A week in security (August 3 – 9)

Last week on Malwarebytes Labs, on our Lock and Code podcast, we talked about identity and access management technology. We also wrote about business email compromises to score big, discussed how the Data Accountability and Transparency Act of 2020 looks beyond consent, and we analyzed how the Inter skimming kit is used in homoglyph attacks. Other cybersecurity news A new and unpatchable … [Read more...]

Harnessing the power of identity management (IDaaS) in the cloud

Sometimes, consumers have it easy. Take, for example, when they accidentally lock themselves out of their personal email. Their solution? Reset the password. With one click, they’re able to change their old, complicated password with a new, more memorable one. Self-service password reset is awesome like this. For users on a business network, it’s not so simple. That is, unless … [Read more...]

Capital One breach exposes over 100 million credit card applications

Just as we were wrapping up the aftermath of the Equifax breach—how was that already two years ago?—we are confronted with yet another breach of about the same order of magnitude. Capital One was affected by a data breach in March. The hacker gained access to information related to credit card applications from 2005 to early 2019 for consumers and small businesses. According to the bank the … [Read more...]

Key considerations for building vs. buying identity access management solutions

Time and time again, organizations learn the hard way that no matter which security solutions they have in place, if they haven’t properly secured the end user, their efforts can be easily rendered moot. The classic slip-up most often associated with end-user-turned-insider-threat is falling for a phishing email that in turn infects the endpoint. Now imagine that end user is someone with access to … [Read more...]

How to Manage AWS IAM Users with Python

Amazon Web Services (AWS) offers a service known as Identity and Access Management (IAM) that lets AWS Administrators provision and manage users and permissions in AWS cloud.  AWS IAM can prove very useful for System Administrators looking to centrally manage users, permissions and credentials; in order to authorize user access on AWS services like EC2, S3, CloudWatch etc. … [Read more...]

Privileged Account Management and Identity Access Management: Same Family, Different Strengths

From a cyber criminal’s point of view, obtaining privileged account information has the highest ROI of any attack strategy. A malicious actor with privileged account passwords in hand could infiltrate key databases and access highly sensitive data. To obtain this information, attackers use increasingly sophisticated tools and social engineering techniques which are extremely difficult for even the … [Read more...]