November 6, 2024 at 07:17PM Google will mandate multi-factor authentication (MFA) for all Google Cloud users by the end of 2025, starting phased implementation this month. This requirement aims to enhance account security, although general consumer accounts are exempt. Similar measures are being adopted across the industry, but MFA alone is not infallible against threats. … Read more
November 4, 2024 at 04:07PM Okta has resolved an authentication bypass vulnerability affecting long usernames and complex domain names, which could have enabled unauthorized access under specific conditions. Discovered on October 30, it remained undetected for three months. Customers are urged to check logs for unusual activity and implement multifactor authentication for added security. **Meeting … Read more
October 31, 2024 at 03:41PM Microsoft has postponed the rollout of its AI-powered Windows Recall feature, originally set for October, to December for further testing due to customer privacy concerns. The feature captures screenshots and analyzes them with AI, but significant pushback emphasized the need for enhanced privacy protections and user opt-in requirements. ### Meeting … Read more
October 16, 2024 at 04:55AM FIDO Alliance released new specifications for securely transferring passkeys between providers, coinciding with Amazon’s announcement of 175 million passkey users. This development highlights advancements in passkey technology and its growing adoption in securing user authentication. **Meeting Takeaways:** 1. **FIDO Alliance Update**: The FIDO Alliance has released new specifications aimed at … Read more
October 15, 2024 at 10:24AM A public dispute has erupted between WP Engine and WordPress founder Matt Mullenweg over the Advanced Custom Fields (ACF) plug-in, following Mullenweg’s decision to fork ACF into Secure Content Fields (SCF). This has led to user confusion regarding updates, security issues, and potential legal actions between the companies. ### Meeting … Read more
July 31, 2024 at 12:43PM Google is bolstering Chrome’s security for Windows users by implementing app-bound encryption to protect sensitive data like session cookies from infostealer malware. This new encryption method links data to specific apps and requires system privileges, making it harder for attackers to steal user data. Google plans to expand this encryption … Read more
July 1, 2024 at 06:42AM Code libraries are essential for adding standardized functionality to a project, but they can also be vulnerable to supply chain attacks. Polyfill.io, a JavaScript enhancement service, was accused of distributing malware, raising concerns about the security of third-party libraries and the potential impact on user security. The incident highlights the … Read more
April 8, 2024 at 08:56AM Notepad++ seeks public support to shut down the copycat website notepad[.]plus, which poses security threats by impersonating the official Notepad++ site. Though it redirects to the legitimate downloads page, it’s accused of hosting malicious ads. While some argue against its risks, the community is advised to download Notepad++ only from … Read more
April 4, 2024 at 08:30AM SurveyLama confirms a data breach affecting over 4.4 million users, occurring in February and brought to light through Have I Been Pwned. Email addresses, personal information, and hashed passwords were compromised. The platform has enforced a password reset and is enhancing security measures. Users are advised to reset all associated … Read more
February 25, 2024 at 11:08AM PayPal has filed a patent for a method to detect stolen “super-cookies,” aiming to enhance cookie-based authentication and prevent account takeover attacks. It deals with the risk of hackers using stolen cookies for unauthorized logins. The patent outlines a system to calculate fraud risk scores and manage authentication requests, ensuring … Read more