Tag: fido
-
PoisonSeed outsmarts FIDO keys without touching them
Tags: attack, authentication, ceo, cryptography, exploit, fido, Hardware, login, phishing, vulnerabilityFIDO isn’t broken, just outsmarted: Expel researchers called the campaign a concerning development, given that FIDO keys are often regarded as one of the pinnacles of secure MFA. “While we haven’t uncovered a vulnerability in FIDO keys, IT and SecOps folks will want to sit up and take notice,” they said. “This attack demonstrates how…
-
PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse
Cybersecurity researchers have disclosed a novel attack technique that allows threat actors to bypass Fast IDentity Online (FIDO) key protections by deceiving users into approving authentication requests from spoofed company login portals.The activity, observed by Expel as part of a phishing campaign in the wild, has been attributed to a threat actor named PoisonSeed, which…
-
PoisonSeed Attack Tricks Users into Scanning Malicious MFA QR Codes
A sophisticated new cyber attack technique has emerged that exploits the cross-device sign-in features of FIDO keys, effectively bypassing one of the most secure forms of multifactor authentication (MFA) available today. Security researchers have identified this adversary-in-the-middle (AitM) attack, attributed to the PoisonSeed threat group, which demonstrates how attackers can circumvent hardware-based authentication protections through…
-
Hackers Exploit FIDO MFA With Novel Phishing Technique
PoisonSeed Threat Actor Uses Cross-Device Login Feature and QR Code to Trick Users. Expel researchers have found a novel adversary-in-the-middle phishing technique used by PoisonSeed, a cybercrime group previously tied to large-scale cryptocurrency thefts, to sidestep one of the most secure forms of multifactor authentication – FIDO2 physical keys. First seen on govinfosecurity.com Jump to…
-
‘PoisonSeed’ Attacker Skates Around FIDO Keys
Researchers discovered a novel phishing attack that serves the victim a QR code as part of supposed multifactor authentication (MFA), in order to get around FIDO-based protections. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/poisonseed-attacker-fido-keys
-
Phishers have found a way to downgrade”, not bypass”, FIDO MFA
Contrary to recent reports, phishing sleight-of-hand doesn’t defeat FIDO. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/07/no-phishers-are-not-bypassing-fido-mfa-at-least-not-yet-heres-why/
-
Why should companies or organizations convert to FIDO security keys?
In this Help Net Security interview, Alexander Summerer, Head of Authentication at Swissbit, explains how FIDO security keys work, what threats they address, and why they’re … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/25/alexander-summerer-swissbit-fido-security-keys/
-
OneSpan Acquires Nok Nok Labs to Expand FIDO-Based Passwordless Authentication
First seen on scworld.com Jump to article: www.scworld.com/news/onespan-acquires-nok-nok-labs-to-expand-fido-based-passwordless-authentication
-
Void Blizzard nimmt NATO-Organisationen ins Visier
Tags: access, api, authentication, blizzard, cloud, cyberattack, cyberespionage, edr, fido, framework, governance, government, hacker, intelligence, mail, malware, mfa, microsoft, open-source, passkey, password, phishing, risk, siem, spear-phishing, threat, tool, ukraineRussische Hacker ändern ihre Taktik von Passwort-Spraying zu Phishing, aber ihre Ziele innerhalb der NATO bleiben gleich.Seit über einem Jahr hat es eine neue Cyberspionage-Gruppe, die mit der russischen Regierung in Verbindung stehen soll, auf Unternehmen aus verschiedenen Branchen innerhalb der NATO abgesehen. Die Gruppe wird von Microsoft Threat Intelligence ‘Void Blizzard” genannt. Die niederländischen…
-
Will AI agent-fueled attacks force CISOs to fast-track passwordless projects?
Tags: access, ai, api, attack, authentication, breach, business, ciso, cloud, credentials, cyber, cybersecurity, data, fido, finance, framework, google, Hardware, identity, login, metric, microsoft, okta, passkey, password, phishing, privacy, risk, risk-management, service, technology, threat, tool, update, zero-trustPasswordless options: In retiring passwords, security leaders will need to consider their options, passkeys, biometrics, and third-party login services, looking for the best technical, usability, and security fit. There are pros and cons for each option, and in many cases CISOs may be guided towards one based on their existing environment.Passkeys, used by Microsoft, Samsung,…
-
New Russian APT group Void Blizzard targets NATO-based orgs after infiltrating Dutch police
Tags: access, api, apt, attack, authentication, blizzard, cloud, credentials, data, defense, detection, edr, email, fido, framework, group, hacker, identity, least-privilege, login, mfa, microsoft, open-source, passkey, password, phishing, qr, risk, russia, siem, spear-phishing, switch, threat, toolSwitch to spear phishing: In recent months the group seems to have pivoted from password spraying to targeted spear phishing attacks that direct users to fake Microsoft Entra login pages using adversary-in-the-middle (AitM) techniques. Such a campaign led to the compromise of 20 NGOs in April.In its campaign against NGOs, Void Blizzard sent emails masquerading…
-
UK Government to Roll Out Passkeys Late This Year
FIDO-Based Authentication to Replace SMS-Based Verification, Says UK NCSC. The U.K. government is set to replace SMS-based verification systems for digital services with passkeys later this year in a bid to shore-up cyber defenses. The authentication initiative is being developed by the U.K. National Cybersecurity Center using FIDO standards. First seen on govinfosecurity.com Jump to…
-
Breaking the Password Barrier: FIDO’s Path to Seamless Security
As the digital world rapidly expands, the need for secure, seamless authentication becomes more urgent. At the forefront of this evolution is FIDO (Fast Identity Online), promoting password-less authentication that combines convenience with strong security. But FIDO’s long-term success depends not only on its security capabilities but also on achieving true interoperability across platforms and..…
-
Microsoft Switches to Passkeys By Default, Pledges to Eliminate Passwords
Apple and Google also pledged to use the FIDO Alliance’s standard for biometric or PIN logins as opposed to passwords. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-passwordless-world-password-day/
-
Third of Online Users Hit by Account Hacks Due to Weak Passwords
FIDO Alliance found an uptick in awareness and takeup of passkeys as an alternative method to passwords First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/third-online-users-hacks-passwords/
-
48 Prozent der Verbraucher würden Passkeys mehr vertrauen
Der Welt-Passwort-Tag ist traditionell ein Anlass, um für sichere Passwort-Praktiken zu werben. Thales vertritt jedoch seit langem die Ansicht, dass Passwörter nicht mehr zweckmäßig sind und vollständig durch Passkeys ersetzt werden sollten. Diese Position wird nun von der FIDO Alliance bekräftigt, die den Tag offiziell in umbenannt hat ein klarer Schritt […] First seen on…
-
10 key questions security leaders must ask at RSA 2025
Tags: access, ai, api, application-security, authentication, automation, business, cisa, ciso, cloud, conference, control, corporate, cve, cyber, cybersecurity, data, defense, detection, edr, endpoint, fido, finance, gartner, google, government, healthcare, infrastructure, microsoft, mitigation, mitre, monitoring, mssp, network, nist, passkey, password, phone, programming, resilience, risk, risk-management, service, software, strategy, switch, threat, tool, training, vulnerability, zero-trustIs agentic AI more myth than reality?: Building on 2024’s AI enthusiasm, this year will be all about agentic AI, defined as “a type of AI that enables software systems to act autonomously, making decisions and taking actions based on goals, with minimal human intervention,” according to AI itself (source: Google Gemini). We’ll see lots…
-
Breaking the Barriers to a Password-Free Life in Enterprise: Meet SafeNet eToken Fusion NFC PIV security key
Tags: access, authentication, cloud, compliance, control, credentials, data, defense, encryption, fido, framework, government, healthcare, identity, infrastructure, mobile, nfc, password, phishing, regulation, service, software, strategy, technology, windowsBreaking the Barriers to a Password-Free Life in Enterprise: Meet SafeNet eToken Fusion NFC PIV security key madhav Thu, 03/13/2025 – 06:46 As large organizations increasingly shift towards passwordless solutions, the benefits are clear: enhanced user experience, improved security, and significant cost savings. The FIDO (Fast Identity Online) standard has emerged as the gold standard…
-
Goodbye passwords? Enterprises ramping up passkey adoption
87% of companies have, or are in the midst of, rolling out passkeys with goals tied to improved user experience, enhanced security, and compliance, according to the FIDO … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/12/enterprise-passkey-adoption/
-
Customer Identity & Access Management: Die besten CIAM-Tools
Tags: access, ai, api, authentication, business, cloud, compliance, cyberattack, fido, fraud, gartner, iam, ibm, identity, infrastructure, intelligence, login, marketplace, microsoft, okta, privacy, risk, saas, service, toolWir haben die besten Lösungen in Sachen Customer Identity & Access Management für Sie zusammengestellt.Customer Identity & Access Management (CIAM) bildet eine Unterkategorie von Identity & Access Management (IAM). CIAM wird dazu eingesetzt, die Authentifizierungs- und Autorisierungsprozesse von Applikationen zu managen, die öffentlich zugänglich sind, beziehungsweise von Kunden bedient werden.Geht es darum, die für Ihr…
-
Lifecycle-Managementlösung für FIDO-Schlüssel
Thales gibt die Einführung von bekannt. Dabei handelt es sich um eine neue Lösung, die großen Unternehmen bei der erfolgreichen Bereitstellung und Verwaltung von FIDO-Sicherheits-Passkeys im großen Maßstab helfen soll. One-Welcome-FIDO-Key-Lifecycle-Management kombiniert eine interoperable Managementplattform mit den FIDO-Hardware-Sicherheitsschlüsseln von Thales (Passkeys). Der Anbieter hat sie eigens für die Nutzung in großen Unternehmen entworfen. Die […] First seen on…
-
Sichere Authentifizierung: Thales präsentiert neue Lifecycle-Managementlösung für FIDO-Schlüssel
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/sichere-authentifizierung-lifecycle-fido-keys
-
Thales präsentiert neue Lifecycle-Managementlösung für FIDO-Schlüssel
Die neue Lösung ermöglicht Unternehmen das einfache und effiziente Management von FIDO-Sicherheits-Passkeys im großen Maßstab zur Beschleunigung und zum Schutz passwortloser Implementierungen First seen on infopoint-security.de Jump to article: www.infopoint-security.de/thales-praesentiert-neue-lifecycle-managementloesung-fuer-fido-schluessel/a39798/
-
Yubico Warns of 2FA Security Flaw in pam-u2f for Linux and macOS Users
Tags: 2fa, advisory, authentication, cve, fido, flaw, linux, macOS, mfa, open-source, risk, software, threat, vulnerabilityYubico has released a security advisory, YSA-2025-01, which highlighted a vulnerability within the software module that supports two-factor authentication (2FA) for Linux and macOS platforms. This issue, tracked as CVE-2025-23013, allows for a partial 2FA bypass protections when using YubiKeys or other FIDO-compatible authenticators. The vulnerability poses a high-risk security threat and could potentially compromise…
-
Best of 2024: FIDO: Consumers are Adopting Passkeys for Authentication
The FIDO Alliance found in a survey that as consumers become more familiar with passkeys, they are adopting the technology as a more secure alternative to passwords to authenticate their identities online. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/fido-consumers-are-adopting-passkeys-for-authentication-2/
-
FIDO unveils new specifications to transfer passkeys
The proposed FIDO Alliance specifications would enable users and organizations to securely transfer credentials from one identity provider to another…. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366613642/FIDO-unveils-new-specifications-to-transfer-passkeys