According to SearchSecurity, Microsoft announced during its Ignite 2021 virtual conference that it is replacing traditional username and password combinations for its Azure Active Directory with more secure and reliable authentication options like Temporary Access Pass, verifiable credentials and digital cards. The company introduced the passwordless security in an effort to adapt to security concerns brought by the COVID-19 pandemic and the SolarWinds supply chain attacks, said Joy Chik, Microsoft’s corporate vice president for its identity division. “As of today, passwordless authentication is generally available for cloud and hybrid environments. This is a big milestone for us in the industry,” Chik added. “Passwords are one of the most common attack vectors. It is easy to set up a passwordless account using Temporary Access Pass. This is a time limited password that allows the user to enter password authentication methods and recover access to their account without a password,” said Microsoft Senior Program Manager Inbar Kobrinsky.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
Organizations could have their sensitive information compromised through a high-severity vulnerability in Google Cloud, Azure, and Amazon Web Services command line interface tools dubbed "LeakyCLI", The Hacker News reports.
Attacks by the Muddled Libra threat operation — also known as UNC3944, Scattered Spider, Scatter Swine, and Starfraud — have been redirected at cloud service providers and software-as-a-service apps as part of efforts to bolster its data extortion efforts, reports The Hacker News.