Security News

Researchers have uncovered a phishing attack using a new technique: Attackers are making use of authentication APIs to validate victims' Office 365 credentials - in real time - as they enter them into the landing page. Office 365 requires app registrations to use APIs - but registrations require only an email address, making them seamless for attackers to leverage.

In the meantime, most of us need something to prevent our worst instincts when it comes to choosing passwords: using personal information, predictable keystroke patterns, password variations, well-known substitutions, single words from a dictionary and - above all - reusing the same password for many different private and enterprise accounts. The thing is, most older password policy tools don't provide a method to check if a password is strong and not compromised once the password is chosen/set.

ERP security: Dispelling common misconceptionsThe various applications integrated in ERP systems collect, store, manage, and interpret sensitive data from the many business activities, which allows organizations to improve their efficiency in the long run. Needless to say, the security of such a crucial system and all the data it stores should be paramount for every organization.

Although 97% of organizations said that Active Directory is mission-critical, more than half never actually tested their AD cyber disaster recovery process or do not have a plan in place at all, a Semperis survey of over 350 identity-centric security leaders reveals. Exactly 33% of organizations said they have an AD cyber disaster recovery plan but never tested it, while 21% have no plan in place at all.

IDology, a GBG company, announced a partnership with Microsoft to integrate its innovative ExpectID identity verification and anti-fraud solution with the Microsoft Azure Active Directory External Identities. ExpectID is now available to Azure Active Directory customers for easy, plug-and-play access to multi-layered global identity verification as a service that elevates trust, facilitates onboarding, increases business identity assurance and shuts down fraud.

Laplink Software announced its PCmover Enterprise solution now supports local Active Directory profile migrations to Azure Active Directory users. This is something that is not currently supported by Microsoft and IT professionals can now leverage PCmover Enterprise to streamline local Active Directory profile transfers and save hours of time per new PC deployed or per existing PC joined to Azure Active Directory.

Benefit Vantage, developer of the IPification seamless authentication solution, is proud to announce that we will enable global service providers to enhance user authentication and verification when using the Microsoft Azure Active Directory B2C cloud identity platform. Azure Active Directory B2C enables organizations to manage and secure customer, consumer and citizen access to web and mobile applications, enabling service providers to add and customize user identity services for registration and login purposes to their apps.

Enzoic, a leading provider of compromised password security solutions, released the latest version of Enzoic for Active Directory. The automated tool screens and identifies employees that are using compromised or weak passwords, helping organizations reduce insider risks from poor password hygiene.

Microsoft reckons 0.5 per cent of Azure Active Directory accounts as used by Office 365 are compromised every month. "About a half of a per cent of the enterprise accounts on our system will be compromised every month, which is a really high number. If you have an organisation of 10,000 users, 50 will be compromised each month," said Weinert.

Hybrid environments can now join the preview party for FIDO2 support in Azure Active Directory. One way to move on is via a FIDO2 security key; the FIDO alliance has already signed up the likes of Google and Mozilla for browser authentication and back in October 2019 Microsoft unveiled a preview of FIDO2 security support in Azure Active Directory.