Data Breach Today

JUNE 17, 2022

Okta's Sean Frazier on Securing the Supply Chain, Software Development Life Cycle Interest in passwordless authentication architecture continues to grow among U.S. government agencies and departments as they embrace more modern approaches to identity and access management, says Sean Frazier, federal chief security officer at Okta.

Authentication 245

Authentication Government Access Security 245

Data Breach Today

JULY 10, 2024

Don't Panic,' Say Developers Security researchers identified an attack method against a commonly used network authentication protocol that dates back to the dial-up internet and relies on an obsolete hashing function. Researchers say "a well-resourced attacker" could make it practical.

Authentication 208

Authentication Security IT 208

The Last Watchdog

JULY 24, 2023

Related: Satya Nadella calls for facial recognition regulations Historically, this relationship has been effective from both the user experience and host perspectives; passwords unlocked a world of possibilities, acted as an effective security measure, and were simple to remember. The next big thing is passwordless authentication.

Authentication 245

Authentication Passwords Phishing Access 245

Krebs on Security

APRIL 26, 2021

Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space. “They’re allowing this huge security gap so they can make a profit. and $24.99

Security 346

Security Authentication Access Insurance 346

Krebs on Security

MARCH 16, 2021

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else. ” WHAT CAN YOU DO?

Security 363

Security Passwords Authentication Communications 363

Data Breach Today

JULY 10, 2024

Mandatory Multifactor Authentication Among New Features Given to Administrators In the wake of multiple customers of Snowflake collectively losing terabytes of data to attackers, the cloud-based data warehousing platform has rolled out a swath of cybersecurity improvements, including allowing administrators to make multifactor authentication mandatory (..)

Authentication 303

Authentication Security Cloud Cybersecurity 303

Thales Cloud Protection & Licensing

OCTOBER 11, 2024

Passwordless Authentication without Secrets! divya Fri, 10/11/2024 - 08:54 As user expectations for secure and seamless access continue to grow, the 2024 Thales Consumer Digital Trust Index (DTI) research revealed that 65% of users feel frustrated with frequent password resets.

Authentication 132

Authentication Retail Manufacturing Passwords 132

Data Breach Today

APRIL 16, 2021

Edna Conway, Wendy Nather and Michelle Dennedy on SASE, CIAM and Supply Chain Risk No script, no filter: Just Microsoft’s Edna Conway and Cisco’s Wendy Nather gathering with privacy leader Michelle Dennedy to discuss the impact of the SolarWinds supply chain attack and to play "Buzzword Mystery Date" with SASE, CIAM and "passwordless" authentication (..)

Authentication 356

Authentication Security Privacy Risk 356

Data Breach Today

SEPTEMBER 2, 2021

Cryptocurrency Exchange Offering Some Affected Users $100 Worth of Bitcoin Cryptocurrency exchange Coinbase faces potential user trust challenges after a system error led it to send out false automated security alerts to about 125,000 customers indicating their two-factor authentication settings had been changed.

Security 288

Security Authentication IT 288

Data Breach Today

JANUARY 2, 2024

Forrester's Sandy Carielli Shares Highlights From API Security Report Forrester analyst Sandy Carielli highlights key API security aspects in Forrester's report titled The Eight Components of API Security," which covers governance, discovery, testing, authentication and protection from API breaches as many organizations are grappling with the maturity (..)

Security 279

Security Authentication Government 279

Data Breach Today

FEBRUARY 29, 2024

Moving From AFDS to Avoid 'Golden SAML' Wasn't A Cure-All A post-SolarWinds move away from Active Directory Federation Services to Azure AD - now known as Entra ID - didn't necessarily stop hackers from forging single sign on authentication messages, warn security researchers from Semperis, who unveiled an attack they dub "Silver SAML."

Security 271

Security Authentication 271

Krebs on Security

JUNE 19, 2020

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. Here’s the story of one such incident. Currently, twofactorauth.org lists nearly 900 sites that have some form of MFA available.

IT 363

IT Authentication Passwords Access 363

Krebs on Security

JANUARY 9, 2023

Identity thieves have been exploiting a glaring security weakness in the website of Experian , one of the big three consumer credit reporting bureaus. All that was needed was the person’s name, address, birthday and Social Security number. That screw-up has since prompted a class action lawsuit against Experian.

Security 356

Security Authentication Mining Cybersecurity 356

Data Breach Today

JANUARY 26, 2024

Payments Expert Troy Leach Joins the Panel to Cover AI, Zero Trust and IoT Security In the latest weekly update, Troy Leach, CSO at Cloud Security Alliance, joins three editors at ISMG to discuss important cybersecurity issues, including how generative AI is enhancing multi-cloud security, AI's influence on authentication processes, and the state of (..)

Cloud 263

Cloud IoT Security Authentication 263

Data Breach Today

JUNE 5, 2024

It left two vulnerabilities allowing attacks by authenticated local attackers unpatched. Company Addresses Flaws in End-of-Life NAS Devices Networking solutions vendor Zyxel fixed critical vulnerabilities in end-of-life network-attached storage devices that allow remote code execution.

Authentication 270

Authentication Security IT 270

Data Breach Today

AUGUST 10, 2023

Legacy infusion pumps commonly available for purchase on the secondary market often contain wireless authentication and other sensitive data that the original medical organization owners failed to purge, warned researcher Deral Heiland, citing a recent study conducted by security firm Rapid7.

Marketing 240

Marketing Risk Security Authentication 240

Data Breach Today

AUGUST 12, 2022

Regulator Urges Adoption of Web Authentication MFA The U.S. To avoid liability, the bureau recommends that banks implement multifactor authentication and especially Web Authentication. Consumer Financial Protection Bureau is warning lenders they can be liable for data breaches for causing consumers "substantial injury."

Authentication 246

Authentication Data breaches Security 246

Krebs on Security

JULY 15, 2024

Monahan said the migration has left domain owners with fewer options to secure and monitor their accounts. ” The researchers have published a comprehensive guide for locking down Squarespace user accounts, which urges Squarespace users to enable multi-factor authentication (disabled during the migration).

Security 301

Security Passwords Access Phishing 301

The Last Watchdog

NOVEMBER 12, 2023

However, there’s still a long way to go to achieve deep interoperability of interconnected services in a way that preserves privacy and is very secure. Matter works much the way website authentication and website traffic encryption gets executed. That’s because gadgets that bear the Matter logo are more readily available than ever.

Security 276

Security Manufacturing Authentication Marketing 276

The Last Watchdog

MARCH 1, 2023

The IT world relies on digital authentication credentials, such as API keys, certificates, and tokens, to securely connect applications, services, and infrastructures. For most security leaders today, this is a real challenge. Security specialists try to warn against the problem.

Authentication 222

Authentication Passwords Access Cybersecurity 222

Data Breach Today

AUGUST 29, 2020

Email Service Provider Moving to Implement Additional Security Measures Security professionals are expressing surprise that email service provider Sendgrid did not have multifactor authentication in place to protect its customer accounts, which resulted in a large, but unknown, number being compromised with the data being sold on the darknet.

Authentication 358

Authentication Security IT 358

Data Breach Today

APRIL 4, 2024

Device Bound Session Credentials Tie Authentication Cookies to Specific Computers Google is prototyping a method to stymie hackers who get around multifactor security by stealing authentication cookies from desktops.

Authentication 279

Authentication Security IT 279

Krebs on Security

DECEMBER 18, 2024

A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click “yes” to a Google prompt on his mobile device.

Authentication 361

Authentication Phishing Access Security 361

The Last Watchdog

SEPTEMBER 24, 2024

The stolen information included full names, Social Security numbers, mailing addresses, phone numbers, and email addresses of millions of U.S., Investigations are ongoing, and several class-action lawsuits have been filed, alleging that the company failed to implement sufficient security measures. Canadian, and British citizens.

Authentication 216

Authentication IT ROT Compliance 216

Data Breach Today

MAY 20, 2020

Researchers: Campaign Designed to Steal Users' Credentials, Launch Other Attacks A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense.

Phishing 345

Phishing Authentication Cloud Security 345

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. ” To manage your security settings on a Ubiquiti device, visit [link] and log in.

Passwords 353

Passwords Authentication Cloud IoT 353

Data Breach Today

JANUARY 13, 2021

Brian Honan: Security Professionals Can Take Action to Minimize Risks The physical breach of the U.S. Capitol by a violent mob, members of which allegedly accessed lawmakers' systems and stole devices, offers cybersecurity professional lessons to learn on authentication, encryption and more, says cybersecurity expert Brian Honan.

Cybersecurity 348

Cybersecurity Encryption Authentication Risk 348

Data Breach Today

JANUARY 29, 2021

The latest edition of the ISMG Security Report features an analysis of this week’s police takedowns of Emotet and Netwalker cybercrime operations. Also featured: Updates on passwordless authentication and the use of deception technology.

Authentication 334

Authentication Security 334

The Last Watchdog

FEBRUARY 28, 2022

However, APIs have gained traction so rapidly and deeply that not nearly enough attention has been paid to the associated security shortcomings. Many organizations, SMBs and enterprises alike, do not understand the scope and scale of their deployments of APIs, much less how to go about effectively securing their APIs. Tool limitations.

Security 266

Security IoT Digital transformation Authentication 266

Data Breach Today

JUNE 22, 2020

Campaign Targets Unpatched Software and Weak Authentication, Defenders Warn Hackers wielding Nefilim ransomware are targeting unpatched or poorly secured Citrix remote-access technology, then stealing data, unleashing crypto-locking malware and threatening to dump data to try to force payment, New Zealand's national computer emergency response team (..)

Ransomware 335

Ransomware Authentication Access Security 335

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That is true two-factor authentication: Something you have, and something you know (and maybe also even something you are).

Passwords 349

Passwords Authentication Phishing Access 349

Krebs on Security

JULY 12, 2024

AT&T said it delayed disclosing the incident in response to “national security and public safety concerns,” noting that some of the records included data that could be used to determine where a call was made or text message sent. c) of the SEC Rule, due to potential risks to national security and/or public safety.

Data breaches 340

Data breaches Passwords Authentication Cloud 340

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. The messages began at 2022-07-20 22:50 UTC. .

Phishing 324

Phishing Authentication Passwords Access 324

Data Breach Today

OCTOBER 16, 2024

Advisory Warns Iranian Threat Actors Use 'Push Bombing' to Target Critical Sectors Iranian cyber actors are increasingly using brute force techniques, such as password spraying and multifactor authentication push bombing, to target critical infrastructure sectors, according to a cybersecurity advisory released Wednesday by the Cybersecurity and Infrastructure (..)

Passwords 296

Passwords Authentication Cybersecurity Security 296

Data Breach Today

NOVEMBER 4, 2023

Threat Actor Used Session Hijacking Technique to Access Files of 134 Okta Customers Days after announcing a security compromise, cloud-based Identity and authentication management provider Okta said that an unknown threat actor accessed files of 134 customers by after an employee signed in to a personal Google profile on the Chrome browser of an Okta-managed (..)

Authentication 327

Authentication Cloud Access Security 327

Data Breach Today

JULY 25, 2024

Sam Curry and Heather West on Authentication, AI Labelling and Adaptive Security As deepfakes evolve, they pose significant cybersecurity risks and require adaptable security measures.

Authentication 272

Authentication Cybersecurity Risk Security 272