HACKRead
MITM Attacks Can Still Bypass FIDO2 Security, Researchers Warn
Researchers warn that hackers can bypass FIDO2 phishing-resistant protections under certain conditions using a sophisticated MITM technique.
HACKRead
Researchers warn that hackers can bypass FIDO2 phishing-resistant protections under certain conditions using a sophisticated MITM technique.
Cyber Security News
Best Network Security Providers for the Healthcare Industry - 1. Perimeter 81, 2. Palo Alto Networks, 3. Fortinet, 4. Cisco, 5. Trend Micro
DarkReading
While the protocol has made passwordless authentication a reality, token-binding is key to prevent against token theft and reuse, security vendor says.
The Hacker News
Are your browser extensions safe? 33% in most orgs aren't! Learn to protect your data with insights from the 2024 Browser Security Report.
DarkReading
CISA's agreement is voluntary and, frankly, basic. Signatories say that's a good thing.
CyberNews
Amazon has announced the preview launch of Amazon Bedrock Studio, which allows developers to build generative artificial intelligence applications.
HACKRead
This article explores Microsoft Azure Entra ID flaw, explains the vulnerability in context, and offers actionable steps to secure your organization.
SecurityWeek
Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
The Hacker News
Google has made enabling two-factor authentication (2FA) easier for personal and Workspace accounts.
SC Magazine
Identity security firm Silverfort shows how an adversary could bypass FIDO2 protections and SSO to hijack a session token for abuse.
The Hacker News
Unlock Endpoint Security with our top 10 must-know tips! From MFA to EDR, discover how to protect your digital kingdom.
DarkReading
CryptoChameleon attackers trade quantity for quality, dedicating time and resources to trick even the most diligent into handing over their high-value credentials.
The Hacker News
How attackers are hacking organizations without touching the endpoint by targeting cloud identities.
Bleeping Computer
LastPass is warning of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft.
SC Magazine
A social-engineering attack against one of the company’s telephony suppliers led to the breach.
The Hacker News
Muddled Libra threat group weaponizes SaaS & cloud environments for data exfiltration.
Bleeping Computer
Employee offboarding isn't anybody's favorite task—but it's a critical IT process that needs to be executed diligently and efficiently. Learn more from Nudge Security on automating offboarding of users in a secure manner.
Krebs on Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard.…
CSO
Study shows more than 97% of employees use the same devices for work and personal activities.
DarkReading
A bug exposed users of an AWS workflow management service to cookie tossing. Behind the scenes lies an even deeper issue across all of the top cloud services.
The Hacker News
From Humans to Bots: Every Identity in Your SaaS App Could Be a Backdoor for Cybercriminals. Join an informative webinar on identity risks in SaaS app
Bleeping Computer
Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum.
Cyber Security News
Stay updated with the most recent advancements in the cybersecurity industry with our weekly recap of cybersecurity news.
The Hacker News
From Calendly integrations to SwiftPOS data transfers, non-human accounts play a crucial role in SaaS ecosystems. Learn why their security is as criti
The Cyber Express
In today's digital landscape, the threat of cyberattacks looms large, with organizations facing increasingly sophisticated threats. According to research conducted
SecurityWeek
Advanced phishing kit employs novel tactics in attack targeting cryptocurrency platforms and FCC employees.
DataBreaches
Bill Toulas reports: A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially...
Bleeping Computer
A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the originals.
DarkReading
A sophisticated threat actor using an MO similar to Scattered Spider is camouflaging itself with convincing impersonation techniques in targeted attacks.
HACKRead
Lookout has discovered a phishing campaign, dubbed "CryptoChameleon," that mimics legitimate login pages for cryptocurrency platforms.
The Hacker News
Cryptocurrency users BEWARE! Sophisticated phishing kit actively impersonating major exchanges.
CSO
SAML authentication certificates, generated with tools other than dedicated cloud identity solutions, can be forged by hackers, according to a new proof of concept.
DarkReading
A successor to the "Golden SAML" tactic used in the SolarWinds campaign, this new technique taps SAML response forgery to gain illegitimate access to apps and services.
SC Magazine
Phishing campaign started with customers of cryptocurrency companies.
SC Magazine
The VMware Enhanced Authentication Plug-in risks authentication relay and session hijacking.
Bleeping Computer
The cybercrime ecosystem has created a supply chain of stolen accounts and breached networks that are used to fuel ransomware attacks and data breaches. Learn more from Flare about how this supply chain has led to an explosion of cybercrime.
SecurityWeek
Supply chain security: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers
Cyber Security News
Best Network Security Solutions for IT Managers : 1. Perimeter 81 2. Palo Alto Networks 3. Cisco 4. Rapid 5. Fortinet 5. Sophos.
Infosecurity News
JumpCloud found that 41% of SME IT professionals expect cybersecurity spending to be cut in their organization, increasing the risk of cyber-attacks
Computerworld
Cyber attackers believe that smaller businesses are an attractive target. Small but savvy security teams can minimise the risks by using the right technology.
The Hacker News
Understand how hackers exploit social engineering to circumvent MFA and fortify your cybersecurity defenses accordingly.
Cyber Security News
Network as a Service for MSSP : 1. Perimeter 81 2. Cloudflare 3. Prisma Cloud 4. Megaport 5. Akamai 6. Aryaka 7. Converged Cloud.
The Cyber Express
A recent Maxis Berhad cyberattack has been attributed to the R00TK1T ISC Cyber Team, stirring concerns about data security and
CyberNews
Exposed GitHub token exposed sensitive Mercedes data for several months.
SecurityWeek
A leaked token provided unrestricted access to the entire source code on Mercedes-Benz’s GitHub Enterprise server.
Bleeping Computer
A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public.
The Hacker News
Learn how you can regain control of SaaS security and governance with a scalable solution purpose-built for the modern workforce.
SecurityWeek
GitLab has resolved a critical authentication vulnerability allowing attackers to hijack password reset emails.
The Hacker News
80% of breaches involve compromised identities. Discover how Nudge Security offers practical SaaS security solutions to safeguard your data.
SecurityWeek
Palo Alto Networks closed the acquisition of Talon Cyber Security, a startup selling a secure browser technology to enterprise customers.
The Hacker News
With 11 high-profile attacks in 13 months and a volatile, ungoverned attack surface, non-human identities are the new perimeter, and 2023 is only the
SecurityWeek
iVerify, a seed-stage startup spun out of Trail of Bits, ships a mobile threat hunting platform to neutralize iOS and Android zero-days.
The Cyber Wire
23andMe's data incident is found to have a greater scope than initially expected.
SecurityWeek
New Relic said hackers gained access to the environment using social engineering and stolen credentials for an employee account.
The Hacker News
Offboarded Employees Still Pose Risks: Former employees might retain access to your SaaS apps. Find out why and how to prevent data leakage.
Bleeping Computer
American office supply retailer Staples took down some of its systems earlier this week after a cyberattack to contain the breach's impact and protect customer data.
The Hacker News
Okta detected additional malicious activity tied to the October 2023 breach. Names and emails of support system users were compromised.
The Hacker News
Cyber Monday Alert: $13.7 billion in spending today! Retailers, safeguard your SaaS apps to protect customer data.
Cyber Security News
Recent research into Google Workspace and Google Cloud Platform by Bitdefender Labs reveals novel attack methods, potentially leading.
Cyber Security News
Recently, the FBI and CISA issued a joint Cybersecurity Advisory (CSA) on Scattered Spider threat actors targeting commercial facilities.
The Hacker News
Eliminate 90% of the time and effort in finding and offboarding cloud and SaaS accounts. Say goodbye to IT offboarding headaches.
The Hacker News
Novel attack methods targeting Google Workspace & Cloud Platform could enable ransomware and data breaches.
Cyber Security News
Best Network Security Vendors for SaaS : 1. Perimeter 81 2. Palo Alto Networks 3. Fortinet 4. Symantec 5. Check Point 6. McAfee 7. Okta.
Security Affairs
Enterprise software giant SAP addressed a critical improper access control vulnerability in its Business One product.
CSO
Enterprise-grade authentication remains an Achilles heel of the social media world, but security is improving in other areas, according to a report by access management provider Cerby.
DataBreaches
As some will likely have already noticed, Daixin Team released the second part of the data leak from five hospitals in Ontario that have IT services provided...
DataBreaches
Bill Toulas reports: Okta is warning nearly 5,000 current and former employees that their personal information was exposed after a third-party vendor was...
SecurityWeek
Colorado startup raises new capital from Updata Partners to build out its customer authentication and authorization technology.
Bleeping Computer
Okta is warning nearly 5,000 current and former employees that their personal information was exposed after a third-party vendor was breached.
Bleeping Computer
Okta is warning nearly 5,000 current and former employees that their personal information was exposed after a third-party vendor was breached.
The Hacker News
Worried about shadow IT and SaaS security? Wing Security's "Essential SSPM" offers a solution. Discover, Assess, Control.
Bleeping Computer
LayerX has developed a secure enterprise browser extension that delivers comprehensive visibility, monitoring, and granular policy enforcement on every event within a browsing session. Learn more about this cybersecurity platform from LayerxSecurity.
The Hacker News
Protect your organization's most critical interface—The Browser! LayerX's secure extension offers comprehensive visibility and policy enforcement, de
Bleeping Computer
Microsoft shared a workaround for a known Microsoft 365 issue triggering 'Something Went Wrong [1001]' sign-in errors and making desktop applications unusable for many customers.
Cyber Security News
Best Cloud Access Security Broker (CASB) Software: 1. DoControl CASB 2. Microsoft Cloud App Security 3. Forcepoint 4. Palo Alto Networks.
The Record
The bugs, found by researchers at Salt Security, involved social sign-in — when someone accesses a web service through their credentials on another platform. Other companies were affected besides Grammarly.
The Hacker News
Okta discloses breach, impacting customers including BeyondTrust and Cloudflare.
Cyber Security News
Phishing is a cyberattack that uses deception to trick people into giving away sensitive information or taking actions that compromise security.
Bleeping Computer
One of the trends driving an increase is the compromise of enterprise single sign on (SSO) applications are info-stealer malware attacks. Learn more from Flare about this cybercrime ecosystem.
The Hacker News
Microsoft plans to phase out the '90s NT LAN Manager (NTLM) in favor of a stronger focus on Kerberos for authentication in Windows 11.
Cyber Security News
Top 10 Best SaaS Security Tools. 1. DoControl, 2. Splunk, 3. Zscaler, 4. Qualys, 5. Proofpoint, 6. Veracode, 7. Okta, 8. Trend Micro.
Infosecurity News
The document is authored by the Enduring Security Framework (ESF)
Cyber Security News
Top 10 SaaS Security Risks and How to Mitigate Them. 1. Data Breaches, 2. Account Hijacking, 3. Lack of Identity and Access Management (IAM).
SecurityWeek
New US government guidance details the challenges that application developers and vendors face in identity and access management (IAM).
Cyber Security News
Best Software Define Perimeter Tools & Software : 1. Perimeter 81 SDP 2. Good Access 3. Twingate SDP 4. NetMotion SDP 5. Appgate SDP and more.
SecurityWeek
The financially motivated UNC3944 group that hacked MGM has hit at least 100 organizations, mainly in the US and Canada.
The Hacker News
This article covers four of the most common pitfalls of IT offboarding in a SaaS-first world, along with advice on how to navigate around them.
SecurityWeek
Maryland startup scores $8.5 million in seed-stage funding to compete in the Identity Threat Detection and Response (ITDR) category.
The Hacker News
Discover the key steps to secure your SaaS applications effectively. From mapping your apps to identity governance, this guide has you covered
The Hacker News
Cisco takes action against critical security flaw, while Juniper Networks and Tenda Modem Router also face vulnerabilities in BroadWorks platform.
Bleeping Computer
A critical vulnerability impacting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow remote attackers to forge credentials and bypass authentication.
SecurityWeek
Cisco has released patches for CVE-2023-20238, a critical authentication bypass vulnerability in the BroadWorks Application Delivery Platform.
CyberSecurity Dive
IT workers at four organizations using Okta were successfully hit by a consistent pattern of social engineering attacks.
Ars Technica
Attackers already had credentials. Now, they just needed to bypass 2FA protections.
Infosecurity News
SAML flaw in enabled rogue customers to access others’ SaaS data
SecurityWeek
Okta says US-based customers have been targeted in social engineering attacks whose goal was to disable MFA and obtain high privileges.
Bleeping Computer
Identity and access management company Okta released a warning about social engineering attacks targeting IT service desk agents at U.S.-based customers in an attempt to trick them into resetting multi-factor authentication (MFA) for high-privileged users.
The Hacker News
Beware! Okta warns of social engineering attacks aimed at admin credentials. Threat actors are manipulating multi-factor authentication settings.
Infosecurity News
OpenAI has launched ChatGPT Enterprise highlighting high-profile customers including Klarna, PwC and The Estee Lauder Companies
Cyber Security News
ChatGPT has released a new enterprise version which is claimed to be SOC 2 compliant with Enterprise-grade security & higher-speed ChatGPT-4 access.
Loading more articles....