Authentication

Attackers are using the recently emerged browser-in-the-browser phishing technique to steal accounts from Valve's popular gaming platform, but it's a warning shot to businesses.

Literacy, levels of personal freedom, and other macro-social factors help determine how strong average passwords are in a given locale, researchers have found.

The company's website remains offline after hackers used its compromised CMS to send out racist messages.

Why cyber teams are now front and center for business enablement within organizations, and the significant challenges they face.

Azure says cloud-native single sign-on with a passwordless option is most-requested new AVD feature in the product's history.

Cybercriminals took control of enterprise Exchange Servers to spread large amounts of spam aimed at signing people up for bogus subscriptions.

With the update, Microsoft adds features to allow easier deployment of zero-trust capabilities. Considering the 1.3 billion global Windows users, the support could make a difference.

Emails purporting to be an update to terms of service for GitHub and CircleCI instead attempt to harvest user credentials.

The attack uses hijacked Egress branding and the legit Powtoon video platform to steal user credentials.

Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments.

The attacks showcase broader security concerns as phishing grows in volume and sophistication, especially given that Windows Defender's Safe Links feature for identifying malicious links in emails completely failed in the campaign.

A teen hacker reportedly social-engineered an Uber employee to hand over an MFA code to unlock the corporate VPN, before burrowing deep into Uber's cloud and code repositories.

The phishing-as-a-service offering targets accounts from tech giants, and also has connections to PyPI phishing and the Twilio supply chain attack.

Thousands of corporate mobile apps developed by businesses for use by their customers contain hardcoded AWS tokens that can be easily extracted and used to access the full run of corporate data stored in cloud buckets.

A security vulnerability (CVE-2022-28799) in one of TikTok for Android's deeplinks could affect billions of users, Microsoft warns.