Security News

Google to turn on 2-factor authentication by default for 150 million users
2021-10-06 02:05

Google has announced plans to automatically enroll about 150 million users into its two-factor authentication scheme by the end of the year as part of its ongoing efforts to prevent unauthorized access to accounts and improve security.The internet giant said it also intends to require 2 million YouTube creators to switch on the setting, which it calls two-step verification, to protect their channels from potential takeover attacks.

Google to auto-enroll 150m users, 2m YouTubers with two-factor authentication
2021-10-06 00:54

Google is going to automatically enroll 150 million users and two million YouTube creators into using two-factor authentication for their accounts by the end of the year, it announced on Tuesday. "And because we know the best way to keep our users safe is to turn on our security protections by default, we have started to automatically configure our users' accounts into a more secure state. By the end of 2021, we plan to auto-enroll an additional 150 million Google users in 2SV and require two million YouTube creators to turn it on."

Microsoft announces passwordless authentication option for consumers
2021-09-16 10:09

After offering the passwordless authentication option to enterprise customers in March 2021, Microsoft has now started rolling it out to its consumer segment of users. Users are able to switch on the feature by visiting their Microsoft account's Advanced Security Options, then Additional Security.

Cisco Patches Critical Authentication Bug With Public Exploit
2021-09-02 15:41

Cisco has patched a near-max critical bug in its NFVIS software for which there's a publicly available proof-of-concept exploit. On Wednesday, Cisco released patches for the flaw - an authentication bypass vulnerability in Enterprise NFV Infrastructure Software that's tracked as CVE-2021-34746.

Cisco fixes critical authentication bypass bug with public exploit
2021-09-02 12:14

Cisco has addressed an almost maximum severity authentication bypass Enterprise NFV Infrastructure Software vulnerability with public proof-of-concept exploit code.CVE-2021-34746 is caused by incomplete validation of user-supplied input passed to an authentication script during the sign-in process which allows unauthenticated, remote attackers to log into unpatched device as an administrator.

CISA Adds Single-Factor Authentication to the List of Bad Practices
2021-08-31 23:27

The U.S. Cybersecurity and Infrastructure Security Agency on Monday added single-factor authentication to the short list of "Exceptionally risky" cybersecurity practices that could expose critical infrastructure as well as government and the private sector entities to devastating cyberattacks. With the latest development, the list of bad practices now encompasses -.

Researchers Propose Machine Learning-based Bluetooth Authentication Scheme
2021-08-31 06:00

A group of academics has proposed a machine learning approach that uses authentic interactions between devices in Bluetooth networks as a foundation to handle device-to-device authentication reliably. Called "Verification of Interaction Authenticity", the recurring authentication scheme aims to solve the problem of passive, continuous authentication and automatic deauthentication once two devices are paired with one another, which remain authenticated until an explicit deauthentication action is taken, or the authenticated session expires.

Kerberos Authentication Spoofing: Don’t Bypass the Spec
2021-08-18 13:19

Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS. Authentication is the front gate to security systems, so if you bypass it, you can pretty much do whatever you want. For these reasons, the authentication protocols used by security systems must be flawless.

GitHub picks Friday 13th to kill off password-based Git authentication
2021-08-12 23:20

If your Git operations start failing on Friday, August 13 with GitHub, it may well be because you're still using password authentication - and you need to change that. In December, the source-code-hosting giant warned it will end password-based authentication for Git pushes and the like.

Actively exploited bug bypasses authentication on millions of routers
2021-08-07 14:10

Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. The vulnerability tracked as CVE-2021-20090 is a critical path traversal vulnerability in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication.