Zscaler says that they discovered an exposed "test environment" that was taken offline for analysis after rumors circulated that a threat actor was selling access to the company's systems. [...]
Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence.
The remotely exploitable flaws "can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next
A medical lab that specialises in cancer screenings has admitted to an alarming data breach that left sensitive patient information exposed for years - and accessible by unauthorised parties.
California-based Guardant Health is notifying affected individuals that information related to samples collected in late 2019 and 2020 was "inadvertently" left exposed online to the general public after an employee mistakenly uploaded it.
Read more in my article on the Hot for Security blog.
Microsoft announced that Windows users can now log into their Microsoft consumer accounts using a passkey, allowing users to authenticate using password-less methods such as Windows Hello, FIDO2 security keys, biometric data (facial scans or fingerprints), or device PINs. [...]
Once again, Microsoft compromises security for convenience (details about this are in the story). Several security experts have recently written about how the concept behind passkeys is okay, but the various incompatible implementations suck so much that people might just stay with username/password.
Passkeys are much better for the majority of people for the majority of accounts. I still recommend username/password + 2fa for critical accounts like banking or your primary email account but for everything else passkeys are a big step up in usability for most people. I do agree though that having ecosystem locked implementations is going to suck if you aren't all in on either Google or Apple. The main reason I still use a physical yubikey and/or bitwarden passkeys instead.