Brother printers (and printers from Fujifilm, Ricoh, Toshiba, and Konica Minolta) are affected by multiple vulnerabilities discovered by Rapid7, including a critical, unpatchable flaw (CVE-2024-51978) allowing attackers to generate default admin passwords if they know the device's serial number. While seven of the eight vulnerabilities have been patched, the critical one requires a manufacturing process change by Brother. The primary mitigation is to change the default administrator password.
Google has released an updated version of its Authenticator app, featuring a Material 3 design overhaul and a new privacy screen that requires a PIN or biometric approval before accessing 2FA authentication codes.
Okta has confirmed a security vulnerability where usernames of 52 characters or more allowed account access without a password.
The FIDO Alliance's new Passkey standard aims to make password-less authentication a reality, but the real challenge lies in getting users to adopt the technology.
The National Institute of Standards and Technology (NIST) proposes eliminating some common but ineffective password requirements like periodic changes and restrictions on character types to improve overall security hygiene.
"The latest NIST guidelines now state that:
Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords and
Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator."
"The latest NIST guidelines now state that:
Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords and
Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator."
