SEARCH
Archive
Microsoft Fixed Multi-factor Authentication Bypass Flaw
The flaw in Microsoft's Active Directory Federation Services lets an attacker use the same second factor to bypass multi-factor authentication for any account running on the same service. Microsoft has patched the flaw.
Phishing Campaign Targets U.S. Senators & Political Organizations
Pawn Storm (aka Fancy Bear) has been attempting to phish webmail accounts for many years now, targeting U.S. senators and political organizations across the world, according to a recent Trend Micro report.
Evasive Brute-Force Attacks Target Office 365 Accounts
There’s a new sneaky brute-force attack targeting unprotected enterprise Office 365 accounts, including those in the manufacturing, financial services, healthcare industries.
NIST’s New Security and Privacy Controls For IoT, MFA and SSO
NIST releases a new version of their Security and Privacy Controls, addressing new risks posed by the latest technology - the Internet of Things, plus guidance on combining single sign-on and multi-factor authentication.
Key Updates to NIST’s Digital Identity Guidelines: SP 800-63-3
NIST has updated their Digital Identity Guidelines, SP 800-63-3 with final security recommendations - see the new standards that many industries, including government agencies and contractors, need to follow.