Security News

Microsoft 365, formerly called Office 365, is Microsoft's cloud strategy flagship product with major changes ahead, such as the deprecation of their legacy authentication protocols. These authentication protocols do not support modern authentication mechanisms like multi-factor authentication, which means that enabling MFA won't suffice.

Hardware-based security tokens or dongles have gained popularity, particularly at the enterprise level. Tiny hardware devices are not without their challenges.

It turns out that the VP had approved over 10 different push-based messages for logins that he was not involved in. When the VP was asked why he approved logins for logins he was not actually doing, his response was, "They told me that I needed to click on Approve when the message appeared!".

Enterprises are taking steps to move away from passwords and adopting low-friction authentication methods to protect the hybrid workforce, a Cisco's Duo Security report reveals. Multi-factor authentications increased significantly.

Google has announced plans to automatically enroll about 150 million users into its two-factor authentication scheme by the end of the year as part of its ongoing efforts to prevent unauthorized access to accounts and improve security.The internet giant said it also intends to require 2 million YouTube creators to switch on the setting, which it calls two-step verification, to protect their channels from potential takeover attacks.

Google is going to automatically enroll 150 million users and two million YouTube creators into using two-factor authentication for their accounts by the end of the year, it announced on Tuesday. "And because we know the best way to keep our users safe is to turn on our security protections by default, we have started to automatically configure our users' accounts into a more secure state. By the end of 2021, we plan to auto-enroll an additional 150 million Google users in 2SV and require two million YouTube creators to turn it on."

After offering the passwordless authentication option to enterprise customers in March 2021, Microsoft has now started rolling it out to its consumer segment of users. Users are able to switch on the feature by visiting their Microsoft account's Advanced Security Options, then Additional Security.

Cisco has patched a near-max critical bug in its NFVIS software for which there's a publicly available proof-of-concept exploit. On Wednesday, Cisco released patches for the flaw - an authentication bypass vulnerability in Enterprise NFV Infrastructure Software that's tracked as CVE-2021-34746.

Cisco has addressed an almost maximum severity authentication bypass Enterprise NFV Infrastructure Software vulnerability with public proof-of-concept exploit code.CVE-2021-34746 is caused by incomplete validation of user-supplied input passed to an authentication script during the sign-in process which allows unauthenticated, remote attackers to log into unpatched device as an administrator.

The U.S. Cybersecurity and Infrastructure Security Agency on Monday added single-factor authentication to the short list of "Exceptionally risky" cybersecurity practices that could expose critical infrastructure as well as government and the private sector entities to devastating cyberattacks. With the latest development, the list of bad practices now encompasses -.