ZDNet

Some enterprise VPN apps store authentication/session cookies insecurely

At least four Virtual Private Network (VPN) applications sold or made available to enterprise customers share security flaws, warns the Carnegie Mellon University CERT Coordination Center (CERT/CC) ...
Security Boulevard

Session-Based Authentication vs Token-Based Authentication: Key Differences Explained

Detailed comparison of session-based and token-based authentication for enterprise SSO. Learn about scalability, security, and CIAM best practices.
CSO Online

Five Chrome extensions caught hijacking enterprise sessions

Malicious Chrome extensions posing as productivity tools were found stealing session tokens, blocking security controls, and ...
Forbes

Stolen Session Cookies: The Next Big Cyber Threat

In 2022 alone, over 87,000 exposed credentials tied to Fortune 1000 C-level executives were recaptured from the criminal underground, according to SpyCloud's 2023 Identity Exposure Report. The threat ...
Forbes

Filling The Gaps In Identity Verification And Authentication

Michael Engle is Cofounder at 1Kosmos and was previously head of InfoSec at Lehman Brothers and Cofounder of Bastille Networks. In many enterprise environments, it’s common for identity verification ...
Dark Reading

Cookies for MFA Bypass Gain Traction Among Cyberattackers

When the malware group Lapsus$ needed to gain access to systems compromised in recent breaches, it not only searched for passwords but also for the session tokens — that is, cookies — used to ...

Credential-stealing Chrome extensions target enterprise HR platforms

Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP ...

Microsoft: Windows update blocks access to Cloud PC sessions

Microsoft confirmed that a recent Windows update is blocking customers from accessing their Microsoft 365 Cloud PC sessions.