Multi-factor Authentication | Breaking Cybersecurity News | The Hacker News

Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchain-based security tools, could the technology one day replace passwords? How blockchain works  Blockchain is a secure way to maintain, encrypt, and exchange digital records of transactions. Its security benefits stem from its decentralized nature: this distributed ledger can be accessed by participants across various nodes , and is unalterable. All users retain control as a group, meaning no single person can change the ledger. How could this provide security benefits? One advantage is the ability to create a 'self-sovereign ID' that alters the way that a user identifies themselves online. Essentially, it creates a private ID for a user that they control, rather than relying on a centralized institution : they can logon to a particular website or service using their identity on...

Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security. Atlantis AIO "has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen credentials in rapid succession," the cybersecurity company said in an analysis. Credential stuffing is a type of cyber attack in which an adversary collects stolen account credentials, typically consisting of lists of usernames or email addresses and passwords, and then uses them to gain unauthorized access to user accounts on unrelated systems through large-scale automated login requests. Such credentials could be obtained from a data breach of a social media service or be acquired from underground forums where they are advertised for sale by other threat actors. Credential stuffing is also different from brute-force attacks, which revolve around cracking passwords, login credential...

While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts. Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this prominence has made it a prime target for cybercriminals who seek access to valuable corporate identities, applications, and sensitive data. While Okta provides robust native security features and recommended best practices, maintaining proper security controls requires constant vigilance. Configuration drift, identity sprawl, and misconfigurations can provide attackers a way into Okta and other apps if left unchecked. This article covers four key ways Nudge Security can help you proactively secure Okta as part of your efforts to harden your identity security posture. 1. Continuous Configuration ...

Multi-factor authentication (MFA) has quickly become the standard for securing business accounts. Once a niche security measure, adoption is on the rise across industries. But while it's undeniably effective at keeping bad actors out, the implementation of MFA solutions can be a tangled mess of competing designs and ideas. For businesses and employees, the reality is that MFA sometimes feels like too much of a good thing. Here are a few reasons why MFA isn't implemented more universally. 1. Businesses see MFA as a cost center MFA for businesses isn't free, and the costs of MFA can add up over time. Third-party MFA solutions come with subscription costs, typically charged per user. Even built-in options like Microsoft 365's MFA features can cost extra depending on your Microsoft Entra license. Plus, there's the cost of training employees to use MFA and the time IT takes to enroll them. If MFA increases help desk calls, support costs go up too. While these expenses are far less t...

Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the account holder with any indication of trouble," Oasis Security researchers Elad Luz and Tal Hason said in a report shared with The Hacker News. Following responsible disclosure, the issue – codenamed AuthQuake – was addressed by Microsoft in October 2024. While the Windows maker supports various ways to authenticate users via MFA, one method involves entering a six-digit code from an authenticator app after supplying the credentials. Up to 10 consequent failed attempts are permitted for a single session. The vulnerability identified by Oasis, at its core, concerns...

Privileged accounts are well-known gateways for potential security threats. However, many organizations focus solely on managing privileged access—rather than securing the accounts and users entrusted with it. This emphasis is perhaps due to the persistent challenges of Privileged Access Management (PAM) deployments. Yet, as the threat landscape evolves, so must organizational priorities. To prevent trust from becoming a liability, the next step in securing privileged access must become a critical focus. In this blog, we explore why managing privileged access alone is insufficient and provide actionable insights to help you craft a security-first strategy for privileged access. The Evolution of PAM Privileged Access Management (PAM) has long been a cornerstone of securing an organization's privileged users and critical resources. PAM's primary goal is to control, monitor, and safeguard privileged accounts, which often have elevated access to critical systems and data. These accou...

Google's cloud division has announced that it will enforce mandatory multi-factor authentication (MFA) for all users by the end of 2025 as part of its efforts to improve account security. "We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025," Mayank Upadhyay, vice president of engineering and distinguished engineer at Google Cloud, said in a statement. "To ensure a smooth transition, Google Cloud will provide advance notification to enterprises and users along the way to help plan MFA deployments." The rollout process is scheduled to take place over three stages, starting from this month and until the end of 2025 - Phase 1 (Starting November 2024), when administrators will be provided information to prepare for the security upgrade  Phase 2 (Early 2025), when Google will begin requiring MFA for all new and existing Google Cloud users who sign in with a password Phase 3 (En...

Sometimes, it turns out that the answers we struggled so hard to find were sitting right in front of us for so long that we somehow overlooked them. When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, issues a cybersecurity warning and prescribes specific action, it's a pretty good idea to at least read the joint advisory. In their advisory AA24-242A, DHS/CISA and the FBI told the entire cybercriminal-stopping world that to stop ransomware attacks, organizations needed to implement phishing-resistant MFA and ditch SMS-based OTP MFA.  The Best Advice I Never Followed  This year, we have experienced an astonishing surge in ransomware payments, with the average payment increasing by a staggering 500%. Per the "State of Ransomware 2024" report from cybersecurity leader Sophos, the average ransom has jumped by 5X reaching $2 million from $400,000 last year. Even more troubling, RISK &...

As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised identities, including cloud and SaaS credentials. Given this reality, IT security leaders need practical and effective  SaaS security solutions  designed to discover and manage their expanding SaaS footprint. Here are 5 key ways Nudge Security can help. Close the visibility gap Knowing the full scope of SaaS apps in use is the foundation of a modern IT governance program. Without an understanding of your entire SaaS footprint, you cannot say with confidence where your corporate IP is stored (Did someone sync their desktop to Dropbox?), you cannot make assumptions about your customer da...

Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods, accelerating the password-cracking process.  In this post, we'll explore hybrid attacks — what they are and the most common types. We'll also discuss how your organization can defend against them. The blended approach of hybrid attacks Threat actors are always looking for better, more successful ways to crack passwords — and hybrid attacks allow them to combine two different hacking techniques into a single attack. By integrating attack methodologies, they can take advantage of the strengths associated with each method, increasing their chances of success. And hybrid attacks aren't just limited to cracking passwords. Cybercriminals regularly combine technical cyberattacks with other tactics, ...

The interest in passwordless authentication has increased due to the rise of hybrid work environments and widespread digitization. This has led to a greater need for reliable data security and user-friendly interfaces. Without these measures, organizations are at risk of experiencing data breaches, leaks, and significant financial losses.  While traditional password-based systems offer protection, they are susceptible to security threats like phishing and identity theft which drives the consideration of going passwordless. Additionally, users often have difficulty remembering multiple passwords, which further jeopardizes security as they tend to reuse the same one for accessing multiple business systems and devices. However, passwordless methods such as biometrics, smartcards, and multi-factor authentication prioritize both data security and user satisfaction. Nevertheless, not all passwordless authentication systems are the same and exhibit their own challenges.  The need...

Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials ( Verizon DBIR, 2024 ). Solving this problem resolves over 80% of your corporate risk, and a solution is possible.  However, most tools available on the market today cannot offer a complete defense against this attack vector because they were architected to deliver probabilistic defenses. Learn more about the characteristics of Beyond Identity that allow us to deliver deterministic defenses.  The Challenge: Phishing and Credential Theft Phishing attacks trick users into revealing their credentials via deceptive sites or messages sent via SMS, email, and/or voice calls. Traditional defenses, such as end-user training or basic multi-factor authentication (MFA), lower the risk at best but cannot eliminate it. Users may still fall prey to scams, and stolen credentials can be exploited. Legacy MFA is a particularly urgent problem, given that ...

SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10. "An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash," SonicWall said in an updated advisory. With the latest development, the company has revealed that CVE-2024-40766 also impacts the firewall's SSLVPN feature. The issue has been addressed in the below versions - SOHO (Gen 5 Firewalls) - 5.9.2.14-13o Gen 6 Firewalls - 6.5.2.8-2n (for SM9800, NSsp 12400, and NSsp 12800) and 6.5.4.15.116n (for other Gen 6 Firewall appliances) The network security vendor has since updated the bulletin to reflect the p...

The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes. Cybersecurity firm Resilience said it identified the activity in late July 2024 after it observed an operation security (OPSEC) error made by the hackers. Kimsuky, also known by the names APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet, Springtail, and Velvet Chollima, is just one of the myriad offensive cyber teams operating under the direction of the North Korean government and military. It's also very active, often leveraging spear-phishing campaigns as a starting point to deliver an ever-expanding set of custom tools to conduct reconnaissance, pilfer data, and establish persistent remote access to infected hosts. The attacks are also characterized by the use of compromised hosts as staging infrastructure to deploy an obfuscated version of the Green Dinosaur web shell, which is then used...