The federal agency urges organizations to ditch the bad practice and instead use multi-factor authentication methods The Cybersecurity and Infrastructure Security Agency (CISA) has added the use of single-factor authentication to its brief list of bad practices that it considers to be exceptionally risky when it comes to cybersecurity. “Single-factor authentication is a common low-security…
Windows Hello is a biometrics-based technology that enables Windows 10 users (and those who update to Windows 11) to authenticate secure access to their devices, apps, online services and networks with just a fingerprint, iris scan or facial recognition. The sign-in mechanism is essentially an alternative to passwords and is widely considered to be a…
Microsoft warned about a massive credential phishing campaign using open redirects. Here’s how you can recognize these phishing mails. The Microsoft 365 Defender Threat Intelligence Team posted an article stating that they have been tracking a widespread credential phishing campaign using open redirector links. Open redirects have been part of the phisher’s arsenal for a…
New positions are being created at the United States Department of Justice (DOJ) with the intention of helping prosecutors and attorneys handle emerging national security threats. The positions are part of a new Cyber Fellowship program, announced by Deputy Attorney General Lisa Monaco on Friday. The fellowship program will be coordinated by the Criminal Division’s…
Network-attached storage (NAS) maker QNAP is investigating and working on security updates to address remote code execution (RCE) and denial-of-service (DoS) vulnerabilities patched by OpenSSL last week. The security flaws tracked as CVE-2021-3711 and CVE-2021-3712, impact QNAP NAS device running QTS, QuTS hero, QuTScloud, and HBS 3 Hybrid Backup Sync (a backup and disaster recovery…
The United States Cybersecurity and Infrastructure Security Agency (CISA) this week added single-factor authentication to its list of bad practices. “Single-factor authentication is a common low-security method of authentication. It only requires matching one factor—such as a password—to a username to gain access to a system,” CISA says. While the agency mainly refers to “the…
A vulnerability that Microsoft patched in Exchange Server earlier this year can allow attackers to set forwarding rules on target accounts and gain access to incoming emails. Tracked as CVE-2021-33766 and referred to as ProxyToken, the vulnerability has a severity rating of medium (CVSS score of 6.5). The security hole was identified by Le Xuan…
Get Lifetime Access to 24 Professional Cybersecurity Certification Prep Courses | IT Security News 29. August 2021 This article has been indexed from The Hacker News Not all heroes wear capes. Cybersecurity professionals are digital warriors who use their knowledge and skill to battle malicious hackers. Sounds like an exciting career, right? If the comic-book comparisons aren’t…
Single-factor authentication (SFA) has been added today by the US Cybersecurity and Infrastructure Security Agency (CISA) to a very short list of cybersecurity bad practices it advises against. CISA’s Bad Practices catalog includes practices the federal agency has deemed “exceptionally risky” and not to be used by organizations in the government and the private sector as…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added single-factor authentication to the short list of “exceptionally risky” cybersecurity practices that could expose critical infrastructure as well as government and the private sector entities to devastating cyberattacks. Single-factor authentication is a method of signing in users to websites and remote systems by using…
