Troy Hunt

MARCH 12, 2020

I bought a security gateway to do DHCP, a couple of switches for all my connected things, 5 access points for my wireless things and a Cloud Key to control them all. Let's jump into the UDM, starting with what's in the box: That's it. I hate dodgy WiFi, hate it with a passion. I went overboard and I don't regret it one bit!

Wireless 347

Wireless Firmware Accountability Mobile 347

Duo's Security Blog

MAY 23, 2023

Passwords are a weak point in modern-day secure authentication practices, with Verizon highlighting that almost 50% of breaches start with compromised credentials. What to do when your credentials are compromised How are credentials compromised in the first place? Your passwords are on the internet.

Authentication 113

Authentication Passwords Data breaches Phishing 113

Troy Hunt

NOVEMBER 25, 2020

Now for the big challenge - security. The "s" in IoT is for Security Ok, so the joke is a stupid oldie, but a hard truth lies within it: there have been some shocking instances of security lapses in IoT devices. But there are also some quick wins, especially in the realm of "using your common sense". Let's dive into it.

IoT 358

IoT Firmware Risk Manufacturing 358

Thales Cloud Protection & Licensing

JULY 31, 2019

Within digital payments, mobile payment transactions are expected to overtake e-commerce transactions in 2019 and represent 55% of transactions by 2022. So, if there was any doubt, it’s clear that a lot of money is going to digital payments and a substantial amount of that is going to mobile. Standards to fight fraud.

Mobile 102

Mobile Authentication Technology Marketing 102

Thales Cloud Protection & Licensing

NOVEMBER 6, 2019

In a previous blog post ( [link] ) we explored the relationship between GPDR and applications in the cloud. Today, Zero Trust, is a tech buzz word heard often, but what is the thought process behind it? Today, Zero Trust, is a tech buzz word heard often, but what is the thought process behind it?

Identity Theft 109

Identity Theft Authentication Passwords Accountability 109

Security Boulevard

NOVEMBER 2, 2021

What Application Developers Need to Know About HIPAA Compliance. Increasingly, patients want to access their healthcare information using mobile applications or web applications. As healthcare providers increased their use of technology during the COVID pandemic, securing health applications is more important than ever.

Healthcare 52

Healthcare Insurance Technology Software 52

Security Boulevard

JANUARY 18, 2022

How to improve the security of your application with strong DevSecOps. The unfortunate reality is this: application security is in an abysmal state. Industry research reveals that 80% of tested web apps contain at least one bug. Make application security a part of the Software Development Lifecycle (SDLC). Photo by ????

Software 76

Software Technology Penetration Testing Mobile 76

Thales Cloud Protection & Licensing

DECEMBER 26, 2018

The development of chip and PIN addressed concerns over security, before the emergence of contactless catered to consumer demands for greater convenience. New technologies, particularly in advances in payments, will inevitably bring with them new security concerns. Convenience is king.

Mobile 100

Mobile Technology Retail Authentication 100

Krebs on Security

DECEMBER 4, 2018

Here’s a closer look at what happened, and some ideas about how to avoid a repeat of this scenario going forward. I asked if this notice had been sent to everyone, and inquired whether ShareFile offers any form(s) of multi-factor authentication options that customers could use to supplement the security of passwords.

Passwords 204

Passwords Authentication Accountability Password Management 204

Pen Test Partners

JANUARY 1, 2024

With these permissions, the application is capable of preventing a standard user from removing it by inhibiting simple actions such as powering the phone off, viewing application permissions, or accessing any menus or resources whereby a user could uninstall applications or alter permissions.

Mobile 94

Mobile Malware Banking Accountability 94

Thales Cloud Protection & Licensing

MAY 13, 2021

Passwords are more a vulnerability and a threat than a security solution. Businesses need streamlined, frictionless, passwordless, multi-factor authenti-cation and access security that can support all business cases: remote working, mobility, APIs, DevOps, ephemeral instances, etc. One of the best IAM available in the market.

Authentication 87

Authentication Digital transformation Marketing Healthcare 87

Elie

MARCH 10, 2018

What makes Gooligan special is its weaponization of OAuth tokens, something that was never observed in mainstream crimeware before. Overcoming these challenges fuels our understanding of the security and abuse landscape. mail delivery security. What are Oauth tokens? fake phone verified accounts. , and the analysis of.

Malware 107

Malware Adware Accountability Backups 107

Thales Cloud Protection & Licensing

NOVEMBER 2, 2017

It was stated that the last great experience sets the standard for future expectations – after using biometrics for authentication, the tolerance for using passwords greatly decreases. One financial institution actually saw identity as the “killer app” for blockchain. The use of mobile for commerce and payments continues to grow.

Authentication 63

Authentication Cryptocurrency Mobile Technology 63

Elie

MARCH 10, 2018

What makes Gooligan special is its weaponization of OAuth tokens, something that was never observed in mainstream crimeware before. Overcoming these challenges fuels our understanding of the security and abuse landscape. mail delivery security. What are Oauth tokens? fake phone verified accounts. , and the analysis of.

Malware 91

Malware Adware Accountability Backups 91

Kali Linux

DECEMBER 5, 2022

Instead, we automatically post blog posts thus these accounts are mostly unmonitored! Before the year is over, we thought it was best to get the final 2022 release out. Today we are publishing Kali Linux 2022.4. This is ready for immediate download or updating existing installations. A summary of the changelog since August’s 2022.3

Firmware 52

Firmware Wireless Mobile Media 52

Malwarebytes

SEPTEMBER 21, 2021

So it’s really important to talk to them about how they should use their devices responsibly, what they should and shouldn’t be doing online, and how they should be treating other people. So without further ado, let’s dive into what we should be teaching our kids about Internet safety and what we can do to enforce these teachings.

Internet 108

Internet Internet Passwords Password Management 108

Security Boulevard

JUNE 16, 2021

Consumers have come to expect fast, accessible, convenient payments using online and mobile platforms, and traditional banking is falling to the wayside in favor of open banking. Open banking is the practice of enabling secure interoperability while maintaining the principles of customer centricity, security, and trust.

Banking 120

Banking Marketing Financial Services Retail 120

McAfee

SEPTEMBER 11, 2019

This year, we’re excited to host the 12th annual MPOWER Cybersecurity Summit at the ARIA in Las Vegas, where fellow security experts will strategize, network, and learn about the newest and most innovative ways to ward off advanced cyberattacks. This is your chance to meet with the key players of the security industry—all in one location.

Mobile 40

Mobile Education Technology Cybersecurity 40

The Last Watchdog

MAY 24, 2023

Zero trust networking architecture (ZTNA) is a way of solving security challenges in a cloud-first world. Related: The CMMC sea change NIST SP 800-207A (SP 207A), the next installment of Zero Trust guidance from the National Institute of Standards and Technology (NIST), has been released for public review. federal government or not.

Authentication 209

Authentication Banking Architecture Encryption 209

Duo's Security Blog

JANUARY 25, 2021

For one thing, not everyone owns a smartphone; you can’t force third parties and users outside of your control to switch to the device you prefer, or even agree to install a specialized app. As the old saying goes, “What you cannot prevent, you must detect.” Let me know how that works out for you.

Authentication 49

Authentication Education Risk Passwords 49

ForAllSecure

MARCH 29, 2023

However, as with any software component, APIs are also prone to security vulnerabilities that can be exploited by attackers. API security is an ongoing process that demands continual attention and effort from everyone on the development team. API Basics: What Is an API and How Do APIs Work? How do APIs work?

Authentication 40

Authentication Passwords Encryption Software 40

Errata Security

JANUARY 28, 2020

In this blog post, I show how to decrypt it. But that's not what happened here. But those on the ends can -- and that's what we have here, one of the ends. We'll start with SMS, the old messaging system built into the phone system that predates modern apps. I show how everyone can replicate this on their own iPhones.

Media 67

Media Backups Encryption Authentication 67

Duo's Security Blog

SEPTEMBER 1, 2023

"Based on FIDO standards, passkeys are a replacement for passwords that provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices. If you are new to passkeys, you can get up to speed with our primer: What Are Passkeys? Unlike passwords, passkeys are always strong and phishing resistant.

Passwords 95

Passwords Authentication Insurance Cyber Insurance 95

NopSec

JULY 18, 2017

CIS 20 Security Controls represent one of the reference frameworks of the most critical controls an organization can implement to establish a well balanced security program to safeguard confidentiality, integrity and availability of information. With that in mind, in this blog post we’re covering 13 out of the 20 controls.

Wireless 40

Wireless Penetration Testing Software Authentication 40

Security Boulevard

NOVEMBER 12, 2021

Healthcare providers increasingly use mobile apps and web applications as part of the move to telemedicine. The emphasis on telehealth brings security challenges. Many healthcare-focused apps provide mobile and web facing interfaces. What does HIPAA compliance for health applications mean for developers?

Healthcare 104

Healthcare Mobile Technology Encryption 104

Krebs on Security

AUGUST 29, 2018

Instagram users should soon have more secure options for protecting their accounts against Internet bad guys. On Tuesday, the Facebook -owned social network said it is in the process of rolling out support for third-party authentication apps. Tap next to Authentication App, then follow the on-screen instructions.

Authentication 130

Authentication Mobile Passwords Accountability 130

NetSpi Technical

NOVEMBER 2, 2023

On a recent external assessment, I stumbled upon a method to bypass a client’s MFA requirement: access a single-sign on (SSO) token and leverage that token to access internal applications that—by policy—should have been locked behind an MFA prompt, all without triggering an MFA alert on the end-user’s mobile device.

Authentication 143

Authentication Accountability Social Engineering Penetration Testing 143

Troy Hunt

NOVEMBER 14, 2018

Before I do that, a caveat: every single time I see discussion on what these terms mean, it descends into arguments about the true meaning and mechanics of each. For every good security solution, someone will always find a way of screwing it up : When it comes to "something you are", we're talking biometrics so think fingerprints, face, etc.

Passwords 260

Passwords Authentication Accountability Mobile 260

Security Boulevard

MAY 24, 2023

Expo created a hotfix within the day that automatically provided mitigation, but Expo recommends that customers update their deployment to deprecate this service to fully remove the risk (see the Expo security advisory on the topic). The main purpose of the Expo framework is to develop mobile applications.

Mobile 52

Mobile Accountability Authentication Media 52

CyberSecurity Insiders

MAY 24, 2021

In this blog, I am joined by my colleagues Stéphane Quetglas, Marketing Director, Embedded Products and Jean-François Rubon, Strategy and Partnership, as well as Sudhi Herle, Head of Android TM Platform Security at Google, to discuss the latest innovation in embedded secure element (eSE). This is where embedded systems can help.

Mobile 139

Mobile Marketing Manufacturing Encryption 139

Troy Hunt

MARCH 31, 2021

If you've landed on this page because you saw a strange message on a completely different website then followed a link to here, drop a note to the site owner and let them know what happened. In that blog post I included the code Scott Helme had de-obfuscated which showed a very simple bit of JavaScript, really just the inclusion of a.js

Technology 363

Technology Mobile Internet Internet 363

Duo's Security Blog

JULY 19, 2021

This blog is part of an ongoing blog series for Duo’s Universal Prompt Project. In this post, we’d like to discuss a “behind the scenes” change we’ve made that helps achieve the overall project goals — improving security and delivering a better user experience. Understanding OAuth 2.0 This is a big no-no! The OAuth 2.0

Authentication 114

Authentication Passwords Banking Architecture 114

Jane Frankland

JULY 17, 2023

Prioritising security, performance, and reliability through trusted partners is key to keeping up with the ever-changing, turbulent times, as is having an eye on technical debt, which I’ll discuss later, and effective planning.

Computers and Electronics 130

Computers and Electronics Technology Cybersecurity Risk 130

Duo's Security Blog

NOVEMBER 6, 2023

There are already upwards of 11 billion credentials leaked out there, so what can you do to stay vigilant against credential stuffing and other attacks using compromised credentials? Designed to reduce login friction, SSO connects users to multiple apps with a single login. What is a credential stuffing attack?

Passwords 70

Passwords Authentication Risk Technology 70

Spinone

JULY 8, 2020

What is HIPAA? What about G Suite services like Gmail, Calendar, Keep, Hangouts, Vault, and others? What is the Health Insurance Portability and Accountability Act (HIPAA)? Security rule – HIPAA PHI data should be secured at all times. HIPAA includes the following five main directives: 1.

Encryption 52

Encryption Backups Accountability Ransomware 52

Duo's Security Blog

JANUARY 27, 2022

With Duo, we were able to bring consistent security controls across all of our apps by streamlining to one MFA and SSO solution at a much lower total cost of ownership…. How can you be sure you’re getting the best security return on your investment? Not all multi-factor authentication (MFA) solutions are equal.

Authentication 68

Authentication Software Mobile Passwords 68

Duo's Security Blog

FEBRUARY 11, 2022

What is passwordless authentication? It’s seamless and secure. As you transition toward passwordless, we don’t want you to strip away your other secure forms of authentication. We make it easy for you to move from one stage to another, whether securely falling back to MFA or increasing passwordless logins over time.

Authentication 74

Authentication Passwords Mobile Risk 74