Web Authentication and Access Control
- November 07, 2019
Phishing attacks against the United Nations and humanitarian organizations show how threat actors are weaponizing valid SSL certificates and how hard it is to stop the abuse.
- November 06, 2019
A recently reported bug in Firefox allows spammed authentication dialogs to lock users out of their browsers and it is under attack in the wild, despite previous efforts to patch.
- February 28, 2019
After two previous attempts, Cisco has issued a third patch for a persistent flaw in its Webex platform, which allows privilege escalation attacks on systems running the software.
- December 13, 2018
Tavis Ormandy of Google's Project Zero discovered a serious authentication vulnerability in Logitech's Options application, but the peripheral device maker has yet to address the flaw.
- August 03, 2018
Using two-factor authentication with one-time passwords sent via SMS has come under question again after a Reddit breach was blamed on the faulty 2FA method.
- July 06, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Identiverse 2018 and how artificial intelligence is being applied to identity and access management.
- June 26, 2018
Ping Identity increased its focus on API security with the acquisition of Elastic Beam, a startup that uses artificial intelligence to apply behavioral security on enterprise APIs.
- April 24, 2018
As network perimeter security grows less practical, Akamai talks at RSA Conference about moving beyond firewalls to improve authentication with a zero-trust model.
- April 10, 2018
W3C and the FIDO Alliance have given websites a new tool for doing FIDO-compliant authentication, as the WebAuthn authentication protocol is promoted to W3C Candidate Recommendation.
- February 07, 2018
A Grammarly vulnerability in its browser extension authentication could have exposed users' sensitive documents if the popular spelling and grammar checker were left unpatched.
- July 12, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the identity and access management industry and how machine learning algorithms could govern IAM systems.
- July 12, 2017
Ping Identity CEO Andre Durand talks with SearchSecurity about the data-driven move toward contextual authentication and intelligent identity and what this means for enterprises.
- May 12, 2017
A Slack vulnerability exposed user authentication tokens and enabled hackers to access private data. Expert Matthew Pascucci explains how and why this hack was successful.
- April 07, 2017
CA Strong Authentication brings inexpensive multi- and two-factor authentication to businesses looking to protect mobile applications and devices and to prevent identity theft.
- November 08, 2016
Researchers find widespread risk for users of apps with insecure OAuth implementation, which could lead to attackers being able to access the data held within a vulnerable app.