Security News

An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. This is why industry experts are coming up with email authentication protocols like DMARC to offer a high level of protection against impersonation.

BIO-key announced new capabilities for its PortalGuard IDaaS cloud-delivered authentication solution. To mitigate common threats while providing more convenient methods of authentication such as passwordless, biometric, and adaptive technologies, BIO-Key is introducing new innovations for PortalGuard IDaaS to better serve customers who are keen to have more options for securing their hybrid environments of cloud-based and on-premises applications, as well as multiple directory support, including Microsoft Azure.

The global out of band authentication market was valued at $443.81 million in 2019, and it is expected to reach a value of $846.80 million by 2025, registering a CAGR of 11.37% over the forecast period 2020 - 2025, according to ResearchAndMarkets. Some studies show that BYOD approach lets employees utilize the benefits of greater flexibility, collaboration, and work-life balance to improve productivity by up to 34%. However, it also raised security-related issues which are expected to drive the out of band authentication market as many enterprises are increasingly adopting software solution that generates one-time passcodes and sent using via email or SMS text message to establish a secure connection to secure their networks from the security threats.

Axiad, a provider of a cloud-based passwordless authentication solutions, has raised $20 million in growth funding from private equity firm Invictus Growth Partners. According to Yves Audebert, co-founder and co-CEO of Santa Clara, Calif.-based Axiad, the company has been bootstrapped and cash flow positive for more than ten years, with the company saying it protects more than 2.5 million enterprise credentials for hundreds of customers.

Intel introduced Intel RealSense ID, an on-device solution that combines an active depth sensor with a specialized neural network designed to deliver secure, accurate and user-aware facial authentication. "Intel RealSense ID combines purpose-built hardware and software with a dedicated neural network designed to deliver a secure facial authentication platform that users can trust," said Sagi Ben Moshe, Intel corporate vice president and general manager of Emerging Growth and Incubation.

Intel has gingerly dipped a toe into the face-based authentication market with the launch of its RealSense ID product. In terms of security, Chipzilla has made some bold claims, stating RealSense ID has a one-in-one-million false acceptance rate and can withstand the usual attempts to circumvent face-based authentication tools, like masks and photographs, with - according to its RealSense webpage - a spoof acceptance rate of less than 0.1 per cent.

A high-severity authentication bypass vulnerability was recently addressed in the Bouncy Castle cryptography library. Synopsys CyRC security researchers revealed this week that an authentication vulnerability they identified in the OpenBSDBcrypt class of the Java cryptography library could be abused to bypass password checks in applications relying on the library.

The NSA has published an advisory outlining how "Malicious cyber actors" are "Are manipulating trust in federated authentication environments to access protected data in the cloud." This is related to the SolarWinds hack I have previously written about, and represents one of the techniques the SVR is using once it has gained access to target networks. The actors leverage privileged access in the on-premises environment to subvert the mechanisms that the organization uses to grant access to cloud and on-premises resources and/or to compromise administrator credentials with the ability to manage cloud resources.

An advisory from the U.S. National Security Agency provides Microsoft Azure administrators guidance to detect and protect against threat actors looking to access resources in the cloud by forging authentication information. The two tactics, techniques, and procedures discussed in NSA's advisory have been in use since at least 2017 and refer to forging Security Assertion Markup Language tokens for single sign-on authentication to other service providers.

A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. The.NET version of Bouncy Castle alone has been downloaded over 16,000,000 times, speaking to the seriousness of vulnerabilities in Bouncy Castle, a library relied on by developers of mission-critical applications.