SSO Archives - Help Net Security

SSO

Critical flaw opens Palo Alto Networks firewalls and VPN appliances to attack, patch ASAP!

June 30, 2020

Palo Alto Networks has patched a critical and easily exploitable vulnerability (CVE-2020-2021) affecting PAN-OS, the custom operating system running on its next generation …

New privacy-preserving SSO algorithm hides user info from third parties

June 30, 2020

Over the last few decades, as the information era has matured, it has shaped the world of cryptography and made it a varied landscape. Amongst the myriad of encoding methods …

Facebook users will be notified when their credentials are used for third-party app logins

January 16, 2020

Facebook will (finally!) explicitly tell users who use Facebook Login to log into third-party apps what information those apps are harvesting from their FB account. At the …

Apple details new Safari, Location Services, Sign in with Apple privacy features

November 7, 2019

Apple has updated its privacy pages on Wednesday and shared three new white papers and tech briefs on how Safari, Location Services, and Sign in with Apple protect user …

As more companies deploy cloud apps, they must also implement security tools

November 6, 2019

86% of enterprises have deployed cloud-based tools, but only 34% have implemented single sign-on (SSO), one of the most basic and critically important cloud security tools, …

How passwords paved the way for new technology

August 28, 2019

On July 15 we lost a major contributor to modern-day IT security – Dr. Fernando Corbato, the inventor of the password. Back in the early 1950s, computers could only do …

Researcher releases PoC code for critical Atlassian Crowd RCE flaw

July 16, 2019

A researcher has released proof-of-concept code for a critical code execution vulnerability (CVE-2019-11580) in Atlassian Crowd, a centralized identity management solution …

Apple debuts privacy-minded “Sign in with Apple” SSO

June 4, 2019

Among the many news shared during Apple’s annual developer conference there’s one that stands out: the introduction of “Sign in with Apple”. About the …

The ultimate fallout from the Facebook data breach could be massive

October 3, 2018

Less than a week ago, Facebook announced that unknown attackers have managed to string together three bugs affecting the social media platform, which allowed them to steal …

The single sign-on account hijacking threat and what can we do about it?

August 22, 2018

Single sign-on (SSO) lets users avoid creating and managing accounts across different services, but what happens when that main, identity-providing account gets compromised? …

Azure AD Connect vulnerability allows attackers to reset admin passwords

June 29, 2017

A vulnerability in Azure AD Connect could be exploited by attackers to reset passwords and gain unauthorized access to on-premises AD privileged user accounts, Microsoft …

OneLogin suffers data breach, again

June 1, 2017

OneLogin, a popular single sign-on service that allows users to access thousands of popular cloud-based apps with just one password, has suffered what seems to be a serious …