Security News

Using SMS as an additional means to authenticate your password is better than nothing, but it's not the most reliable. Tom Merritt lists five reasons why SMS should not be used for MFA.

cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication protection on an account. cPanel and WHM offers a Linux-based control panel for users to handle website and server management, including tasks such as adding sub-domains and performing system and control panel maintenance.

Microsoft last week released an out-of-band update for Windows to address authentication issues related to a recently patched Kerberos vulnerability. The issue is related to the PerformTicketSignature registry subkey value in CVE-2020-17049, a security feature bypass bug in Kerberos Key Distribution Center that Microsoft fixed on November 2020 Patch Tuesday.

Microsoft has released out-of-band optional updates to fix a known issue that causes Kerberos authentication problems on enterprise domain controllers after installing security updates released earlier this month to address CVE-2020-17049. This OOB update comes after Microsoft started investigating the Kerberos authentication issue over the weekend, on November 14.

In recent years biometrics have increasingly been lauded as a superior authentication solution to passwords. With a detailed enough representation of a biometric marker, it's possible to spoof it and, with the rise of deep-fake technology, it will become even easier to spoof biometrics.

Follow these steps to better protect your Zoom account with a second layer of authentication. Zoom now provides an extra level of security to your account with two-factor authentication.

Microsoft is investigating a new known issue causing enterprise domain controllers to experience Kerberos authentication problems after installing security updates released to address CVE-2020-17049 during this month's Patch Tuesday, on November 10. Kerberos replaced the NTLM protocol to be the default authentication protocol for domain connected devices on all Windows versions above Windows 2000.

Multi-factor authentication, for those who haven't been paying attention, involves adding one or more additional access requirements to password-based authentication. At the same time, he argues people should avoid relying on SMS messages or voice calls to handle one-time passcodes because phone-based protocols are fundamentally insecure.

Whether decreasing the number of passwords required through single sign-on or eliminating the password altogether in favor of a strong authentication factor, the priority is on the workforce experience. At the same time, we've asked users to create longer passwords, more complex passwords, unique passwords.

The streaming box allows arbitrary code execution as root, paving the way to pilfering social-media tokens, passwords, messaging history and more. A critical bug in the Hindotech HK1 TV Box would allow root-privilege escalation thanks to improper access control.