Security News

New Zero-Trust API Offers Mobile Carrier Authentication to Developers
2021-07-15 05:43

To help achieve progress on Zero Trust, there is now a new, easy way to implement continuous user verification by connecting directly to the authentication systems used by mobile operators - without the overhead of processing or storing user data. The Zero Trust model of identity verification essentially means never trusting that a returning user is whom they claim to be, regardless of their location or previous successful attempts.

Entrust and Red Sift simplify adoption of email sender authentication based on BIMI standards
2021-07-13 23:30

Entrust announced an expanded partnership with Red Sift to simplify and streamline the adoption of strong email sender authentication based on Brand Indicators for Message Identification standards. As email has become more critical than ever for organizations to connect and communicate with their customers, the ecosystem is looking to BIMI as an opportunity to increase the wide adoption of email authentication while simultaneously providing senders with a way to provide their customers a more immersive experience.

Microsoft fixes Windows Hello authentication bypass vulnerability
2021-07-13 19:32

Microsoft has addressed a security feature bypass vulnerability in the Windows Hello authentication biometrics-based tech, letting threat actors spoof a target's identity and trick the face recognition mechanism into giving them access to the system. As discovered by CyberArk Labs security researchers, attackers can create custom USB devices that Windows Hello will work with to completely circumvent Windows Hello's facial recognition mechanism using a single valid IR frame of the target.

Twitter Enables Use of Security Keys as Sole Two-Factor Authentication Method
2021-07-01 11:54

Twitter this week announced that it allows users to enroll security keys and use them as the only form of two-factor authentication to secure their accounts. "Security keys offer the strongest protection for your Twitter account because they have built-in protections to ensure that even if a key is used on a phishing site, the information shared can't be used to access your account," Twitter explains.

Netgear Authentication Bypass Allows Router Takeover
2021-07-01 11:30

Netgear has patched three bugs in one of its router families that, if exploited, can allow threat actors to bypass authentication to breach corporate networks and steal data and credentials. Microsoft security researchers discovered the bugs in Netgear DGN-2200v1 series routers while they were researching device fingerprinting, Microsoft 365 Defender research team's Jonathan Bar Or said in a blog post, posted Wednesday.

LoginID SDK empowers developers to integrate FIDO strong authentication into their websites or apps
2021-07-01 01:00

LoginID announced additional SDK options for developers. These SDKs empower developers to integrate FIDO strong authentication into their websites or apps.

BioConnect collaborates with HID Global to bring authentication to its HID Mobile Access solution
2021-06-29 23:30

BioConnect announced a collaboration with HID Global to bring authentication to its HID Mobile Access solution alongside a mobile survey option for wellness declaration for employee health status and activity logging. BioConnect expands the options for HID Mobile Access users with enterprise issued biometrics or multi-factor authentication right from their mobile device with the BioConnect Mobile Authenticator to meet new and more stringent compliance requirements.

Authentication Bypass in Adobe Experience Manager Impacts Large Organizations
2021-06-29 17:09

Multiple large organizations were found to be impacted by an authentication bypass in Adobe Experience Manager CRX Package Manager, according to a warning from security vendor Detectify. The Adobe Experience Manager is a content management solution used for the building of websites and mobile applications, while also allowing developers to manage marketing content and assets.

Who would cross the Bridge of Death? Answer me these questions three! Oh and you'll need two-factor authentication
2021-06-25 08:30

Just as daleks can't climb stairs and 1960s self-aware computers hell-bent on world domination can't answer the question "Why?" without spontaneously combusting, it seems that robots don't know how to tick. Evidently, neither do I. The Californian robot that is evaluating whether I am also a robot is unconvinced by my ticking.

Critical VMware Carbon Black Bug Allows Authentication Bypass
2021-06-24 15:31

VMware has fixed an uber-severe bug in its Carbon Black App Control management server: A server whose job is to lock down critical systems and servers so they don't get changed willy-nilly. Besides the authentication-bypass fix, VMware also published a security advisory for a high-risk bug in VMware Tools, VMware Remote Console for Windows, and VMware App Volumes products.