Authentication

Vulnerabilities

Issued by: Dark Reading

Researchers have discovered a vulnerability in the remote procedure calls (RPC) for the Windows Server service, which could allow an attacker to gain control over the domain controller (DC) in a specific network configuration and execute remote code. Malicious actors could also exploit the vulnerability to modify a server’s certificate mapping to perform server spoofing….

Application Security, Software Security

Issued by: Help Net Security

In this video for Help Net Security, Christofer Hoff, Chief Secure Technology Officer at LastPass, talks about the benefits of passwordless authentication. The basic components needed to make passwordless authentication a reality are: An open, standard set of processes, technologies, APIs, etc., to enable all the various components to work together across devices, operating systems,…

Application Security

Issued by: Dark Reading

Authentication used to be binary: I give you access or I don’t give you access. But with the rise of remote/hybrid work and the growing number of cloud applications in use, organizations need an even more precise approach to authentication, says Ash Devata, vice-president and general manager of Cisco Zero Trust and Duo Security. “Every…

Application Security, Network Security

Issued by: Security Week

Launched to the public in 2013, iProov helps customers verify customer identity and protect against spoof attacks from photos, videos, masks, and even deepfakes. Used for onboarding and authentication, iProov says customers including the U.S. Department of Homeland Security, the UK Home Office, the UK National Health Service (NHS), the Australian Taxation Office, GovTech Singapore,…

Software Security

Issued by: Security Week

Designed to harvest real-time metrics from various endpoints, Prometheus enables organizations to keep a close eye on systems’ state, network usage, and the like. Close to 800 cloud-native platforms, including Slack and Uber, leverage the solution. In January 2021, Prometheus added support for Transport Layer Security (TLS) and basic authentication, to prevent access to the…

Vulnerabilities

Issued by: Security Week

SMB, which stands for Server Message Block, is a protocol for sharing files, printers, and serial ports. Apple’s own SMB stack is called SMBX. Talos disclosed seven vulnerabilities found in SMBX server components and also detailed the process it used to identify them. One of the security holes was fixed silently by Apple, one was…

Network Security

Issued by: Dark Reading

2020 saw a hugely accelerated evolution in the cybersecurity landscape. The pandemic pushed workforces remote and caused companies to move up plans for digital transformation, cloud services, and a plethora of remote access technologies. Meanwhile, the traditional operating models are not and will not be completely replaced in most organizations, and organizations have been left…

Network Security

Issued by: Help Net Security

As our lives have migrated almost entirely online due to the pandemic, the Dashlane list highlights the companies and organizations with the most significant password-related mishaps of 2020. Social networking may have kept us connected in the year of COVID-19-induced social distancing, but unfortunately Twitter and Zoom (which took the #1 and #2 spots on…

Vulnerabilities

Issued by: Help Net Security

We are beginning to shift away from what has long been our first and last line of defense: the password. It’s an exciting time. Since the beginning, passwords have aggravated people. Meanwhile, passwords have become the de facto first step in most attacks. Yet I can’t help but think, what will the consequences of our…