#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Authentication Security | Breaking Cybersecurity News | The Hacker News

MFA Spamming and Fatigue: When Security Measures Go Wrong

MFA Spamming and Fatigue: When Security Measures Go Wrong

Jan 18, 2024 Authentication Security / Passwords
In today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard critical business resources, organizations are increasingly turning to multi-factor authentication (MFA) as a more robust security measure. MFA requires users to provide multiple authentication factors to verify their identity, providing an additional layer of protection against unauthorized access. However, cybercriminals are relentless in their pursuit of finding ways to  bypass MFA systems . One such method gaining traction is MFA spamming attacks, also known as MFA fatigue, or  MFA bombing . This article delves into MFA spamming attacks, including the best practices to mitigate this growing threat. What is MFA spamming? MFA spamming refers to the malicious act of inundating a target user's email, phone, or other registered devices with numerous MFA prompts or confirmation codes. The objective behind this tactic is to o
New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login

New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login

Nov 22, 2023 Authentication Security / Windows
A new research has uncovered multiple vulnerabilities that could be exploited to bypass  Windows Hello authentication  on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. The flaws were discovered by researchers at hardware and software product security and offensive research firm Blackwing Intelligence, who found the weaknesses in the fingerprint sensors from Goodix, Synaptics, and ELAN that are embedded into the devices. A prerequisite for the fingerprint reader exploits is that the users of the targeted laptops have fingerprint authentication already set up. All the three fingerprint sensors are a type of sensor called "match on chip" ( MoC ), which integrates the matching and other biometric management functions directly into the sensor's integrated circuit. "While MoC prevents replaying stored fingerprint data to the host for matching, it does not, in itself, prevent a malicious sensor from spoofing a legitimate sensor's commu
6 Ways to Simplify SaaS Identity Governance

6 Ways to Simplify SaaS Identity Governance

Feb 21, 2024SaaS Security / Identity Management
With SaaS applications now making up the vast majority of technology used by employees in most organizations, tasks related to identity governance need to happen across a myriad of individual SaaS apps. This presents a huge challenge for centralized IT teams who are ultimately held responsible for managing and securing app access, but can't possibly become experts in the nuances of the native security settings and access controls for hundreds (or thousands) of apps. And, even if they could, the sheer volume of tasks would easily bury them. Modern IT teams need a way to orchestrate and govern SaaS identity governance by engaging the application owners in the business who are most familiar with how the tool is used, and who needs what type of access.  Nudge Security is a  SaaS security and governance solution  that can help you do just that, with automated workflows to save time and make the process manageable at scale. Read on to learn how it works. 1 . Discover all SaaS apps used b
Cybersecurity Resources