Remove 2023 Remove Accountability Remove Authentication
article thumbnail

Microsoft Patch Tuesday, March 2023 Edition

Krebs on Security

The Outlook vulnerability ( CVE-2023-23397 ) affects all versions of Microsoft Outlook from 2013 to the newest. While CVE-2023-23397 is labeled as an “Elevation of Privilege” vulnerability, that label doesn’t accurately reflect its severity, said Kevin Breen , director of cyber threat research at Immersive Labs.

Passwords 254
article thumbnail

PyPI enforces 2FA authentication to prevent maintainers’ account takeover

Security Affairs

PyPI is going to enforce two-factor authentication (2FA) for all project maintainers by the end of this year over security concerns. Due to security concerns, PyPI will be mandating the use of two-factor authentication (2FA) for all project maintainers by the end of this year. ” reads the announcement.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: How cybercriminals are using ‘infostealers’ to sidestep passwordless authentication

The Last Watchdog

Related: Passwordless workpace long way off However, as users engage with more applications across multiple devices, the digital security landscape is shifting from passwords and password managers towards including passwordless authentication, such as multi-factor authentication (MFA), biometrics, and, as of late, passkeys.

article thumbnail

Financial cyberthreats in 2023

SecureList

With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets, inventing new techniques and reusing good old ones. Online shopping brands were the most popular lure, accounting for 41.65% of financial phishing attempts.

Phishing 112
article thumbnail

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

Security Affairs

Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. “This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations. . ” reads a post published by Cisco PSIRT. 200 and 162.35.92[.]242

article thumbnail

GUEST ESSAY: Massive NPD breach tells us its high time to replace SSNs as an authenticator

The Last Watchdog

The breach was initially caused by a third-party malicious actor who infiltrated NPD’s systems in December 2023. Rather, we should treat SSN as just another piece of personally identifiable information (PII) like an email address – confidential information but not a sensitive one that unlocks your bank accounts. billion records.

article thumbnail

Top 10 web application vulnerabilities in 2021–2023

SecureList

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Broken Authentication 5. Broken Authentication 5. Mitigation: implement authentication and authorization controls according to the role-based access model.

Passwords 119