Security News

This week, Mattermost, in coordination with Golang has disclosed 3 critical vulnerabilities within Go language's XML parser. The XML round-trip vulnerabilities listed below lurk in Golang's XML language parser encoding/xml which doesn't return reliable results when encoding and decoding XML input.

This is a weird story of a building owner commissioning an artist to paint a mural on the side of his building - except that he wasn't actually the building's owner. The fake landlord met Hawkins in person the day after Thanksgiving, supplying the paint and half the promised fee.

Tom Merritt lists five reasons why SMS should not be used for MFA. Multi-factor authentication, or as we used to call it two-factor authentication, is essential-it means you don't rely on your password alone for security. SMS is the most frequently used additional factor because almost everybody has it, and it's a little easier to manage for developers-but it's also the least secure.

Using SMS as an additional means to authenticate your password is better than nothing, but it's not the most reliable. Tom Merritt lists five reasons why SMS should not be used for MFA.

cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication protection on an account. cPanel and WHM offers a Linux-based control panel for users to handle website and server management, including tasks such as adding sub-domains and performing system and control panel maintenance.

Microsoft last week released an out-of-band update for Windows to address authentication issues related to a recently patched Kerberos vulnerability. The issue is related to the PerformTicketSignature registry subkey value in CVE-2020-17049, a security feature bypass bug in Kerberos Key Distribution Center that Microsoft fixed on November 2020 Patch Tuesday.

Microsoft has released out-of-band optional updates to fix a known issue that causes Kerberos authentication problems on enterprise domain controllers after installing security updates released earlier this month to address CVE-2020-17049. This OOB update comes after Microsoft started investigating the Kerberos authentication issue over the weekend, on November 14.

In recent years biometrics have increasingly been lauded as a superior authentication solution to passwords. With a detailed enough representation of a biometric marker, it's possible to spoof it and, with the rise of deep-fake technology, it will become even easier to spoof biometrics.

Follow these steps to better protect your Zoom account with a second layer of authentication. Zoom now provides an extra level of security to your account with two-factor authentication.

Microsoft is investigating a new known issue causing enterprise domain controllers to experience Kerberos authentication problems after installing security updates released to address CVE-2020-17049 during this month's Patch Tuesday, on November 10. Kerberos replaced the NTLM protocol to be the default authentication protocol for domain connected devices on all Windows versions above Windows 2000.