Security News
Microsoft announced earlier this week that the NTLM authentication protocol will be killed off in Windows 11 in the future. [...]
If a user's password is found on the breached password list, they should be prompted to change it immediately. The same breached password list can also be used to block users from selecting compromised passwords in the first place.
"Despite this recognized vulnerability, enterprises continue to deploy archaic strategies that fail to eliminate authentication mechanisms as a threat vector. The much-hyped passwordless future is not on the horizon anytime soon for most organizations, so it's vital to adopt modern and robust password policies that don't add friction for users." Only 12% of companies rely on passwordless strategies, with 68% primarily utilizing usernames and passwords for authentication.
It's described as an authentication bypass flaw in the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform. "If that account is an Administrator account, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users. To exploit this vulnerability, the attacker would need a valid user ID that is associated with an affected Cisco BroadWorks system."
A critical vulnerability impacting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow remote attackers to forge credentials and bypass authentication. Cisco BroadWorks is a cloud communication services platform for businesses and consumers, while the two mentioned components are used for app management and integration.
VMware Aria Operations for Networks is vulnerable to a critical severity authentication bypass flaw that could allow remote attackers to bypass SSH authentication and access private endpoints. VMware Aria is a suite for managing and monitoring virtualized environments and hybrid clouds, enabling IT automation, log management, analytics generation, network visibility, security and capacity planning, and full-scope operations management.
In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote workforces, the negative consequences of ineffective authorization, and how the shift toward cloud transformation affects authentication strategies. Authentication devicesWhen companies want to start using secure authentication concepts like passwordless or even Smartcards it becomes an additional burden to deliver the authentication devices to their employees.
Cisco-owned multi-factor authentication provider Duo Security is investigating an ongoing outage that has been causing authentication failures and errors starting three hours ago. The outage also led to Core Authentication Service issues across multiple Duo servers, triggering Azure Auth authentication errors for Azure Conditional Access integrations in a systemwide outage.
Sophisticated hackers have accessed email accounts of organizations and government agencies via authentication tokens they forged by using an acquired Microsoft account consumer signing key, the company has revealed on Tuesday. "The threat actor Microsoft links to this incident is an adversary based in China that Microsoft calls Storm-0558. We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection."
Many organizations agree in theory that passwordless authentication is the future, but getting there represents a significant change management challenge. One way to accomplish this is by communicating the benefits of passwordless authentication to stakeholders with use cases that illustrate how the friction they currently experience in their day-to-day workflows will be eliminated.