Bleeping Computer

CISA orders feds to patch actively exploited Geoserver flaw

CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. In such attacks, an XML input containing a ...
thecyberexpress

Phishing Attack Bypasses FIDO Key Authentication

July 25 update: Expel has concluded after a review that MFA challenges failed and the attacker was never granted access to the requested resource. Our original July 17 article is below. A phishing ...
Bleeping Computer

Threat actors try to downgrade FIDO2 MFA auth in PoisonSeed phishing attack

Update 7/25:25: Expel researchers have recanted their story, stating that while the the threat actors are attempting to use a phishing attacks to bypass FIDO authentication, the Cross-Device ...
GitHub

[NEW] Allow to restrict user authentication to external authentication module

With the introduction of the first official Valkey external authentication module, valkey-ldap, Valkey users can now be authenticated by both the external module, or internally by the ACL system. The ...
Cyber Defense Magazine

Innovator Spotlight: Beyond Traditional Authentication: How Swissbit’s Vital Key is ...

In the high-stakes world of cybersecurity, Chief Information Security Officers (CISOs) are constantly searching for authentication solutions that don’t just meet compliance requirements, but ...
Biometric Companies

Thales launches FIDO key lifecycle management for passwordless authentication

A release from Thales, the French biometrics and digital identity firm, says it is launching OneWelcome FIDO Key Lifecycle Management, a new product to help large organizations deploy and manage FIDO ...
Forbes

Yubico Issues Security Advisory As 2FA Bypass Vulnerability Confirmed

Yubico is most likely the first name that comes to mind when you think about two-factor authentication hardware keys and other secure authentication solutions. And for good reason: it has been leading ...