Security news aggregator

Latest coverage for Admission

The Admission tag covers security disclosures and statements that clarify how breaches or unauthorized access occurred.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Admission is the decision to allow or deny a user, device, application, or service access to a resource. In information security, it usually combines authentication—checking who or what is requesting access—with authorization—determining which actions and resources are permitted. The term can also describe network or application admission controls that assess a device’s identity, configuration, or security state before allowing it to connect.

Weak admission controls can expose systems through stolen credentials, missing multi-factor authentication, misconfigured access-control lists, or roles that grant more privilege than necessary. Effective controls apply least privilege, restrict access by context where appropriate, and review permissions as people, devices, and services change. Recording both successful and rejected admission decisions supports detection and investigation of suspicious access, while periodic testing helps identify bypasses and unsafe defaults.

Showing 3 most recent headlines Filtered view

It’s not just another data breach when the victim oversees witness protection programs The US Marshals Service, the enforcement branch of the nation’s federal courts, has admitted to a “major” breach of its information security defenses allowed a ransomware infection and exfiltration of “law-enforcement sensitive information”.…

Krebs on Security 3 years, 4 months ago

When Low-Tech Hacks Cause High-Impact Breaches

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy's admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.  But it's worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.