Cyber Crime Innovation Is Lucrative Cybercrime rewards innovative organizations. These can innovate at the tactical level (e.g. new or updated tactics, techniques, and procedures (TTP)), the strategic level (e.g. new monetisation methods), or at the operational level—the management of resources and personnel to achieve strategic objectives. This is operational art. The operational level, the glue that enables a group to execute well, is seldom analyzed because it is rarely visible to...

To verify your identity, applications typically ask you to provide something you know, such as a password or a secret key. They may also ask you to prove ownership of something you have, such as a phone or device. Finally, they may ask for proof of who you are by utilizing biometrics. Multi-factor authentication, or MFA, refers to the practice of requiring users to prove their identities in more than one way. MFA protects users in the event of password compromise. When utilized, MFA requires...

FIDO2 and WebAuthn hold great promise not only for consumers but for enterprise users as well. There are caveats however, and the challenges for IT departments are very different than for consumer websites. A FIDO2 Security Key What Is WebAuthn Again? WebAuthn—short for Web Authentication—promises to fix authentication on the web with a strong, simple, and un-phishable standard. A while back, I wrote an article that explains how WebAuthn works as a consumer authentication technology. It...

Today, Palo Alto Networks announced a critical security vulnerability affecting SAML certificate management across a range of their devices. While this vulnerability is isolated to Palo Alto Networks Firewalls, it impacts customers using these devices with independent identity providers (IDPs) that rely on the SAML protocol and who are using self-signed certificates, including customers of Okta. Complete details can be found in Palo Alto Networks’ security advisory, here:...

Plain-old authentication is boring. Today I'm going to show you how you can enhance your application's security by providing smart multi-factor authentication (MFA), the kind that takes contextual and behavior-based factors into account. Through this article, I'll explain how this security pattern works. Just know that this pattern is universally applicable to any web-based, mobile, or desktop applications. Why Adaptive Multi-Factor Authentication? While normal MFA is a big step up...