Tag: authentication
142 articles

WebAuthn Integration Breaches Windows RDP Security Gap
Prisma Browser's innovative team successfully integrated WebAuthn redirection into their RDP client, pioneering a secure solution that enables seamless authentication via local devices like YubiKey, Touch ID, or Windows Hello. This game-changing move closed a significant security gap in Windows RDP, paving the way for enhanced remote desktop security.

Agentic AI's Identity Crisis Leaves Security Teams Vulnerable
Agentic AI's autonomy and poorly tracked access are creating a perfect storm of identity risk, leaving security teams vulnerable to attacks. As digital actors with broad permissions, these AI agents are operating in the dark, with many organizations lacking visibility into their actions.

Hackers Exploit Instagram AI Chatbot to Hijack User Accounts
Hackers recently tricked Instagram's AI chatbot into handing over account controls, highlighting a critical vulnerability in AI agent authorization - a problem that's proving tougher to crack than authentication. By falsifying user locations and manipulating the chatbot, attackers were able to change account email addresses and passwords.

Microsoft Resolves MFA, MySignIn Outage After Infrastructure Failover
Microsoft quickly sprang into action to resolve a widespread outage that left some users unable to set up multi-factor authentication or access their accounts on My Sign-Ins. The issue, marked by 504 Gateway Timeout errors, was confirmed around 5:00 AM ET and swiftly addressed with an infrastructure failover.

Strengthening Active Directory Password Rules Without Frustrating Users
Want to boost your Active Directory password security without driving users crazy? Ditch outdated complexity rules and switch to passphrases - longer, multi-word passwords that are easier to remember and harder for hackers to crack.

Cybersecurity Experts Push for Password Paradigm Shift
On World Password Day, cybersecurity experts are sounding the alarm: it's time to rethink our reliance on passwords, as attackers continue to exploit weak visibility and poor credential management to gain access to sensitive systems. The real vulnerability isn't a single weak password, but how credentials spread across organizations, often with employees reusing and sharing access without centralized tracking.

Weak Passwords Expose Networks to Unintended Access
Even a seasoned expert like Roger Grimes, CISO advisor at KnowBe4, has fallen victim to the pitfalls of weak passwords - in a surprising turn of events, he recalling a time when he accidentally gained access to a client's network using the password "rosebud", famously lifted from a film plot.

UK Urges Adoption of Passkeys Over Passwords
Say goodbye to password headaches! The UK is leading the charge towards a more secure and user-friendly login experience with passkeys, which offer stronger resilience and eliminate many common cyber threats.

NCSC Endorses Passkeys as Default Login Method
The UK's National Cyber Security Centre now recommends passkeys as the default login method, marking a significant shift away from passwords. This endorsement comes after a year of collaboration with industry and notable improvements in passkey technology.

NCSC Endorses Passkeys Over Passwords in New Guidance
Say goodbye to password headaches! The UK's National Cyber Security Centre now recommends passkeys as a user-friendly alternative that provides stronger resilience, making it easier to log in securely.
Microsoft patches trigger reboot loops in some Windows servers
Microsoft's latest security updates have caused some Windows servers to malfunction, triggering frustrating reboot loops that can bring entire authentication backbones to a grinding halt. This unexpected issue raises serious concerns about the reliability of enterprise updates.

SIM farm Stunning Takedown: Risky Fraud Network
Europol’s Operation SIMCARTEL dismantled a massive SIM farm tied to about 49 million fake accounts, arresting suspects and exposing how cheaply scammers can weaponize phone numbers to automate fraud. The takedown is a wake‑up call to ditch SMS as sole protection and push for stronger, phishing‑resistant authentication across services.

SIM card supply network Exposed: Risky, Stunning Takedown
Europol just tore down a sophisticated cross-border SIM card supply network that criminals used to hide identities and run scams — a stark reminder that SMS-based authentication can be easily abused. Protect yourself by using authenticator apps or security keys, monitoring accounts for unusual activity, and urging carriers to adopt stronger ID checks.

email bomb campaigns: Exclusive Dangerous Zendesk Flaw
Imagine waking to hundreds of threatening emails that look like they came from companies you trust — attackers abused weak outbound authentication in Zendesk to launch hard-to-block email bomb campaigns, a wake-up call for vendors and customers to tighten SPF/DKIM/DMARC and stronger default protections now.

phishing emails: Urgent Warning—Must-Have Best Tips
Don’t panic — LastPass says it wasn’t hacked; those alarming emails are a phishing scam. Pause, verify updates through the official app or website, and report any suspicious messages.

Whisper 2FA: Exclusive Risky Phishing Threat
Think 2FA is foolproof? Researchers warn Whisper 2FA — a phishing‑as‑a‑service tool tied to roughly one million credential‑theft attempts since July 2025 — shows attackers can cheaply scale real‑time relay attacks, so phishing‑resistant authentication and layered defenses are now essential.

legacy Windows authentication: Must-Fix Risky Threat
Think your network’s locked? Resecurity warns that old Windows protocols like LM, NTLM and SMBv1 can hand attackers credential hashes — inventory, isolate, and migrate now before those easy paths are abused.

public Wi‑Fi Must-Have Security: Best Practices
Free public Wi‑Fi brings huge civic benefits—but every hotspot is also a potential entry point for attackers, so CISOs must balance easy access with strong defenses. Prioritize segmentation, modern authentication, vendor controls, and clear public onboarding so communities stay connected without exposing municipal systems or citizen data.

Redis servers: Must-Have Fix for Risky RediShell Flaw
A newly disclosed “RediShell” flaw has left about 60,000 Redis servers exposed and easily exploitable, turning common misconfigurations into urgent security risks. If you run Redis, patch, lock it behind private networks or VPNs, enable AUTH/ACLs, and scan for internet-facing instances now to avoid data theft or persistent compromise.

credential stuffing: Risky Scourge, Must-Have Defenses
Think one reused password can’t hurt? A £2.31m fine proves it can — credential stuffing uses recycled logins and bots to drain money, steal data and wreck trust, and regulators are now forcing companies to adopt MFA, breached-password checks and smarter anti-bot defenses.

Palo Alto Networks administrative portals: Urgent Threat
A sudden fivefold surge in automated scans of Palo Alto Networks’ admin portals is a clear warning that attackers are probing for weaknesses — now’s the time to patch, tighten access, and verify your telemetry. While scans don’t prove compromise, treat this spike as a prompt to hunt for misconfigurations and strengthen admin controls.

Rhadamanthys Stealer: Exclusive Dangerous Threat
Rhadamanthys has evolved from a simple credential stealer into a stealthy, full-stack threat that fingerprints devices and hides stolen data inside ordinary PNG images while pairing with proxy and crypt services for turnkey attacks. Defenders should boost telemetry, enforce phishing‑resistant MFA, and add content‑aware inspection (including steganalysis) to spot these covert exfiltration channels.

consulting GitLab instance: Must-Have Risky Breach Fixes
Red Hat confirmed that an unauthorized party accessed a consulting GitLab instance and exfiltrated data, spotlighting how even non-core environments can expose customers to serious risk. Act now: audit access logs, rotate credentials and secrets, isolate consulting projects, and enforce least-privilege and stronger identity controls to stop lateral attacks.

Android remote access trojan: Exclusive Risky Threat
“If you can see nothing, they can take everything” — Klopatra is a stealthy new Android remote-access trojan that quietly hijacks phones to steal banking credentials, intercept one-time codes, and automate fraudulent transactions. Stay vigilant: only install apps from trusted stores, scrutinize accessibility and overlay permissions, and push behavioral mobile security and out-of-band authentication to blunt these targeted, modular attacks.