cyberfeed.io — security news aggregator

Leaking URLs

cybersecurity • 2025-10-05 • www.reddit.com

Strange situation I'm looking for some advice on. We have an internal web app, that whilst hosted publicly in the cloud, has strong access controls (SSO to our IdP) and shows no signs of having been breached. However, we're seeing sporadic requests from various countries to suspiciously specific paths that shouldn't be public knowledge. These requests aren't authenticated, so they are redirected to the login screen. This means they're essentially harmless, but it's perplexing how people know...

#cloud #sso

Beyond SSO: Mobile Money Authentication for Inclusive e-Government in Sub-Saharan Africa

cs.CR updates on arXiv.org • 2025-09-26 • arxiv.org

arXiv:2509.20592v1 Announce Type: new Abstract: The rapid adoption of Mobile Money Services (MMS) in Sub-Saharan Africa (SSA) offers a viable path to improve e-Government service accessibility in the face of persistent low internet penetration. However, existing Mobile Money Authentication (MMA) methods face critical limitations, including susceptibility to SIM swapping, weak session protection, and poor scalability during peak demand. This study introduces a hybrid MMA framework that combines...

#security-tools #authentication #sso

New VoidProxy phishing service targets Microsoft 365, Google accounts

BleepingComputer • 2025-09-14 • www.bleepingcomputer.com

A newly discovered phishing-as-a-service (PhaaS) platform, named VoidProxy, targets Microsoft 365 and Google accounts, including those protected by third-party single sign-on (SSO) providers such as Okta.

#security-tools #phishing #sso

The Auth Shim: A Lightweight Architectural Pattern for Integrating Enterprise SSO with Standalone Open-Source Applications

cs.CR updates on arXiv.org • 2025-09-05 • arxiv.org

arXiv:2509.03900v1 Announce Type: cross Abstract: Open-source software OSS is widely adopted in enterprise settings, but standalone tools often lack native support for protocols like SAML or OIDC, creating a critical security integration gap. This paper introduces and formalizes the Auth Shim, a lightweight architectural pattern designed to solve this problem. The Auth Shim is a minimal, external proxy service that acts as a compatibility layer, translating requests from an enterprise Identity...

#saml #sso #oidc

Multiple Vulnerabilities in NetScaler ADC and NetScaler Gateway Could Allow for Remote Code Execution

Cyber Security Advisories - MS-ISAC • 2025-08-27 • www.cisecurity.org

Multiple Vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway, which could allow for remote code execution. NetScaler ADC is a networking product that functions as an Application Delivery Controller (ADC), a tool that optimizes, secures, and ensures the reliable availability of applications for businesses. NetScaler Gateway is a secure remote access solution that provides users with single sign-on (SSO) to applications and resources from any device, anywhere. Successful...

#security-tools #vulnerability #sso

How safe is 'Windows Hello' for a business environment as suppose to just regular passwords or pins on corporate devices?

cybersecurity • 2025-08-24 • www.reddit.com

If anyone has any real world examples in corporate environments of how safe it is or isn't, can you please elaborate on your experiences? If you didn't end up opting for it, what did you use instead and more importantly, why did you make that decision? If some users didn't want to opt for it, how did you handle the decision and problem to deploy it? Was there buy-in first or was this part of an IT policy? If you did opt for it, is it seamless with SSO with M365 stack and any other apps outside...

#sso

Platform SSO configuration guide for macOS devices using Microsoft Intune - "configure Platform SSO to enable single sign-on (SSO) for your macOS devices using passwordless authentication, Microsoft E

For [Blue|Purple] Teams in Cyber Defence • 2025-08-23 • www.reddit.com

submitted by /u/digicat [link] [comments]

#security-tools #authentication #passwordless #sso

Does VPN SSO with Windows Hello for Business satisfy MFA requirements?

cybersecurity • 2025-08-19 • www.reddit.com

I'm thing about moving our remote access from RADIUS app-based 2FA to SAML Single Sign-On (SSO) on our firewall VPN. All users sign into Microsoft Entra ID - joined laptops with Windows Hello for Business (WHfB) (PIN, fingerprint, or facial recognition). Since WHfB uses a TPM-bound key on the device (something you have) plus PIN/biometric (something you know/are), Microsoft recognizes it as MFA. When the VPN connection is made via SAML SSO, Entra ID passes the MFA claim into the VPN session....

#mfa #2fa #saml #sso