For detailed information about Elastic Cloud MFA, including setup instructions, best practices, and FAQs, please refer to our comprehensive documentation in Elastic Cloud account security and MFA guide.At Elastic, we're committed to providing you with the tools and features you need to keep your data secure. Enabling robust and secure MFA is just one more way we're working to … [Read more...] about Secure your Elastic Cloud account with multifactor authentication (MFA)
Authentication
ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models
Jun 17, 2024NewsroomRouter Security / Vulnerability ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router models have authentication bypass … [Read more...] about ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models
When two-factor authentication is useless
Two-factor authentication (2FA) with the use of one-time passwords (OTPs) is now often seen as a cure-all against phishing, social engineering, account theft, and other cyber-maladies. By requesting an OTP at login, the service in question provides an additional protective layer of user verification. The code can be generated in a special app directly on the user’s device, … [Read more...] about When two-factor authentication is useless
Critical GitHub Enterprise Server Flaw Allows Authentication Bypass
May 21, 2024NewsroomVulnerability / Software Development GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985 (CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication. "On … [Read more...] about Critical GitHub Enterprise Server Flaw Allows Authentication Bypass
Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication
Oct 14, 2023NewsroomAuthentication / Endpoint Security Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. "The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on NT LAN … [Read more...] about Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication
Atlassian’s Jira Software Found Vulnerable to Critical Authentication Vulnerability
Feb 03, 2023Ravie LakshmananCloud Security / Vulnerability Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and has been … [Read more...] about Atlassian’s Jira Software Found Vulnerable to Critical Authentication Vulnerability
Start with Phishing-Resistant, Passwordless Authentication
Going beyond the hype, passwordless authentication is now a reality. Cisco Duo’s passwordless authentication is now generally available across all Duo Editions. “Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy.“ – Jack Poller, Senior Analyst, ESG We received … [Read more...] about Start with Phishing-Resistant, Passwordless Authentication
Google to Add Passwordless Authentication Support to Android and Chrome
Google today announced plans to implement support for passwordless logins in Android and the Chrome web browser to allow users to seamlessly and securely sign in across different devices and websites irrespective of the platform. "This will simplify sign-ins across devices, websites, and applications no matter the platform — without the need for a single password," Google … [Read more...] about Google to Add Passwordless Authentication Support to Android and Chrome
Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability
Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira's authentication framework, Jira Seraph. Khoadha of Viettel Cyber … [Read more...] about Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability
LAPSUS$ Hackers Claim to Have Breached Microsoft and Authentication Firm Okta
Microsoft and authentication services provider Okta said they are investigating claims of a potential breach alleged by the LAPSUS$ extortionist gang. The development, which was first reported by Vice and Reuters, comes after the cyber criminal group posted screenshots and source code of what it said were the companies' internal projects and systems on its Telegram channel. The … [Read more...] about LAPSUS$ Hackers Claim to Have Breached Microsoft and Authentication Firm Okta