Oct 14, 2023NewsroomAuthentication / Endpoint Security Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. "The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on NT LAN … [Read more...] about Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication
Authentication
Atlassian’s Jira Software Found Vulnerable to Critical Authentication Vulnerability
Feb 03, 2023Ravie LakshmananCloud Security / Vulnerability Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and has been … [Read more...] about Atlassian’s Jira Software Found Vulnerable to Critical Authentication Vulnerability
Start with Phishing-Resistant, Passwordless Authentication
Going beyond the hype, passwordless authentication is now a reality. Cisco Duo’s passwordless authentication is now generally available across all Duo Editions. “Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy.“ – Jack Poller, Senior Analyst, ESG We received … [Read more...] about Start with Phishing-Resistant, Passwordless Authentication
Google to Add Passwordless Authentication Support to Android and Chrome
Google today announced plans to implement support for passwordless logins in Android and the Chrome web browser to allow users to seamlessly and securely sign in across different devices and websites irrespective of the platform. "This will simplify sign-ins across devices, websites, and applications no matter the platform — without the need for a single password," Google … [Read more...] about Google to Add Passwordless Authentication Support to Android and Chrome
Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability
Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira's authentication framework, Jira Seraph. Khoadha of Viettel Cyber … [Read more...] about Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability
LAPSUS$ Hackers Claim to Have Breached Microsoft and Authentication Firm Okta
Microsoft and authentication services provider Okta said they are investigating claims of a potential breach alleged by the LAPSUS$ extortionist gang. The development, which was first reported by Vice and Reuters, comes after the cyber criminal group posted screenshots and source code of what it said were the companies' internal projects and systems on its Telegram channel. The … [Read more...] about LAPSUS$ Hackers Claim to Have Breached Microsoft and Authentication Firm Okta
Cyber Actors Bypassing Two-Factor Authentication Implementations
On March 15, 2022, a government flash bulletin was published describing how state-sponsored cyber actors were able to use the PrintNightmare vulnerability (CVE-2021-34527) in addition to bypassing Duo 2FA to compromise an unpatched Windows machine and gain administrative privileges. This scenario did not leverage or reveal a vulnerability in Duo software or infrastructure, but … [Read more...] about Cyber Actors Bypassing Two-Factor Authentication Implementations
A Guide to Shift Away from Legacy Authentication Protocols in Microsoft 365
Microsoft 365 (M365), formerly called Office 365 (O365), is Microsoft's cloud strategy flagship product with major changes ahead, such as the deprecation of their legacy authentication protocols. Often stored on or saved to the device, Basic Authentication protocols rely on sending usernames and passwords with every request, increasing the risk of attackers capturing users' … [Read more...] about A Guide to Shift Away from Legacy Authentication Protocols in Microsoft 365
A Visual Take on Email Authentication and Security
There is a saying that goes something like, "Do not judge a book by its cover." Yet, we all know we can not help but do just that - especially when it comes to online security. Logos play a significant role in whether or not we open an email and how we assess the importance of each message. Brand Indicators for Message Identification, or BIMI, aims to make it easier for us to … [Read more...] about A Visual Take on Email Authentication and Security
Recapping RSAC 2021: Cisco’s Keynote, Zero Trust Deployment & Passwordless Authentication
It was a packed virtual RSA Conference this year. Although I missed being in San Francisco’s Moscone center, visiting booths and chatting with industry peers, the virtual experience did have one key benefit in my opinion – the on-demand replays of the sessions. I was able to watch all the sessions that I wanted to without having to rush across the floors of the Moscone … [Read more...] about Recapping RSAC 2021: Cisco’s Keynote, Zero Trust Deployment & Passwordless Authentication