication is designed to negate the shortcomings of traditional authentication methods with features including passwordless capability and phishing resistance.
ReversingLabs adds new context-based, secret-detection capabilities
The software supply chain security tool will host new secret-detection capabilities through the command-line interface to help developers prioritize remediation efforts.
What is zero trust? A model for more effective security
As the security model becomes the preferred security strategy, it’s worth looking at what it is and what it takes to achieve.
Booking.com account takeover flaw shows possible pitfalls in OAuth implementations
Avoid these simple mistakes when setting up OAuth for third-party authentication to block unauthorized account access.
Entitle debuts with automated SaaS permissions-management application
Israel-based cybersecurity startup Entitle's namesake application is designed to automate access requests and grants by delegating approval decisions to business owners instead of IT and devops teams.
Alcatraz AI streamlines facial recognition access control with mobile update
Alcatraz AI is offering web-based mobile enrollment and privacy consent management to optimize the onboarding process for its facial recognition building security system.
Descope launches authentication and user management SaaS
Descope’s first product allows developers to build authentication and user management functions in applications.
Cohesity Data Cloud 7.0 enhances privileged access authentication, ransomware recovery
Vendor announces the 7.0 software release of its Cohesity Data Cloud platform with a focus on “data-centric” cyber resilience.
Threat actors abuse Microsoft’s “verified publisher” status to exploit OAuth privileges
Proofpoint discovers threat actors targeting verified status in the Microsoft environment to abuse OAuth privileges and lure users into authorizing malicious apps.
How passkeys are changing authentication
Well-implemented passkeys can improve the user experience and make it harder for cybercriminals to launch phishing and other attacks.
The metaverse brings a new breed of threats to challenge privacy and security gatekeepers
If your organization isn’t already moving into the metaverse, it soon will be. Be warned: today’s security protocols and privacy laws may not apply to 3D worlds.
Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams
Researchers demonstrate how attackers can use the GPT-3 natural language model to launch more effective, harder-to-detect phishing and business email compromise campaigns.
Why it might be time to consider using FIDO-based authentication devices
Access codes sent by SMS or authenticator apps can be bypassed by clever phishing. Hardware-based tokens make that harder to do.
How acceptable is your acceptable use policy?
If users resent, fear, or ignore policies around the use of corporate resources, it may be time for a different approach that incentivizes rather than punishes.
Athletic shoe maker Brooks runs down cyberattacks with zero-trust segmentation
Protecting the most vital areas of the network first is a practical, doable defense, Brooks found when it implemented Illumio Core’s zero-trust segmentation platform.
8 top multi-factor authentication products and how to choose an MFA solution
Learn the key considerations when choosing an MFA solution and why these top picks are worth a look.
Top considerations when choosing a multi-factor authentication solution
Choosing the right MFA solution for a Microsoft environment that covers all authentication needs will reduce stress on your IT admins and help desk.
How legacy tech impedes zero trust and what to do about it
Old perimeter-based defenses can throw up roadblocks to implementing a zero-trust strategy, but a measured, phased approach will see you through.