Why Tokens Are Like Gold for Opportunistic Threat Actors

May 13, 2024 at 10:07AM Authentication tokens, crucial for cybersecurity, allow secure logins and app access. However, they pose risks if compromised. Threat actors exploit unexpired tokens, leading to breaches. Companies should adopt aggressive token management, including expiring tokens every seven days and limiting access from personal devices. These actions can significantly mitigate the risk … Read more

Hacker claims Giant Tiger data breach, leaks 2.8M records online

April 13, 2024 at 10:05AM Giant Tiger, a Canadian retail chain, experienced a data breach in March 2024, with 2.8 million customer records leaked. The breach includes email addresses, names, phone numbers, and physical addresses. HaveIBeenPwned added the leaked database for users to check. Giant Tiger declined to name the third-party vendor responsible. Customers are … Read more

How to secure AD passwords without sacrificing end-user experience

January 24, 2024 at 10:19AM Hackers attempted 1,287 password attacks per second in 2022, highlighting the importance of strong password security. Many users still use easy-to-guess passwords, creating security vulnerabilities. Organizations can promote longer, unique passwords and correlate password expiration with password length to enhance security. Tools like Specops Password Policy can help enforce these … Read more

Securing Cloud Infrastructure Demands a New Mindset

October 31, 2023 at 02:52PM The increasing number of attacks on cloud infrastructure has created a situation where both providers and users are equally affected. To prevent losses, it is crucial for cloud providers and users to collaborate closely and implement innovative approaches in order to enhance the security of public cloud resources. Based on … Read more

20 Years Later, Is Patch Tuesday Enough?

October 31, 2023 at 08:52AM Microsoft’s Patch Tuesday, which has been a monthly ritual for IT and security professionals for the past 20 years, aims to consolidate security updates into a planned release cycle. However, the high number of vulnerabilities and the growing dependence on Microsoft tools and services pose risks. Adversaries are becoming smarter … Read more

The Fast Evolution of SaaS Security from 2020 to 2024 (Told Through Video)

October 16, 2023 at 08:25AM The text discusses the importance of SaaS security and highlights key findings from the SaaS Security Survey Report. It emphasizes the need for automated configuration and monitoring tools, as well as the critical role of identity and access governance. The risks associated with third-party connected apps are also examined. The … Read more