Lucene search
K

32 matches found

Microsoft Secure
Microsoft Secure
added 2026/05/07 4:0 p.m.11 views

World Passkey Day: Advancing passwordless authentication

World Passkey Day is a chance to reflect on progress toward a shared goal: reducing our reliance on passwords and other phishable authentication methods by accelerating passkey adoption. As cyberattacks become more automated and AI-powered, each account is only as secure as its weakest credential...

5.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/10/09 3:0 p.m.11 views

Investigating targeted “payroll pirate” attacks affecting US universities

Microsoft Threat Intelligence has observed a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts. These types of attacks have been dubbed “payroll...

6.7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/10/09 3:0 p.m.15 views

Investigating targeted “payroll pirate” attacks affecting US universities

Microsoft Threat Intelligence has observed a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts. These types of attacks have been dubbed “payroll...

6.7AI score
Exploits0
CISA
CISA
added 2025/09/23 12:0 p.m.14 views

Widespread Supply Chain Compromise Impacting npm Ecosystem

CISA is releasing this Alert to provide guidance in response to a widespread software supply chain compromise involving the world’s largest JavaScript registry, npmjs.com. A self-replicating worm—publicly known as “Shai-Hulud”—has compromised over 500 packages.i After gaining initial access, the...

6.9AI score
Exploits0References14
Filippo.io
Filippo.io
added 2025/07/14 3:17 p.m.8 views

Encrypting Files with Passkeys and age

Typage age-encryption on npm is a TypeScript1 implementation of the age file encryption format. It runs with Node.js, Deno, Bun, and browsers, and implements native age recipients, passphrase encryption, ASCII armoring, and supports custom recipient interfaces, like the Go implementation. However...

6.8AI score
Exploits0
CISA
CISA
added 2025/06/30 12:0 p.m.3 views

CISA and Partners Urge Critical Infrastructure to Stay Vigilant in the Current Geopolitical Environment

Today, CISA, in collaboration with the Federal Bureau of Investigation FBI, the Department of Defense Cyber Crime Center DC3, and the National Security Agency NSA, released a Fact Sheet urging organizations to remain vigilant against potential targeted cyber operations by Iranian state-sponsored ...

7.7AI score
Exploits0References2
The Hacker News
The Hacker News
added 2025/04/30 11:26 a.m.13 views

[Free Webinar] Guide to Securing Your Entire Identity Lifecycle Against AI-Powered Threats

How Many Gaps Are Hiding in Your Identity System? It's not just about logins anymore. Today's attackers don't need to "hack" in—they can trick their way in. Deepfakes, impersonation scams, and AI-powered social engineering are helping them bypass traditional defenses and slip through unnoticed...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/22 7:38 a.m.32 views

Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach

Microsoft on Monday announced that it has moved the Microsoft Account MSA signing service to Azure confidential virtual machines VMs and that it's also in the process of migrating the Entra ID signing service as well. The disclosure comes about seven months after the tech giant said it completed...

7.5AI score
Exploits0
CISA
CISA
added 2024/11/20 12:0 p.m.7 views

USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multifactor Authentication

Today, the Cybersecurity and Infrastructure Security Agency CISA and the U.S. Department of Agriculture USDA released Phishing-Resistant Multifactor Authentication MFA Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authenticatio...

7.2AI score
Exploits0References3
CISA
CISA
added 2024/10/31 12:0 p.m.15 views

Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments

CISA has received multiple reports of a large-scale spearphishing campaign targeting organizations in several sectors, including government and information technology IT. The foreign threat actor, often posing as a trusted entity, is sending spearphishing emails containing malicious remote deskto...

7.7AI score
Exploits0References5
The Hacker News
The Hacker News
added 2024/10/24 11:0 a.m.25 views

Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA

Sometimes, it turns out that the answers we struggled so hard to find were sitting right in front of us for so long that we somehow overlooked them. When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency CISA, in coordination with the FBI, issues a...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/18 11:0 a.m.45 views

U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign

Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by Iranian cyber actors to infiltrate critical infrastructure organizations via brute-force attacks. "Since October 2023, Iranian actors have used brute force and passwor...

10CVSS7.2AI score0.99512EPSS
Exploits75
CISA
CISA
added 2024/10/08 12:0 p.m.7 views

CISA and FBI Release Fact Sheet on Protecting Against Iranian Targeting of Accounts Associated with National Political Organizations

Today, CISA and the Federal Bureau of Investigation FBI released joint fact sheet, How to Protect Against Iranian Targeting of Accounts Associated with National Political Organizations. This fact sheet provides information about threat actors affiliated with the Iranian Government’s Islamic...

7AI score
Exploits0References4
ICS
ICS
added 2024/08/29 12:0 p.m.57 views

#StopRansomware: RansomHub Ransomware

Actions to take today to mitigate cyber threats from ransomware: 1. Install updates for operating systems, software, and firmware as soon as they are released. 2. Require phishing-resistant MFA i.e., non-SMS text based for as many services as possible. 3. Train users to recognize and report...

10CVSS8.3AI score0.99654EPSS
Exploits253References114
The Hacker News
The Hacker News
added 2024/08/08 3:31 p.m.28 views

University Professors Targeted by North Korean Cyber Espionage Group

The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes. Cybersecurity firm Resilience said it identified the activity in late July 2024 after it observed an operation...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/10 10:6 a.m.18 views

Google Adds Passkeys to Advanced Protection Program for High-Risk Users

Google on Wednesday announced that it's making available passkeys for high-risk users to enroll in its Advanced Protection Program APP. "Users traditionally needed a physical security key for APP — now they can choose a passkey to secure their account," Shuvo Chatterjee, product lead of APP, said...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/30 6:52 a.m.12 views

Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud

Okta is warning that a cross-origin authentication feature in Customer Identity Cloud CIC is susceptible to credential stuffing attacks orchestrated by threat actors. "We observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing for...

7.6AI score
Exploits0
ICS
ICS
added 2024/05/10 12:0 p.m.52 views

#StopRansomware: Black Basta

Actions for critical infrastructure organizations to take today to mitigate cyber threats from ransomware: 1. Install updates for operating systems, software, and firmware as soon as they are released. 2. Require phishing-resistant MFA for as many services as possible. 3. Train users to recognize...

10CVSS8AI score0.99959EPSS
Exploits129References80
ICS
ICS
added 2023/12/15 12:0 p.m.69 views

Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment

Actions to take today to harden your internal environment to mitigate follow-on activity after initial access. 1. Use phishing-resistant multi-factor authentication MFA for all administrative access. 2. Verify the implementation of appropriate hardening measures, and change, remove, or deactivate...

10CVSS9.7AI score0.99999EPSS
Exploits177References133
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/11/21 5:0 p.m.22 views

Microsoft named a Leader in 2023 Gartner® Magic Quadrant™ for Access Management for the 7th year​​

Protecting identity from compromise is top of mind for security professionals as identity attacks continue to intensify. Earlier this year we reported that we had observed a nearly three-fold increase in password attacks per second in the last two years, from 579 in 2021 to 4,000 in 2023.1 Identi...

7.1AI score
Exploits0
Rows per page
Query Builder