Authentication

Cyber Actors Bypassing Two-Factor Authentication Implementations

Mar 16, 2022 by iHash Leave a Comment

On March 15, 2022, a government flash bulletin was published describing how state-sponsored cyber actors were able to use the PrintNightmare vulnerability (CVE-2021-34527) in addition to bypassing Duo 2FA to compromise an unpatched Windows machine and gain administrative privileges. This scenario did not leverage or reveal a vulnerability in Duo software or infrastructure, but … [Read more...] about Cyber Actors Bypassing Two-Factor Authentication Implementations

A Guide to Shift Away from Legacy Authentication Protocols in Microsoft 365

Oct 31, 2021 by iHash Leave a Comment

Microsoft 365 (M365), formerly called Office 365 (O365), is Microsoft's cloud strategy flagship product with major changes ahead, such as the deprecation of their legacy authentication protocols. Often stored on or saved to the device, Basic Authentication protocols rely on sending usernames and passwords with every request, increasing the risk of attackers capturing users' … [Read more...] about A Guide to Shift Away from Legacy Authentication Protocols in Microsoft 365

A Visual Take on Email Authentication and Security

Jul 26, 2021 by iHash Leave a Comment

There is a saying that goes something like, "Do not judge a book by its cover." Yet, we all know we can not help but do just that - especially when it comes to online security. Logos play a significant role in whether or not we open an email and how we assess the importance of each message. Brand Indicators for Message Identification, or BIMI, aims to make it easier for us to … [Read more...] about A Visual Take on Email Authentication and Security

Recapping RSAC 2021: Cisco’s Keynote, Zero Trust Deployment & Passwordless Authentication

May 21, 2021 by iHash Leave a Comment

It was a packed virtual RSA Conference this year. Although I missed being in San Francisco’s Moscone center, visiting booths and chatting with industry peers, the virtual experience did have one key benefit in my opinion – the on-demand replays of the sessions. I was able to watch all the sessions that I wanted to without having to rush across the floors of the Moscone … [Read more...] about Recapping RSAC 2021: Cisco’s Keynote, Zero Trust Deployment & Passwordless Authentication

Passwordless authentication enhances but doesn’t replace access security strategy

May 13, 2021 by iHash Leave a Comment

Passwordless has arrived. The key components enabling the new authentication technology are all in place. The quality of biometric sensors built into modern hardware has improved drastically in the past several years. Additionally, virtually all new endpoints include a secure enclave or trusted platform module (TPM) enabling the secure storage of asymmetric key pairs. Bringing … [Read more...] about Passwordless authentication enhances but doesn’t replace access security strategy

How to Fight Business Email Compromise (BEC) with Email Authentication?

Feb 22, 2021 by iHash Leave a Comment

An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets. It is a common misconception that cybercriminals usually lay their … [Read more...] about How to Fight Business Email Compromise (BEC) with Email Authentication?

2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software

Nov 25, 2020 by iHash Leave a Comment

cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as "SEC-575" and discovered by researchers from Digital Defense, has been remedied by the company in … [Read more...] about 2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software

WebAuthn Passwordless Authentication Now Available for Atlassian Products

Jun 15, 2020 by iHash Leave a Comment

Atlassian solutions are widely used in the software development industry. Many teams practicing agile software development rely on these applications to manage their projects.Issue-tracking application Jira, Git repository BitBucket, continuous integration and deployment server Bamboo, and team collaboration platform Confluence are all considered to be proven agile … [Read more...] about WebAuthn Passwordless Authentication Now Available for Atlassian Products

Insights Regarding the Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

Aug 30, 2019 by iHash Leave a Comment

This blog post was authored by Eugenio Iavarone, Cisco PSIRT. On August 28th, 2019, Cisco published a Security Advisory titled “Cisco REST API Container for Cisco IOS XE Software Authentication Bypass Vulnerability”, disclosing an internally found vulnerability which affects the Cisco REST API container for Cisco IOS XE. An exploit could be used to bypass authentication on … [Read more...] about Insights Regarding the Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

« Previous Page

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54