[SECURITY] Fedora 39 Update: oath-toolkit-2.6.12-1.fc39

The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm RFC4226 and the time-based TOTP algorithm RFC6238. OATH stands for Open...

Top 4 Essential Strategies for Securing APIs To Block Compromised Tokens

Government bodies are clamping down heavily on institutions and organizations that handle sensitive customer data. For APIs, tokens are used to authenticate users. We live in an era dominated by cloud-native and cloud-first solutions that rely on these services to provide dynamic data storage...

MFA Spamming and Fatigue: When Security Measures Go Wrong

In today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard critical business resources, organizations are increasingly turning to multi-factor authentication MFA as a more robust security measure. MFA...

Raider - Web Authentication Testing Framework

This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated tests, they don't provide features to test the authentication process itself, i.e. manipulating the relevant input fields to identify broken authentication...

Biometric data processing and storage system threats

Initially, digital biometric data processing systems were used primarily by government agencies and special services police, customs, etc.. However, the rapid evolution of information technology has made biometric systems accessible for 'civil' use. They are increasingly becoming part of our...

Using Machine Learning to Create Fake Fingerprints

Researchers are able to create fake fingerprints that result in a 20% false-positive rate. The problem is that these sensors obtain only partial images of users' fingerprints -- at the points where they make contact with the scanner. The paper noted that since partial prints are not as distinctiv...

Passwords: Here to Stay, Despite Smart Alternatives?

The lowly password is much-maligned as being the weakest link in any company’s security defenses. That’s for good reason: It’s a fact that password reuse, a lack of strong passwords, a failure to change them on a regular basis and other human errors plague the efficacy of this de facto standard f...

SWIFT Warns Banks Of More Cyberattacks

Reports of additional attacks against banks that use SWIFT, the global financial transaction messaging network, came to light Wednesday. The attacks were reportedly persistent, sophisticated and in some cases successful, impacting an undisclosed number of financial institutions. It’s the latest...

[SECURITY] Fedora 20 Update: oath-toolkit-2.4.1-3.fc20

The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools an d a PAM module. Supported technologies include the event-based HOTP algorithm RFC4226 and the time-based TOTP algorithm RFC6238. OATH stands for Open...

Twitter added DMARC support to prevent email phishing

Twitter announced via its blog today that it has begun using a new method called Domain-based Message Authentication, Reporting and Conformance DMARC to help prevent email phishing. DMARC is actually a standard for preventing email spoofing, in order to make it harder for attackers to send phishi...

Ubuntu Update for xscreensaver vulnerability USN-474-1

Ubuntu Update for Linux kernel vulnerabilities USN-474-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4741.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for xscreensaver vulnerability USN-474-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

L0phtCrack password cracker set to return

More than two years after Symantec pulled the plug on L0phtCrack, the venerable password cracking tool is being prepped for a return to the spotlight. The original creators of L0phtCrack has reacquired the tool with plans to release a new version at next week’s SOURCE Boston conference. A teaser...

GLSA-200603-08 : GnuPG: Incorrect signature verification

The remote host is affected by the vulnerability described in GLSA-200603-08 GnuPG: Incorrect signature verification OpenPGP is the standard that defines the format of digital signatures supported by GnuPG. OpenPGP signatures consist of multiple sections, in a strictly defined order. Tavis Ormand...