
Stuart Sharp
VP of Solution Engineeringfeature_status*/ ?>
OneLogin
Comments Dotted :
28
December 18, 2020
Yes, biometrics have a role to play.
All too often, biometrics are seen as the panacea for solving the difficult task of accurately and securely identifying people with a seamless user experience. Yes, biometrics have a role to play, but they have important limitations, and if not deployed in the right way, they pose a significant risk. First of all, biometric identification is not 100% accurate — it relies on the probability of the facial or fingerprint scan, for example, belonging to the user, and operates with what is often .....Read More

December 17, 2020
Face verification technology is certainly a stronger form of 2FA than SMS.
GovTech can be applauded for recognising that once size does not fit all when it comes to security, particularly with the introduction of multi-user SMS. Even though SMS OTP is vulnerable to SIM take-over and phishing-based attacks, introducing it as a second authentication factor greatly reduces the overall likelihood of attacks being successful. Face verification technology is certainly a stronger form of 2FA than SMS, but GovTech’s implementation of a government-owned centralised.....Read More

November 17, 2020
Maintaining good cybersecurity requires keeping an eye on the basics.
What has transpired here highlights how cybersecurity does not operate within a vacuum. Maintaining good cybersecurity requires keeping an eye on the basics, and ensuring that the organisations you partner with in the supply chain do as well - as the saying goes, your security is only as strong as your weakest link. In this instance, the South Korean government should ensure that the software manager verifies the owner of the certificate, and that all organisations within their supply chain are .....Read More

September 24, 2020
By allowing remote access to an Instagram account, the attackers could use this for any purpose they wish.
This vulnerability shows just how vulnerable our online accounts are. By allowing remote access to an Instagram account, the attackers could use this for any purpose they wish, including blackmail or the compromise of high-profile or corporate Instagram accounts. Instagram must work as quickly as possible to patch this vulnerability - Service providers have a duty of care to their users to follow security best practices — the discovery of a vulnerability like this should prompt a service.....Read More

September 18, 2020
Security awareness training is also key in preventing employees and students from falling for phishing attacks.
The education sector is no different from any other industry, COVID-19 has accelerated its digital transformation programs. Accompanying this is a rise in ransomware attacks as we’ve seen in recent headlines. Fortunately, securing such institutions from an attack largely comes down to cyber hygiene - steps that have been laid out by the NCSC. Chief among them is the implementation of multi-factor authentication. This reduces the risk of attack by increasing the complexity of the exploit for.....Read More

August 12, 2020
Businesses should also consider moving away from their dependency on passwords.
Any malware with the capability of stealing passwords is very concerning given that they are traditionally a first line of defense for most websites and applications. It is even more concerning that they are able to steal passwords from VPNs which have become increasingly important in recent months for businesses functioning in the remote/hybrid working model ushered in by the COVID 19 pandemic. In order to prevent attackers from infiltrating deeper, both organisations and consumers alike need.....Read More

April 29, 2020
Considering that over 75 million sites use WordPress, it’s not surprising that it’s a prime target for hackers searching out vulnerabilities.
Considering that over 75 million sites use WordPress, it’s not surprising that it’s a prime target for hackers searching out vulnerabilities. At the moment, bad actors are targeting sites running the OneTone theme to exploit a vulnerability that allows them to create backdoor admin accounts or inject malicious code inside the theme’s settings. For organiations running multiple WordPress sites, they should prioritise work based on a risk assessment of the services offered by each exposed.....Read More

April 08, 2020
The data now hosted on dark web forums will move into the cybercriminal supply chain.
This is of course a significant worry for users of Email.it, and for the company itself whose brand reputation and security posture will suffer as a result of this breach. They may also find themselves in breach of legislation such as GDPR, which could incur fines sizeable enough to have a serious affect on the company’s bottom line. Applying proactive measures such as two-factor authentication and other access controls as part of an enterprise’s standard privacy requirements can help to.....Read More

March 06, 2020
Misconfiguration is a term used really to hide the fact baseline controls haven’t been put in place like privileged user access controls.
We are still seeing service providers failing to follow fundamental best practices to secure their customers’ data. The fact the data was accessed without the need for advanced hacking techniques using a misconfiguration that was in place for 10 months highlights how important it is to carry out regular security reviews of systems holding sensitive data, and to put in place access control monitoring and alerting. Any company holding personal data of millions of people should be protecting all .....Read More

February 07, 2020
This latest IoT vulnerability highlights the critical need for robust security standards for IoT.
This latest IoT vulnerability highlights the critical need for robust security standards for IoT. Government’s must act now to hold IoT vendors to account for the security of their devices, and although the UK government recently proposed new legislation around IoT password management, it falls far short of the in-depth guidance and standards required to prevent hackers exploiting vulnerabilities like that found in the ZigBee protocol.
