Authentication

Researcher Discloses 32 Vulnerabilities Found in IBM Security Verify Access 

by

November 5, 2024 at 06:49AM IBM Security Verify Access has 32 vulnerabilities that attackers could exploit, potentially compromising the entire authentication infrastructure. This alarming discovery was disclosed by a researcher and highlights significant security risks. The findings were reported by SecurityWeek. **Meeting Takeaways:** 1. **Security Vulnerability Report**: Researchers identified 32 vulnerabilities in IBM Security Verify … Read more

Okta Fixes Auth Bypass Bug After 3-Month Lull

by

November 4, 2024 at 04:07PM Okta has resolved an authentication bypass vulnerability affecting long usernames and complex domain names, which could have enabled unauthorized access under specific conditions. Discovered on October 30, it remained undetected for three months. Customers are urged to check logs for unusual activity and implement multifactor authentication for added security. **Meeting … Read more

About the security content of watchOS 11.1 – Apple Support

by

October 28, 2024 at 12:06PM A security update for watchOS 11.1, available for Apple Watch Series 6 and later, addresses multiple vulnerabilities including authentication issues, memory corruption, and sensitive data exposure. Improvements include enhanced checks, memory management, and input validation to prevent unauthorized access and system crashes. Release date is October 28, 2024. ### Meeting … Read more

Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers

by

October 22, 2024 at 10:30AM A recently patched vulnerability in Styra’s Open Policy Agent (CVE-2024-8260) could have allowed attackers to leak NTLM credentials, enabling authentication relay or password cracking. Proper input validation issues and specific prerequisites were identified. This highlights the ongoing risks associated with NTLM, prompting Microsoft to plan its retirement in Windows 11. … Read more

Unmanaged Cloud Credentials Pose Risk to Half of Orgs

by

October 21, 2024 at 05:23PM Nearly half of organizations have long-lived credentials in cloud services, increasing risks of data breaches. Datadog’s 2024 report indicates many credentials are outdated or unused, often leaking in source code. To enhance security, experts recommend avoiding long-lived credentials and adopting short-lived ones along with modern authentication methods. ### Meeting Takeaways: … Read more

GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

by

September 19, 2024 at 01:36AM GitLab released patches to address a critical flaw in both Community and Enterprise Editions, rooted in the ruby-saml library, allowing an authentication bypass. The vulnerability affects single sign-on security, prompting the update of dependencies and urging self-managed installations to enable two-factor authentication as a mitigation. Threat indicators suggest active exploitation … Read more

Vulnerabilities in Cellular Packet Cores Part IV: Authentication

by

September 18, 2024 at 06:47AM Microsoft Azure Private 5G Core (AP5GC) has two critical vulnerabilities. The first (CVE-2024-20685) can lead to potential service outages, while the second (ZDI-CAN-23960) can disrupt network operations. These exploits underscore systemic weaknesses, particularly the lack of mandatory authentication procedures between base stations and packet-cores, posing potential denial-of-service threats. From the … Read more

Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking

by

September 12, 2024 at 09:36AM Bad actors target Internet-exposed Selenium Grid instances for illicit cryptocurrency mining and proxyjacking. The lack of authentication makes these instances vulnerable. Threat actors exploit this to carry out malicious actions, including deploying crypto miners and proxyware solutions EarnFM and IPRoyal Pawn. Organizations are urged to configure authentication to prevent abuse. … Read more

Why Is It So Challenging to Go Passwordless?

by

September 11, 2024 at 07:51AM The text discusses the concept of passwordless authentication and its potential benefits and challenges for organizations. While passwordless authentication offers enhanced security and improved user experience, it also presents challenges such as legacy system compatibility, user adoption, backup authentication methods, biometric data privacy concerns, and regulatory considerations. The text also … Read more

Unpacking Slack Hacks: 6 Ways to Protect Sensitive Data with Secure Collaboration

by

August 26, 2024 at 07:30AM Sensitive data being shared through basic security channels poses risks. Disney’s data breach and other company incidents highlight the need for secure communication tools. SSH Communications Security offers SalaX Secure Collaboration 2024, providing end-to-end encryption, flexible deployment options, and features for data sovereignty, record-keeping, and authentication methods. Learn more about … Read more