#multi-factor-authentication

[ follow ]
#cybersecurity #ransomware #zero-trust #password-security #aws #cisa #phishing-attacks #infostealer
Information security
fromTheregister
1 day ago

One criminal stole info from 50 orgs thanks to no MFA

Failure to enforce MFA enabled infostealer malware to compromise corporate file-sharing portals, exposing sensitive data from about 50 global enterprises.
Information security
fromAxios
1 week ago

Why hackers love the holidays

Attackers exploit reduced holiday security staffing to carry out phishing, ransomware, and data theft, so organizations must harden defenses before holidays.
fromNextgov.com
2 weeks ago

Three moves that can jumpstart cyber modernization - even wthout a full budget

Let's be honest: most agencies don't have a blank check to invest in cybersecurity modernization. But that doesn't mean they're stuck. You don't need a full rip-and-replace to make meaningful progress; you need clarity, urgency and smart prioritization. Whether you're working with a full budget or a shoestring one, there are moves you can make today that will strengthen your defenses tomorrow.
Information security
Information security
fromInfoWorld
3 weeks ago

Did your npm pipeline break today? Check your 'classic' tokens

Transitioning to tokenless OIDC and rotating granular tokens creates extra work for organizations and leaves MFA gaps that increase risk of package and account compromise.
Information security
fromTheregister
1 month ago

Ex-CISA officials, CISOs aim to stop the spread of hacklore

Many common cybersecurity warnings are outdated; prioritize patching, software updates, strong passwords or passkeys, and multi-factor authentication over avoidance-based tips.
US politics
fromTechCrunch
2 months ago

Lawmakers say stolen police logins are exposing Flock surveillance cameras to hackers | TechCrunch

Flock Safety's license-plate camera network lacks required multi-factor authentication, potentially exposing billions of scanned images to hackers, spies, and compromised law enforcement logins.
Information security
fromThe Hacker News
2 months ago

CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers

Harden on-premises Microsoft Exchange Servers by restricting admin access, enforcing MFA, applying TLS/HSTS, patching, migrating EOL servers, and adopting zero trust to reduce exploitation risk.
#cybersecurity
Privacy technologies
fromHackernoon
8 months ago

Session Hijacking Is Maturing. What Proactive Measures Can Secure Active Sessions? | HackerNoon

Attackers are now automating session hijacking, making traditional security methods like MFA less effective.
fromHackernoon
8 months ago
Privacy technologies

Session Hijacking Is Maturing. What Proactive Measures Can Secure Active Sessions? | HackerNoon

more#cybersecurity
Information security
fromTechzine Global
2 months ago

Critical infrastructure struggles with AI and quantum threats

Critical infrastructure faces rising AI- and quantum-driven cyber risks despite falling breaches; 73% cite AI ecosystem as top security challenge and quantum threatens encryption.
Information security
fromMail Online
3 months ago

Stranger watching woman through Ring camera sparks warnings for others

A Ring doorbell camera was accessed so a stranger could speak through it, illustrating risks from weak passwords and lack of multi-factor authentication.
fromTheregister
3 months ago

PACER buckles under MFA rollout, causing support delays

LA lawyer Rob Freund shared an email via X showing that users are being told to avoid enrolling in the platform's MFA program until they are prompted to do so via email. PACER also told users to steer clear of the helplines to ease the burden on staff. "We ask that only users who receive a prompt to enroll in MFA when they log in should do so," the email reads. "If you do not receive an MFA enrollment prompt, no action is necessary. Please do not contact the [PACER Service Center] with questions about MFA until you are required to enroll. This ensures support is available for those who need it."
Privacy technologies
fromBleepingComputer
6 months ago

Overcoming Technical Barriers in Desktop and Application Virtualization

Virtualized environments are prime targets for cyberattacks due to their centralized nature and the potential vulnerabilities inherent in remote access protocols. Common Security Risks in Virtualization include credential-based attacks and exposure of RDP ports.
Remote teams
Privacy technologies
fromZDNET
6 months ago

Microsoft Authenticator won't manage your passwords anymore - here's why and what's next

Microsoft Authenticator will no longer support password management features beginning June, with full retirement by August.
Privacy technologies
fromTechzine Global
6 months ago

AWS hits a big milestone: 100% MFA for root users

AWS mandated multi-factor authentication (MFA) for root access accounts in 2023, enhancing security in cloud environments.
MFA significantly boosts security but isn't infallible; additional measures are necessary to combat sophisticated attacks.
fromTheregister
6 months ago

AWS enforces MFA across 100% of root users: re:Inforce

For anyone who still has doubts about MFA: just ask Snowflake CISO Brad Jones, who last year saw more than 160 of his customers' accounts compromised using stolen credentials. None of these had MFA enabled, and this safeguard likely would have prevented the intruders from accessing the customers' databases.
Marketing tech
[ Load more ]