Latest news with #KeeperSecurity
Associated Press
a day ago
- Business
- Associated Press
New EMA Research Highlights Keeper Security's Strength in Modern Privileged Access Management
Keeper customers report easier deployments and stronger security controls compared to other PAM vendors LONDON, UNITED KINGDOM, August 15, 2025 / / -- Keeper Security, the leading zero-trust and zero-knowledge Privileged Access Management (PAM) platform protecting passwords and passkeys, privileged accounts, secrets and remote connections, today announces the release of a new global survey report from Enterprise Management Associates (EMA), Beyond the Vault: Elevating Privileged Access Management in the Modern Enterprise. The independent survey and report evaluates eight major PAM platforms and identifies Keeper as a leader in deployment ease, security architecture and customer satisfaction. With 69% of organisations adopting PAM primarily to prevent credential theft and mitigate cyber threats, solutions based on zero-trust and zero-knowledge principles are increasingly critical to enforce continuous identity verification and secure sensitive data. The EMA survey, based on responses from cybersecurity professionals actively using eight leading PAM platforms, found that Keeper customers experience faster deployments, stronger adherence to zero-trust principles and higher overall satisfaction compared to users of other PAM solutions. Key findings include: • 60% of Keeper customers report their PAM platform as truly 'zero-knowledge' and 'zero-trust by design,' nearly double the 35% reported by users of other platforms. • 60% of Keeper users describe deployment as 'very easy,' compared to just 22% of the users of other PAM solutions. • Only 15% of Keeper customers require dedicated staff to manage deployment and integration, versus nearly 40% of users of other providers - significantly reducing IT resource strain often seen in UK councils, NHS trusts, and educational institutions. • 75% of Keeper users are 'very satisfied' with their solution, significantly higher than the 54% satisfaction rate for other vendors. • None of Keeper's customers reported plans to switch platforms, while 5% of other users surveyed said they are actively seeking alternatives. The findings come at a time when UK organisations face increasing pressure to modernise their security solutions responsible for Identity and Access Management (IAM), following the UK Government's Cyber Security Strategy (2022-2030) as well as a heightened regulatory focus on ransomware resilience. For public sector entities such as NHS Trusts, councils and critical national infrastructure, the need for zero-trust, cloud-based solutions that reduce complexity and staffing overhead is growing increasingly urgent. The report also highlights that a privileged access management solution like KeeperPAM™ integrates advanced capabilities such as just-in-time provisioning, remote browser isolation, endpoint privilege management and privileged session monitoring. These features enable organisations to eliminate shared credentials, enforce least-privilege access and automate the entire privilege lifecycle from onboarding to deprovisioning. 'Privileged access remains the most critical control point for cybersecurity,' said Darren Guccione, CEO and Co-founder of Keeper Security. 'Legacy tools often fall short due to complexity, slow deployment and limited integration. KeeperPAM was designed to address these challenges with a zero-trust architecture and zero-knowledge encryption, enabling fast, secure access controls without compromise. This report validates the high value we deliver to organisations and their security teams.' Unlike legacy on-premises PAM platforms that often face brittle integrations and require significant staffing resources, KeeperPAM's cloud-native design streamlines deployment and simplifies integration with identity providers, SIEM platforms and CI/CD pipelines. This reduces operational overhead and allows security teams to shift their focus from reactive strategies to proactive risk mitigation. Organisations using competing solutions report significantly more challenges, from missing features to integration difficulties, with 73% citing at least one major issue, compared to just 35% of Keeper customers. The complete EMA report, Beyond the Vault: Elevating Privileged Access Management in the Modern Enterprise, is now available for download. ### About Keeper Security Keeper Security is transforming cybersecurity for millions of individuals and thousands of organisations globally. Built with end-to-end encryption, Keeper's intuitive cybersecurity platform is trusted by Fortune 100 companies to protect every user, on every device, in every location. Our patented zero-trust and zero-knowledge privileged access management solution unifies enterprise password, secrets and connections management with zero-trust network access and remote browser isolation. By combining these critical identity and access management components into a single cloud-based solution, Keeper delivers unparalleled visibility, security and control while ensuring compliance and audit requirements are met. Learn how Keeper can defend your organisation against today's cyber threats at Learn more: About EMA Founded in 1996, Enterprise Management Associates (EMA) is a leading IT research and consulting firm dedicated to delivering actionable insights across the evolving technology landscape. Through independent research, market analysis, and vendor evaluations, we empower organisations to make well-informed technology decisions. Our team of analysts combines practical experience with a deep understanding of industry best practices and emerging vendor solutions to help clients achieve their strategic objectives. Learn more about EMA research, analysis, and consulting services at or follow EMA on X or LinkedIn. Media Contact Charley Nash Account Manager [email protected] Visit us on social media: LinkedIn Instagram Facebook YouTube TikTok X Legal Disclaimer: EIN Presswire provides this news content 'as is' without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
Fast Company
23-07-2025
- Business
- Fast Company
The Microsoft SharePoint breach was massive. The response has been minimal
It's not every day that U.S. nuclear facilities, the Department for Education, and governments across Europe and the Middle East are breached in a single hack. But then again, the vulnerability identified in Microsoft's document collaboration tool, SharePoint, this weekend isn't your ordinary issue. It has found a chink in the armor of one of the most widely used suites of software across the world. Microsoft holds a two-thirds market share in the business productivity space. Microsoft disclosed the vulnerability in a blog post over the weekend, clarifying that the issue only affected on-premises SharePoint servers. These are locally hosted instances of the collaboration tool, rather than the more broadly used SharePoint Online system in Microsoft 365. The company rolled out updates to plug the hole in security, which it said customers 'should apply [. . .] immediately to ensure they are protected.' Dozens of large organizations are known to have already been affected, including U.S. and international governments, and were hacked through the vulnerability. The breach has left some wondering why the reaction has been so muted, given the high-profile targets. Darren Guccione, CEO and cofounder of Keeper Security, notes that although Microsoft 365's cloud-based services are unaffected, many critical sectors—including government, legal, and financial institutions—still depend on older or hybrid SharePoint setups. These systems, he says, often 'lack the visibility, access control and agility' needed to respond quickly with security updates. Some cybersecurity experts say the response so far hasn't reflected the seriousness of the threat. Alan Woodward, a cybersecurity professor at the University of Surrey, points out that the issue impacts on-premise installations rather than Microsoft-hosted ones. As a result, he explains, Microsoft's role is limited to releasing a fix, leaving the rest up to organizations themselves. The company, he says, has essentially told users: 'Over to you if you operate and maintain your own servers' instance of SharePoint.' (Microsoft did not immediately respond to Fast Company 's request to comment.) Those servers are often held offline because they are used to store sensitive data, including in the delivery of government services, which isn't trusted to be stored in cloud environments. 'The awkward part of the story is that there are still several hundred thousand share points on premises,' Woodward says. 'It could be a double-whammy if it's not handled properly.' Woodward says he's been struck by the lack of urgency in the broader IT community's response—including from Microsoft itself. Given the severity of the vulnerability, he expected the company to be far more vocal in alerting its technical user base. Microsoft, he says, should have been 'shouting about it.' Meanwhile, both the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and U.K. National Cyber Security Center (NCSC) have issued warnings about the risks of the vulnerability. Other experts are more sympathetic to Microsoft's situation. 'I have some sympathy for all parties here,' says Craig Clark, director of Clark & Company Information Services, a cybersecurity advisor. 'Threats are evolving at such a rate that it's almost impossible to keep up.' Clark does admit that 'Microsoft needs to be more dynamic in how it issues its advisories and remember that many security teams are small and perhaps more needs to be done to keep people better informed,' he says. But the relationship goes both ways. 'For their part, security teams need the resources to ensure that patching is seen as more than just a nice to have,' he says. One of Clark's key concerns is how quickly attackers are now able to weaponize newly discovered vulnerabilities—something he attributes to rapid advancements in technology, particularly AI. He warns that threat actors are increasingly leveraging these tools to accelerate attacks, which will likely make incidents like this more frequent. Microsoft has already confirmed that Chinese state-sponsored hackers have exploited the flaw. Fixing the problem long-term will be more complex, experts say. Clark advises layering security measures, isolating critical systems, and automating patching wherever possible. Ultimately, he says, organizations 'need to move away from the patch when we can.' Still, what works in theory often falls short in practice—which is why such vulnerabilities continue to surface.
Yahoo
25-06-2025
- Yahoo
The common password mistake that's exposing you to hackers
There's no shortage of password-protected accounts these days, with everything from setting up a pair of wireless headphones to buying a pint on a pub app requiring new log-in details. It's perhaps no surprise that many of us attempt to use slight variations on the same password, even ones that have leaked online - but how secure is it really to change (for example) Potato123 to Potato456 or P0tato123? It's very common to do so: 60% of people in Britain admit reusing passwords, and of those, 62% make slight variations in the same password, believing that this protects them from cybercriminals, according to 2025 research by Nordpass. But the idea that this makes a password more secure is 'one of the most common misconceptions' about staying safe online, Darren Guccione, CEO of password management company Keeper Security, tells Yahoo News. Many people believe that changing a single character in a password (i.e. swapping a number for a symbol, or changing a number) is enough to protect accounts. 'It's understandable of course," Guccione says. "People's digital footprint today is significant and remembering complex passwords can be difficult, particularly when it might involve websites that users visit infrequently. 'So people, naturally, opt for shortcuts. Changing one letter can feel like an easy quick fix.' Cybercriminals often work from lists of passwords that have leaked in online 'data breaches', where information such as passwords are stolen from hacked sites. Last week, for example, it was reported that 16 billion passwords were leaked online in one of the largest illicit data dumps in history. And according to a report by financial insights company TransUnion published this week, one in seven people say they have lost money to fraud in the past year. Half (50%) said that a fraud attempt had been made against them in the past three months. 'The reality is that this simple step pales in comparison to the persistent efforts we see from cybercriminals today in attempting to gain access to your data," Guccione says of those who think a simple password switch is enough to keep their details safe. If your password has been compromised, simply changing one letter is not enough, as the tools today's cybercriminals use allow them to guess multiple similar passwords at once. 'Cybercriminals are well-versed in this type of behaviour. So much so that today's attackers routinely build these small variations into their cracking tools and password lists. They strongly expect this type of behaviour from users and they prepare accordingly," Guccione says. 'These predictable variations are low-hanging fruit for hackers. If your credentials have been previously compromised in a breach, it's safe to assume a new, slightly tweaked version will be just as vulnerable. "Today's hackers use automated tools, often powered by AI, that test common passwords and their slight variants by the millions.' Billions of passwords have leaked online in this way; you can check whether yours has leaked on sites such as Never reuse passwords, even with variations, Guccione advises. Even if it's for a site you won't use often, there is a chance that site will be hacked and your password will be exposed - and then every other site you have used it for (or slight variations of it) on will be vulnerable. 'Predictability is the ultimate failing when it comes to matters of cybersecurity. Cybercriminals prey on people's underestimation of just how sophisticated their password cracking methods have become," says Guccione. He advises using passwords with no names, dates or dictionary words - they should, ideally, be randomly generated and at least 16 characters long. He also recommends using a password manager app to store and generate passwords. 'Using a password manager is the digital equivalent of a security system: a modern solution designed to eliminate predictable habits entirely," he says. 'This secure tool will generate strong, unique passwords and store them safely, so you don't have to rely on memory or risky behaviours such as simple, reused passwords." Guccione also advises using two-factor authentication where possible on all accounts, either via codes sent to your mobile or via a dedicated app. 'This could be biometrics, a hardware security key or a code that is sent to your mobile device after you have logged in to an account," he says. "This second step verifies that it is in fact you who is logging in to said account. It provides an essential additional layer of security, so even if your password is cracked, your account remains protected.'
Forbes
19-06-2025
- Forbes
16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now
The biggest password leak in history confirmed. getty Update, June 19, 2025: This story, originally published on June 18, has been updated with comments from the founders of Keeper Security regarding the 16 billion leaked passwords and other login credentials across the major tech vendor landscape. If you thought that my May 23 report, confirming the leak of login data totaling an astonishing 184 million compromised credentials, was frightening, I hope you are sitting down now. Researchers have just confirmed what is also certainly the largest data breach ever, with an almost incredulous 16 billion login credentials, including passwords, exposed. As part of an ongoing investigation that started at the beginning of the year, the researchers have postulated that the massive password leak is the work of multiple infostealers. Here's what you need to know and do. Password compromise is no joke; it leads to account compromise and that leads to, well, the compromise of most everything you hold dear in this technological-centric world we live in. It's why Google is telling billions of users to replace their passwords with much secure passkeys. It's why the FBI is warning people not to click on links in SMS messages. It's why stolen passwords are up for sale, in their millions, on the dark web to anyone with the very little amount of cash required to purchase them. And it's why this latest revelation is, frankly, so darn concerning for everyone. According to Vilius Petkauskas at Cybernews, whose researchers have been investigating the leakage since the start of the year, '30 exposed datasets containing from tens of millions to over 3.5 billion records each,' have been discovered. In total, Petkauskas has confirmed, the number of compromised records has now hit 16 billion. Let that sink in for a bit. These collections of login credentials, these databases stuffed full of compromised passwords, comprise what is thought to be the largest such leak in history. The 16 billion strong leak, housed in a number ion supermassive datasets, includes billions of login credentials from social media, VPNs, developer portals and user accounts for all the major vendors. Remarkably, I am told that none of these datasets have been reported as leaked previously, this is all new data. Well, almost none: the 184 million password database I mentioned at the start of the article is the only exception. 'This is not just a leak – it's a blueprint for mass exploitation,' the researchers said. And they are right. These credentials are ground zero for phishing attacks and account takeover. 'These aren't just old breaches being recycled,' they warned, 'this is fresh, weaponizable intelligence at scale.' Most of that intelligence was structured in the format of a URL, followed by login details and a password. The information contained, the researchers stated, open the door to 'pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services.' Not all password databases are tye result of compromise and infostealer malware, such as is the case with the 16 billion megadump here. Darren Guccione, the CEO and co-founder of Keeper Security, a privileged access management platform, told me that this GOAT passwords leak was an apt reminder of 'just how easy it is for sensitive data to be unintentionally exposed online.' And Guccione certainly isn't wrong, far from it in fact. This could be just the tip of the biggest security iceberg waiting to crash into the online world. I mean, just imagine how many exposed credentials, including passwords, are sitting there in the cloud, or more to the point in misconfigured cloud environments, waiting for some to find them. If we are lucky, that someone will be a security researcher who responsibly discloses the exposure to the owner or host; if not, then it will be a malicious actor. Who would you put your money on? 'The fact that the credentials in question are of high value for widely used services carries with it far-reaching implications,' Guccione said, which is why it is more important than ever for consumers to invest in password management solutions and dark web monitoring tools. The latter can help by alerting users when their passwords have been exposed online, hopefully enabling them to take direct action and update their account logins if the password has been reused across services. Organizations, however, do not escape the necessity of investment either. They should be looking at adopting zero-trust security models that provide privileged access controls to 'limit risk by ensuring access to sensitive systems is always authenticated, authorized and logged,' Guccione concluded, 'regardless of where the data lives.' Ultimately, this reinforces that cybersecurity is not just a technical challenge but a shared responsibility. 'Organisations need to do their part in protecting users,' Javvad Malik, lead security awareness advocate at KnowBe4, said, 'and people need to remain vigilant and mindful of any attempts to steal login credentials. Choose strong and unique passwords, and implement multi factor authentication wherever possible." To which I would add: change your account passwords, use a password manager and switch to passkeys wherever possible. Now is the time to take this seriously, don't wait until your passwords show up in these ongoing leak datasets – get on top of your password security right now.
Yahoo
06-05-2025
- Yahoo
This 1 Word Can Protect Your Family From AI Scam Calls, FBI Says
This 1 Word Can Protect Your Family From AI Scam Calls, FBI Says The FBI has warned that AI scam calls – in which scammers can imitate a loved ones' voice and even appearance when trying to extort money from victims – are on the rise. The new tech 'increases the believability of their schemes,' the bureau added, and saves fraudsters time and money. It can be used for text and image-based scams, too. Which? said about a quarter of UK scam calls are now AI-powered. ADVERTISEMENT Advertisement Actor Josh Peck said in his podcast, Good Guys, that he's so panicked about a family member falling victim to the scam that he's taken the time to warn his own parents. 'I told my mother in the age of AI, there's a chance that someone... God knows, you could copy my voice... someone could call you one day sounding like me, asking you for X amount of money,' he shared. Luckily, experts say there's a simple way to protect your family from the scam, which the actor and podcaster uses himself. Use a codeword Josh shared that he told his mother: 'We need to have a codeword so that you'll know that it's really me.' ADVERTISEMENT Advertisement And while he says his own mum scoffed at the idea, experts are on his side. Speaking to CBS MoneyWatch, James Scobey, chief information security officer at Keeper Security, recommended the method too. 'It needs to be unique and should be something that's difficult to guess,' he advised. 'It shouldn't be something that can be researched online about you or your family. Avoid street names, towns, phone numbers and individual names as part of a pass phrase.' Even the FBI agrees. Its first suggestion to protect yourself from the scam is to 'create a secret word or phrase with your family to verify their identity'. Any other suggestions? Yep – the FBI said we should look out for any little imperfections of a person's appearance or voice in a call demanding money. ADVERTISEMENT Advertisement We should also make our social media accounts private and limit the images and voice clips we make public on the internet if possible, the bureau added. Registering with the Telephone Preference Service (TPS) in the UK will mean legitimate companies will be unable to call your phone out of the blue. That way, you'll know any out-of-the-blue caller claiming to represent a business is a scammer. If you have lost any money to a scam and live in Northern Ireland, England, or Wales, report it to Action Fraud immediately. If you're in Scotland, you can also call the police on 101. Related...
