authentication

Authelia: Open-source authentication and authorization server

Authelia: Open-source authentication and authorization server 2024-05-22 at 07:33 By Mirko Zorz Authelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal. It works alongside reverse proxies to permit, deny, or redirect requests. Authelia connects directly to the reverse proxy but never to the application backends. …

Authelia: Open-source authentication and authorization server Read More »

React to this headline:

Loading spinner

Consumers continue to overestimate their ability to spot deepfakes

Consumers continue to overestimate their ability to spot deepfakes 2024-05-20 at 06:31 By Help Net Security The Jumio 2024 Online Identity Study reveals significant consumer concerns about the risks posed by generative AI and deepfakes, including the potential for increased cybercrime and identity fraud. The study examined the views of more than 8,000 adult consumers, …

Consumers continue to overestimate their ability to spot deepfakes Read More »

React to this headline:

Loading spinner

The importance of access controls in incident response

The importance of access controls in incident response 2024-05-17 at 12:31 By Help Net Security The worst time to find out your company doesn’t have adequate access controls is when everything is on fire. The worst thing that can happen during an incident is that your development and operations teams are blocked from solving the …

The importance of access controls in incident response Read More »

React to this headline:

Loading spinner

How secure is the “Password Protection” on your files and drives?

How secure is the “Password Protection” on your files and drives? 2024-05-10 at 08:31 By Help Net Security People in certain professions, such as healthcare, law, and corporations, often rely on password protection when sending files via email, believing it provides adequate security against prying eyes. However, simple password protection on a PDF or Excel …

How secure is the “Password Protection” on your files and drives? Read More »

React to this headline:

Loading spinner

Triangulation fraud: The costly scam hitting online retailers

Triangulation fraud: The costly scam hitting online retailers 2024-04-30 at 08:01 By Mirko Zorz In this Help Net Security interview, Mike Lemberger, Visa’s SVP, Chief Risk Officer, North America, discusses the severe financial losses resulting from triangulation fraud, estimating monthly losses to range from $660 million to $1 billion among merchants. He also highlights the …

Triangulation fraud: The costly scam hitting online retailers Read More »

React to this headline:

Loading spinner

Most people still rely on memory or pen and paper for password management

Most people still rely on memory or pen and paper for password management 2024-04-26 at 08:02 By Help Net Security Bitwarden surveyed 2,400 individuals from the US, UK, Australia, France, Germany, and Japan to investigate current user password practices. The survey shows that 25% of respondents globally reuse passwords across 11-20+ accounts, and 36% admit …

Most people still rely on memory or pen and paper for password management Read More »

React to this headline:

Loading spinner

What is multi-factor authentication (MFA), and why is it important?

What is multi-factor authentication (MFA), and why is it important? 2024-04-23 at 06:31 By Help Net Security Setting up MFA can seem daunting for consumers just beginning to clean up their security postures. In this Help Net Security video, Larry Kinkaid, Manager, Cybersecurity Consulting at BARR Advisory, shares tips for consumers who need simple, accessible …

What is multi-factor authentication (MFA), and why is it important? Read More »

React to this headline:

Loading spinner

Who owns customer identity?

Who owns customer identity? 2024-04-18 at 07:31 By Help Net Security When I’m talking with prospective clients, I like to ask: which department owns customer identity? Everyone immediately looks towards a different team. While every team touches customer identity at some point, the teams that own it differ from organization to organization. From my experience, …

Who owns customer identity? Read More »

React to this headline:

Loading spinner

EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA)

EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA) 2024-04-09 at 07:32 By Mirko Zorz EJBCA is open-source PKI and CA software. It can handle almost anything, and someone once called it the kitchen sink of PKI. With its extensive history as one of the longest-standing CA software projects, EJBCA offers proven robustness, reliability, and …

EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA) Read More »

React to this headline:

Loading spinner

Strategies for secure identity management in hybrid environments

Strategies for secure identity management in hybrid environments 2024-04-09 at 07:02 By Mirko Zorz In this Help Net Security interview, Charlotte Wylie, SVP and Deputy CSO at Okta, discusses the challenges of managing user identities across hybrid IT environments. She emphasizes balancing and adopting comprehensive security controls, including cloud SSO and MFA technologies, to unify …

Strategies for secure identity management in hybrid environments Read More »

React to this headline:

Loading spinner

How Google plans to make stolen session cookies worthless for attackers

How Google plans to make stolen session cookies worthless for attackers 2024-04-03 at 08:31 By Zeljka Zorz Google is working on a new security feature for Chrome called Device Bound Session Credentials (DBSC), meant to prevent attackers from using stolen session cookies to gain access user accounts. Session (i.e., authentication) cookies are stored by browsers …

How Google plans to make stolen session cookies worthless for attackers Read More »

React to this headline:

Loading spinner

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) 2024-03-27 at 13:16 By Zeljka Zorz Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells. “To our knowledge, the attack started 7 months ago,” Avi Lumelsky, a researcher at Oligo …

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) Read More »

React to this headline:

Loading spinner

How security leaders can ease healthcare workers’ EHR-related burnout

How security leaders can ease healthcare workers’ EHR-related burnout 2024-03-27 at 08:05 By Help Net Security Staff experiencing burnout in healthcare settings is not something that security leaders typically worry about – unless, maybe, it is the security team itself that is suffering from it. Healthcare CISOs and privacy officers worry more about the confidentiality …

How security leaders can ease healthcare workers’ EHR-related burnout Read More »

React to this headline:

Loading spinner

What do Bitcoin’s all-time highs mean for crypto industry expectations in 2024?

What do Bitcoin’s all-time highs mean for crypto industry expectations in 2024? 2024-03-08 at 16:10 By Cointelegraph by Ray Salmond We’re in a bull market. Now what? Jonathan and Ray share their thoughts, ideas and expectations for the crypto market in 2024. This article is an excerpt from Cointelegraph.com News View Original Source React to …

What do Bitcoin’s all-time highs mean for crypto industry expectations in 2024? Read More »

React to this headline:

Loading spinner

Leveraging AI and automation for enhanced cloud communication security

Leveraging AI and automation for enhanced cloud communication security 2024-03-08 at 07:32 By Mirko Zorz In this Help Net Security interview, Sanjay Macwan, CIO and CISO at Vonage, addresses emerging threats to cloud communications and the role of AI and automation in cybersecurity. What emerging threats to cloud communications are you most concerned about, and …

Leveraging AI and automation for enhanced cloud communication security Read More »

React to this headline:

Loading spinner

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes 2024-03-05 at 12:47 By Zeljka Zorz A threat actor specializing in establishing initial access to target organizations’ computer systems and networks is using booby-trapped email attachments to steal employees’ NTLM hashes. Why are they after NTLM hashes? NT LAN Manager (NTLM) hashes contain …

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes Read More »

React to this headline:

Loading spinner

How organizations can navigate identity security risks in 2024

How organizations can navigate identity security risks in 2024 2024-02-29 at 07:34 By Mirko Zorz Managing IAM challenges in hybrid IT environments requires a holistic approach, integrating solutions and automating processes to ensure effective access controls and operational efficiency. In this Help Net Security interview, Deepak Taneja, CEO of Zilla Security, discusses identity security risks …

How organizations can navigate identity security risks in 2024 Read More »

React to this headline:

Loading spinner

Using AI to reduce false positives in secrets scanners

Using AI to reduce false positives in secrets scanners 2024-02-27 at 08:02 By Help Net Security As development environments grow more complex, applications increasingly communicate with many external services. When a software development project communicates with an external service, it utilizes a token or “secret” for authentication. These tokens are the glue that keeps any …

Using AI to reduce false positives in secrets scanners Read More »

React to this headline:

Loading spinner

TruffleHog: Open-source solution for scanning secrets

TruffleHog: Open-source solution for scanning secrets 2024-02-21 at 07:31 By Mirko Zorz TruffleHog is an open-source scanner that identifies and addresses exposed secrets throughout your entire technology stack. “TruffleHog was originally a research tool I independently authored in 2016. When I published it, no tools were scanning Git revision history for secrets. My hunch was …

TruffleHog: Open-source solution for scanning secrets Read More »

React to this headline:

Loading spinner

How decentralized identity is shaping the future of data protection

How decentralized identity is shaping the future of data protection 2024-02-20 at 07:32 By Mirko Zorz In this Help Net Security interview, Patrick Harding, Chief Architect at Ping Identity, discusses the promises and implications of decentralized identity (DCI) in cybersecurity. By redistributing identity management responsibilities among issuers, holders, and verifiers, DCI empowers individuals to selectively …

How decentralized identity is shaping the future of data protection Read More »

React to this headline:

Loading spinner
Scroll to Top