How passkeys eliminate password management headaches
In this Help Net Security interview, David Cottingham, President at rf IDEAS, discusses the key benefits organizations can expect when implementing passkeys. Cottingham …
Product showcase: How to track SaaS security best practices with Nudge Security
As technology adoption has shifted to be employee-led, IT and security teams are contending with an ever-expanding SaaS attack surface. At the same time, they are often spread …
Phishers target FCC, crypto holders via fake Okta SSO pages
A new phishing campaign is using fake Okta single sign-on (SSO) pages for the Federal Communications Commission (FCC) and for various cryptocurrency platforms to target users …
Understanding zero-trust design philosophy and principles
In this Help Net Security interview, Phil Vachon, Head of Infrastructure in the Office of the CTO at Bloomberg, discusses the varying definitions of zero trust among security …
The new imperative in API security strategy
Of the 239 vulnerabilities, 33% (79 out of 239) were associated with authentication, authorization and access control (AAA) — foundational pillars of API security, according …
Is the new OWASP API Top 10 helpful to defenders?
The OWASP Foundation’s Top Ten lists have helped defenders focus their efforts with respect to specific technologies and the OWASP API (Application Programming Interface) …
Adapting authentication to a cloud-centric landscape
In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote …
Password reset woes could cost FTSE 100 companies $156 million each month
Password resets could unnecessarily cost FTSE 100 businesses over $156 million every month, according to MyCena Security Solutions. This raises the question of the necessity …
CircleCI breach post-mortem: Attackers got in by stealing engineer’s session cookie
The attackers who pulled off the recent breach of continuous integration and continuous delivery (CI/CD) platform maker CircleCI got in by compromising an engineer’s …
Are your cybersecurity investments making you less resilient?
In the past decade, digital transformation has become a buzzword in nearly every industry. Organizations have scaled down workforces in favor of automation, moved their …
Why are many businesses still not using a password manager?
Why are we still talking about passwords? We already have single sign-on (SSO), and passwordless is the new buzzword everyone is talking about, but when you put yourself in …
Account pre-hijacking attacks possible on many online services
Online accounts getting hijacked and misused is an everyday occurrence, but did you know that account pre-hijacking attacks are also possible? Inspired by previous research on …
Featured news
Sponsored
Don't miss
- Exposed: Russian military Unit 29155 does digital sabotage, espionage
- Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)
- September 2024 Patch Tuesday forecast: Downgrade is the new exploit
- Human firewalls are essential to keeping SaaS environments safe
- Respotter: Open-source Responder honeypot