#authentication — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #authentication, aggregated by home.social.
-
Vaultjacking: One Captured PIN, the Entire Google Password Manager Vault
Read on HackerWorkspace: https://hackerworkspace.com/article/vaultjacking-one-captured-pin-the-entire-google-password-manager-vault
-
Vaultjacking: One Captured PIN, the Entire Google Password Manager Vault
Read on HackerWorkspace: https://hackerworkspace.com/article/vaultjacking-one-captured-pin-the-entire-google-password-manager-vault
-
Vaultjacking: One Captured PIN, the Entire Google Password Manager Vault
Read on HackerWorkspace: https://hackerworkspace.com/article/vaultjacking-one-captured-pin-the-entire-google-password-manager-vault
-
Vaultjacking: One Captured PIN, the Entire Google Password Manager Vault
Read on HackerWorkspace: https://hackerworkspace.com/article/vaultjacking-one-captured-pin-the-entire-google-password-manager-vault
-
Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs
https://isc.sans.edu/diary/rss/33024
Read on HackerWorkspace: https://hackerworkspace.com/article/reconstructing-an-akira-ransomware-kill-chain-from-perimeter-and-endpoint-logs
-
Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs
https://isc.sans.edu/diary/rss/33024
Read on HackerWorkspace: https://hackerworkspace.com/article/reconstructing-an-akira-ransomware-kill-chain-from-perimeter-and-endpoint-logs
-
Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs
https://isc.sans.edu/diary/rss/33024
Read on HackerWorkspace: https://hackerworkspace.com/article/reconstructing-an-akira-ransomware-kill-chain-from-perimeter-and-endpoint-logs
-
Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs
https://isc.sans.edu/diary/rss/33024
Read on HackerWorkspace: https://hackerworkspace.com/article/reconstructing-an-akira-ransomware-kill-chain-from-perimeter-and-endpoint-logs
-
Canonical releases Workshop for one-command sandboxed dev environments on Ubuntu - Help Net Security
https://www.helpnetsecurity.com/2026/05/28/canonical-workshop-ubuntu/
Read on HackerWorkspace: https://hackerworkspace.com/article/canonical-releases-workshop-for-one-command-sandboxed-dev-environments-on-ubuntu-help-net-security
-
Canonical releases Workshop for one-command sandboxed dev environments on Ubuntu - Help Net Security
https://www.helpnetsecurity.com/2026/05/28/canonical-workshop-ubuntu/
Read on HackerWorkspace: https://hackerworkspace.com/article/canonical-releases-workshop-for-one-command-sandboxed-dev-environments-on-ubuntu-help-net-security
-
Canonical releases Workshop for one-command sandboxed dev environments on Ubuntu - Help Net Security
https://www.helpnetsecurity.com/2026/05/28/canonical-workshop-ubuntu/
Read on HackerWorkspace: https://hackerworkspace.com/article/canonical-releases-workshop-for-one-command-sandboxed-dev-environments-on-ubuntu-help-net-security
-
Canonical releases Workshop for one-command sandboxed dev environments on Ubuntu - Help Net Security
https://www.helpnetsecurity.com/2026/05/28/canonical-workshop-ubuntu/
Read on HackerWorkspace: https://hackerworkspace.com/article/canonical-releases-workshop-for-one-command-sandboxed-dev-environments-on-ubuntu-help-net-security
-
How to Setup SSH Login with Public Key #Authentication (4 Step Quick-Start Guide)
This article describes how to setup SSH login with public key authentication across your servers and clients for secure access.
If you're using SSH to connect to remote servers, public key authentication is a security best practice. Unlike password-based logins, key-based authentication is not vulnerable to brute-force attacks.
Using a key to ...
Continued 👉 https://blog.radwebhosting.com/how-to-setup-ssh-login-with-public-key-authentication/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #publickey #sshcommands -
How to Setup SSH Login with Public Key #Authentication (4 Step Quick-Start Guide)
This article describes how to setup SSH login with public key authentication across your servers and clients for secure access.
If you're using SSH to connect to remote servers, public key authentication is a security best practice. Unlike password-based logins, key-based authentication is not vulnerable to brute-force attacks.
Using a key to ...
Continued 👉 https://blog.radwebhosting.com/how-to-setup-ssh-login-with-public-key-authentication/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #publickey #sshcommands -
How to Setup SSH Login with Public Key #Authentication (4 Step Quick-Start Guide)
This article describes how to setup SSH login with public key authentication across your servers and clients for secure access.
If you're using SSH to connect to remote servers, public key authentication is a security best practice. Unlike password-based logins, key-based authentication is not vulnerable to brute-force attacks.
Using a key to ...
Continued 👉 https://blog.radwebhosting.com/how-to-setup-ssh-login-with-public-key-authentication/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #publickey #sshcommands -
Strengthening Active Directory Password Rules Without Frustrating Users
Want to boost your Active Directory password security without driving users crazy? Ditch outdated complexity rules and switch to passphrases - longer, multi-word passwords that are easier to remember and harder for hackers to crack.
#ActiveDirectory #PasswordManagement #Passphrases #IdentitySecurity #Authentication
-
A phrase I really do not like is: "I told you so." Usually, people say it after something has already happened that could have been prevented. After systems have already shown their limitations. The recent Lithuania registry breach reminded me once again how important access infrastructure has become. Especially when digital systems operate around government data, real estate, legal entities, and public trust. But through calm engineering discussion, collaboration, and practical security architecture. Article: https://www.antonmb.com/en/blog/rethinking-access-security-after-the-lithuania-breach #CyberSecurity #Authentication #Authorization #AccessControl #ZeroTrust #SecurityArchitecture #GovTech #SecurityEngineering -
A phrase I really do not like is: "I told you so." Usually, people say it after something has already happened that could have been prevented. After systems have already shown their limitations. The recent Lithuania registry breach reminded me once again how important access infrastructure has become. Especially when digital systems operate around government data, real estate, legal entities, and public trust. But through calm engineering discussion, collaboration, and practical security architecture. Article: https://www.antonmb.com/en/blog/rethinking-access-security-after-the-lithuania-breach #CyberSecurity #Authentication #Authorization #AccessControl #ZeroTrust #SecurityArchitecture #GovTech #SecurityEngineering -
Chinese Threat Actors Shift to Live Credential Interception
https://www.infosecurity-magazine.com/news/chinese-phishing-live-credential/
Read on HackerWorkspace: https://hackerworkspace.com/article/chinese-threat-actors-shift-to-live-credential-interception
-
Chinese Threat Actors Shift to Live Credential Interception
https://www.infosecurity-magazine.com/news/chinese-phishing-live-credential/
Read on HackerWorkspace: https://hackerworkspace.com/article/chinese-threat-actors-shift-to-live-credential-interception
-
Chinese Threat Actors Shift to Live Credential Interception
https://www.infosecurity-magazine.com/news/chinese-phishing-live-credential/
Read on HackerWorkspace: https://hackerworkspace.com/article/chinese-threat-actors-shift-to-live-credential-interception
-
Chinese Threat Actors Shift to Live Credential Interception
https://www.infosecurity-magazine.com/news/chinese-phishing-live-credential/
Read on HackerWorkspace: https://hackerworkspace.com/article/chinese-threat-actors-shift-to-live-credential-interception
-
Staged publishing and new install-time controls for npm - GitHub Changelog
https://github.blog/changelog/2026-05-22-staged-publishing-and-new-install-time-controls-for-npm/
Read on HackerWorkspace: https://hackerworkspace.com/article/staged-publishing-and-new-install-time-controls-for-npm-github-changelog
-
Staged publishing and new install-time controls for npm - GitHub Changelog
https://github.blog/changelog/2026-05-22-staged-publishing-and-new-install-time-controls-for-npm/
Read on HackerWorkspace: https://hackerworkspace.com/article/staged-publishing-and-new-install-time-controls-for-npm-github-changelog
-
Staged publishing and new install-time controls for npm - GitHub Changelog
https://github.blog/changelog/2026-05-22-staged-publishing-and-new-install-time-controls-for-npm/
Read on HackerWorkspace: https://hackerworkspace.com/article/staged-publishing-and-new-install-time-controls-for-npm-github-changelog
-
Staged publishing and new install-time controls for npm - GitHub Changelog
https://github.blog/changelog/2026-05-22-staged-publishing-and-new-install-time-controls-for-npm/
Read on HackerWorkspace: https://hackerworkspace.com/article/staged-publishing-and-new-install-time-controls-for-npm-github-changelog
-
The Evolution of Chinese-language Phishing Services | Google Cloud Blog
https://cloud.google.com/blog/topics/threat-intelligence/chinese-language-phishing-services/
Read on HackerWorkspace: https://hackerworkspace.com/article/the-evolution-of-chinese-language-phishing-services-google-cloud-blog
-
The Evolution of Chinese-language Phishing Services | Google Cloud Blog
https://cloud.google.com/blog/topics/threat-intelligence/chinese-language-phishing-services/
Read on HackerWorkspace: https://hackerworkspace.com/article/the-evolution-of-chinese-language-phishing-services-google-cloud-blog
-
The Evolution of Chinese-language Phishing Services | Google Cloud Blog
https://cloud.google.com/blog/topics/threat-intelligence/chinese-language-phishing-services/
Read on HackerWorkspace: https://hackerworkspace.com/article/the-evolution-of-chinese-language-phishing-services-google-cloud-blog
-
The Evolution of Chinese-language Phishing Services | Google Cloud Blog
https://cloud.google.com/blog/topics/threat-intelligence/chinese-language-phishing-services/
Read on HackerWorkspace: https://hackerworkspace.com/article/the-evolution-of-chinese-language-phishing-services-google-cloud-blog
-
https://www.europesays.com/uk/982376/ PSA: Microsoft Is Removing SMS Authentication From Everyone’s Xbox Account #authentication #Security #SMS #Technology #UK #UnitedKingdom #Xbox
-
🔑 pocket-id/pocket-id
A simple and easy-to-use OIDC provider that allows users to authenticate with their passkeys to your services.
Provides OIDC authentication using passkeys only (no passwords), supporting YubiKey and other FIDO2 devices for self-hosted services
⭐ Stars: 7878
📅 Last Update: May 23, 2026https://github.com/pocket-id/pocket-id
#selfhosted #homelab #selfhost #selfhosting #opensource #authentication #oidc
-
🔑 pocket-id/pocket-id
A simple and easy-to-use OIDC provider that allows users to authenticate with their passkeys to your services.
Provides OIDC authentication using passkeys only (no passwords), supporting YubiKey and other FIDO2 devices for self-hosted services
⭐ Stars: 7878
📅 Last Update: May 23, 2026https://github.com/pocket-id/pocket-id
#selfhosted #homelab #selfhost #selfhosting #opensource #authentication #oidc
-
CVE-2026-34474: Pre-auth #credential disclosure in #ZTE #H298A / #H108N via #ETHCheat...The short version: an ETHCheat branch returns credential-bearing #HTML before #authentication. The captured fields include the #admin #password, WLAN PSK, and ESSID, and a companion wizard #endpoint #exposes serial data.
-
CVE-2026-34474: Pre-auth #credential disclosure in #ZTE #H298A / #H108N via #ETHCheat...The short version: an ETHCheat branch returns credential-bearing #HTML before #authentication. The captured fields include the #admin #password, WLAN PSK, and ESSID, and a companion wizard #endpoint #exposes serial data.
-
CVE-2026-34474: Pre-auth #credential disclosure in #ZTE #H298A / #H108N via #ETHCheat...The short version: an ETHCheat branch returns credential-bearing #HTML before #authentication. The captured fields include the admin password, WLAN PSK, and ESSID, and a companion wizard #endpoint #exposes serial data.
-
CVE-2026-34474: Pre-auth #credential disclosure in #ZTE #H298A / #H108N via #ETHCheat...The short version: an ETHCheat branch returns credential-bearing #HTML before #authentication. The captured fields include the #admin #password, WLAN PSK, and ESSID, and a companion wizard #endpoint #exposes serial data.
-
How to Setup SSH Login with Public Key #Authentication (4 Step Quick-Start Guide) This article describes how to setup SSH login with public key authentication across your servers and clients for secure access. If you're using SSH to connect to ... Continued 👉 #publickey #sshcommands
How to Setup SSH Login with Pu... -
#Microsoft Phasing Out #SMS #Authentication Codes for Personal #Accounts in Favor of #Passkeys
👏👏👏👏👏
-
#Microsoft Phasing Out #SMS #Authentication Codes for Personal #Accounts in Favor of #Passkeys
👏👏👏👏👏
-
#Microsoft Phasing Out #SMS #Authentication Codes for Personal #Accounts in Favor of #Passkeys
👏👏👏👏👏
-
#Microsoft Phasing Out #SMS #Authentication Codes for Personal #Accounts in Favor of #Passkeys
👏👏👏👏👏
-
via #AIFoundry : Introducing Toolboxes in Foundry
https://ift.tt/vGLnOAa
#Foundry #Toolboxes #Toolbox #FoundryToolbox #AI #AIAgents #ToolDiscovery #Build #Consume #Governance #UnifiedEndpoint #MCP #OpenAPI #OAuth #MicrosoftEntra #Azure #AzureAI #Authentication #Observability … -
What Kind of Identity Should Your AI Agent Have? – Source: securityboulevard.com https://ciso2ciso.com/what-kind-of-identity-should-your-ai-agent-have-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #Identity&Access #authentication #BestPractices #identities #workloads #zerotrust #OAuth #AI
-
What Kind of Identity Should Your AI Agent Have? – Source: securityboulevard.com https://ciso2ciso.com/what-kind-of-identity-should-your-ai-agent-have-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #Identity&Access #authentication #BestPractices #identities #workloads #zerotrust #OAuth #AI
-
What Kind of Identity Should Your AI Agent Have? – Source: securityboulevard.com https://ciso2ciso.com/what-kind-of-identity-should-your-ai-agent-have-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #Identity&Access #authentication #BestPractices #identities #workloads #zerotrust #OAuth #AI
-
What Kind of Identity Should Your AI Agent Have? – Source: securityboulevard.com https://ciso2ciso.com/what-kind-of-identity-should-your-ai-agent-have-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #Identity&Access #authentication #BestPractices #identities #workloads #zerotrust #OAuth #AI
-
https://winbuzzer.com/2026/04/10/fbi-disrupts-russian-dns-hijack-network-targeting-microsoft-xcxwbn/
FBI Disrupts Russian DNS Hijack Network Targeting Microsoft 365
#Microsoft #Microsoft365 #Russia #Routers #Cybersecurity #CyberThreats #Malware #Cyberespionage #Hackers #MicrosoftSecurity #ThreatActors #Hacking #SecurityThreats #Authentication #Cyberattacks
-
Barn door slamming....#GitHub will start requiring active developers to enable #TwoFactor #authentication #2F on their accounts beginning next week, on March 13. Once expanded to the company's entire user base, the 2FA enrollment requirement will help #secure the accounts of more than 100 million users. https://www.bleepingcomputer.com/news/security/github-makes-2fa-mandatory-next-week-for-active-developers/
-
Storm-0558 hacks of Microsoft Exchange
In mid-July 2023, Microsoft reported that a Chinese hacking group tracked as '#Storm0558' breached the email accounts of 25 organizations, including US and Western European government agencies, using #forged #authentication #tokens from a stolen Microsoft consumer #signing #key.
Using this stolen key, the Chinese threat actors exploited a zero-day vulnerability in the #GetAccessTokenForResource API function for Outlook Web Access in Exchange Online (#OWA) to forge authorization tokens.
These tokens allowed the threat actors to impersonate Azure accounts and access email accounts for numerous government agencies and organizations to monitor and steal email.
After these attacks, Microsoft faced a lot of criticism for not providing adequate #logging to Microsoft customers for free. Instead, Microsft required customers to purchase additional licenses to obtain logging data that could have helped detect these attacks.
After working with CISA to identify crucial logging data needed to #detect #attacks, Microsoft announced that they now offer it for free to all Microsoft customers.