Deadline looms: Google Workspace mandates OAuth by September 30 27 days to get your users' third-party apps on Google’s sign-in Devops03 Sep 2024 | 7
Microsoft, Google do a victory lap around passkeys Windows giant extends passwordless tech to everyone else Security02 May 2024 | 74
Twilio reminds users that Authy Desktop apps die in March – not in August 'This is an excellent way to piss off thousands of developers' Devops15 Feb 2024 | 31
Microsoft's security roadmap: Protect secrets in Azure DevOps You can’t steal what you can’t access ... we hope Sysadmin Month16 Jul 2023 | 2
Modern Auth comes to on-prem Exchange Server gear Guess this'll have to do while we wait for *checks notes* ES 2025 CSO08 May 2023 | 2
Microsoft switches gears, keeps Exchange Online's CARs around until Sept 2024 At least Redmond listens to some customers SaaS10 Apr 2023 | 1
French parliament says oui to AI surveillance for 2024 Paris Olympics Liberté, égalité, reconnaissance faciale for all Security24 Mar 2023 | 47
Microsoft freaks out users with Windows 11 warning: 'LSA protection is off' Alerts telling folks their 'device may be vulnerable' triggered by KB5007651 OSes22 Mar 2023 | 52
Attackers abuse Microsoft’s 'verified publisher' status to steal data Malicious OAuth apps were the tickets into victims' systems Security01 Feb 2023 | 7
Microsoft locks door to default guest authentication in Windows Pro Bringing OS version into sync with Enterprise and Education editions CSO17 Jan 2023 | 24
Crooks copy source code from Okta’s GitHub repository The hack wraps up a year of bad security incidents for identity Security23 Dec 2022 | 13
Windows Server domain controllers may stop, restart after recent updates Microsoft outlines a workaround while pulling together a fix to LSASS memory leak Patches28 Nov 2022 | 20
Microsoft's attempts to harden Kerberos authentication broke it on Windows Servers Emergency out-of-band updates to the rescue Patches21 Nov 2022 | 36
Microsoft to kill off old access rules in Exchange Online Awoooogah – this is your one-year warning to switch over, enterprises CSO28 Sep 2022 | 13
Oracle Cloud at one point would let you access any other customer's data chmod a+rw at hyperscale PaaS + IaaS21 Sep 2022 | 5
Microsoft: The deadline to get off Basic Auth is approaching Exchange Online face Halloween deadline OSes05 Sep 2022 | 50
FBI: Look out, crooks stole $1.3b in cryptocurrency in just three months this year DeFi, as in, defying belief Cyber-crime01 Sep 2022 | 9
LockBit gang hit by DDoS attack after threatening to leak Entrust ransomware data Prolific group pummeled days after claiming to be file thief behind attack on cybersecurity vendor Cyber-crime22 Aug 2022 | 7
DataDome looks to CAPTCHA the moment with test of humanity that doesn't hurt As the verification technology weathers ongoing criticism from users, one anti-bot security vendor rolls out its own tool Security21 Jul 2022 | 15
Mergers and acquisitions put zero trust to the ultimate test Bypasses an arduous integration process with right security footing from the start CSO13 Jul 2022 | 1
Zero Trust: What does it actually mean – and why would you want it? Systems Approach 'Narrow and specific access rights after authentication' wasn't catchy enough Networks30 Jun 2022 | 10
Start using Modern Auth now for Exchange Online Before Microsoft shutters basic logins in a few months CSO29 Jun 2022 | 28
DeadBolt ransomware takes another shot at QNAP storage Keep boxes updated and protected to avoid a NAS-ty shock Cyber-crime18 Jun 2022 | 16
Vehicle owner data exposed in GM credential-stuffing attack Car maker says miscreants used stolen logins to break into folks' accounts Security25 May 2022 | 29
Patch your VMware gear now – or yank it out, Uncle Sam tells federal agencies Critical authentication bypass revealed, older flaws under active attack CSO19 May 2022 | 6
GitHub to require two-factor authentication for code contributors by late 2023 Code locker has figured out it's a giant honeypot for miscreants planning supply chain attacks Security05 May 2022 | 17
Threat group builds custom malware to attack industrial systems US security agencies say the tools can give hackers control of ICS and SCADA devices Security14 Apr 2022 | 8
HCL and HP named in unflattering audit of India’s biometric ID system Same biometric used for different people, no archives, lousy infosec among the issues Security12 Apr 2022 | 16
Russia-linked attackers breach NGO by exploiting MFA, PrintNightmare vuln Patch flaws and enforce authentication policies, CISA and FBI warn Security16 Mar 2022 | 3
Azure flaw allowed users to control others' accounts AutoWarp security hole wasn't exploited – though researchers saw a way into a bank and a telco Security08 Mar 2022 | 7
The zero-password future can't come soon enough SpyCloud highlights poor password hygiene of consumers and the threat to enterprises Security02 Mar 2022 | 121
Silk could tie up all-but-unbreakable encryption, say South Korean boffins At last, a worm that improves security Security28 Jan 2022 | 36