Tag: multi-factor authentication
-
Schneier on Security: YubiKey Side-Channel Attack
Source URL: https://www.schneier.com/blog/archives/2024/09/yubikey-side-channel-attack.html Source: Schneier on Security Title: YubiKey Side-Channel Attack Feedly Summary: There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack, requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and equipment. Still, nice piece…
-
CSA: Identity Security Best Practices for SaaS Apps
Source URL: https://www.cyberark.com/resources/blog/building-secure-and-compliant-saas-apps-identity-security-best-practices Source: CSA Title: Identity Security Best Practices for SaaS Apps Feedly Summary: AI Summary and Description: Yes Summary: The text provides a comprehensive overview of identity security best practices essential for securing access to cloud services, particularly in relation to compliance with frameworks like SOC II and NIST. It emphasizes concepts such…
-
CSA: Survey Reveals Cloud Account Takeover Threats & Concerns
Source URL: https://abnormalsecurity.com/blog/account-takeovers-security-leaders-share-concerns Source: CSA Title: Survey Reveals Cloud Account Takeover Threats & Concerns Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses the rising threat of account takeover (ATO) attacks in the cloud application ecosystem, highlighting the challenges security professionals face in preventing these threats. A survey of over 300 industry professionals…
-
Krebs on Security: Owners of 1-Time Passcode Theft Service Plead Guilty
Source URL: https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/ Source: Krebs on Security Title: Owners of 1-Time Passcode Theft Service Plead Guilty Feedly Summary: Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to…
-
The Register: RansomHub hits 210 victims in just 6 months
Source URL: https://www.theregister.com/2024/08/30/ransomhub/ Source: The Register Title: RansomHub hits 210 victims in just 6 months Feedly Summary: The ransomware gang recruits high-profile affiliates from LockBit and ALPHV As RansomHub continues to scoop up top talent from the fallen LockBit and ALPHV operations while accruing a smorgasbord of victims, security and law enforcement agencies in the…
-
CSA: What is the EU’s NIS 2 Directive? Key Changes & Steps
Source URL: https://www.schellman.com/blog/cybersecurity/what-is-the-nis-2-directive Source: CSA Title: What is the EU’s NIS 2 Directive? Key Changes & Steps Feedly Summary: AI Summary and Description: Yes Summary: The text provides an overview of the NIS 2 Directive in the EU, detailing its importance for enhancing cybersecurity across various sectors. It outlines significant changes from NIS 1, including…
-
CSA: Why You Should Embrace a Zero Trust Architecture
Source URL: https://www.zscaler.com/cxorevolutionaries/insights/building-fortress-never-trust-always-verify-power-zero-trust-architecture Source: CSA Title: Why You Should Embrace a Zero Trust Architecture Feedly Summary: AI Summary and Description: Yes Summary: This text provides a comprehensive overview of the zero trust architecture (ZTA), emphasizing its importance as a modern security strategy in response to evolving cybersecurity threats. It delineates core principles such as continuous…
-
CSA: HPC Security: Zero Trust and Network Segmentation
Source URL: https://cloudsecurityalliance.org/blog/2024/08/23/securing-the-future-of-hpc-implementing-zero-trust-and-strengthening-network-security Source: CSA Title: HPC Security: Zero Trust and Network Segmentation Feedly Summary: AI Summary and Description: Yes Summary: The text highlights the critical importance of implementing security measures, such as Zero Trust and network segmentation, in High-Performance Computing (HPC) environments to protect sensitive data and maintain the integrity of scientific research. As…