September 11, 2024 at 07:51AM The text discusses the concept of passwordless authentication and its potential benefits and challenges for organizations. While passwordless authentication offers enhanced security and improved user experience, it also presents challenges such as legacy system compatibility, user adoption, backup authentication methods, biometric data privacy concerns, and regulatory considerations. The text also … Read more
August 26, 2024 at 07:30AM Sensitive data being shared through basic security channels poses risks. Disney’s data breach and other company incidents highlight the need for secure communication tools. SSH Communications Security offers SalaX Secure Collaboration 2024, providing end-to-end encryption, flexible deployment options, and features for data sovereignty, record-keeping, and authentication methods. Learn more about … Read more
August 20, 2024 at 01:33AM Cybersecurity researchers warn of vulnerabilities in thousands of Oracle NetSuite e-commerce sites, exposing customer data. A misconfiguration in NetSuite’s SuiteCommerce platform allows attackers to access sensitive information, requiring site administrators to tighten access controls and temporarily take impacted sites offline. Another disclosure details a way to manipulate credential validation in … Read more
August 1, 2024 at 05:15PM Twilio has discontinued its Authy for Desktop app, prompting a mandatory logout for users. After reviewing the meeting notes, it’s clear that Twilio has made the decision to discontinue its Authy for Desktop application, resulting in a forced logout of users from the desktop application. This decision will likely impact … Read more
July 14, 2024 at 11:37AM The Monetary Authority of Singapore (MAS) has mandated major retail banks to phase out the use of one-time passwords (OTPs) within three months, in response to increasing phishing and scam threats. Instead, customers will use digital tokens on their mobile devices for enhanced security. Those who haven’t activated digital tokens … Read more
July 9, 2024 at 08:13AM Researchers found that misconfigured Jenkins Script Console instances can be exploited for criminal activities, like cryptocurrency mining. Attackers can gain remote code execution and misuse sensitive data. The console lacks administrative controls and can be accessed over the internet due to misconfigurations. Safeguards include proper configuration, robust authentication, and restriction … Read more
July 9, 2024 at 02:37AM Microsoft China is giving its employees Apple devices to access the company’s systems, due to concerns over using Android devices for authentication. Despite options like using local app stores or side-loading apps, Microsoft prefers using iPhones over building its own app store in China. This move also reflects the company’s … Read more
July 8, 2024 at 02:32PM Businesses in consumer financial services face challenges in managing identity information across different services, leading to a fragmented customer experience. Identity orchestration aims to integrate disparate identity systems to create a seamless online experience. It is increasingly important in industries such as financial services, retail, and hospitality, offering benefits like … Read more
June 26, 2024 at 06:05AM Progress Software announced patches for two critical authentication bypass vulnerabilities affecting its MOVEit Transfer file transfer software. CVE-2024-5805 and CVE-2024-5806 were identified, with the latter already targeted by exploitation attempts. The company enacted patches for both, with further mitigations for CVE-2024-5806’s third-party component vulnerability, amidst heightened security concerns. After reviewing … Read more
June 14, 2024 at 06:39AM CISA warns federal agencies of ongoing exploitation of CVE-2024-4358, a recently patched authentication bypass vulnerability in Progress Software’s Telerik Report Server. The bug allows attackers to create a new administrator user, manipulate authentication tokens, and achieve remote code execution. CISA urges identifying and mitigating vulnerable instances within three weeks. Key … Read more