DarkReading
Unprotected Session Tokens Can Undermine FIDO2 Security
While the protocol has made passwordless authentication a reality, token-binding is key to prevent against token theft and reuse, security vendor says.
DarkReading
While the protocol has made passwordless authentication a reality, token-binding is key to prevent against token theft and reuse, security vendor says.
SC Magazine
Identity security firm Silverfort shows how an adversary could bypass FIDO2 protections and SSO to hijack a session token for abuse.
DarkReading
Two common attacks against on-premises Kerberos authentication servers — known as Pass the Ticket and Silver Ticket — can be used against Microsoft's Azure AD Kerberos, a security firms says.
HACKRead
Researchers warn that hackers can bypass FIDO2 phishing-resistant protections under certain conditions using a sophisticated MITM technique.
CyberScoop
A Chinese cybersecurity firm released a report Wednesday that revealed a decade-old exploit allegedly created by a covert hacking group associated with the U.S. National Security Agency. The report is the first time that a Chinese cybersecurity firm has both attributed a cyberattack to a U.S. hacking group and included technical indicators of compromise. “It’s a completely different type of report here that that seems to mimic Western name-and-shame,” said Winnona DeSombre, fellow at the Atlantic Council and Harvard’s Belfer Center. Pangu Lab researchers said they first discovered the backdoor in 2013 during an “in-depth forensic investigation of a host in a key domestic department.” The researchers were later able to tie it to the “The Equation Group,” a group of hackers said to be affiliated with the NSA, after NSA documents leaked by a group known as the “The Shadow Brokers” published hacking files that allegedly belonged to the […]
CyberScoop
Brookings researchers conducted their study over 120 days.
The Hacker News
Google has made enabling two-factor authentication (2FA) easier for personal and Workspace accounts.
Cyber Security News
In 2023, it has never been more critical for CISOs to secure API ecosystems. The main benefit is the interconnectivity of separate services and the exchange.