Security News

BehavioSec, the first vendor to pioneer behavioral biometrics, announced its technology is helping global enterprise quickly adapt to meet user authentication challenges resulting from the dramatic transition to remote work environments while reducing reliance on cost prohibitive legacy solutions. Utilizing the BehavioSec Behavioral Biometrics Platform, organizations are improving business agility, advancing workforce access and achieving cost savings with deep authentication that continuously validates users using their own unique behavior patterns.

With a third of the population currently working remotely and great uncertainty regarding when this situation is going to change, organizations must shift their business operations to support long-term remote working. According to a recent Gartner survey, the biggest barrier to effective remote work is poor technology and/or infrastructure for remote work.

Secret Double Octopus the pioneer of passwordless enterprise authentication, announced the closing of a $15 million Series B round to address the rapidly growing need for passwordless authentication and remote-access security in enterprise environments. Secret Double Octopus is considered a global leader in password elimination solutions.

Tel Aviv, Israel-based Secret Double Octopus has raised $15 million in a Series B funding round from Sony Financial Ventures, KDDI, and Global Brain as well as prior investors. The firm provides passwordless authentication for enterprises, and is eyeing the growing WFH market.

Both Microsoft and Google have postponed a change that would have forced better application security by shutting down an insecure access protocol called Basic Authentication. Specified in RFC 2617, Basic Authentication is a method of logging applications into online services using a simple username and password combination sent in an HTTP header.

Cisco has conducted a research project on bypassing fingerprint authentication systems and it achieved a success rate of roughly 80 percent, but the company's experts were unsuccessful against Windows devices. In the case of mobile phones, the researchers bypassed fingerprint authentication on a majority of devices.

Ping Identity, the Intelligent Identity solution for the enterprise, announced the availability of PingID multi-factor authentication in AWS Marketplace. Customers can now quickly procure and deploy PingID to secure work from home while adding an additional layer of security to their AWS infrastructure.

The malware authors behind TrickBot banking Trojan have developed a new Android app that can intercept one-time authorization codes sent to Internet banking customers via SMS or relatively more secure push notifications, and complete fraudulent transactions. The name TrickMo is a direct reference to a similar kind of Android banking malware called ZitMo that was developed by Zeus cybercriminal gang in 2011 to defeat SMS-based two-factor authentication.

Passwords remain the dominant method of authentication and top cause of data breaches, according to MobileIron. "The digital workplace is driving transformation within organizations of all sizes as employees are increasingly accessing business apps and data from locations outside of their offices and homes," said Steve Brasen, research director of endpoint and identity management at EMA. "At the same time, mobile threats are increasing. More than 60 percent of respondents indicated their organization had experienced a security breach in just the last year. Organizations need to implement context-aware security and passwordless authentication to dynamically adapt to modern threats while removing the friction that is inhibiting end user productivity."

The patched flaw was made public in early February on the HackerOne bug bounty platform and was forwarded to The Register by concerned reader Matt, who told us: "Note that this is regardless of whether the users had set strong passwords and otherwise wouldn't be vulnerable to credential-stuffing attacks." Professor Alan Woodward of the University of Surrey told The Register that while the vuln was bad, it would require an extra step to enumerate user IDs before the attack would work at scale.