Passwords are a central aspect of security infrastructure and practice, but they are also a principal weakness involved in 81% of all hacking breaches. Inherent useability problems make passwords difficult for users to manage safely. These security and useability shortcomings have driven the search for alternative approaches known generally as passwordless authentication.
Passkeys are a kind of passwordless authentication that is seeing increasing focus and adoption. They are set to become a key part of security in the coming years. Passkeys represent a more secure foundation for enterprise security. Although they are not foolproof (they can be synced to a device running an insecure OS, for example), they are far more secure than passwords for customers, employees, and partners alike.
Cloud threat detection vendor Skyhawk Security has released a platform designed to address alert fatigue that provides cloud detection and response (CDR) across multi-cloud environments, the company said Tuesday in a statement. The company says the Synthesis platform is being released on a “freemium” basis—the base version is available at no cost, but supplement features can be purchased.
Skyhawk claims the platform improves upon products focused on identifying numerous static cloud security misconfigurations by employing machine learning (ML) to find correlated sequences of high-priority runtime events and identify paths of least resistance that are exploited to compromise cloud infrastructure.
Sebastian Chnelik discovered that wheel incorrectly handled
certain file names when validated against a regex expression.
An attacker could possibly use this issue to cause a
denial of service.
Posted by Tomi Tuominen via Fulldisclosure on Jan 23
Call For Papers 2023
Tired of your bosses suspecting conference trips to exotic locations being just a ploy to partake in Security Vacation
Club? Prove them wrong by coming to Helsinki, Finland on May 4-5 2023! Guaranteed lack of sunburn, good potential for
rain or slush. In case of great spring weather, though, no money back.
CFP and registration both open. Read further if still unsure.
Maui, Miami, Las Vegas, Tel Aviv or Wellington feel so…
Posted by Apple Product Security via Fulldisclosure on Jan 23
APPLE-SA-2023-01-23-8 Safari 16.3
Safari 16.3 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213600.
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 245464
CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao…
Posted by Apple Product Security via Fulldisclosure on Jan 23
APPLE-SA-2023-01-23-7 watchOS 9.3
watchOS 9.3 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213599.
AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Regula of SecuRing (wojciechregula.blog)
Posted by Apple Product Security via Fulldisclosure on Jan 23
APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3
macOS Big Sur 11.7.3 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213603.
AppleMobileFileIntegrity
Available for: macOS Big Sur
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing
(wojciechregula.blog)…
