W3C launches Decentralized Identifiers as a web standard
DID has been designed to give users and organizations greater security and privacy [...]
Showing only posts in The Daily Swig. Show all posts.
‘Password extraction risk’ in identity provider Okta disputed
Researchers go public after vendor disputes impersonation threat [...]
Tor Browser 11.5 release enables users to automatically circumvent censorship
New update addresses challenges faced by users in repressive countries [...]
LDAP Account Manager bug poses unauthenticated remote code execution risk
Silence of the LAM [...]
‘Endemic’ Log4j bug set to persist in the wild for at least a decade, US government warns
Inaugural report from cyber safety panel outlines strengths and weaknesses exposed by momentous security flaw [...]
Prototype pollution in Blitz.js leads to remote code execution
Chain of exploits could be triggered without any authentication [...]
More than 4,000 individuals’ medical data left exposed for 16 years
Private healthcare information was accessible since 2006 [...]
Fantasy Premier League football app introduces 2FA to tackle account takeover hacks
Authentication controls added to defend against account hijack threat [...]
Crunch time for EU web authentication plan as Mozilla launches campaign to protect status quo
Mozilla’s message to MEPs appears to be gaining traction, says senior public policy manager at the non-profit [...]
Microsoft Teams security vulnerability left users open to XSS via flawed stickers feature
The friendly image sent by your colleague on a teleconference may be hiding a malicious secret [...]
Vulnerability in AWS IAM Authenticator for Kubernetes could allow user impersonation, privilege escalation attacks
Flaw in Amazon’s Kubernetes service has since been fixed [...]
Vivaldi browser founder Jon von Tetzchner puts privacy at the center of development
A man for all four seasons [...]
Take threats against machine learning systems seriously, security firm warns
A new white paper from NCC Group details the myriad security threats associated with machine learning models [...]
UK NCSC and ICO urge legal sector to discourage businesses from paying ransomware demands
Advice comes as cost of cybercrime ‘increases’ [...]
PyPI repo to distribute 4,000 security keys to maintainers of ‘critical projects’ in 2FA drive
Google is providing Titan Security Keys to maintainers of projects in top 1% of downloads [...]
Post-quantum cryptography hits standardization milestone
Green light for four ‘future-proofed’ encryption technologies [...]
‘Dirty dancing’ in OAuth: Researcher discloses how cyber-attacks can lead to account hijacking
Single-click account takeovers are made possible by taking advantage of quirks in OAuth [...]
AstraLocker ransomware decryptors released by Emsisoft
Threat actor released decryption keys after abandoning malware to focus on cryptojacking [...]
Decentralized Identifiers: Everything you need to know about the next-gen web ID tech
DID promises to give web users more control over their digital identities [...]
Node.js fixes multiple bugs that could lead to RCE, HTTP request smuggling
All security issues have been patched – update now [...]
Lockdown Mode: Apple offers $2m bug bounty for vulnerabilities in new anti-spyware tech
Latest feature will protect against targeted attacks [...]
SMEs slow to adopt MFA – study
Authentication shortcomings leave sensitive data at risk [...]
Fortinet patch batch remedies multiple path traversal vulnerabilities
Four high, six medium, and one low severity issue fixed [...]
Atlassian patches full-read SSRF in Jira
Severity of authenticated flaw heightened by abuse of Jira Service Desk signup facility [...]
High severity OpenSSL bug could lead to remote code execution
Fixes are available, update now [...]
« newer articles | page 10 | older articles »