Security News > 2024 > March
Microsoft Authenticator utilizes push notifications, one-time passcodes and can integrate with Microsoft 365 and Microsoft Entra ID. While both 2FA options share some similarities, there are key differences that can sway your decision to choose one over the other. Microsoft Authenticator is free and comes bundled with all Microsoft Entra ID and 365 Business accounts.
Apple is having its own Meltdown/Spectre moment with a new side-channel vulnerability found in the architecture of Apple Silicon processors that gives malicious apps the ability to extract cryptographic keys. "We reverse-engineered DMPs on Apple m-series CPUs and found that the DMP activates data loaded from memory that 'looks like' a pointer," the team say in the paper.
A new side-channel attack called "GoFetch" impacts Apple M1, M2, and M3 processors and can be used to steal secret cryptographic keys from data in the CPU's cache. The attack targets constant-time cryptographic implementations using data memory-dependent prefetchers found in modern Apple CPUs.
Cybersecurity researchers have detected a new wave of phishing attacks that aim to deliver an ever-evolving information stealer referred to as StrelaStealer. The campaigns impact more than 100...
Auth0 and Okta are powerful IAM tools with distinct strengths that solve this problem. The key difference perhaps lies in how Auth0 and Okta approach identity.
NIST is currently working to establish a consortium to address challenges in the NVD program and develop improved tools and methods. That's a good thing, because a CVE without its NVD data is pretty meaningless.
Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could be potentially exploited...
Employees at US-based organizations are being targeted with emails delivering NetSupport RAT malware via "Nuanced" exploitation and by using an advanced detection evasion method. The phishing emails prompts recipients to download an attached Office Word file to view their "Monthly salary report".
In light of the rise of "DDoS hacktivism" and the recent DDoS attacks aimed at disrupting French and Alabama government websites, the Cybersecurity and Infrastructure Security Agency has updated its guidance of how governmental entities should respond to this type of attacks. "The main advantage of a DDoS attack over a DoS attack is the ability to generate a significantly higher volume of traffic, overwhelming the target system's resources to a greater extent," the agency says.
A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux...