Authentication – Page 4

CryptoChameleon Attackers Target Apple, Okta Users With Tech Support Gambit

March 1, 2024 by Xynik

March 1, 2024 at 01:49PM CryptoChameleon phishing kit is targeting cryptocurrency platforms, government agencies, and single sign-on users. Victims primarily use Apple iOS and Google Android devices. The attacks yield sensitive data beyond usernames and passwords. The sophisticated tactics include personalized outreach and convincing duplication of legitimate pages. Experts advise stronger forms of authentication and … Read more

Beyond Identity Introduces Device360 for Security Risk Visibility Across All Devices

February 23, 2024 by Xynik

February 23, 2024 at 03:59PM Beyond Identity has unveiled Device360, a new solution for continuous device security posture management that combines device security with authentication. The tool enables organizations to identify and prevent device security risks across managed and unmanaged devices, offering centralized visibility, real-time device query, and compliance enforcement at authentication. For more information, … Read more

VMware urges admins to remove deprecated, vulnerable auth plug-in

February 20, 2024 by Xynik

February 20, 2024 at 04:05PM VMware warns administrators to remove a deprecated authentication plugin due to security vulnerabilities, enabling attackers to hijack privileged sessions and relay Kerberos tickets. To address the flaws, uninstall the plugin and stop its associated Windows service using PowerShell commands. The company stated there is no evidence of exploitation, and advises … Read more

Identity Security Firm Silverfort Lands $116 Million Investment

January 23, 2024 by Xynik

January 23, 2024 at 09:12AM Israeli startup Silverfort raised $116 million led by Brighton Capital in a Series D funding round, with existing investors also expanding their equity stakes. The company aims to scale its identity security technology, having already added tens of millions in new Annual Recurring Revenue and hundreds of enterprise customers. The … Read more

Getting Started With Passkeys, One Service at a Time

January 4, 2024 by Xynik

January 4, 2024 at 12:08AM Passkeys, supported by major technology firms like Apple, Google, and Microsoft, aim to streamline and secure online authentication, addressing the vulnerabilities of traditional passwords. With over 7 billion potential users, passkeys provide an alternative to memorized passwords, leveraging device-based security and biometrics. Third-party providers and various ecosystems offer different approaches … Read more

Millions of Microsoft Accounts Power Lattice of Automated Cyberattacks

December 18, 2023 by Xynik

December 18, 2023 at 05:14PM Microsoft’s Digital Crimes Unit disrupted the Storm-1152 cybercrime-as-a-service provider that fraudulently created and sold over 750 million Microsoft accounts, generating millions in illicit profits. The group utilized fake profiles, automated criminal activities, and bypassed security measures like CAPTCHAs. Microsoft identified the main operators and shut down Storm-1152’s US-based infrastructure. The … Read more

CISA urges tech manufacturers to stop using default passwords

December 15, 2023 by Xynik

December 15, 2023 at 02:06PM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned against the use of default passwords in technology products due to the potential security risks. They recommended alternatives such as unique setup passwords, time-limited passwords, and mandating physical access for initial setup. CISA stressed that relying on customers to change passwords … Read more

Critical Vulnerability Found in Ray AI Framework

November 28, 2023 by Xynik

November 28, 2023 at 09:06AM Ray, an open source compute framework for AI, has a critical vulnerability that allows unauthorized access to all nodes, warns cybersecurity firm Bishop Fox. The bug, known as CVE-2023-48023, exists because Ray does not properly enforce authentication on its dashboard and client components. Attackers can exploit this vulnerability to submit … Read more

Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability

November 15, 2023 by Xynik

November 14, 2023 at 11:27PM VMware has issued a warning about a critical security flaw in Cloud Director that could allow unauthorized access. The vulnerability affects instances upgraded to version 10.5 and can be exploited to bypass login restrictions on certain ports. A fix has not yet been released, but a workaround is available. This … Read more

Identity Alone Won’t Save Us: The TSA Paradigm and MGM’s Hack

November 7, 2023 by Xynik

November 7, 2023 at 10:04AM The recent cyberattack on MGM Resorts resulted in widespread outages and the compromise of various systems, such as slot machines and payment systems. The attack highlighted the importance of properly managing access and authentication controls. Simply adding more identity products is not the solution. Instead, organizations should focus on authentication, … Read more