SEARCH
Archive
Microsoft Fixed Multi-factor Authentication Bypass Flaw
The flaw in Microsoft's Active Directory Federation Services lets an attacker use the same second factor to bypass multi-factor authentication for any account running on the same service. Microsoft has patched the flaw.
Microsoft Adds Support for WebAuthn in Edge
Microsoft Edge now supports the Web Authentication API, allowing users to login to sites without needing a password.
Microsoft’s Bug Bounty Covers OpenID Flaws
Microsoft will do more than pay researchers bounties for finding and reporting vulnerabilities in Microsoft Account and Microsoft Entra ID in its Microsoft Identity Bounty Program. The company also wants vulnerabilities in select OpenID standards.
Microsoft Patch: Update to Fix Actively Exploited Vulnerabilities
Recently, Microsoft patched a vulnerability that could be used in phishing attacks to direct users to malicious websites. The security update is available in March’s Patch Tuesday, which included two months of updates and 18 security bulletins - 9 of which were rated as critical.
The Latest Phishing Attacks Target Gmail, Microsoft Word & Android Apps
Recently, phishing attacks against Gmail users, a major U.S. financial services provider, and Android app users have revealed unique ways to deliver malware and steal login credentials.