Logging in with a username and password is the most insecure form of authentication. Organizations that want to better protect their accounts are therefore advised to choose stronger authentication methods, such as two-factor authentication (2FA) and the FIDO2 standard from the FIDO Alliance. This is stated by the National Cyber ​​Security Center (NCSC) in a new fact sheet called “Authenticating adults”.

Read more

The first bug bounty program organized by the US Department of Homeland Security has revealed a total of 122 vulnerabilities, 27 of which have been labeled critical. Last December, Homeland Security launched the “Hack DHS” program. The program consists of three phases. First, a model was developed that other government agencies can also use to strengthen their cyber resilience.

Read more

Several Russian government sites are inaccessible after ddos attacks. Among others, the websites of the Kremlin, the Russian government and the Ministry of Defense are down. Several Twitter accounts claim the attacks are in the name of Anonymous.

Read more

Parts of Nvidia have likely been offline for two days due to a cyber attack. It is not yet known if any data was captured or if Nvidia was otherwise harmed.

Read more

WordPress introduces an emergency patch for four serious vulnerabilities. WordPress 5.8.3 is available immediately.

Read more

Steam has now set a new user record; there were 28.2 million concurrent users in the past weekend. Exactly two years ago, there were ten million fewer users simultaneously online on the game platform.

Read more

Security researcher Troy Hunt has added leaked usernames and passwords from rap mixtape website DatPiff to Have I been Pwned. In November, data from nearly 7.5 million members appeared on a hacker forum.

Read more