HACKRead
MITM Attacks Can Still Bypass FIDO2 Security, Researchers Warn
Researchers warn that hackers can bypass FIDO2 phishing-resistant protections under certain conditions using a sophisticated MITM technique.
Cyber Security News
10 Best Network Security Providers for Healthcare Industry in 2024
Best Network Security Providers for the Healthcare Industry - 1. Perimeter 81, 2. Palo Alto Networks, 3. Fortinet, 4. Cisco, 5. Trend Micro
DarkReading
Unprotected Session Tokens Can Undermine FIDO2 Security
While the protocol has made passwordless authentication a reality, token-binding is key to prevent against token theft and reuse, security vendor says.
The Hacker News
The 2024 Browser Security Report Uncovers How Every Web Session Could be a Security Minefield
Are your browser extensions safe? 33% in most orgs aren't! Learn to protect your data with insights from the 2024 Browser Security Report.
DarkReading
Is CISA's Secure by Design Pledge Toothless?
CISA's agreement is voluntary and, frankly, basic. Signatories say that's a good thing.
CyberNews
Amazon launches its Bedrock Studio preview
Amazon has announced the preview launch of Amazon Bedrock Studio, which allows developers to build generative artificial intelligence applications.
HACKRead
Findings Show MFA Bypass in Microsoft Azure Entra ID Using Seamless SSO
This article explores Microsoft Azure Entra ID flaw, explains the vulnerability in context, and offers actionable steps to secure your organization.
SecurityWeek
RSA Conference 2024 – Announcements Summary (Day 2)
Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
The Hacker News
Google Simplifies 2-Factor Authentication Setup (It's More Important Than Ever)
Google has made enabling two-factor authentication (2FA) easier for personal and Workspace accounts.
SC Magazine
RSAC 2024: Outfoxing SSO: Bypassing modern authentication
Identity security firm Silverfort shows how an adversary could bypass FIDO2 protections and SSO to hijack a session token for abuse.
The Hacker News
10 Critical Endpoint Security Tips You Should Know
Unlock Endpoint Security with our top 10 must-know tips! From MFA to EDR, discover how to protect your digital kingdom.
DarkReading
LastPass Users Lose Master Passwords to Ultra-Convincing Scam
CryptoChameleon attackers trade quantity for quality, dedicating time and resources to trick even the most diligent into handing over their high-value credentials.
The Hacker News
How Attackers Can Own a Business Without Touching the Endpoint
How attackers are hacking organizations without touching the endpoint by targeting cloud identities.
Bleeping Computer
Cybercriminals pose as LastPass staff to hack password vaults
LastPass is warning of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft.
SC Magazine
Cisco Duo customer MFA message logs stolen in supply chain hack
A social-engineering attack against one of the company’s telephony suppliers led to the breach.
The Hacker News
Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks
Muddled Libra threat group weaponizes SaaS & cloud environments for data exfiltration.
Bleeping Computer
How to automate up to 90% of IT offboarding tasks
Employee offboarding isn't anybody's favorite task—but it's a critical IT process that needs to be executed diligently and efficiently. Learn more from Nudge Security on automating offboarding of users in a secure manner.
Krebs on Security
Why CISA is Warning CISOs About a Breach at Sisense
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard.…
CSO
Your employees are using sensitive corporate devices for personal browsing
Study shows more than 97% of employees use the same devices for work and personal activities.
DarkReading
1-Click Takeover Bug in AWS Apache Airflow Reveals Larger Risk
A bug exposed users of an AWS workflow management service to cookie tossing. Behind the scenes lies an even deeper issue across all of the top cloud services.
The Hacker News
Join Our Webinar on Protecting Human and Non-Human Identities in SaaS Platforms
From Humans to Bots: Every Identity in Your SaaS App Could Be a Backdoor for Cybercriminals. Join an informative webinar on identity risks in SaaS app
Bleeping Computer
Okta says data leaked on hacking forum not from its systems
Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum.
Cyber Security News
Cyber Security News Weekly Round-Up : Vulnerabilities, Cyber Attacks, Threats & New Cyber Stories
Stay updated with the most recent advancements in the cybersecurity industry with our weekly recap of cybersecurity news.
The Hacker News
Human vs. Non-Human Identity in SaaS
From Calendly integrations to SwiftPOS data transfers, non-human accounts play a crucial role in SaaS ecosystems. Learn why their security is as criti
The Cyber Express
Human Error, Not Hackers, Top Cybersecurity Threat, Say CTOs
In today's digital landscape, the threat of cyberattacks looms large, with organizations facing increasingly sophisticated threats. According to research conducted
SecurityWeek
FCC Employees Targeted in Sophisticated Phishing Attacks
Advanced phishing kit employs novel tactics in attack targeting cryptocurrency platforms and FCC employees.
DataBreaches
Hackers target FCC, crypto firms in advanced Okta phishing attacks
Bill Toulas reports: A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially...
Bleeping Computer
Hackers target FCC, crypto firms in advanced Okta phishing attacks
A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the originals.
DarkReading
CryptoChameleon Attackers Target Apple, Okta Users
A sophisticated threat actor using an MO similar to Scattered Spider is camouflaging itself with convincing impersonation techniques in targeted attacks.
HACKRead
CryptoChameleon Phishing Scam Targets Crypto Users and FCC Employees
Lookout has discovered a phishing campaign, dubbed "CryptoChameleon," that mimics legitimate login pages for cryptocurrency platforms.
The Hacker News
New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users
Cryptocurrency users BEWARE! Sophisticated phishing kit actively impersonating major exchanges.
CSO
If you are generating SAML signing certificates externally, STOP!!
SAML authentication certificates, generated with tools other than dedicated cloud identity solutions, can be forged by hackers, according to a new proof of concept.
DarkReading
Echoes of SolarWinds in New 'Silver SAML' Attack Technique
A successor to the "Golden SAML" tactic used in the SolarWinds campaign, this new technique taps SAML response forgery to gain illegitimate access to apps and services.
SC Magazine
‘CryptoChameleon’ campaign targets employees of cryptocurrencies, FCC
Phishing campaign started with customers of cryptocurrency companies.
SC Magazine
VMware issues no-patch advisory for critical flaw in old SSO plugin
The VMware Enhanced Authentication Plug-in risks authentication relay and session hijacking.
Bleeping Computer
Ransomware Groups, Targeting Preferences, and the Access Economy
The cybercrime ecosystem has created a supply chain of stolen accounts and breached networks that are used to fuel ransomware attacks and data breaches. Learn more from Flare about how this supply chain has led to an explosion of cybercrime.
SecurityWeek
Cyber Insights 2024: Supply Chain
Supply chain security: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers
Cyber Security News
Top 10 Best Network Security Solutions for IT Managers - 2024
Best Network Security Solutions for IT Managers : 1. Perimeter 81 2. Palo Alto Networks 3. Cisco 4. Rapid 5. Fortinet 5. Sophos.
Infosecurity News
Cybersecurity Spending Expected to be Slashed in 41% of SMEs
JumpCloud found that 41% of SME IT professionals expect cybersecurity spending to be cut in their organization, increasing the risk of cyber-attacks
Computerworld
How to thwart cyber criminals seeking to target smaller businesses
Cyber attackers believe that smaller businesses are an attractive target. Small but savvy security teams can minimise the risks by using the right technology.
The Hacker News
4 Ways Hackers use Social Engineering to Bypass MFA
Understand how hackers exploit social engineering to circumvent MFA and fortify your cybersecurity defenses accordingly.
Cyber Security News
10 Best Network as a Service (NaaS) for MSSP Providers - 2024
Network as a Service for MSSP : 1. Perimeter 81 2. Cloudflare 3. Prisma Cloud 4. Megaport 5. Akamai 6. Aryaka 7. Converged Cloud.
The Cyber Express
Maxis Berhad Data Found on Dark Web After Alleged Cyberattack By R00TK1T ISC Cyber Team
A recent Maxis Berhad cyberattack has been attributed to the R00TK1T ISC Cyber Team, stirring concerns about data security and
CyberNews
Mercedes source code exposed via GitHub token leak
Exposed GitHub token exposed sensitive Mercedes data for several months.
SecurityWeek
Leaked GitHub Token Exposed Mercedes Source Code
A leaked token provided unrestricted access to the entire source code on Mercedes-Benz’s GitHub Enterprise server.
Bleeping Computer
A mishandled GitHub token exposed Mercedes-Benz source code
A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public.
The Hacker News
What is Nudge Security and How Does it Work?
Learn how you can regain control of SaaS security and governance with a scalable solution purpose-built for the modern workforce.
SecurityWeek
GitLab Patches Critical Password Reset Vulnerability
GitLab has resolved a critical authentication vulnerability allowing attackers to hijack password reset emails.
The Hacker News
5 Ways to Reduce SaaS Security Risks
80% of breaches involve compromised identities. Discover how Nudge Security offers practical SaaS security solutions to safeguard your data.
SecurityWeek
Palo Alto Networks Completes Acquisition of Talon
Palo Alto Networks closed the acquisition of Talon Cyber Security, a startup selling a secure browser technology to enterprise customers.
The Hacker News
Non-Human Access is the Path of Least Resistance: A 2023 Recap
With 11 high-profile attacks in 13 months and a volatile, ungoverned attack surface, non-human identities are the new perimeter, and 2023 is only the
SecurityWeek
Trail of Bits Spinout iVerify Tackles Mercenary Spyware Threat
iVerify, a seed-stage startup spun out of Trail of Bits, ships a mobile threat hunting platform to neutralize iOS and Android zero-days.
The Cyber Wire
23andMe's data incident.
23andMe's data incident is found to have a greater scope than initially expected.
SecurityWeek
New Relic Says Hackers Accessed Internal Environment Using Stolen Credentials
New Relic said hackers gained access to the environment using social engineering and stolen credentials for an employee account.
The Hacker News
Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk
Offboarded Employees Still Pose Risks: Former employees might retain access to your SaaS apps. Find out why and how to prevent data leakage.
Bleeping Computer
Staples confirms cyberattack behind service outages, delivery issues
American office supply retailer Staples took down some of its systems earlier this week after a cyberattack to contain the breach's impact and protect customer data.
The Hacker News
Okta Discloses Broader Impact Linked to October 2023 Support System Breach
Okta detected additional malicious activity tied to the October 2023 breach. Names and emails of support system users were compromised.
The Hacker News
How to Handle Retail SaaS Security on Cyber Monday
Cyber Monday Alert: $13.7 billion in spending today! Retailers, safeguard your SaaS apps to protect customer data.
Cyber Security News
Hackers Exploit Google Workspace to Exfiltrate Data and Deploy Ransomware
Recent research into Google Workspace and Google Cloud Platform by Bitdefender Labs reveals novel attack methods, potentially leading.
Cyber Security News
FBI Shares Tactics & Techniques Used by Scattered Spider Hacker Group
Recently, the FBI and CISA issued a joint Cybersecurity Advisory (CSA) on Scattered Spider threat actors targeting commercial facilities.
The Hacker News
How to Automate the Hardest Parts of Employee Offboarding
Eliminate 90% of the time and effort in finding and offboarding cloud and SaaS accounts. Say goodbye to IT offboarding headaches.
The Hacker News
Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks
Novel attack methods targeting Google Workspace & Cloud Platform could enable ransomware and data breaches.
Cyber Security News
Best Network Security Vendors for SaaS - 2024
Best Network Security Vendors for SaaS : 1. Perimeter 81 2. Palo Alto Networks 3. Fortinet 4. Symantec 5. Check Point 6. McAfee 7. Okta.
Security Affairs
Critical flaw fixed in SAP Business One product
Enterprise software giant SAP addressed a critical improper access control vulnerability in its Business One product.
CSO
Facebook tops security ratings among social networks
Enterprise-grade authentication remains an Achilles heel of the social media world, but security is improving in other areas, according to a report by access management provider Cerby.
DataBreaches
Update: Daixin leaks more data from Bluewater Health and other hospitals; databases yet to be leaked
As some will likely have already noticed, Daixin Team released the second part of the data leak from five hospitals in Ontario that have IT services provided...
DataBreaches
Okta hit by third-party data breach exposing employee information
Bill Toulas reports: Okta is warning nearly 5,000 current and former employees that their personal information was exposed after a third-party vendor was...
SecurityWeek
FusionAuth Snags $65 Million Investment for Customer Identity Tech
Colorado startup raises new capital from Updata Partners to build out its customer authentication and authorization technology.
Bleeping Computer
Okta data breach exposed personal information of employees
Okta is warning nearly 5,000 current and former employees that their personal information was exposed after a third-party vendor was breached.
Bleeping Computer
Okta hit by third-party data breach exposing employee information
Okta is warning nearly 5,000 current and former employees that their personal information was exposed after a third-party vendor was breached.
The Hacker News
SaaS Security is Now Accessible and Affordable to All
Worried about shadow IT and SaaS security? Wing Security's "Essential SSPM" offers a solution. Discover, Assess, Control.
Bleeping Computer
LayerX Enterprise Browser Security Extension – Secure the Modern Workspace
LayerX has developed a secure enterprise browser extension that delivers comprehensive visibility, monitoring, and granular policy enforcement on every event within a browsing session. Learn more about this cybersecurity platform from LayerxSecurity.
The Hacker News
Hands on Review: LayerX's Enterprise Browser Security Extension
Protect your organization's most critical interface—The Browser! LayerX's secure extension offers comprehensive visibility and policy enforcement, de
Bleeping Computer
Microsoft 365 users get workaround for ‘Something Went Wrong’ errors
Microsoft shared a workaround for a known Microsoft 365 issue triggering 'Something Went Wrong [1001]' sign-in errors and making desktop applications unusable for many customers.
Cyber Security News
11 Best Cloud Access Security Broker Software (CASB) - 2023
Best Cloud Access Security Broker (CASB) Software: 1. DoControl CASB 2. Microsoft Cloud App Security 3. Forcepoint 4. Palo Alto Networks.
The Record
Grammarly says it corrected sign-in vulnerabilities after alert from cyber researchers
The bugs, found by researchers at Salt Security, involved social sign-in — when someone accesses a web service through their credentials on another platform. Other companies were affected besides Grammarly.
The Hacker News
Okta's Support System Breach Exposes Customer Data to Unidentified Threat Actors
Okta discloses breach, impacting customers including BeyondTrust and Cloudflare.
-1.webp)
Cyber Security News
U.S. Government Releases Popular Phishing Technique Used by Hackers
Phishing is a cyberattack that uses deception to trick people into giving away sensitive information or taking actions that compromise security.
Bleeping Computer
Single Sign On and the Cybercrime Ecosystem
One of the trends driving an increase is the compromise of enterprise single sign on (SSO) applications are info-stealer malware attacks. Learn more from Flare about this cybercrime ecosystem.
The Hacker News
Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication
Microsoft plans to phase out the '90s NT LAN Manager (NTLM) in favor of a stronger focus on Kerberos for authentication in Windows 11.
-1-1.webp)
Cyber Security News
Top 10 Best SaaS Security Tools
Top 10 Best SaaS Security Tools. 1. DoControl, 2. Splunk, 3. Zscaler, 4. Qualys, 5. Proofpoint, 6. Veracode, 7. Okta, 8. Trend Micro.
Infosecurity News
CISA and NSA Tackle IAM Security Challenges in New Report
The document is authored by the Enduring Security Framework (ESF)
Cyber Security News
Top 10 SaaS Security Risks and How to Mitigate Them
Top 10 SaaS Security Risks and How to Mitigate Them. 1. Data Breaches, 2. Account Hijacking, 3. Lack of Identity and Access Management (IAM).
SecurityWeek
CISA, NSA Publish Guidance on IAM Challenges for Developers, Vendors
New US government guidance details the challenges that application developers and vendors face in identity and access management (IAM).
Cyber Security News
Best Software Defined Perimeter (SDP) Tools in 2023
Best Software Define Perimeter Tools & Software : 1. Perimeter 81 SDP 2. Good Access 3. Twingate SDP 4. NetMotion SDP 5. Appgate SDP and more.
SecurityWeek
MGM Hackers Broadening Targets, Monetization Strategies
The financially motivated UNC3944 group that hacked MGM has hit at least 100 organizations, mainly in the US and Canada.
The Hacker News
Avoid These 5 IT Offboarding Pitfalls
This article covers four of the most common pitfalls of IT offboarding in a SaaS-first world, along with advice on how to navigate around them.
SecurityWeek
AuthMind Scores $8.5M Seed Funding for ITDR Tech
Maryland startup scores $8.5 million in seed-stage funding to compete in the Identity Threat Detection and Response (ITDR) category.
The Hacker News
7 Steps to Kickstart Your SaaS Security Program
Discover the key steps to secure your SaaS applications effectively. From mapping your apps to identity governance, this guide has you covered
The Hacker News
Cisco Issues Urgent Fix for Authentication Bypass Bug Affecting BroadWorks Platform
Cisco takes action against critical security flaw, while Juniper Networks and Tenda Modem Router also face vulnerabilities in BroadWorks platform.
Bleeping Computer
Cisco BroadWorks impacted by critical authentication bypass flaw
A critical vulnerability impacting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow remote attackers to forge credentials and bypass authentication.
SecurityWeek
Cisco Patches Critical Vulnerability in BroadWorks Platform
Cisco has released patches for CVE-2023-20238, a critical authentication bypass vulnerability in the BroadWorks Application Delivery Platform.
CyberSecurity Dive
Okta customers’ IT staff duped by MFA reset swindle
IT workers at four organizations using Okta were successfully hit by a consistent pattern of social engineering attacks.
Ars Technica
4 Okta customers hit by campaign that gave attackers super admin control
Attackers already had credentials. Now, they just needed to bypass 2FA protections.
Infosecurity News
Mend.io SAML Vulnerability Exposed
SAML flaw in enabled rogue customers to access others’ SaaS data
SecurityWeek
Okta Says US Customers Targeted in Sophisticated Attacks
Okta says US-based customers have been targeted in social engineering attacks whose goal was to disable MFA and obtain high privileges.
Bleeping Computer
Okta: Hackers target IT help desks to gain Super Admin, disable MFA
Identity and access management company Okta released a warning about social engineering attacks targeting IT service desk agents at U.S.-based customers in an attempt to trick them into resetting multi-factor authentication (MFA) for high-privileged users.
The Hacker News
Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges
Beware! Okta warns of social engineering attacks aimed at admin credentials. Threat actors are manipulating multi-factor authentication settings.
Infosecurity News
OpenAI Promises Enterprise-Grade Security with ChatGPT for Business
OpenAI has launched ChatGPT Enterprise highlighting high-profile customers including Klarna, PwC and The Estee Lauder Companies
Cyber Security News
OpenAI Released ChatGPT Enterprise With SOC 2 Compliant & Data Encryption
ChatGPT has released a new enterprise version which is claimed to be SOC 2 compliant with Enterprise-grade security & higher-speed ChatGPT-4 access.
Loading more articles....