September 4, 2024 at 07:19AM The report “Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them” emphasizes the threat of account takeover attacks in SaaS environments and the role of the browser in neutralizing them. It highlights tactics used in account takeovers and recommends a browser security … Read more
July 23, 2024 at 03:52PM Microsoft’s Windows Hello for Business (WHfB) authentication, previously believed to be resistant to phishing, was found vulnerable to downgrade attacks. Security researcher Yehuda Smirnov discovered the flaw, leading to a fix by Microsoft. The company introduced a new Conditional Access policy to enforce phishing-resistant authentication, safeguarding against downgraded methods. From … Read more
May 28, 2024 at 03:37PM Researchers have seen a rise in attackers using remote access VPNs for unauthorized network access. Check Point’s leadership noted three such attempts and advised organizations to strengthen VPN security by requiring more than just passwords. Industry experts recommend modern authentication methods and transitioning to Zero Trust Network Access for better … Read more
May 28, 2024 at 05:33AM Check Point advises customers to review VPN configurations to prevent abuse by threat actors, citing attempts to gain access through old VPN local accounts with password-only authentication. The company recommends using additional authentication measures, deploying products on security gateways, and disabling unnecessary local accounts. It also provides a script and … Read more
November 22, 2023 at 10:30AM Multiple vulnerabilities have been discovered in fingerprint sensors on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. The flaws allow bypassing Windows Hello authentication. Researchers found weaknesses in the fingerprint sensors from Goodix, Synaptics, and ELAN. Exploiting these vulnerabilities requires users to have fingerprint authentication set … Read more
October 17, 2023 at 03:09PM Amazon has introduced passkey support as a passwordless login option to enhance security for customers. Passkeys are digital credentials that use biometric controls or PINs linked to devices for logging into websites. They mitigate the risk of data breaches, compromised accounts, phishing attacks, and information-stealing malware. Passkeys also simplify the … Read more