eBook: Biometric Authentication For Dummies
How can you be sure that someone is who they say they are, if they’re not standing in front of you? In a digital world, how can organizations be sure that an individual attempting to access online services is who they claim to be? Or that they exis.....»»
Mandatory MFA for Azure sign-ins is coming
Microsoft is making multi-factor authentication (MFA) – “one of the most effective security measures available” – mandatory for all Azure sign-ins. Preparing for mandatory MFA for Azure The plan is for the shift to happen in t.....»»
Illinois changes biometric privacy law to help corporations avoid big payouts
Possible damages payments dramatically lowered by change to 2008 Illinois law. Enlarge (credit: Getty Images | imaginima) Illinois has changed its Biometric Information Privacy Act (BIPA) to dramatically limit the financ.....»»
VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085)
Ransomware operators have been leveraging CVE-2024-37085, an authentication bypass vulnerability affecting Active Directory domain-joined VMware ESXi hypervisors, to gain full administrative access to them and encrypt their file system. VMware owner.....»»
eBook: 20 tips for secure cloud migration
More organizations rely on cloud platforms to reap the benefits of scalability, flexibility, availability, and reduced costs. However, cloud environments come with security challenges and vulnerabilities. The Thales 2020 Data Threat Report indicates.....»»
eBook: How CISSP turns career goals into reality
CISSP carries clout. As the world’s leading cybersecurity certification, it opens many professional opportunities worldwide. Find out what led 14 successful CISSPs around the globe to a career in cybersecurity. They open up about how certification.....»»
1Password wants to help developers find out if their users are ready for passkeys
Passkey is a technology that replaces traditional passwords with more secure authentication methods, such as facial recognition or biometrics, eliminating the need to create and type a passcode. As passkeys become more popular, 1Password wants to hel.....»»
Vulnerability in Cisco Smart Software Manager lets attackers change any user password
Yep, passwords for administrators can be changed, too. Enlarge Cisco on Wednesday disclosed a maximum-security vulnerability that allows remote threat actors with no authentication to change the password of any user, in.....»»
Overlooked essentials: API security best practices
In this Help Net Security, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID Connect, strict HTTPS encryption, and the use of JWTs for stateless authentication. Gupta r.....»»
Google makes it easier for users to switch on advanced account protection
The strict requirement for two physical keys is now eased when passkeys are used. Enlarge (credit: Getty Images) Google is making it easier for people to lock down their accounts with strong multifactor authentication by.....»»
Using Authy? Beware of impending phishing attempts
Do you use Authy for your multi-factor authentication needs? If you do, you should keep an eye out for phishing attempts, as well as implement defenses against SIM swapping attacks. What happened? On July 1, Twilio – the company that develops t.....»»
Microsoft staff in China must use iPhone for authentication, not Android phones
Microsoft staff in China have been told that they must use an iPhone for authentication when logging in to company systems. From September, the use of Android smartphones as multi-factor authentication devices will be banned. This will create a si.....»»
New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere
Ubiquitous RADIUS scheme uses homegrown authentication based on MD5. Yup, you heard right. Enlarge (credit: Getty Images) One of the most widely used network protocols is vulnerable to a newly discovered attack that can.....»»
Fail2Ban: Ban hosts that cause multiple authentication errors
Fail2Ban is an open-source tool that monitors log files, such as /var/log/auth.log, and blocks IP addresses that exhibit repeated failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses.....»»
Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849)
Veeam has patched four vulnerabilities in Backup Enterprise Manager (VBEM), one of which (CVE-2024-29849) may allow attackers to bypass authentication and log in to its web interface as any user. With no user interaction required for remote exploitat.....»»
Authelia: Open-source authentication and authorization server
Authelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal. It works alongside reverse proxies to permit, deny, or redirect requests. Authelia connects directly to the reverse prox.....»»
eBook: 10 reasons why demand for cloud security is sky-high
Current demand for cloud security specialists far exceeds available talent. Especially for companies seeking protection in multicloud environments, professionals with vendor-neutral knowledge and skills to their hiring wish lists. Find out how cloud.....»»
How MFA can improve your online security
In this Help Net Security round-up, we present excerpts from previously recorded videos in which security experts talk about multi-factor authentication (MFA). By requiring users to provide multiple forms of verification before granting access, MFA s.....»»
Dropbox says attackers accessed customer and MFA info, API keys
File hosting service Dropbox has confirmed that attackers have breached the Dropbox Sign production environment and accessed customer personal and authentication information. “From a technical perspective, Dropbox Sign’s infrastructure is lar.....»»
Bitwarden Authenticator protects online services and applications
Bitwarden launched a standalone app for two-factor authentication (2FA) to protect online services and applications from unauthorized access. Bitwarden Authenticator generates and stores time-based one-time passwords (TOTP), enabling all users to add.....»»
eBook: Do you have what it takes to lead in cybersecurity?
Organizations worldwide need talented, experienced, and knowledgeable cybersecurity teams who understand the advantages and risks of emerging technologies. Aspiring leaders in the cybersecurity field need more than just job experience. They need a di.....»»