Showing results 1 - 20 of 162 for "authentication"
BLOG POST - https://www.cisecurity.org/insights/blog/why-are-authentication-and-authorization-so-diffic...
Why Are Authentication and Authorization So Difficult?
By: Kathleen M. Moriarty, CIS Chief Technology Officer Let’s say you’re tasked with selecting a strong authentication solution for your organization. ...
SPOTLIGHT - https://www.cisecurity.org/insights/spotlight/ei-isac-cybersecurity-spotlight-multi-factor-...
Election Security Spotlight – Multi-Factor Authentication
In this Election Security Spotlight, we discuss best practices for multi-factor authentication....
BLOG POST - https://www.cisecurity.org/insights/blog/tracing-the-evolving-levels-of-support-for-webauth...
Tracing the Evolving Levels of Support for WebAuthn
There are a large number of products that support WebAuthn and other standards in the FIDO Framework. Let's examine some of these now....
BLOG POST - https://www.cisecurity.org/insights/blog/how-dmarc-advances-email-security
How DMARC Advances Email Security
While some identity management protocols such as multi-factor authentication have made modern advancements, others – like email authentication – have ...
BLOG POST - https://www.cisecurity.org/insights/blog/authentication-and-authorization-using-single-sign...
Authentication and Authorization Using Single Sign-On
By: Kathleen M. Moriarty, CIS Chief Technology Officer In order to prevent credential theft from phishing attacks, there is a push for multi-factor au...
ADVISORY - https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-progress-moveit-products-co...
2024-075: Multiple Vulnerabilities in Progress MOVEit Products Could Allow for Authentication Bypass
Multiple vulnerabilities have been discovered in MOVEit products, which could allow for authentication bypass. MOVEit Gateway acts as...
ADVISORY - https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-sonicwall-sonicos-could-all...
2025-002: Multiple vulnerabilities in SonicWall SonicOS could allow a remote attacker to bypass authentication.
Multiple vulnerabilities have been discovered in SonicWall SonicOS that could allow for authentication bypass. SonicOS is SonicWall’s operating sys...
ADVISORY - https://www.cisecurity.org/advisory/a-vulnerability-in-github-enterprise-server-ghes-could-...
2024-060: A Vulnerability in GitHub Enterprise Server (GHES) Could Allow for Authentication Bypass
A vulnerability has been discovered in GitHub Enterprise Server (GHES), which could allow for authentication bypass. GHES is a popular platform for...
ADVISORY - https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-ivanti-avalanche-could-allo...
2025-005: Multiple Vulnerabilities in Ivanti Avalanche Could Allow for Authentication Bypass
Multiple Vulnerabilities have been discovered in Ivanti Avalanche, the most severe of which could allow for auth...
ADVISORY - https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-palo-alto-pan-os-could-allo...
2024-130: Multiple Vulnerabilities in Palo Alto PAN-OS Could Allow for Authentication Bypass
Multiple vulnerabilities have been discovered in Palo Alto <span style="color...
BLOG POST - https://www.cisecurity.org/insights/blog/cis-password-policy-guide-passphrases-monitoring-a...
CIS Password Policy Guide: Passphrases, Monitoring, and More
Love them or hate them, but passwords have undeniably been a time-tested and imperfect method for user authentication that can protect organizations f...
MEDIA MENTION - https://www.cisecurity.org/about-us/media/media-mention/what-is-a-one-time-password-us-news...
What is a One-Time Password? | US News – U.S News and World Report Money
One-time passwords can help prevent ID theft, reduce the need for IT support, and help resist cyberattacks called replay attacks....
PAGE - https://www.cisecurity.org/ms-isac/dhs-issues-binding-operational-directive-on-enhancing-em...
DHS Issues Binding Operational Directive on Enhancing Email and Web Security
Date Issued: October 17, 2017 The U.S. Department of Homeland Security (DHS) released Binding Operational Directive (BOD) 18-01 directing federal agen...
SPOTLIGHT - https://www.cisecurity.org/insights/spotlight/cybersecurity-spotlight-passwords
Election Security Spotlight – Passwords
What it is Passwords are a critical yet basic authentication mechanism in information security that consists of a combination of alphabetic, numeric, ...
BLOG POST - https://www.cisecurity.org/insights/blog/why-oauth-is-so-important-an-interview-with-justin...
Why OAuth is so Important: An Interview with Justin Richer
This is the third article in this series by Kathleen Moriarty, CIS Chief Technology Officer. In this article, Moriarty interviews Justin Richer, an in...
BLOG POST - https://www.cisecurity.org/insights/blog/11-cyber-defense-tips-to-stay-secure-at-work-and-h...
11 Cyber Defense Tips to Stay Secure at Work and Home
To uphold your personal responsibility for cybersecurity, here are 11 steps that you can use to strengthen your cyber defense at home and at work....
BLOG POST - https://www.cisecurity.org/insights/blog/the-llm-misinformation-problem-i-was-not-expecting
The LLM Misinformation Problem I Was Not Expecting
Kathleen Moriarty discusses an unexpected LLM misinformation problem: students incorporating non-vetted AI results into their assignments....
SPOTLIGHT - https://www.cisecurity.org/insights/spotlight/election-security-spotlight-what-is-email-sec...
Election Security Spotlight – What Is Email Security?
In this Election Security Spotlight, the Elections Infrastructure Information Sharing an Analysis Center (EI-ISAC) provides an overview of email secur...
BLOG POST - https://www.cisecurity.org/insights/blog/mimikatz-the-finest-in-post-exploitation
Mimikatz: The Finest in Post-Exploitation
Part 2 in a series on Malware Overview The MS-ISAC continuously observes attacks using the post-exploitation credential stealing tool Mimikatz. Many c...
BLOG POST - https://www.cisecurity.org/insights/blog/8-security-essentials-for-managing-your-online-pre...
8 Security Essentials for Managing Your Online Presence
Election officials need to manage their online presence to stay safe from cyber threat actors. Here are eight security essentials to help you get star...