Attackers abuse Microsoft’s 'verified publisher' status to steal data Malicious OAuth apps were the tickets into victims' systems Security01 Feb 2023 | 7
Microsoft locks door to default guest authentication in Windows Pro Bringing OS version into sync with Enterprise and Education editions CSO17 Jan 2023 | 24
Crooks copy source code from Okta’s GitHub repository The hack wraps up a year of bad security incidents for identity Security23 Dec 2022 | 13
Windows Server domain controllers may stop, restart after recent updates Microsoft outlines a workaround while pulling together a fix to LSASS memory leak Patches28 Nov 2022 | 20
Microsoft's attempts to harden Kerberos authentication broke it on Windows Servers Emergency out-of-band updates to the rescue Patches21 Nov 2022 | 36
Microsoft to kill off old access rules in Exchange Online Awoooogah – this is your one-year warning to switch over, enterprises CSO28 Sep 2022 | 13
Oracle Cloud at one point would let you access any other customer's data chmod a+rw at hyperscale PaaS + IaaS21 Sep 2022 | 5
Microsoft: The deadline to get off Basic Auth is approaching Exchange Online face Halloween deadline OSes05 Sep 2022 | 50
FBI: Look out, crooks stole $1.3b in cryptocurrency in just three months this year DeFi, as in, defying belief Cyber-crime01 Sep 2022 | 9
LockBit gang hit by DDoS attack after threatening to leak Entrust ransomware data Prolific group pummeled days after claiming to be file thief behind attack on cybersecurity vendor Cyber-crime22 Aug 2022 | 7
DataDome looks to CAPTCHA the moment with test of humanity that doesn't hurt As the verification technology weathers ongoing criticism from users, one anti-bot security vendor rolls out its own tool Security21 Jul 2022 | 15
Mergers and acquisitions put zero trust to the ultimate test Bypasses an arduous integration process with right security footing from the start CSO13 Jul 2022 | 1
Zero Trust: What does it actually mean – and why would you want it? Systems Approach 'Narrow and specific access rights after authentication' wasn't catchy enough Networks30 Jun 2022 | 10
Start using Modern Auth now for Exchange Online Before Microsoft shutters basic logins in a few months CSO29 Jun 2022 | 28
DeadBolt ransomware takes another shot at QNAP storage Keep boxes updated and protected to avoid a NAS-ty shock Cyber-crime18 Jun 2022 | 16
Vehicle owner data exposed in GM credential-stuffing attack Car maker says miscreants used stolen logins to break into folks' accounts Security25 May 2022 | 29
Patch your VMware gear now – or yank it out, Uncle Sam tells federal agencies Critical authentication bypass revealed, older flaws under active attack CSO19 May 2022 | 6
GitHub to require two-factor authentication for code contributors by late 2023 Code locker has figured out it's a giant honeypot for miscreants planning supply chain attacks Security05 May 2022 | 17
Threat group builds custom malware to attack industrial systems US security agencies say the tools can give hackers control of ICS and SCADA devices Security14 Apr 2022 | 8
HCL and HP named in unflattering audit of India’s biometric ID system Same biometric used for different people, no archives, lousy infosec among the issues Security12 Apr 2022 | 16
Russia-linked attackers breach NGO by exploiting MFA, PrintNightmare vuln Patch flaws and enforce authentication policies, CISA and FBI warn Security16 Mar 2022 | 3
Azure flaw allowed users to control others' accounts AutoWarp security hole wasn't exploited – though researchers saw a way into a bank and a telco Security08 Mar 2022 | 7
The zero-password future can't come soon enough SpyCloud highlights poor password hygiene of consumers and the threat to enterprises Security02 Mar 2022 | 121
Silk could tie up all-but-unbreakable encryption, say South Korean boffins At last, a worm that improves security Security28 Jan 2022 | 36