Identity & Access Archives - Page 4 of 8

Microsoft Releases Out-of-Band Update for Kerberos Authentication Issues

Issued by: Security Week

The issue is related to the PerformTicketSignature registry subkey value in CVE-2020-17049, a security feature bypass bug in Kerberos Key Distribution Center (KDC) that Microsoft fixed on November 2020 Patch Tuesday. CVE-2020-17049, the tech company explains in an advisory, resides in the manner in which KDC determines whether tickets are eligible for delegation via Kerberos…

Vulnerabilities

Account Fraud is Killing Streaming Services: What Providers Can Do

Issued by: Security Intelligence

The use of online streaming services was already burgeoning well before most of the world started spending so much time at home. The current explosion in the demand for video and music streaming services is cause for celebration in the industry, but it has a dark side. Account fraud, sharing and takeover, enabled by password…

Network Security

Microsoft Launches Free Zero Trust Assessment Tool

Issued by: Security Week

Nupur Goyal, senior product marketing manager at Microsoft, told SecurityWeek that the tool is free and available to anyone. “Our assessment tool will help orgs assess readiness across identities, devices, apps, infrastructure, network and data, and then provide go-dos and deployment guidance to help them reach key milestones,” Goyal said. Due to the COVID-19 coronavirus…

Mobile Security

Google Expands Use of Password Checkup Tool, Unveils New Privacy Features

Issued by: Security Week

Launched in February 2019 as an extension for Chrome, Password Checkup is designed to display a warning whenever users log in to a website with credentials that are known to have been compromised in a third-party data breach. Password Checkup has now been added to the password manager in Google Account. This integration will enable…

Network Security

3 Ways to Adopt Zero Trust Security Without Rebuilding Your Network

Issued by: Security Intelligence

Like rust, risk never sleeps. As mobile devices flood the enterprise (especially for a younger generation of workers), the internet of things (IoT) expands, and cybercriminals grow in both numbers and sophistication, many security professionals think zero trust is the safest approach to defending against constantly evolving network and data security threats. Network vulnerabilities can…

Mobile Security

Android’s Security Key Now Works with iOS Devices

Issued by: Security Week

The capability is enabled by the recently introduced 2-Step Verification (2SV) method that allows users to protect accounts with a security key built into their Android phones. Previously, the technology could be used to verify sign-ins to Google and Google Cloud services on Bluetooth-enabled devices running Chrome OS, macOS, and Windows 10, and can now…

Vulnerabilities

Retail Security Hygiene: The Case for Seasonal Checkups

Issued by: Security Intelligence

The winter holidays offer big potential for retailers, with some companies earning around 30 percent of their annual revenue during the season, according to the National Retail Federation. Big sales numbers, however, also drive increased risks of fraud and theft, and businesses are now spending on extra security measures to keep physical stores safe. But…

Vulnerabilities

Facebook Increases Rewards for Account Hacking Vulnerabilities

Issued by: Security Week

According to Facebook, researchers can earn up to $40,000 if they report an account hijacking flaw that does not require any user interaction, and $25,000 if minimum user interaction is required for the exploit to work. The bounty applies to Facebook and other services owned by the company, including Instagram, WhatsApp and Oculus. “By increasing…

Malware & Threats

New Open Source Tools Help Find Large Twitter Botnets

Issued by: Security Week

Duo Security has created open source tools and disclosed techniques that can be useful in identifying automated Twitter accounts, which are often used for malicious purposes. The trusted access solutions provider, which Cisco recently agreed to acquire for $2.35 billion, has collected and studied 88 million Twitter accounts and over half-a-billion tweets. Based on this…

Network Security

Insider Threat: Common Myths and Misconceptions

Issued by: Security Week

Insider threat is a growing area of concern and confusion among security practitioners. Typically accustomed to concentrating their resources on combating external threats, many security teams are eager yet unsure of how to combat threats that arise internally. This uncertainty, unfortunately, is often exacerbated by numerous common myths and misconceptions about insider threat, some of…