Security News

Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication...

Threat actors were found breaching AWS accounts using authentication secrets leaked as plaintext in Atlassian Bitbucket artifact objects. As developers may not be aware that these secrets are exposed in artifact files, the source code may be published to public repositories where threat actors can steal them.

GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked...

Starting in July, Microsoft will begin gradually enforcing multi-factor authentication for all users signing into Azure to administer resources. "Service principals, managed identities, workload identities, and similar token-based accounts used for automation are excluded. Microsoft is still gathering customer input for certain scenarios such as break-glass accounts and other special recovery processes," explained Azure product manager Naj Shahid.

Deploying advanced authentication measures is key to helping organizations address their weakest cybersecurity link: their human users. Having some form of 2-factor authentication in place is a...

Google on Monday announced that it's simplifying the process of enabling two-factor authentication (2FA) for users with personal and Workspace accounts. Also called, 2-Step Verification (2SV), it...

LSA Whisperer consists of open-source tools designed to interact with authentication packages through their unique messaging protocols. "Many authentication packages generally support their internal APIs, known as package calls, and relatively few are documented or used outside of Microsoft. I wanted to document as many of these calls as possible and implement a tool for interacting with them so we could identify which would provide value for red team assessments," Evan McBroom, Senior Software Engineer at SpecterOps, told Help Net Security.

Setting up MFA can seem daunting for consumers just beginning to clean up their security postures. In this Help Net Security video, Larry Kinkaid, Manager, Cybersecurity Consulting at BARR Advisory, shares tips for consumers who need simple, accessible ways to secure their private data.

Passwordless authentication solutions are often components of larger identity and access management platforms offering capabilities like password management, single sign-on and multi-factor authentication. Top passwordless authentication solutions comparison.

MFA software solutions provide multi-factor authentication for individual end-users, organizational workforces and customer-facing applications. Software Solution category Authentication types Hosting options Pricing Google Authenticator Individual MFA Mobile app, software token, mobile push, risk-based Cloud-based Free Cisco Duo Workforce MFA Mobile app, software token, hardware token, mobile push, WebAuthn, biometric Cloud-based Free MFA for up to 10 users; plans start at $3/user/month.