June 12, 2024 at 03:43PM AWS has launched FIDO2 passkeys for multi-factor authentication, boosting account security. These passkeys use public key cryptography and resist phishing attacks. Amazon encourages users to adopt MFA, planning to make it mandatory for root account users by July 2024. The company is committed to enhancing MFA adoption via CISA’s Secure … Read more
June 4, 2024 at 11:51AM Microsoft has deprecated NTLM authentication on Windows and Windows servers, encouraging transition to Kerberos or Negotiation authentication for better security. NTLM, an aging protocol still widely used, faces abuse in cyberattacks. Microsoft suggests system administrators audit NTLM usage and transition to Negotiate, with a built-in fallback to NTLM. Detailed transition … Read more
June 4, 2024 at 11:44AM Microsoft has deprecated NTLM authentication on Windows and Windows servers, urging a transition to Kerberos or Negotiation authentication. This is due to security concerns, including cyberattacks like ‘NTLM Relay.’ Users and developers are recommended to utilize auditing tools to facilitate the transition. The replacement can generally be achieved with a … Read more
May 30, 2024 at 11:53AM Okta, an identity management service provider, is warning of credential-stuffing attacks against its Customer Identity Cloud’s cross-origin authentication feature. The company has provided guidance for mitigating the attacks and preventing them, including monitoring event logs for specific indicators and enabling breached password detection. Further defense measures include passwordless authentication, strong … Read more
May 30, 2024 at 03:09AM Okta warns of credential stuffing susceptibility in Customer Identity Cloud, mentioning proactive communication with impacted customers. Users are advised to review tenant logs for unusual login events, rotate credentials, and restrict cross-origin authentication. Other mitigations include breached password detection, strong password enforcement, and passwordless, phishing-resistant authentication. The warning follows an … Read more
May 21, 2024 at 01:22PM GitHub has addressed a critical flaw (CVE-2024-4985) in GitHub Enterprise Server, allowing unauthorized access on instances using SAML SSO with encrypted assertions. The issue affects versions prior to 3.13.0 and has been fixed in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4. Organizations using vulnerable versions are advised to update for security. … Read more
May 14, 2024 at 07:15AM Deploying advanced authentication measures is crucial for organizations in addressing human users as the weakest cybersecurity link. Mistakes to avoid include failing to conduct a risk assessment, neglecting integration with current systems, relying on one authentication factor, disregarding user experience, overlooking authentication activities, and neglecting user training. These mistakes hinder … Read more
May 7, 2024 at 06:36AM Google has simplified the process of enabling two-factor authentication (2FA) for users with personal and Workspace accounts. The update includes a new two-step method and removal of the need for less secure SMS-based authentication. Additionally, users can now disable 2FA without having their enrolled second steps automatically removed. Meeting Notes … Read more
April 23, 2024 at 10:05AM The OWASP released its top 10 list for large language model (LLM) applications, addressing security threats. This framework educates and aligns the industry on potential risks, emphasizing the need for effective authentication and authorization of LLM technologies. The list highlights the importance of preventing misuse and compromise, urging security leaders … Read more
April 2, 2024 at 12:45PM Google is introducing Device Bound Session Credentials (DBSC) to Chrome, preventing cookie theft by binding browser authentication sessions to the device. This technology, developed by the Web Incubator Community Group, uses private key authentication. DBSC ensures sessions are secure and deters cookie theft malware, with plans for widespread implementation by … Read more