Duo's Security Blog

NOVEMBER 14, 2023

However, the recent spate of software supply chain attacks has heightened awareness amongst security teams and IT on the risks of third parties and how quickly those risks can turn into incidents. In today’s blog, we’ll talk about how RBA and more secure methods of authentication can securely enable third-party access.

Authentication 66

Authentication Risk Mobile Technology 66

Penetration Testing

APRIL 18, 2024

Keycloak, a widely used open-source solution for authentication and authorization, has released important security updates addressing multiple vulnerabilities.

DDOS 110

DDOS Penetration Testing Risk Authentication 110

Duo's Security Blog

OCTOBER 13, 2023

Multi-factor Authentication (MFA) protects your environment by guarding against password weaknesses with strong authentication methods. In our last blog, we discussed using strong passwords and a password manager to provide better defense at the first layer of the authentication process. What is MFA?

Authentication 119

Authentication Accountability Passwords Mobile 119

The Last Watchdog

FEBRUARY 5, 2024

One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up. Navigating new risks Today, heavy reliance on cloud-centric IT infrastructure and cloud-hosted applications has become the norm. Here are a few ‘dos:’ •Rigorous vulnerability management.

Risk 264

Risk Backups Software Education 264

Thales Cloud Protection & Licensing

MARCH 17, 2022

Enhance your security posture by detecting risks on authenticator devices. Not only are mobile devices used as end points to access corporate mail and other enterprise applications, they are also frequently used as authentication devices. Limited visibility on users’ devices can undermine authentication integrity.

Authentication 77

Authentication Risk Mobile Computers and Electronics 77

Heimadal Security

JULY 5, 2023

In today’s interconnected world, where cyber threats loom large, the traditional password-based authentication method has shown its limitations and ceased to provide adequate security. They are also massively […] The post What Is Passwordless Authentication? appeared first on Heimdal Security Blog.

Authentication 89

Authentication Cyber threats Passwords Risk 89

Security Boulevard

FEBRUARY 26, 2024

Uncover critical security flaws in ConnectWise ScreenConnect (CVE-2024-1709 & CVE-2024-1708) posing remote code execution risks. The post ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708) appeared first on Indusface. Actively exploited in the wild.

Authentication 64

Authentication Risk 64

Security Affairs

JANUARY 31, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618 , to its Known Exploited Vulnerabilities (KEV) catalog.

Authentication 112

Authentication Cybersecurity Risk Information Security 112

Duo's Security Blog

SEPTEMBER 22, 2022

These challenges make it hard to follow the most secure practices: employing the most secure authentication methods, requiring constant re-authentication and only allowing access from corporate devices. Risk-Based Authentication assesses user and device telemetry to identify known threat patterns and high-risk anomalies.

Authentication 61

Authentication Risk Accountability Passwords 61

Security Boulevard

AUGUST 28, 2022

Most of us already know the basic principle of authentication, which, in its simplest form, helps us to identify and verify a user, process, or account. The post How to Prevent High Risk Authentication Coercion Vulnerabilities appeared first on The State of Security.

Authentication 52

Authentication Risk Accountability 52

Security Boulevard

MARCH 11, 2024

Multi-factor authentication (MFA) adds extra layers of security beyond passwords, greatly reducing unauthorized access risks. The post What is Multi-Factor Authentication (MFA): What are its Benefits? The post What is Multi-Factor Authentication (MFA): What are its Benefits? appeared first on SternX Technology.

Authentication 64

Authentication Passwords Technology Risk 64

The Last Watchdog

DECEMBER 6, 2021

This traditional authentication method is challenging to get rid of, mostly because it’s so common. And for businesses, transitioning to new authentication solutions can be expensive and time-consuming. It supports standards that make implementing newer, stronger authentication methods possible for businesses.

Authentication 251

Authentication Passwords Mobile Phishing 251

CSO Magazine

SEPTEMBER 5, 2022

Since some of these attacks exploit design decisions in the authentication protocols used inside Windows networks, they cannot be simply patched by Microsoft with changes in software. Organizations need to take defense-in-depth measures that involve stricter configurations and additional controls to protect themselves.

Authentication 98

Authentication Risk Software 98

Malwarebytes

NOVEMBER 24, 2023

Researchers have found several weaknesses in Windows Hello fingerprint authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. They found vulnerabilities that allowed them to completely bypass Windows Hello authentication on all three. The input has to be authenticated.

Authentication 131

Authentication Manufacturing Engineering Risk 131

Penetration Testing

MARCH 10, 2024

The vulnerability, labeled CVE-2023-41313, allows attackers to exploit weaknesses in the authentication process within Apache Doris... The post CVE-2023-41313: Timing Attack Flaw in Apache Doris Database Puts Data at Risk appeared first on Penetration Testing.

Penetration Testing 132

Penetration Testing Risk Authentication 132

Tech Republic Security

NOVEMBER 9, 2022

In this guide, you will learn how to evaluate a solution based on: Security Impact – Does the solution reduce risks, and can it provide visibility into your environment? The post Two-Factor Authentication Evaluation Guide appeared first on TechRepublic. Can it fulfill compliance?

Authentication 115

Authentication Mobile Risk Digital transformation 115

Penetration Testing

APRIL 25, 2024

Security firm Truffle Security uncovered a shocking problem: thousands of live API keys, authentication tokens,... The post Thousands of API Secrets Exposed on Postman – Are Your Credentials At Risk? Postman, the tool beloved by developers for testing and building APIs, is unwittingly becoming a treasure trove for hackers.

Penetration Testing 92

Penetration Testing Risk Authentication 92

The Last Watchdog

MAY 26, 2020

Doing authentication well is vital for any company in the throes of digital transformation. Related: Locking down ‘machine identities’ At the moment, companies are being confronted with a two-pronged friction challenge, when it comes to authentication. We spoke at RSA 2020. And that’s not an easy task.

Authentication 280

Authentication Cloud Migration Accountability Digital transformation 280

Thales Cloud Protection & Licensing

MARCH 17, 2022

Enhance your security posture by detecting risks on authenticator devices. Not only are mobile devices used as end points to access corporate mail and other enterprise applications, they are also frequently used as authentication devices. Limited visibility on users’ devices can undermine authentication integrity.

Authentication 62

Authentication Risk Mobile Computers and Electronics 62

The Last Watchdog

AUGUST 29, 2023

Here’s what you should know about the risks, what aviation is doing to address those risks, and how to overcome them. It is difficult to deny that cyberthreats are a risk to planes. Risks delineated Still, there have been many other incidents since. Fortunately, there are ways to address the risks.

Software 264

Software Risk Artificial Intelligence Engineering 264

eSecurity Planet

FEBRUARY 26, 2024

Users are strongly recommended to quickly upgrade their Bricks Builder Theme installations to this current version to reduce the risk of exploitation. The problem: CVE-2024-22245 and CVE-2024-22250 put Windows domains vulnerable to authentication relay and session hijack attacks. and the Windows service (VMware Plug-in Service).

Risk 113

Risk Authentication System Administration Ransomware 113

Troy Hunt

SEPTEMBER 9, 2021

As technology has evolved, fingers (and palms and irises and faces) have increasingly been used as a means of biometric authentication. The one in storage matches the one provided at the time of authentication. All this compared to simply matching 2 strings as is done with password authentication. That is all.

Authentication 335

Authentication Passwords Data breaches Risk 335

Security Boulevard

DECEMBER 22, 2023

At AWS re:Invent, Shira Rubinoff talks with Graeme Speak of BankVault Cybersecurity about passwordless authentication. The post AWS re:Invent 2023: Passwordless Authentication appeared first on Security Boulevard.

Authentication 69

Authentication Cybersecurity Risk Government 69

Security Boulevard

JANUARY 13, 2022

If you aren’t using two-factor authentication, you’re taking a huge security risk. The post Beginner’s Guide to Two-Factor Authentication (2FA) appeared first on JumpCloud. The post Beginner’s Guide to Two-Factor Authentication (2FA) appeared first on Security Boulevard.

Authentication 110

Authentication Risk 110

Duo's Security Blog

JUNE 8, 2023

Some of it is positive, but the general consensus is that people don’t love multi-factor authentication (MFA); they see it as a necessary evil at best. They’ve seen it drive down incidents and help desk tickets, reduce their risks, and make compliance programs a lot easier. They will often ask some version of “How can I Duo less often?”

Authentication 122

Authentication VPN System Administration Engineering 122

Security Boulevard

MAY 11, 2022

Buying a cyber risk insurance program can help outsource residual risk, and deploying multi-factor authentication is […]… Read More. The post Multi-Factor Authentication: A Key to Cyber Risk Insurance Coverage appeared first on The State of Security. However, cybersecurity is not bullet-proof.

Cyber Risk 52

Cyber Risk Insurance Authentication Risk 52

Penetration Testing

MARCH 5, 2024

that could allow attackers to bypass authentication and gain unauthorized access to your organization’s most valuable secrets. Understanding... The post CVE-2024-2048: HashiCorp’s Vault Vulnerability Puts Secrets at Risk appeared first on Penetration Testing.

Penetration Testing 97

Penetration Testing Risk Authentication 97

The Last Watchdog

MARCH 10, 2020

Poorly implemented authentication can also lead to network breaches and compliance headaches. Each connection needs to be authenticated and privileges enforced. It can also enforce two-factor authentication. Current PAM solutions cater almost exclusively for large organizations. That’s our goal.” I hope there’s more to come.

Authentication 170

Authentication Risk Digital transformation Passwords 170

Security Affairs

AUGUST 31, 2023

Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. “This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations. . ” reads a post published by Cisco PSIRT. 200 and 162.35.92[.]242

Authentication 122

Authentication Ransomware VPN Hacking 122

Security Affairs

SEPTEMBER 7, 2022

In the digital age, authentication is paramount to a strong security strategy. Which are the challenges of user authentication? In the digital age, authentication is paramount to a strong security strategy. User authentication seems easy, but there are inherent challenges to be aware of. User Authentication.

Authentication 99

Authentication Passwords Risk Education 99

Security Boulevard

DECEMBER 20, 2023

Tracked as CVE-2023-45866, this flaw allows threat actors to exploit an authentication bypass, potentially gaining control over vulnerable devices, making Linux devices vulnerable, as well as Android and Apple ones. […] The post Shield Your Device: Mitigating Bluetooth Vulnerability Risks appeared first on TuxCare.

Risk 69

Risk Authentication Cybersecurity Cyber threats 69

IT Security Guru

OCTOBER 26, 2023

Enter Two-Factor Authentication, or 2FA for short. Different Flavors of 2FA Ah, variety is the spice of life, and when it comes to Two-Factor Authentication, the flavors abound. Authentication Apps: Consider this the artisanal gelato of the 2FA world. Ever considered the risks of free proxy ? What Exactly is 2FA?

Authentication 115

Authentication Passwords Mobile VPN 115

Malwarebytes

FEBRUARY 20, 2023

From March 19, users of Twitter won’t be able to use SMS-based two-factor authentication (2FA) unless they have a subscription to the paid Twitter Blue service. You can still use the authentication app and security key methods. To avoid losing access to Twitter, remove text message two-factor authentication by Mar 19, 2023.

Authentication 96

Authentication Phishing Mobile Accountability 96

Security Boulevard

SEPTEMBER 8, 2023

Identity verification and identity authentication are both essential elements of a comprehensive identity security strategy. The post Identity Verification vs. Authentication appeared first on Security Boulevard. While they sound similar, they serve very different, but interconnected, purposes.

Authentication 69

Authentication Risk 69

Security Boulevard

DECEMBER 5, 2023

In the realm of cybersecurity, a recent study has brought to light a series of Hello Authentication vulnerabilities that could compromise the Windows Hello authentication on popular laptop models, including Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X.

Authentication 59

Authentication Software Cybersecurity Risk 59

Malwarebytes

JUNE 30, 2023

Voice authentication is back in the news with another tale of how easy it might be to compromise. Voice authentication is becoming increasingly popular for crucial services we make use of on a daily basis. The absolute last thing we want to see is easily crackable voice authentication, and yet that’s exactly what we have seen.

Authentication 93

Authentication Banking Risk Cybersecurity 93

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Multi-factor authentication is so much more secure, and with that a lot more forgiving, than passwords alone. So we wholeheartedly agree with Amazon on this.

Authentication 129

Authentication Passwords Social Engineering Accountability 129