ZDNet

Some enterprise VPN apps store authentication/session cookies insecurely

At least four Virtual Private Network (VPN) applications sold or made available to enterprise customers share security flaws, warns the Carnegie Mellon University CERT Coordination Center (CERT/CC) ...
TechRepublic

Cookie theft threat: When multi-factor authentication is not enough

Cookie theft threat: When multi-factor authentication is not enough Your email has been sent Multi-factor authentication (MFA) is a good security measure, most of the ...
Ars Technica

Asp.net custom forms authentication & session timeouts woes

View image: /infopop/emoticons/icon_mad.gif I'm stuck <BR><BR>All I want to do is to be able to redirect users to a logon page if their session timeout expires (set ...
Dark Reading

Cookies for MFA Bypass Gain Traction Among Cyberattackers

When the malware group Lapsus$ needed to gain access to systems compromised in recent breaches, it not only searched for passwords but also for the session tokens — that is, cookies — used to ...
TechRepublic

A Better Scheme for Authentication Using Session-Passwords

The most common method used for authentication is Textual passwords. But textual passwords are vulnerable to dictionary attacks, eves dropping, social engineering and shoulder surfing. An alternative ...