News • Insights • Analysis
Watch out for more Fortinet vulns! Two critical bugs in Fortinet’s sandbox could allow unauthenticated attackers to bypass authentication or execute unauthorized code on vulnerable systems. Luckily, the security vendor has issued fixes – so patch now – and so Read More …
Europe doesn’t want to hear any more excuses from tech platforms for why they can’t verify users’ ages. European Commission President Ursula von der Leyen on Tuesday announced a new European age verification app that will give users a sort Read More …
The official email accounts of public officials all over the world have been leaked online, with many exposed alongside their plaintext passwords, making it trivial for an attacker to breach their accounts. Researchers at Proton scoured the darker side of Read More …
Hungary’s government has discovered the hard way that the biggest threat to national security might just be its own password choices. An investigation by Bellingcat has uncovered close to 800 Hungarian government email and password pairings circulating in breach dumps, Read More …
Suspected Iran-linked threat actors are conducting password-spraying attacks against hundreds of organizations, primarily Middle Eastern municipalities, in campaigns that security researchers believe may have been aimed at supporting bomb-damage assessment following missile strikes. Tel Aviv-based Check Point Research on Tuesday Read More …
What began as a simple scheme to inflate social media metrics has evolved into a sophisticated threat that is quietly reshaping the economics of digital fraud. Over the past decade, fraud prevention teams have invested heavily in device fingerprinting and Read More …
Passwordless authentication is often presented as the end of account takeover. But to understand the real threat landscape, we need to examine how passwordless is actually deployed in the real world. Attackers do not break protocols in theory. They target Read More …
A large amount of sensitive information allegedly coming from a Swedish government IT system has been posted on the darknet, according to Dagens Nyheter and Expressen. DN writes that the newspaper has taken note of the leak and that it Read More …
Researchers investigating Discord’s age-verification checks say they discovered an exposed frontend belonging to Persona, the identity-verification vendor used by Discord. It revealed a far more expansive surveillance and financial intelligence stack than a simple “teen safety” tool. A short while Read More …
Using Artificial Intelligence (AI) to generate your passwords is a bad idea. It’s likely to give that password to a criminal who can then use it in a dictionary attack—which is when an attacker runs through a prepared list of Read More …
