Blog Welcome to PureID Research Blog

Atlassian & Jenkins Atlassian is a globally popular provider of software development and collaboration tools. Jenkins, an open source automation server has more than 200,000 deployments. Both are being actively attacked due to recently disclosed vulnerabilities CVE-2021-26084 &  CVE-2021-39124 in Atlassian products, as they are used in conjunction at many organisations. These security issues pose […]
Read More...

Bhushan Hinduja November 19, 2021 Uncategorized

Everyone understands and acknowledges that passwords are evil and are the biggest risk for enterprises. We have also seen that augmenting passwords with different factors not only makes the authentication process complex and costly but also fails to provide any effective security. Clearly, enterprise must choose to #GoPasswordless. In this blog, we discuss how. Securing […]
Read More...

Ajit Hatti October 4, 2021 Enterprise Security

Overview In our previous research blog Passwords & MFA Melting VPNS we had explained how vulnerabilities in Fortinet VPN are being exploited to harvest user credentials and bypass MFA implementations.  The latest update from The Hacker News – 500K FortiGate VPN user credentials are available for free. Many instances of Fortinet VPN whose credentials are […]
Read More...

Ajit Hatti September 14, 2021 Credential Stealing

All the recent high profile breaches we have seen, have one common root cause – Account takeovers with compromised credentials. Solarwinds incidents is a biggest examples of how simple account takeovers lead to distribution of malicious updates, which then got amplified through the supply chain and affect the entire world. GitHub being the world’s code-repository […]
Read More...

Ajit Hatti August 25, 2021 Passwordless

PureID is glad and excited to announce the appointment of Jeremiah Grossman, the world-renowned web security expert, to its advisory board.  The PureID Advisory Board Jeremiah joins the board which also has Lamont Orange (CISO, Netskope) & James Robinson (Deputy CISO, Netskope) who have been advisors and mentors of PureID since its inception.  Charles Nasser, […]
Read More...

Ajit Hatti July 15, 2021 Advisory Board

The world was recovering from the jolt of Solarwinds, and we have this… face off with another supply chain attack shaking the world. This time it is Kaseya. About Kaseya Kaseya provides unified IT management softwares used by IT teams and Managed service providers (MSPs). VSA is their popular remote monitoring and endpoint management product […]
Read More...

Ajit Hatti July 14, 2021 Credential Stealing

FluBot is a banking malware that is specifically attacking Android phones and stealing bank details and passwords from your device. Like Covid-19, this malware has spread across a wide range of English speaking countries rapidly causing some irreparable damage.  FluBot uses “smishing” – phishing using SMS and text messages. These attacks have seen a huge […]
Read More...

Ramya Erramilli May 4, 2021 Credential Stealing,  Malware

The VPN Meltdown Throughout the March & April month, Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agent (CISA)  has reported numerous  incidents where old vulnerabilities in popular VPNs were exploited by organized (or state sponsored)   hackers, around the world. Large numbers of malware families & malicious actors across the globe […]
Read More...

Shivani Thopte April 27, 2021 Uncategorized

Online world majorly relies on passwords for access control and content security. Enterprises and individuals alike use passwords to keep sensitive information out of the wrong hands. However, enterprises are an extremely high value target for attackers and that level of attention cannot be handled by the humble passwords.  In this blog I will be […]
Read More...

Atharva Chincholkar February 22, 2021 Uncategorized

Slack introduced a bug on 21st December 2020 that caused their android app to store user passwords in plain text on their local storage. Slack communicated users to change their Slack passwords as well as to clear the Slack app data on android devices. The affected users’ passwords have been invalidated and they will be […]
Read More...

Aman Shakya February 15, 2021 Passwordless

1 2 3