Homepage

Watch

AAA CISO: Identity in metaverse will be decentralized, federated and self-sovereign (WATCH)

Identiverse Conference 2022

Cash is displayed on Aug. 29, 2017, in San Anselmo, Calif. (Photo Illustration by Justin Sullivan/Getty Images)

Security and compliance concerns limit ‘open finance’ expansion, say executives

Karen HoffmanJune 27, 2022

The popular drive to embrace application-based financial services is most hindered by security risk concerns, according to a recent study by an identity management company.

Identity and access

Least privilege access is central to being a better cloud user, says AWS identity leader (WATCH)

Bradley BarthJune 27, 2022

Organizations should also implement role-based policies, multi-factor authentication and secrets management, advises Don Edwards in an interview.

Ransomware

LockBit ransomware group offers bug bounties, doxxing rewards

Joe UchillJune 27, 2022

The move continues a longstanding pattern of criminal groups using corporate tactics to increase efficiency, including intricate supply chains, call centers and help wanted ads.

Leadership

Lawmakers want DoD to parse cyber roles, explore partnerships with CISA and colleges

Derek B. JohnsonJune 27, 2022

A House committee wants Pentagon leadership to report how the Defense Department delineates roles and responsibilities within cyberspace among its different component agencies.

Cybersecurity Asset Management

How the MITRE Engenuity ATT&CK evaluations work

Paul WagenseilJune 27, 2022

The Engenuity evaluations examine how leading endpoint security products protect systems from well-known threat actors. Because the results are based on the MITRE ATT&CK framework, organizations can use them to see how well security products mesh with their own systems — and how far threat actors can penetrate those systems. Security vendors can also use the results to improve their own products.

Privacy

After fall of Roe v. Wade, Congress calls for FTC probe of mobile tracking by Google, Apple

Jessica DavisJune 27, 2022

Senators are asking for an FTC probe into Google and Apple for routinely selling user data, saying the practice could lead to privacy harms for women in the wake of Roe v. Wade upheaval.

Cloud security

Permiso aims to help customers build a new identity-based security model for the cloud

Steve ZurierJune 24, 2022

Permiso’s Paul Nguyen and Ian Ahl say nation-state attackers are moving to the cloud – and the industry needs a new identity-based security model in response.

Identity and access

How to secure cross-device flows when the weak point is human decision-making

Joe UchillJune 24, 2022

While connections between devices are secure, a person scanning a QR code is subject to the social engineering frailties of a human being.

2022 NOMINATIONS

SC EVENTS

Coming Soon

Threat Intel: A key to demystifying network security

Vulnerability and Patch Management: Every day is a zero day

Endpoint Security – Sealing your ever-expanding attack perimeter

Watch

AAA CISO: Identity in metaverse will be decentralized, federated and self-sovereign (WATCH)

Identiverse Conference 2022

In The News

Credential phishing attack spoofs cryptocurrency app MetaMask, targets financial industry

ZScaler embraces cloud security posture management

ShiftLeft finds a 97% reduction in open source software vulnerabilities

Nearly 50% of all SaaS-to-SaaS integrations sit unused following a failed POC effort

Organizations ready to meet new state privacy laws, but less than half have acted

Perspectives

Three ways to lock down APIs

The urgent need to secure SaaS apps

How to improve security by slowing down for the summer

Why APIs present CISOs with the biggest risk

In the era of ransomware, recovery has become as important as prevention