Data Safety and Information Security

BitLocker's reliance on a TPM for security is its own downfall in this specific exploit.

Phishing Impact testing from autonomous pentesting company Horizon3.ai fills a knowledge gap by providing organizations with the precise impacts and likely outcomes of a successful phishing campaign on their particular organization and systems, should

When you create a PDF file, what you see is not all you get. You also include metadata that you may not be aware of.

Passkeys are here to replace passwords. When they work, it’s a seamless vision of the future. But don’t ditch your old logins just yet.

We will examine Relationship Based Access Control (ReBAC) and its common models that you should not try to implement with roles (RBAC) or attributes (ABAC) to avoid technical debt and security breaches.

We can't have broad adoption of verifiable credentials until we find a way to scale their presentation by providing tooling that credential verifiers can use to reduce their risk and gain confidence in the facts presented to them.

Incorporating game-like elements can encourage developers to not only prioritize security, but do so in an engaging and rewarding way.

An application delivery platform that includes built-in security capabilities such as WAF, bot and API protection adds critical layers of defense.

In this post, we will dive into the exploit development process for the three modules we created in honor of the 30th anniversary of the Morris worm.

The most important lesson to figure out is why it is taking so long to restore services. That will tell us how to prevent such a calamity in other vital national institutions.

COMMISSIONED: Edge security is a growing headache. The attack surface is expanding as more operational functions migrate out of centralized locations and

Explore Zone One, the crucial starting point for bolstering your online privacy and security. Discover essential steps to safeguard your digital life, from password management to minimizing your digital footprint. Take control of your online presence and learn how to protect your personal information effectively.

Ransomware that's aimed at backup infrastructure can put critical backup repositories at risk as well as expose a treasure trove of corporate data.

UEFIs booting Windows and Linux devices can be hacked by malicious logo images.

QR codes can be convenient—but they can also be exploited by malicious actors. Here’s how to protect yourself.

A new report estimates that 73% of all internet traffic currently (Q3, 2023) comprises bad bots and related fraud farm traffic.

New mutual authentication approach for Kubernetes workloads suffers from eventual consistency, which can produce security vulnerabilities.

An in-depth explanation on Verifiable Credentials from identity first principles, and how and why we think they will happen

Protecting your user's personal medical information is vital in healthcare apps. Here's how to make sure you're doing everything to keep that data safe -

LitterDrifter's means of self-propagation are simple. So why is it spreading so widely?

Database reconstruction allows an attacker to recover raw data from reported statistics. US Census data prior to 2020 was vulnerable to reconstruction attacks.

Though the name sounds secure, API keys do not offer robust security. Sensitive data requires a more fortified form of protection, such as tokens.

APIs are designed to connect and share data with other applications – and it can be easy to underestimate just how exposed that data is.

With the growing adoption of cloud-based tools, it’s important for companies to adapt. A new approach to access governance is necessary.

A look at what is lacking as eBPF for Kubernetes security continues to evolve as a work in progress.

Why a holistic approach to securing CI/CD pipelines is essential, plus practical steps to help fortify your pipeline against potential threats.

The latest IIW was great with many high intensity discussions of identity by people from across the globe.