HackDig : Dig high-quality web security articles for hacker

ZenKey: How Major Mobile Carriers Are Teaming Up to Eliminate Passwords

ZenKey Links Mobile Phones Directly to Carrier APIs and Avoids Users Having to Use Passwords After Authenticating a PhoneFour major U.S. carriers are developing a new single sign-on variant they believe will do away with the need for passwords. Their solution is new mobile app called ZenKey that securely ties the user's device to the carrier, and t
Publish At:2020-03-24 12:13 | Read:93 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Fraud & Identity The

UK Printing Company Exposed Military Documents

Cybersecurity researchers say UK-based document printing and binding company Doxzoo exposed hundreds of gigabytes of information, including documents related to the US and British military, by leaving an AWS S3 bucket unprotected.vpnMentor researchers claim they have discovered 343GB worth of files on an AWS server belonging to Doxzoo. They say the company w
Publish At:2020-03-20 13:22 | Read:254 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Identity & Access Cloud Secu

NIST, DHS Publish Guidance on Securing Virtual Meetings, VPNs

With people worldwide forced to work from home due to the coronavirus epidemic, NIST and DHS published a series of recommendations on how to ensure that virtual meetings and connections to enterprise networks are protected from prying eyes.Conference calls and web meetings have long been part of modern work, as they play a vital role in ensuring the necessar
Publish At:2020-03-19 10:49 | Read:144 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Virus & Threats Iden

The Human Element and Beyond: Why Static Passwords Aren't Enough

Static Passwords Are No Longer Enough to Secure SystemsWhile there have been varying views about the decision to host RSA Conference 2020 in San Francisco despite the onset of Coronavirus infections, which has evolved into the COVID-19 pandemic, one thing organizers got right this year was the theme: The Human Element. This year marks the first time since 19
Publish At:2020-03-18 12:04 | Read:152 | Comments:0 | Tags:INDUSTRY INSIGHTS Identity & Access

Private Application Access Firm Axis Security Emerges From Stealth

Axis Security, a company that specializes in private application access, emerged from stealth mode on Tuesday with $17 million in funding.Axis Security is based in San Mateo, California, and its research and development is in Tel Aviv, Israel. The company provides a software-as-a-service (SaaS) solution named Application Access Cloud that is advertised as an
Publish At:2020-03-17 13:19 | Read:163 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Identity & Acce

Auth0 Adds Threat Intelligence Tools to Identification Platform

Identity management firm Auth0 has launched Auth0 Signals, a collection of threat intelligence tools and capabilities designed to protect customers from identity attacks.Bellevue, Wash-based Auth0 was founded in 2013 by Eugenio Pace (CEO) and Matias Woloski (CTO). It provides a cloud-based service that allows app developers to build low-friction authenticati
Publish At:2020-03-12 15:42 | Read:310 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access

Google Releases Tool to Block USB Keystroke Injection Attacks

Google has released a new software tool designed to identify potential USB keystroke injection attacks and block devices they originate from. With keystroke injection tools being easily availabile, they are able to send keystrokes immensely fast while being effectively invisible to the victim. Delivered over USB, keystroke injection attacks require a Hu
Publish At:2020-03-12 15:42 | Read:277 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Identity & Access

Google Allows Enrolling Security Keys on More Devices

Google has announced that Android and macOS users can now use more web browsers to initially register security keys to their accounts.Security keys are known to provide strong two-factor authentication (2FA) and users can employ them to keep their accounts better protected against phishing. Now, Google aims to help more users take advantage of the capability
Publish At:2020-03-10 01:20 | Read:255 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Identity & Access Mo

Let's Encrypt Will Not Replace 1 Million Bug-Affected Certificates

Free and open certificate authority (CA) Let’s Encrypt has decided that it will not revoke one million of the certificates affected by the recent CAA recheck bug.The flaw was introduced in July 2019 and resulted in an improper recheck related to subscribers’ control of domain names. Due to the bug, Let’s Encrypt could have issued certificates for domain name
Publish At:2020-03-06 10:50 | Read:254 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access Management & S

Vulnerability in Intel Chipsets Allows Hackers to Obtain Protected Data

Most Intel chipsets released in the past five years are affected by a vulnerability that can be exploited to obtain encrypted data and compromise data protection technologies, Positive Technologies revealed on Thursday.Intel first learned about the flaw, tracked as CVE-2019-0090, from a partner, and addressed it in an advisory published in May 2019. The weak
Publish At:2020-03-05 11:18 | Read:162 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access Vulnerabilities Da

ProtonMail Fights Email Spoofing With New DKIM Key Management Feature

ProtonMail on Thursday introduced a new feature designed to make it more difficult for hackers and spammers to impersonate users who have custom domain email addresses.The new feature, DKIM key management, is currently in beta and users have been encouraged to share feedback to help ProtonMail developers improve it.Email addresses are often spoofed for phish
Publish At:2020-02-28 14:56 | Read:344 | Comments:0 | Tags:NEWS & INDUSTRY Email Security Identity & Access

Is Conditional Access the Right Approach to Authentication? It Depends.

What You Need to Know to Make Sure You’re Headed in the Right Direction on Your Authentication Journey.   As Risk-Based Authentication Methods Continue to Evolve, Is It Time to Revisit Your Approach? If there’s one thing you can be sure of about user authentication methods today, it’s that determining the best choice isn’t as simple or straigh
Publish At:2020-02-26 09:10 | Read:355 | Comments:0 | Tags:INDUSTRY INSIGHTS Identity & Access

Mismanagement of Device Identities Could Cost Businesses Billions: Report

The cost of poorly protected device identities has long been assumed, but not proven, to be large. Specification of the part played by SSH abuse within a breach report is rare despite compromised machine identities being used by attackers to hide their malicious activity, evade security controls and steal a wide range of confidential data.Now risk modeling a
Publish At:2020-02-24 12:19 | Read:141 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Identity & Access IoT Se

Fraudulent Login Attacks Against Banks Surge: Akamai

On August 7, 2019, a single credential stuffing attack against a financial services company recorded 55,141,782 malicious login attempts. To put that in perspective, it is more than twice the daily average (22,682,022) of credential abuse attacks detected by Akamai Technologies across all companies in all sectors between December 1, 2017, and November 30, 20
Publish At:2020-02-21 08:28 | Read:238 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access Cloud Security

Ring Rolls Out Mandatory 2FA, New Privacy Controls

Amazon-owned home security and smart home company Ring this week announced new security and privacy features for all of its users.Following reports of hackers accessing Ring cameras and spying on people or harassing them, the company is apparently working on addressing these issues, and has started with a CES announcement on a new Control Center for both iOS
Publish At:2020-02-20 09:43 | Read:321 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Privacy Compliance Ident

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud