Changing the Monolith—Part 4: Quick tech wins for a cloud-first world

You may have heard that identity is the “new” perimeter. Indeed, with the proliferation of phishing attacks over the past few years, one of the best ways to secure data is to ensure that identity—the primary way we access data—can be trusted. How do we secure identity? Start by evaluating how use...

CVE-2013-0294

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

Go passwordless to strengthen security and reduce costs

We all know passwords are inherently unsecure. They’re also expensive to manage. Users struggle to remember them. It’s why we’re so passionate about eliminating passwords entirely. Passwordless solutions, such as Windows Hello, FIDO2 security keys, and the Microsoft Authenticator app, provide mor...

Microsoft announces new innovations in security, compliance, and identity at Ignite

Today, at the Microsoft Ignite Conference, we’re announcing new innovations designed to help customers across their security, compliance, and identity needs. With so much going on at Ignite this week, I want to highlight the top 10 announcements: 1. Azure Sentinel—We’re introducing new connectors...

Your password doesn’t matter—but MFA does!

Your pa$$word doesn’t matter—Multi-Factor Authentication MFA is the best step you can take to protect your accounts. Using anything beyond passwords significantly increases the costs for attackers, which is why the rate of compromise of accounts using any MFA is less than 0.1 percent of the gener...

CVE-2019-0234

A Reflected Cross-site Scripting XSS vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting XSS. The mitigation for this vulnerability is to upgrade to the latest version of...

Cross site scripting

A Reflected Cross-site Scripting XSS vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting XSS. The mitigation for this vulnerability is to upgrade to the latest version of...

CVE-2019-0234

Summary: CVE-2019-0234 is a reflected XSS in Apache Roller caused by Roller's Math Comment Authenticator not properly sanitizing input. Affected versions include Roller 5.2.1–5.2.2 (and related 5.2.x builds) prior to 5.2.3. Impact: attacker-controlled input could trigger reflected XSS. Mitigation...

CVE-2019-12995

Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related to a jwtauthenticator.cc segmentation fault...

CVE-2019-12995

Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related to a jwtauthenticator.cc segmentation fault...

CVE-2019-3875

A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself CDP or through the separately configured path. The CRL are often availab...

CVE-2019-3875

A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself CDP or through the separately configured path. The CRL are often availab...

CVE-2019-3875

A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself CDP or through the separately configured path. The CRL are often availab...

Advancing Windows 10 as a passwordless platform

Passwords can be frustrating, difficult to remember, and easily hacked or stolen. That’s why our vision for Windows is one of a passwordless platform—a world where users don’t have to deal with the pains of a password. With the release of Windows 10, version 1903, we’re bringing Windows 10 closer...

Authentication flaw

Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app like google authenticator is able to bypass the first authentication phase username/password mechanism an...

A Go implementation of Poly1305 that makes sense

Poly1305 is a Message Authentication Code--a cryptographic primitive for authenticating a message with a shared secret key, like HMAC. Although its really a fraction of the complexity of e.g. elliptic curves, most of the implementations Ive read look decidedly like magic, mysteriously multiplying...

Delivering security innovation that puts Microsoft’s experience to work for you

Cybersecurity is the central challenge of our digital age. Without it, everything from our personal email accounts and privacy to the way we do business, and all types of critical infrastructure, are under threat. As attackers evolve, staying ahead of these threats is getting harder. Microsoft ca...

[SECURITY] Fedora 27 Update: wpa_supplicant-2.6-14.fc27

wpasupplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 IEEE 802.11i / RSN. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11...

Exim SMTP listener base64d function one-character buffer overflow

Added: 05/16/2018 CVE: CVE-2018-6789 BID: 103049 Background Exim is a mail transfer agent used on Unix-like operating systems. Problem Exim 5.90 and earlier are vulnerable to a one-character buffer overflow in the base64d function in the SMTP listener. Resolution Upgrade to Exim 4.90.1 or higher,...

How To Deploy NetScaler as Both OAuth SP and IdP

Deploying the NetScaler, as both an OAuth Service Provider SP and IdP Identity Provider or OpenID Authenticator. This can be on the same NetScaler, or on two separate appliances...