Dashlane ditching master passwords
The password manager vendor totally embraces passwordless technology. A top-tier password manager maker is ditching the use of master passwords and offering its users a totally passwordless experience. Dashlane made the announcement Wednesday, saying the feature allows new users to create an account without having to set up and remember a master password. It added…
New AI Safety Initiative Aims to Set Responsible Standards for Artificial Intelligence
The new AI Safety Initiative has attracted participation from tech heavyweights Microsoft, Amazon and Google OpenAI and Anthropic and plans to work on tools, templates and data for deploying AI/LLM technology in a safe, ethical and compliant manner. “The AI Safety Initiative is actively developing practical safeguards for today’s generative AI, structured in a way…
Apple Ships iOS 17.2 With Urgent Security Patches
The newest iOS 17.2 and iPadOS 17.2 contains fixes for at least 11 documented security defects, some serious enough to lead to arbitrary code execution or app sandbox escapes. According to an advisory from Cupertino’s security response team, the most serious issue is a memory corruption in ImageIO that may lead to arbitrary code execution…
Facebook tops security ratings among social networks
Facebook is the most secure social networking site among the major players, thanks to improved privacy controls and support for more secure two-factor authentication technology, but the social media sector as a whole remains vulnerable to different types of account takeover. According to a study released Tuesday by access management vendor Cerby, the biggest area…
Safari Side-Channel Attack Enables Browser Theft
Researchers have developed a side-channel exploit for Apple CPUs, enabling sophisticated attackers to extract sensitive information from browsers. Side-channel attacks are usually overlooked, often physical counterparts to traditional software hacks. Rather than an unsecured password or a vulnerability in a program, they take advantage of the extra information a computer system or hardware generates —…
Joe Sullivan: What’s a Breach? ‘It’s a Complicated Question’
Trick question for CSOs: When does a security incident qualify as being a data breach, triggering notification or other regulatory rules? The answer is that it’s “a very complicated question” that cybersecurity leaders should leave to their legal team while they stay fully in the loop, said former Uber CSO Joe Sullivan, sharing lessons learned…
BeyondID Introduces Identity-First Model for Zero-Trust Maturity
BeyondID, a leading managed identity solutions provider, today announced the industry’s first solution that accurately conveys the true nature of identity within the zero trust security framework. BeyondID’s Identity Fabric Model for Zero Trust promises optimal threat detection, investigation, and round-the-clock remediation via the BeyondID Security Operations Center (SOC). “The Zero Trust Maturity Model by…
Microsoft Adds Passkeys to Windows 11
In a major update to its Windows 11 operating system this week, Microsoft has integrated Passkeys alongside Windows Hello, its biometric authentication tool. Passkeys creates a unique credential that allows users to authenticate with their face, fingerprint, or a PIN in a more secure process than the traditional password. Microsoft’s passkeys will be available on…
ASPM Is Good, But It’s Not a Cure-All for App Security
Application security posture management (ASPM) is a method of managing and improving the security of software applications. It encompasses the processes, tools, and practices designed to identify, classify, and mitigate security vulnerabilities across an application’s life cycle. It includes scanning for vulnerabilities, tracking identified vulnerabilities, managing patch processes, and implementing continuous monitoring and improvement procedures….
Google Fixes Chrome Zero-Day Exploited in the Wild
Google released a fix on Monday for a Chrome zero-day. Like the three before it, this fourth Chrome zero-day vulnerability found in 2023 allows an attacker to remotely target a vulnerable version of the browser. An attacker could exploit the vulnerability to execute arbitrary code, mishandle the data in the browser’s memory and eventually crash…
