Blog

California bill would tighten privacy protections for minors

A proposed California law which passed the state senate this week could drastically boost online privacy protection for minors, but major platforms like Google and Meta have called the bill “too broad,” warning that the work involved in complying with the law would be onerous and have unintended consequences. The essence of the bill, called the California Age-Appropriate Design Code Act, is that tech companies that collect data on children would be required to treat that data differently than data on other users, and to enact a range of other safeguards designed to protect children’s privacy when using online platforms. To read this article in full, please click here
http://news.poseidon-us.com/SXbrNh

Remediant wants to move beyond PAM to secure enterprise networks

Security software provider Remediant wants to move beyond basic privileged access management (PAM) to help CSOs secure enterprise networks. It’s adopting a new approach it calls PAM+, aimed at helping enterprises protecting access to their systems and build on Zero Trust initiatives. Tim Keeler, CTO and co-founder of Remediant, set out the need for the new strategy: “Organizations’ inability to properly manage identities and privileges across the enterprise has left a large number of attack surfaces unprotected and vulnerable to cyberattacks that result in ransomware. A majority of today’s cybercriminals are able to accomplish their mission by leveraging privilege (or admin) account sprawl — a very large and highly exploited attack surface.”  To read this article in full, please click here
http://news.poseidon-us.com/SXbrLc

Dashlane launches integrated passkey support for password manager with new in-browser passkey solution

Password management vendor Dashlane has announced the introduction of integrated passkey support in its password manager, unveiling an in-browser passkey solution to help tackle the issue of stolen/misused passwords. The launch comes as the “passwordless authentication” era edges closer with tech giants Apple, Google and Microsoft set to bring it to millions of smartphone and laptop users in accordance with recommendations from the Fast IDentity Online (FIDO) Alliance. Passkey support includes secure sharing, access control, multi-device sync capabilities In a blog post, Dashlane wrote that the launch of passkey support in its password manager is the natural evolution of its offerings and is tied to its mission of making security simple for organizations and their people. “Today’s biggest security issue stems from stolen logins – over 80% of breaches occur as a result,” it added. Passwordless authentication takes a powerful step towards addressing this problem, it claimed. To read this article in full, please click here
http://news.poseidon-us.com/SXbSjX

Dealing with cyber threats in the energy sector: Are we on the right path?

In this interview for Help Net Security, Katie Taitler, Senior Cybersecurity Strategista at Axonius, talks about cyber threats in the energy sector and what should be improved to make sure this sector is properly guarded. We have witnessed numerous cyberattacks on the energy sector in the past few years. What could be the consequences of such attacks? Attacks on the energy sector are often a show of power that are meant to cause large-scale disruption. … More → The post Dealing with cyber threats in the energy sector: Are we on the right path? appeared first on Help Net Security.
http://news.poseidon-us.com/SXZkcX

How Just-in-Time privilege elevation prevents data breaches and lateral movement

Are inadequate security policies for privileged access making you highly vulnerable to security breaches and ransomware attacks? In the weeks that followed the high-profile attack on the SolarWinds supply chain, it became clear that the threat actors infiltrated the company’s internal networks and cloud infrastructure through unrestricted privileged access. Once inside the network, they were able to move laterally in the system. This attack and many others reinforce the importance of an effective Privileged Access … More → The post How Just-in-Time privilege elevation prevents data breaches and lateral movement appeared first on Help Net Security.
http://news.poseidon-us.com/SXZd14

CACI wins $5.7 billion award to start privatizing Air Force network management

The ten-vendor team led by CACI will be responsible for “Wave 1” of the Air Force’s EITaaS rollout, focusing on end-user devices, IT service management and support services.
http://news.poseidon-us.com/SXXPvP

Changing cyber insurance guidance from Lloyd’s reflects a market in turmoil

Rising ransomware attacks and higher payout demands have battered the insurance industry, leaving many organizations exposed and vulnerable. 
http://news.poseidon-us.com/SXX8cs

5 open-source vulnerability assessment tools to try out

A vulnerability assessment is a methodical examination of network infrastructure, computer systems, and software with the goal of identifying and addressing known security flaws. Once the vulnerabilities are pinpointed, they are classified based on how critical it is to fix/mitigate them sooner rather than later. Usually, the vulnerability scanning tool also provides instructions on how to remediate or mitigate the discovered flaws. Security teams can use the findings of a vulnerability assessment to better understand … More → The post 5 open-source vulnerability assessment tools to try out appeared first on Help Net Security.
http://news.poseidon-us.com/SXWYth

Traceable AI debuts API testing product for its security platform

Traceable AI today announced the general availability of xAST, an API security testing solution, as part of its API Security Platform. The new feature set, after extensive beta testing with some of the company’s larger customers, is available for immediate use, and builds on the Traceable’s existing visibility and risk analysis features. The idea is to reduce the impact of potential API vulnerabilities early in the software development process, by making it easy to actively test an API that has made it through development but before it goes into production. Traceable uses an “in-app” approach to API testing, which means it’s observing the behavior of software while it’s actually running, as opposed the “contract” model, which merely analyzes which behaviors an API should exhibit. To read this article in full, please click here
http://news.poseidon-us.com/SXWQFZ

Service members and their families have a new vaccine option

In today’s Federal Newscast: Service members and their families have a new option when it comes to COVID-19 vaccinations. The clock is ticking on the Small Business Innovation Research program. And no test for you, as the free gifts to your mailbox come to an end.
http://news.poseidon-us.com/SXTN5D