IT News - Security

Don't assume that SSO is inherently secure. Follow these recommendations to prevent unauthorized access due to authentication flaws.

Ax Sharma writes in CSO Online, "The recent 'Sign in with Apple' vulnerability earned a researcher $100,000 as a part of Apple's bug bounty program. The flaw itself arose from an OAuth-style implementation that did not properly validate JSON Web Token (JWT) authentication between requests. This would have allowed a malicious actor to 'Sign in with Apple' using anyone's Apple ID..."

Over 140 million guests were compromised in total

"A hacker selling a large database on the dark web has prompted security researchers to believe the 2019 MGM Resorts data breach was far larger than initially thought," reports Sead Fadilpasic in ITProPortal.

"Earlier this year, it was reported that the breach affected 10.6 million people. However, the recently published database - available for just under $3,000 - seems to hold personal details on more than 142 million MGM guests..."

Best Password Managers Of 2020
ITProPortal, July 13th, 2020
Store your passwords in a safe place with these solutions

"As our lives are moving increasingly into the online sphere," writes Sead Fadilpaaic in ITProPortal, "there are more and more passwords to remember and keep track of, which can be a burden. To make this task easier, you can use one of the many password managers out there that not only create a safe place to keep all your passwords, but, depending on the solution, offer additional options such as file vaults, VPNs, and storing other important information..."

With employees likely to continue to spend much, if not all, of their time working from home, companies are focusing more on technologies to boost the security of their now-distributed workplace

"With coronavirus infections continuing to rise in many areas of the United States, remote work will remain in the future for most companies, leading business leaders to speed adoption of a variety of distributed security measures," reports Robert Lemos in Dark Reading.

"In particular, the model of zero trust has gained momentum, moving from a possible approach to security to a necessary piece of surviving in the future. Underscoring that, more than 70% of organizations indicate that they are considering adopting a zero-trust model for security following the pandemic and the move to extensive remote work, according to a survey conducted by virtual private networking firm NetMotion Software..."

Follow this advice from a famous military commanders' commencement speech and watch your infosec team soar

Joshua Goldfarb writes in Dark Reading, "In his 2014 commencement speech at the University of Texas at Austin, Admiral William Harry McRaven stated:

If you want to change the world, start off by making your bed. . If you make your bed every morning, you will have accomplished the first task of the day. It will give you a small sense of pride, and it will encourage you to do another task and another and another. And by the end of the day, that one task completed, will have turned into many tasks completed. Making your bed will also reinforce the fact that the little things in life matter. If you can't do the little things right, you'll never be able to do the big things right. And if by chance you have a miserable day, you will come home to a bed that is made, that you made. And a made bed gives you encouragement that tomorrow will be better...'"

See all Archived IT News - Security articles See all articles from this issue