account protection
Life, death, and online identity: What happens to your online accounts after death?
The rapid technological advances of recent decades have transformed nearly every aspect of our lives. One major shift is that many of us now maintain extensive digital …
After Shai-Hulud, GitHub tightens npm publishing security
Attackers are constantly finding ways to take over accounts and push malicious packages to the npm registry, the (GitHub-operated) online repository for JavaScript and Node.js …
For $40, you can buy stolen police and government email accounts
Active police and government email accounts are being sold on the dark web for as little as $40, giving cybercriminals a direct line into systems and services that rely on …
AWS launches new cloud security features
Amazon Web Services has announced new and improved security features at its annual AWS re:Inforce cloud security conference. The company has also introduced features aimed at …
Researchers warn of ongoing Entra ID account takeover campaign
Attackers are using the TeamFiltration pentesting framework to brute-force their way into Microsoft Entra ID (formerly Azure AD) accounts, Proofpoint researchers have …
New Microsoft accounts will be “passwordless by default”
Microsoft is making new Microsoft accounts passwordless by default, the company has announced on Thursday, which marked this year’s World Password Day. “As part of …
If you think you’re immune to phishing attempts, you’re wrong!
Security consultant Troy Hunt, the creator of the Have I Been Pwned (HIBP) service, has revealed that he got tricked by a clever phishing email, and that the attacker gained …
Account takeover detection: There’s no single tell
Account takeover (ATO) is one of the most prevalent attack types; Proofpoint says that in 2024, 99% of the customer tenants the company monitors were hit with at least one …
Balancing security and user experience to improve fraud prevention strategies
In this Help Net Security interview, Jennifer White, Senior Director for Banking and Payments Intelligence at J.D. Power, discusses how financial institutions can improve …
Microsoft enforces defenses preventing NTLM relay attacks
Since making Kerberos the default Windows authentication protocol in 2000, Microsoft has been working on eventually retiring NTLM, its less secure and obsolete counterpart. …
All Google Cloud users will have to enable MFA by 2025
Google has announced that, by the end of 2025, multi-factor authentication (MFA) – aka 2-step verification – will become mandatory for all Google Cloud accounts. …
Mandatory MFA for Azure sign-ins is coming
Microsoft is making multi-factor authentication (MFA) – “one of the most effective security measures available” – mandatory for all Azure sign-ins. …
Featured news
Resources
Don't miss
- Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703)
- 18 arrested in €300 million global credit card fraud scheme
- PortGPT: How researchers taught an AI to backport security patches automatically
- AI can flag the risk, but only humans can close the loop
- VulnRisk: Open-source vulnerability risk assessment platform