Category: Access control

July 18, 2022

A threat actor is targeting industrial engineers and operators with trojanized password-cracking software for programmable logic controllers (PLCs) and human-machine interfaces (HMIs), exploiting their pressing needs to turn industrial workstations into dangerous bots. According to Dragos researchers, the adversary seems […]

July 7, 2022

A cryptocurrency wallet service provider serving more than 2 million users worldwide and managing about $3 billion worth of Bitcoin was found to contain API vulnerabilities tied to how external authentication logins were implemented. The bugs are fixed, but the […]

June 30, 2022

Rafay Systems launched a new open-source software project named Paralus to enable secure, audited access for developers, operations, SREs and CI/CD tools to remote Kubernetes (K8s) clusters. Paralus offers access management for developers, architects, and CI/CD tools to remote K8s […]

June 21, 2022

(ISC)² published findings from its 2022 Cybersecurity Hiring Managers research that shed light on best practices for recruiting, hiring and onboarding entry- and junior-level cybersecurity practitioners. The research, reflecting the opinions of 1,250 cybersecurity hiring managers from the U.S., Canada, […]

June 15, 2022

Division of labor Money has been and remains the main motivator for cybercriminals. The most widespread techniques of monetizing cyberattacks include selling stolen databases, extortion (using ransomware) and carding. However, there is demand on the dark web not only for […]

June 7, 2022

At WWDC 2022, Apple has announced and previewed iOS 16 and iPad OS 16, macOS 13 (aka macOS Ventura), watchOS 9, their new M2 chips, new MacBook Air and Pro, as well as new tools, technologies, and APIs for developers […]

June 1, 2022

The company surveyed of 4,000 consumers across three continents, including 1,000 UK respondents, showed that 61% of consumers feel confident enough with contactless payments to leave their wallet at home and just take their phone – a figure that rises […]

May 24, 2022

Online accounts getting hijacked and misused is an everyday occurrence, but did you know that account pre-hijacking attacks are also possible? Inspired by previous research on preemptive account hijacking by way of single sign-on (SSO) technology, researchers Avinash Sudhodanan and […]

May 24, 2022

Let’s face it: we all use email, and we all use passwords. Passwords create inherent vulnerability in the system. The success rate of phishing attacks is skyrocketing, and opportunities for the attack have greatly multiplied as lives moved online. All […]

May 19, 2022

A joint multi-national cybersecurity advisory has revealed the top ten attack vectors most exploited by cybercriminals in order to gain access to organisation networks, as well as the techniques they use to gain access. The advisory cites five techniques used […]

May 6, 2022

Some of the world’s biggest tech companies have announced plans to try and remove the need for passwords for good. Apple, Google and Microsoft have joined forces to push the wider availability of passwordless logins in a major way, promoting […]

April 6, 2022

The average Internet user has 100 passwords, according to research by NordPass. Remembering that many passwords is impossible, so people must implement a system for keeping track of them. For years, cybersecurity professionals have tried to convince people to record […]

March 30, 2022

A duo of researchers has released a proof-of-concept (PoC) demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what’s called a replay attack. The attack is made possible, […]

March 3, 2022

Enzoic released the latest version of Enzoic for Active Directory. The solution prevents users from choosing weak or previously exposed passwords by screening them at their creation and continuously monitoring passwords to ensure they do not subsequently become compromised. Enzoic’s […]

January 11, 2022

You may not have as many people visiting your home due to the pandemic, but restrictions are a hit-and-miss affair. It’s possible your region has opened up a little, and you’re seeing folks in your home for the first time […]

December 2, 2021

As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. The Redmond-based tech giant noted that users could instead use its authenticator app, Windows Hello; a physical security key or a verification […]

November 4, 2021

Secret Double Octopus and Ponemon Institute announced the results of a US-based study focused on understanding the state of workforce passwordless authentication, from motivational drivers to results after transitioning to its use. Results demonstrated that remote work has and will […]

October 15, 2021

Companies often claim to be customer-centric, or even customer-obsessed, striving to offer technologies that their users demand. However, the findings of a recent global Auth0 survey suggest that organizations worldwide continue to miss the mark when it comes to giving […]

October 11, 2021

Meant to provide federal agencies with guidance on securing their networks while ensuring that remote users do have access to internal resources, the document was produced in collaboration with the Office of Management and Budget (OMB), the Federal Chief Information […]

October 6, 2021

Google has announced plans to automatically enroll about 150 million users into its two-factor authentication scheme by the end of the year as part of its ongoing efforts to prevent unauthorized access to accounts and improve security. In addition, the […]