Access News, Articles and Updates

Is the Internet becoming safer? Two-factor authentication up 618 percent

While 2FA is being implemented more often and users are more frequently protecting their accounts, we need to see these numbers double or triple what we see today for us to be confident that the internet is safer.

Speech recognition software firm breach exposes thousands of records

US-based speech recognition software firm Nuance announced the breach of thousands of patient records after a third party gained unauthorised access.

Massive data breach of Rail Europe's servers lasted nearly three months

Hackers were able to gain unauthorised access to the IT platform of Rail Europe's e-commerce websites for three long months before the firm was alerted to a possible breach by one of its banks.

Russian ops accessed US voter databases, says US Senate Intel Committee

While Russian-affiliated actors who took aim at US state election systems and the US voting process likely didn't change votes, in a few states they were able to access US voter registration databases.

Two-factor authentication hackable - easy to spoof

Two-factor authentication may not be the panacea of securing access to online accounts that many believe it is as KnowBe4's Kevin Mitnick shows how easily this defensive measure can be spoofed.

Security researchers discover way to hack into any hotel room

F-Secure finds millions of hotel rooms at risk from hackers. The key card given out by hotels to guests to access their rooms may not be as secure as thought.

Trackers exploit 'login with Facebook' feature to gather & share user data

Web trackers like Bandsintown are exploiting the "Login with Facebook" feature to gain access to data from the social media firm's users, according a report by security researchers at the Freedom to Tinker blog.

Hackers still exploiting the human factor to carry out ransomware attacks

Nearly 70 percent of successful ransomware attacks in 2017 were the result of hackers gaining access to enterprise networks by phishing via email or social media network.

Gwent Police sat on data breach exposure for a year before informing ICO

Gwent Police failed to inform up to 450 people that hackers may have accessed their confidential information after it found that an online tool that allowed citizens to report incidents to the Police was exposed to hackers.

FBI used Best Buy's Geek Squad as confidential informants, FOIA docs show

Does the US' FBI really need tech companies to provide backdoors in their products to gain access to illegal material stored there? Apparently not...as long as members of the Geek Squad are willing to do the agency's bidding.

Millennial habits may bring an end to the password era

Millennials use passwords less than others and as they come to dominate the workforce, their online authentication habits impact the way employers and technology companies provide access to devices and applications.

Organisations should push identity and access management up the business agenda

IT and security leaders must elevate IAM out of the realm of IT, via a programme management approach, so it becomes a business-wide initiative; IAM leaders need to assert themselves in digital transformation initiatives.

Chase 'glitch' grants customers access to random accounts

Multiple Chase Bank customer accounts in the US were exposed after what was described as a "glitch" granted customers looking to log into their own accounts access to the accounts of random customers instead.

Drupal 7 and 8 patch multiple critical vulnerabilities

Drupal patched multiple vulnerabilities in both Drupal 7 and Drupal 8 including a comment reply form flaw that allows access to restricted content and an incomplete JavaScript cross-site scripting prevention flaw, both rated critical.

Fancy Bear targets defence contractors email to steal tech secrets

Russian hacking group Fancy Bear, have exploited weakspots in the email systems of defence contract workers to access top secret information on US defence technology, including drones.

Bomgar acquires Lieberman Software

Bomgar has acquired Lieberman Software to help boost the company's secure access software portfolio and giving it access to Lieberman's privileged identity and credential management technology.

Biometrics as additional access route weaker than password-only protection

A society where identity authentication is allowed without users' volition would be a society where democracy is dead. The password as memorised secret is absolutely necessary says Hitoshi Kokumai.

There's a lot we can learn from 2017's 'big four' breaches

The four main breaches of 2017 had various things in common. No matter how sophisticated the attack, they could all have been avoided. Whether due to a lack of interest, focus, urgency or all three, bad decisions were the key culprit.

Is voice biometrics the key to safer authentication?

For voice biometrics to become a cross-industry security standard, there is a greater need for a more advanced and robust solution says Nick Gaubitch.

No one is safe: How to stem the global breach epidemic

It's vital that multi-factor authentication systems become the industry standard for securing both customer and internal IT accounts. By replacing the outdated password-username combination, most hackers are outfoxed.

Hex-Men Trio using compromised SQL servers to conduct mining, DDoS attacks

A series of cyber-campaigns, jointly known as the Hex-Men Trio, that specifically target SQL Servers in order to use them to conduct additional attacks has been identified by Guardicore Labs.

Show me the security - the benefits of IAM (identity and access management)

The essence of IAM (identity and access management) is ensuring that the right people, have the right access, to the right resources, in the right ways, and that you can prove all those "rights" to the people that need to know.

P455W0rDS: How secure is yours and is it time to retire it?

Relying on usernames and passwords to authenticate user identity is irresponsible. If one of your tweaked passwords is lost or stolen, you should throw all versions of it away as hackers know that people tweak passwords.

LinkedIn access down across much of the globe, encryption down for others

Yesterday large parts of the world were without their LinkedIn accounts due to an SSL certificate expiry and those that were able to login were browsing without encryption, meaning all of their data was potentially at risk.

Flaw in macOS High Sierra allows easy access

A root access flaw in Apple's macOS High Sierra 10.13.1 makes it possible for anyone to log into the system by typing "root" into the name field.

Writing authorisation policies to secure big data

Enforcing authorisation directly at the data level can be incredibly powerful as it could mean minimal or no changes to the applications that are accessing the data itself says Jonas Iggbom.

Rémy Cointreau Case Study - connecting a global workforce to the cloud

Rémy Cointreau faced a challenge to create a more agile organisation through its IT infrastructure, providing employees with the ability to securely access applications from any device at any time and from anywhere.

Bug in anti-malware defenses mistakenly blocks users' Google Docs files

Google issued a public apology on Thursday after a bug mistakenly caused its defences against malware, phishing, and spam to block some users' access to Google Docs files on 31 October.

'Killing the password' is 'killing democracy'. Don't let it happen.

A society where login without users' volition is allowed would be a society where democracy is dead says Hitoshi Kokumai

The threat of privileged user access - monitoring and controlling privilege users

Marcell Gogan discusses the threat of privileged user access and how it often goes largely ignored