Security News

Researchers Propose Machine Learning-based Bluetooth Authentication Scheme
2021-08-31 06:00

A group of academics has proposed a machine learning approach that uses authentic interactions between devices in Bluetooth networks as a foundation to handle device-to-device authentication reliably. Called "Verification of Interaction Authenticity", the recurring authentication scheme aims to solve the problem of passive, continuous authentication and automatic deauthentication once two devices are paired with one another, which remain authenticated until an explicit deauthentication action is taken, or the authenticated session expires.

Kerberos Authentication Spoofing: Don’t Bypass the Spec
2021-08-18 13:19

Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS. Authentication is the front gate to security systems, so if you bypass it, you can pretty much do whatever you want. For these reasons, the authentication protocols used by security systems must be flawless.

GitHub picks Friday 13th to kill off password-based Git authentication
2021-08-12 23:20

If your Git operations start failing on Friday, August 13 with GitHub, it may well be because you're still using password authentication - and you need to change that. In December, the source-code-hosting giant warned it will end password-based authentication for Git pushes and the like.

Actively exploited bug bypasses authentication on millions of routers
2021-08-07 14:10

Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. The vulnerability tracked as CVE-2021-20090 is a critical path traversal vulnerability in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication.

Not all authentication is created equal – and that’s a good thing
2021-08-05 06:30

According to Bethlehem, the first problem is that organisations have built up a complex authentication fabric made up of accounts, passwords, and various identity validation methods, often weakly managed in a way that leads to gaps and inconsistencies. Enforcing multi-factor authentication across the board is a minimum these days, but there are a range of issues organisations need to consider when jumping, advises Bethlehem.

Intrinsic ID partners with DARPA to offer digital authentication and security tech to researchers
2021-08-03 23:35

Intrinsic ID announced a partnership with the U.S. Defense Advanced Research Projects Agency (DARPA) to make its digital authentication and security technology accessible to DARPA researchers. The...

Why Are Users Ignoring Multi-Factor Authentication?
2021-07-27 11:30

There's one very noticeable exception: Multi-factor authentication is universally hailed as a leapfrog security measure that drastically reduces online threats like identity theft and online fraud. Security experts routinely recommend that users implement MFA technology where available, stressing the value of additional layers of authentication to thwart malicious hackers.

Consumer attitudes towards various digital identity authentication methods
2021-07-27 03:30

With concerns around online fraud and identity theft rising, consumers expect businesses to utilize new technologies to protect them online. The research revealed positive attitudes towards a number of newer methods of identity authentication amongst consumers in China, the UK and the U.S. Almost three quarters of people said they feel secure when they are asked to log into their bank account to verify their identity for other online services.

BIMI: A Visual Take on Email Authentication and Security
2021-07-27 03:04

Overall, BIMI acts as an additional layer of security to the existing email authentication process. You will need to convert your BIMI logo image to an SVG file that meets the BIMI standard specifications.

Passwordless Authentication Startup Stytch Raises $30 Million
2021-07-15 13:00

Passwordless authentication startup Stytch this week announced that it has raised $30 million in a Series A funding round. Founded in 2020, the San Francisco, California-based company seeks to improve both security and user experience by enabling authentication without the need of passwords.