Skip to main content

Tag: authentication

142 articles

Laptop connected to external authenticator device in bright office setting.

WebAuthn Integration Breaches Windows RDP Security Gap

Prisma Browser's innovative team successfully integrated WebAuthn redirection into their RDP client, pioneering a secure solution that enables seamless authentication via local devices like YubiKey, Touch ID, or Windows Hello. This game-changing move closed a significant security gap in Windows RDP, paving the way for enhanced remote desktop security.

Analyst 207
Rows of computer servers and network equipment in a modern data center, with one server highlighted.

Agentic AI's Identity Crisis Leaves Security Teams Vulnerable

Agentic AI's autonomy and poorly tracked access are creating a perfect storm of identity risk, leaving security teams vulnerable to attacks. As digital actors with broad permissions, these AI agents are operating in the dark, with many organizations lacking visibility into their actions.

Analyst 207
Smartphone with chatbot interface on screen, conveying vulnerability.

Hackers Exploit Instagram AI Chatbot to Hijack User Accounts

Hackers recently tricked Instagram's AI chatbot into handing over account controls, highlighting a critical vulnerability in AI agent authorization - a problem that's proving tougher to crack than authentication. By falsifying user locations and manipulating the chatbot, attackers were able to change account email addresses and passwords.

Analyst 207
Technical area with computer servers hints at disruption.

Microsoft Resolves MFA, MySignIn Outage After Infrastructure Failover

Microsoft quickly sprang into action to resolve a widespread outage that left some users unable to set up multi-factor authentication or access their accounts on My Sign-Ins. The issue, marked by 504 Gateway Timeout errors, was confirmed around 5:00 AM ET and swiftly addressed with an infrastructure failover.

Analyst 207
Person sitting at desk with laptop, surrounded by papers, thoughtfully typing or reading in quiet office setting.

Strengthening Active Directory Password Rules Without Frustrating Users

Want to boost your Active Directory password security without driving users crazy? Ditch outdated complexity rules and switch to passphrases - longer, multi-word passwords that are easier to remember and harder for hackers to crack.

Analyst 207
Person sitting at desk with laptop, surrounded by office equipment and network infrastructure.

Cybersecurity Experts Push for Password Paradigm Shift

On World Password Day, cybersecurity experts are sounding the alarm: it's time to rethink our reliance on passwords, as attackers continue to exploit weak visibility and poor credential management to gain access to sensitive systems. The real vulnerability isn't a single weak password, but how credentials spread across organizations, often with employees reusing and sharing access without centralized tracking.

Analyst 207
Person sitting at computer workstation with login screen and password notes in background.

Weak Passwords Expose Networks to Unintended Access

Even a seasoned expert like Roger Grimes, CISO advisor at KnowBe4, has fallen victim to the pitfalls of weak passwords - in a surprising turn of events, he recalling a time when he accidentally gained access to a client's network using the password "rosebud", famously lifted from a film plot.

Analyst 207
Person holding smartphone in relaxed indoor setting with city view.

UK Urges Adoption of Passkeys Over Passwords

Say goodbye to password headaches! The UK is leading the charge towards a more secure and user-friendly login experience with passkeys, which offer stronger resilience and eliminate many common cyber threats.

Analyst 207
Person holds smartphone with blurred city or office background, emphasizing digital security.

NCSC Endorses Passkeys as Default Login Method

The UK's National Cyber Security Centre now recommends passkeys as the default login method, marking a significant shift away from passwords. This endorsement comes after a year of collaboration with industry and notable improvements in passkey technology.

Analyst 207
Person holding smartphone in modern conference room setting with technical diagrams.

NCSC Endorses Passkeys Over Passwords in New Guidance

Say goodbye to password headaches! The UK's National Cyber Security Centre now recommends passkeys as a user-friendly alternative that provides stronger resilience, making it easier to log in securely.

Analyst 207

Microsoft patches trigger reboot loops in some Windows servers

Microsoft's latest security updates have caused some Windows servers to malfunction, triggering frustrating reboot loops that can bring entire authentication backbones to a grinding halt. This unexpected issue raises serious concerns about the reliability of enterprise updates.

Analyst 207
SIM farm Stunning Takedown: Risky Fraud Network

SIM farm Stunning Takedown: Risky Fraud Network

Europol’s Operation SIMCARTEL dismantled a massive SIM farm tied to about 49 million fake accounts, arresting suspects and exposing how cheaply scammers can weaponize phone numbers to automate fraud. The takedown is a wake‑up call to ditch SMS as sole protection and push for stronger, phishing‑resistant authentication across services.

Analyst 207
SIM card supply network Exposed: Risky, Stunning Takedown

SIM card supply network Exposed: Risky, Stunning Takedown

Europol just tore down a sophisticated cross-border SIM card supply network that criminals used to hide identities and run scams — a stark reminder that SMS-based authentication can be easily abused. Protect yourself by using authenticator apps or security keys, monitoring accounts for unusual activity, and urging carriers to adopt stronger ID checks.

Analyst 207
email bomb campaigns: Exclusive Dangerous Zendesk Flaw

email bomb campaigns: Exclusive Dangerous Zendesk Flaw

Imagine waking to hundreds of threatening emails that look like they came from companies you trust — attackers abused weak outbound authentication in Zendesk to launch hard-to-block email bomb campaigns, a wake-up call for vendors and customers to tighten SPF/DKIM/DMARC and stronger default protections now.

Analyst 207
phishing emails: Urgent Warning—Must-Have Best Tips

phishing emails: Urgent Warning—Must-Have Best Tips

Don’t panic — LastPass says it wasn’t hacked; those alarming emails are a phishing scam. Pause, verify updates through the official app or website, and report any suspicious messages.

Analyst 207
Whisper 2FA: Exclusive Risky Phishing Threat

Whisper 2FA: Exclusive Risky Phishing Threat

Think 2FA is foolproof? Researchers warn Whisper 2FA — a phishing‑as‑a‑service tool tied to roughly one million credential‑theft attempts since July 2025 — shows attackers can cheaply scale real‑time relay attacks, so phishing‑resistant authentication and layered defenses are now essential.

Analyst 207
legacy Windows authentication: Must-Fix Risky Threat

legacy Windows authentication: Must-Fix Risky Threat

Think your network’s locked? Resecurity warns that old Windows protocols like LM, NTLM and SMBv1 can hand attackers credential hashes — inventory, isolate, and migrate now before those easy paths are abused.

Analyst 207
public Wi‑Fi Must-Have Security: Best Practices

public Wi‑Fi Must-Have Security: Best Practices

Free public Wi‑Fi brings huge civic benefits—but every hotspot is also a potential entry point for attackers, so CISOs must balance easy access with strong defenses. Prioritize segmentation, modern authentication, vendor controls, and clear public onboarding so communities stay connected without exposing municipal systems or citizen data.

Analyst 207
Redis servers: Must-Have Fix for Risky RediShell Flaw

Redis servers: Must-Have Fix for Risky RediShell Flaw

A newly disclosed “RediShell” flaw has left about 60,000 Redis servers exposed and easily exploitable, turning common misconfigurations into urgent security risks. If you run Redis, patch, lock it behind private networks or VPNs, enable AUTH/ACLs, and scan for internet-facing instances now to avoid data theft or persistent compromise.

Analyst 207
credential stuffing: Risky Scourge, Must-Have Defenses

credential stuffing: Risky Scourge, Must-Have Defenses

Think one reused password can’t hurt? A £2.31m fine proves it can — credential stuffing uses recycled logins and bots to drain money, steal data and wreck trust, and regulators are now forcing companies to adopt MFA, breached-password checks and smarter anti-bot defenses.

Analyst 207
Palo Alto Networks administrative portals: Urgent Threat

Palo Alto Networks administrative portals: Urgent Threat

A sudden fivefold surge in automated scans of Palo Alto Networks’ admin portals is a clear warning that attackers are probing for weaknesses — now’s the time to patch, tighten access, and verify your telemetry. While scans don’t prove compromise, treat this spike as a prompt to hunt for misconfigurations and strengthen admin controls.

Analyst 207
Rhadamanthys Stealer: Exclusive Dangerous Threat

Rhadamanthys Stealer: Exclusive Dangerous Threat

Rhadamanthys has evolved from a simple credential stealer into a stealthy, full-stack threat that fingerprints devices and hides stolen data inside ordinary PNG images while pairing with proxy and crypt services for turnkey attacks. Defenders should boost telemetry, enforce phishing‑resistant MFA, and add content‑aware inspection (including steganalysis) to spot these covert exfiltration channels.

Analyst 207
consulting GitLab instance: Must-Have Risky Breach Fixes

consulting GitLab instance: Must-Have Risky Breach Fixes

Red Hat confirmed that an unauthorized party accessed a consulting GitLab instance and exfiltrated data, spotlighting how even non-core environments can expose customers to serious risk. Act now: audit access logs, rotate credentials and secrets, isolate consulting projects, and enforce least-privilege and stronger identity controls to stop lateral attacks.

Analyst 207
Android remote access trojan: Exclusive Risky Threat

Android remote access trojan: Exclusive Risky Threat

“If you can see nothing, they can take everything” — Klopatra is a stealthy new Android remote-access trojan that quietly hijacks phones to steal banking credentials, intercept one-time codes, and automate fraudulent transactions. Stay vigilant: only install apps from trusted stores, scrutinize accessibility and overlay permissions, and push behavioral mobile security and out-of-band authentication to blunt these targeted, modular attacks.

Analyst 207