PaperCut Software Flaw Sparks Ransomware Attacks, CISA Warns
The bug allowed cyber-criminals to remotely execute malicious code without authentication credentials
Stay secure online with the latest on authentication techniques, best practices, and industry updates at the forefront of information security.
Search across headline titles and summaries.
Background for this topic.
Authentication confirms the identity of users or systems before granting access to resources, typically using factors like passwords (knowledge), hardware tokens (possession), or biometrics (inherence). It establishes trust boundaries that prevent unauthorized entities from impersonating legitimate users or devices within networks and applications.
Weak authentication enables attackers to perform account takeover, privilege escalation, or lateral movement by exploiting stolen credentials, phishing, or replay attacks. Deploying multi-factor authentication (MFA) with independent factors significantly reduces these risks. Secure credential storage, regular rotation, and monitoring authentication logs for anomalies are critical defenses to detect and block unauthorized access attempts early in the attack chain.
The bug allowed cyber-criminals to remotely execute malicious code without authentication credentials
As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution
Mandatory measure against attackers who spam MFA folks into submission Microsoft is hoping to curb a growing threat to multi-factor authentication (MFA) by enforcing a number-matching step for those using Microsoft Authenticator push notifications when signing into services.…
Microsoft has started enforcing number matching in Microsoft Authenticator push notifications to fend off multi-factor authentication (MFA) fatigue attacks. [...]