Security Boulevard

FMR FAIL: Huge investment firm won’t say how it was hacked.

The post (In)Fidelity Admits Data Breach 8 Weeks Ago — 77K PII Lost appeared first on Security Boulevard.

Information and digital security frameworks like FedRAMP, CMMC, and ISO 27001 are not static documents. They provide a static framework for your business to comply with and achieve, but that framework is only valid for so long. Several different forces are in play to ensure that the stipulations and security measures outlined in these frameworks […]

The post ISO 27001 – 2013 vs 2022: Changes, Transition & More appeared first on Security Boulevard.

Managing resource requests and limits in Kubernetes can be challenging, especially for teams that are new to container orchestration or scaling complex workloads. But without proper configuration, your cluster can become unstable, experience resource contention (we call that the noisy neighbor effect), or drive up cloud costs unnecessarily. This is why we created Goldilocks, an open-source tool that helps you get your resource requests and limits just right.

The post Exploring Goldilocks: ‘Just Right’ Resource Management appeared first on Security Boulevard.

Organizations say generative AI is fueling a surge of more sophisticated cyberattacks and that they feel unprepared for the onslaught, but a Keeper Security survey found they are investing more in such foundational protections as data encryption and employee awareness training.

The post Generative AI Fueling More Sophisticated Cyberattacks: Survey appeared first on Security Boulevard.

The .io domain has been a favorite for tech startups, but its potential disappearance is sending ripples through the industry. Discover the reasons behind this change and how it might affect your favorite tech companies and the future of online businesses.

The post The Ripple Effect: .io Domain Disappearance and Its Impact on the Tech Industry appeared first on Security Boulevard.

At CornCon 2024, experts debunk myths, explore SaaS vulnerabilities, and highlight how human connections shape the future of cybersecurity innovation.

The post CornCon X: Powering Cybersecurity Innovation Through Human Connection appeared first on Security Boulevard.

Passwordless Authentication without Secrets!
divya
Fri, 10/11/2024 - 08:54

As user expectations for secure and seamless access continue to grow, the 2024 Thales Consumer Digital Trust Index (DTI) research revealed that 65% of users feel frustrated with frequent password resets. This highlights an increasing demand for advanced authentication methods like passkeys and multi-factor authentication (MFA), which provide robust security for most use cases. However, industries reliant on shared devices—such as healthcare, retail, and manufacturing—face unique challenges. These fast-paced environments need a more flexible approach to balance security, speed, and user privacy.

The Challenges of Shared Devices

In industries where shared devices are the norm, such as healthcare workers accessing patient records or retail employees operating point-of-sale systems, security must remain a priority without sacrificing efficiency. Traditional methods, like password resets or multi-factor prompts, slow down workflows and create friction for users who need quick transitions between devices.

For example, in healthcare, constant authentication interruptions can impact both patient care and productivity. Similarly, in retail and manufacturing, delays caused by authentication procedures reduce overall efficiency. These sectors require an authentication solution that delivers fluidity and security without compromising user experience.

Integrating Thales’s User Journey Orchestration with Badge’s Passwordless Authentication without secrets

The Thales OneWelcome Identity Platform offers advanced user journey orchestration, seamless integration, and robust compliance with data privacy regulations like GDPR and CCPA. Its ability to manage complex identity requirements on validation, consent, and progressive profiling for large infrastructures across diverse industries and use cases makes it the ideal to integrate Badge Inc.’s unique "identity without secrets" approach that uses fuzzy extraction, a cryptographic method that consistently derives a secure key from biometric data, eliminating the need to store passwords or personal information. The Thales Consumer Digital Trust Index (DTI) research, reveals that more than four in five (87%) expect some level of privacy rights from the companies they interact with online.

The Growing Demand for Scalable, Secure Shared Device Solutions

The need for scalable, secure solutions for shared device access is skyrocketing as shared devices are the new normal across multiple industry verticals such as healthcare, manufacturing, or retail. CISO and Operation Managers are increasingly attentive to the security and efficiency returns of frictionless onboarding and authentication for professionals working in dynamic, multi-user environments.

This integration improves user experience by allowing for frictionless transitions across devices, reducing costs related to device loss, while ensuring privacy compliance by eliminating the need to store personal data.

• Streamline user experience: seamless onboarding and access management, with passwordless authentication allows users to move across devices without interruptions, cutting costs by eliminating lost-device issues.
• Enhanced privacy and security: eliminate the need to store personal information, reducing risk and meeting global privacy standards.
• Cost savings: Avoid productivity loss and device-related issues with a passwordless approach that eliminates costly credential resets and lost device management.

The industry has key gaps and areas for improvement. At $9.5 trillion, cybercrime is the world's third largest economy1 , with 70% of organizations experiencing significant disruption to their business resulting from a breach. According to the IBM 2024 Cost of a Data Breach Report, "Breaches involving stolen or compromised credentials took the longest to identify and contain (292 days) of any attack vector," and are among the most prevalent and costliest attack type. By eliminating stored credentials and biometrics, Badge ensures there is nothing to breach.

Account recovery is traditionally highly vulnerable—a weak spot for the industry and a common vector for credential theft. With Badge, there is no credential recovery because there is no credential. Thales is augmenting its identity offering by adding Badge to the integrated solution, authenticating that you are you all along the identity lifecycle.

Thales serves customers around the world with a variety of needs, and therefore optionality is critical. Badge's technology allows organizations to use face, fingerprint, PIN, device characteristics, contextual, and other factors for authentication. A standout feature of Badge is that it maintains high accuracy in recognizing users without increasing errors, and organizations can adjust how strict or lenient the system is, ensuring both security and user convenience.

Improving Shared Device Management with Badge Inc.’s Passwordless Authentication

The integration of Badge Inc.’s unique passwordless authentication enhances identity management for shared devices. The integration allows multiple users to authenticate efficiently, without the delays caused by password resets or complex credential management, ensuring secure, uninterrupted access to shared devices.

In healthcare the integration provides comprehensive IAM capabilities that ensures secure patient and clinician authentication to leading healthcare systems on shared devices without centrally storing biometric templates. In finance and payments, the integration offers robust authentication to secure bank teller, back office, and customer data without requiring added friction and liability such as push notifications to trusted devices. Retail and manufacturing sectors benefit from streamlined operations and improved user experiences across shared devices such as kiosks.

Stay tuned for more updates on how our partnership will drive innovation in IAM. To learn more about how Thales OneWelcome and Badge, Inc. can support your organization, visit us at the Thales booth at Authenticate 2024 Conference, October 14-16, in Carlsbad, CA.

Access Control Identity & Access Management Cloud Security Compliance

Marco Venuti | IAM Enablement & Acceleration Director
More About This Author > Schema {
"@context": "https://schema.org",
"@type": "BlogPosting",
"headline": "Passwordless Authentication without Secrets",
"description": "Explore how Thales integrates Badge Inc.'s passwordless authentication technology for shared devices, improving security and user experience in industries like healthcare and retail.",
"author": {
"@type": "Person",
"name": "Marco Venuti",
"url": "https://cpl.thalesgroup.com/blog/author/mvenuti"
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"sameAs": [
"https://www.facebook.com/ThalesCloudSec",
"https://www.twitter.com/ThalesCloudSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
},
"mainEntityOfPage": {
"@type": "WebPage",
"@id": "https://cpl.thalesgroup.com/blog/access-management/passwordless-authentication-without-secrets"
},
"datePublished": "2024-10-11",
"dateModified": "2024-10-11"
}

basic

The post Passwordless Authentication without Secrets! appeared first on Security Boulevard.

Microsoft has recently identified a threat actor known as Storm-0501 targeting government, manufacturing, transportation, and law enforcement sectors in the United States (US) in a cloud ransomware attack campaign. In this article, we’ll dive into the details of the campaign and determine how such attacks are carried out. Let’s begin!  Cloud Ransomware Attack Campaign Hacker […]

The post Cloud Ransomware Attack: Microsoft Sees Storm-0501 As Threat appeared first on TuxCare.

The post Cloud Ransomware Attack: Microsoft Sees Storm-0501 As Threat appeared first on Security Boulevard.

Ensuring seamless operations in even the harshest environments is a necessity today. For organizations operating within the Department of Defense (DoD) space, identity resilience and continuity are essentially non-negotiable — as the stakes are high and often involve life-and-death scenarios. Missions demand resilient systems capable of functioning even in the most extreme conditions. Military environments...

The post Resilience in extreme conditions: Why DDIL environments need continuous identity access appeared first on Strata.io.

The post Resilience in extreme conditions: Why DDIL environments need continuous identity access appeared first on Security Boulevard.

Austin, TX, Oct. 10th, 2024, CyberNewswire — SpyCloud, the leader in Identity Threat Protection, announced that its SaaS Investigations solution has been enhanced with identity analytics that illuminate the scope of digital identities and accelerate successful outcomes of complex investigations … (more…)

The post News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability first appeared on The Last Watchdog.

The post News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability appeared first on Security Boulevard.

As part of the DevOps and DevSecOps track during Sonatype's 9th All Day DevOps (ADDO) event, AWS Senior Developer Advocate Guillermo Ruiz presented his session titled "Building Observability to Increase Resiliency." Well-applied observability helps you find early signs of problems before they impact customers and makes it possible to react quickly to disruptions.

The post ADDO session: Building observability to increase resiliency appeared first on Security Boulevard.

3 min read The collaboration automates workload-to-workload access, simplifying security for API connections and reducing the risks associated with credential management.

The post How the Auth0 and Aembit Integration Boosts Non-Human Access Security appeared first on Aembit.

The post How the Auth0 and Aembit Integration Boosts Non-Human Access Security appeared first on Security Boulevard.

Organizations are constantly faced with the challenge of addressing vulnerabilities and threats to maintain a secure environment. Two common strategies to aide in this are remediation and mitigation, both of which aim to reduce risk but with different approaches and timelines. Understanding the distinction between these strategies—and knowing when to apply each—can be crucial for […]

The post Remediation vs. Mitigation: The Choice Between Instant or Indirect Action  appeared first on VERITI.

The post Remediation vs. Mitigation: The Choice Between Instant or Indirect Action  appeared first on Security Boulevard.

Authors/Presenters:Yazhou Zu, Alireza Ghaffarkhah, Hoang-Vu Dang, Brian Towles, Steven Hand, Safeen Huda, Adekunle Bello, Alexander Kolbasov, Arash Rezaei, Dayou Du, Steve Lacy, Hang Wang, Aaron Wisner, Chris Lewis, Henri Bahini

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – Resiliency at Scale: Managing Google’s TPUv4 Machine Learning Supercomputer appeared first on Security Boulevard.

Last month marks 25 years of operation for the CVE (Common Vulnerabilities and Exposures) program, launched in September 1999. It’s difficult to imagine a world without CVEs. Much of the “vulnerability management” activities, before the CVE program became popular, relied on matching version numbers from remote scans and executing shady exploits found in dark places on […]

The post Vulnerability Prioritization & the Magic 8 Ball appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Vulnerability Prioritization & the Magic 8 Ball appeared first on Security Boulevard.

In 2021, the Log4j vulnerability catalyzed the industry to take action to boost the security of open source components. The development community is leading this movement, but governments are also taking notice and writing legislation to regulate how organizations approach software transparency.

The post ADDO session: The state of SBOM, what’s coming in standards and regulations appeared first on Security Boulevard.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘CIDABM’ appeared first on Security Boulevard.

Schedule jobs via the Structural UI, customize your sensitivity scan with expanded options, and process multiple languages in Tonic Textual!

The post Tonic.ai Product Updates: October 2024 appeared first on Security Boulevard.

Chief Information Security Officers (CISOs) should always anticipate questions that might arise during presentations to senior leaders and corporate boards. Below, we present some typical questions that CISOs should be prepared to answer. We hope these questions help you prepare for the next important presentation you are asked to give to your executive team. What …

Read More

The post Top 11 Cybersecurity Questions Every CISO Should Be Ready to Answer appeared first on Security Boulevard.

This is a joint post with the Hugging Face Gradio team; read their announcement here! You can find the full report with all of the detailed findings from our security audit of Gradio 5 here. Hugging Face hired Trail of Bits to audit Gradio 5, a popular open-source library that provides a web interface that […]

The post Auditing Gradio 5, Hugging Face’s ML GUI framework appeared first on Security Boulevard.