Identity & Access Management Archives - Page 3 of 3

Many organizations lacking adoption of key CIS controls

Asset Management, Configuration Management, Cybersecurity Articles, Endpoint Security, Identity & Access Management, Vulnerabilities & Exploits / By Frank Crast / August 11, 2018 / CIS, SANS

A recent survey conducted by Tripwire revealed organizations are not fully adopting security controls from key benchmarks, such as the Center for Internet Security (CIS).

AWS S3 error exposes data on 31K GoDaddy servers

Cloud Security, Configuration Management, Identity & Access Management / By Frank Crast / August 10, 2018 / Amazon, AWS, Cloud, configuration management, GoDaddy, S3, server

Cybersecurity firm UpGuard has discovered an error in Amazon AWS bucket configuration that led to the exposure of internal GoDaddy infrastructure data.

Hacker breaks into Reddit systems via SMS-based 2FA

Data Breach, Identity & Access Management, Password Management / By Frank Crast / August 2, 2018 / 2FA, 800-63B, Authenticator, Hacker, NIST, Reddit, SMS, token, TOTP

Reddit, a popular social news aggregation and discussion website, suffered from a security breach between June 14 and June 18 of this year. The incident was discovered on June 19 and linked to weaknesses in SMS-based two-factor authentication (2FA).

Single account blamed for Clarksons breach

Leave a Comment / Data Breach, Identity & Access Management, Third-Party Security / By Frank Crast / July 31, 2018 / Clarksons, Data Breach, Privacy, UK

Clarkson PLC (“Clarksons”), a British shipping company, recently revealed a single and isolated user account compromise was the cause of a data breach and theft of confidential information last year.

Gentoo reveals hacking root cause of its GitHub repository

Application Security, Identity & Access Management, Password Management / By Frank Crast / July 5, 2018 / 2FA, administrator, authentication, Gentoo, GitHub, Linux, Password

Gentoo provided a new security update that describes the impact and root cause of its recent GitHub Linux distribution repository hacking incident.

SAML vulnerabilities affect multiple SSO implementations

Leave a Comment / Application Security, Identity & Access Management, Vulnerabilities & Exploits / By Frank Crast / February 27, 2018 / Clever, Duo, OneLogin, SAML

Duo Labs has found SAML protocol vulnerabilities that impact multiple vendor single sign-on (SSO) systems.

Hackers hijack Enigma

Leave a Comment / Data Breach, Identity & Access Management / By Frank Crast / August 22, 2017 / Cryptocurrency, Data Breach, Enigma, Ethereum, hacking

Hackers have hijacked Enigma, a cryptocurrency investor platform and ethereum marketplace, and stole more than $500,000 in cryptocurrency from investors via a phishing scam.

Oracle SSO vulnerabilities

Leave a Comment / Application Security, Identity & Access Management, Vulnerabilities & Exploits / By Frank Crast / July 12, 2017 / OAM, ObSSOCookie, Oracle, phishing, SSO, SSODomains

Security researchers in Belgium have discovered two vulnerabilities related to Single Sign-on authentication in Oracle Access Manager (OAM) Version 10g, as part of penetration testing work for a client.

QakBot malware locks out thousands of AD accounts

Leave a Comment / Cybersecurity Attacks, Identity & Access Management, Malware / By Frank Crast / June 6, 2017 / Active Directory, AD, IBM, lockout, malware, QakBot

Security researchers have spotted QakBot malware used to lockout hundreds to thousands of Active Directory (AD) accounts across a number of enterprises.

Secure Authorization, Authentication and Access Control for IoT

Application Security, Cybersecurity Articles, Identity & Access Management, Internet of Things (IoT) / By Frank Crast / November 20, 2016 / Access Control, authentication, Authorization, botnet, CSA, DDoS, IOT

To help organizations prepare for Internet of Things (IoT) threats, we outline some key security recommendations for IoT authorization, authentication and access control.