There is a saying that goes something like, "Do not judge a book by its cover." Yet, we all know we can not help but do just that - especially when it comes to online security. Logos play a significant role in whether or not we open an email and how we assess the importance of each message. Brand Indicators for Message Identification, or BIMI, aims to make it easier for us to … [Read more...] about A Visual Take on Email Authentication and Security
It was a packed virtual RSA Conference this year. Although I missed being in San Francisco’s Moscone center, visiting booths and chatting with industry peers, the virtual experience did have one key benefit in my opinion – the on-demand replays of the sessions. I was able to watch all the sessions that I wanted to without having to rush across the floors of the Moscone … [Read more...] about Recapping RSAC 2021: Cisco’s Keynote, Zero Trust Deployment & Passwordless Authentication
Passwordless has arrived. The key components enabling the new authentication technology are all in place. The quality of biometric sensors built into modern hardware has improved drastically in the past several years. Additionally, virtually all new endpoints include a secure enclave or trusted platform module (TPM) enabling the secure storage of asymmetric key pairs. Bringing … [Read more...] about Passwordless authentication enhances but doesn’t replace access security strategy
An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets. It is a common misconception that cybercriminals usually lay their … [Read more...] about How to Fight Business Email Compromise (BEC) with Email Authentication?
cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as "SEC-575" and discovered by researchers from Digital Defense, has been remedied by the company in … [Read more...] about 2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software
Atlassian solutions are widely used in the software development industry. Many teams practicing agile software development rely on these applications to manage their projects.Issue-tracking application Jira, Git repository BitBucket, continuous integration and deployment server Bamboo, and team collaboration platform Confluence are all considered to be proven agile … [Read more...] about WebAuthn Passwordless Authentication Now Available for Atlassian Products
This blog post was authored by Eugenio Iavarone, Cisco PSIRT. On August 28th, 2019, Cisco published a Security Advisory titled “Cisco REST API Container for Cisco IOS XE Software Authentication Bypass Vulnerability”, disclosing an internally found vulnerability which affects the Cisco REST API container for Cisco IOS XE. An exploit could be used to bypass authentication on … [Read more...] about Insights Regarding the Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability