The shocking speed of AWS key exploitation 2024-12-02 at 21:19 By Zeljka Zorz It’s no secret that developers often inadvertently expose AWS access keys online and we know that these keys are being scraped and misused by attackers before organizations get a chance to revoke them. Clutch Security researchers performed a test to see just […]
React to this headline:
The shocking speed of AWS key exploitation Read More »
Faraway Russian hackers breached US organization via Wi-Fi 2024-11-25 at 19:03 By Zeljka Zorz Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems of nearby firms, which they leveraged to authenticate to the target’s enterprise Wi-Fi network. The repeated attacks Volexity, a company
React to this headline:
Faraway Russian hackers breached US organization via Wi-Fi Read More »
Simplifying decentralized identity systems for everyday use 2024-10-30 at 07:04 By Mirko Zorz In this Help Net Security interview, Carla Roncato, VP of Identity at WatchGuard Technologies, discusses how companies can balance privacy, security, and usability in digital identity systems. She emphasizes modern techniques like biometrics and passkeys to replace knowledge-based authentication methods and highlights
React to this headline:
Simplifying decentralized identity systems for everyday use Read More »
AI and deepfakes fuel phishing scams, making detection harder 2024-10-24 at 06:03 By Help Net Security AI impersonation is now the hardest vector for cybersecurity professionals to protect companies against, according to Teleport. The study, which surveyed 250 senior US and UK decision-makers, shows that social engineering remains one of the top tactics cybercriminals use
React to this headline:
AI and deepfakes fuel phishing scams, making detection harder Read More »
The Internet Archive breach continues 2024-10-21 at 12:46 By Zeljka Zorz Cybersecurity troubles are not over for the Internet Archive (IA), the nonprofit organization behind the popular digital library site: after the recent DDoS attacks, defacement and data breach, an email sent via its Zendesk customer service platform has shown that some of its IT
React to this headline:
The Internet Archive breach continues Read More »
The NHI management challenge: When employees leave 2024-10-15 at 08:01 By Help Net Security An employee is exiting your organization. Regardless of the terms of departure, an ex-staffer has the potential when they leave or change roles to impact a wide range of non-human identities, digital credentials, and other secrets. Those secrets include the credentials
React to this headline:
The NHI management challenge: When employees leave Read More »
The role of self-sovereign identity in enterprises 2024-10-08 at 07:31 By Help Net Security As personal data becomes increasingly commodified and centralized, the need for individuals to reclaim control over their identities has never been more urgent. Meanwhile, traditional identity systems used by enterprises often expose sensitive information to unnecessary risk, leaving both users and
React to this headline:
The role of self-sovereign identity in enterprises Read More »
Cracking the Cloud: The Persistent Threat of Credential-Based Attacks 2024-10-01 at 16:01 By Kevin Townsend Credentials are still the most common entry point for bad actors, even as businesses deploy multi-factor authentication (MFA) to strengthen defenses. The post Cracking the Cloud: The Persistent Threat of Credential-Based Attacks appeared first on SecurityWeek. This article is an
React to this headline:
Cracking the Cloud: The Persistent Threat of Credential-Based Attacks Read More »
Reducing credential complexity with identity federation 2024-10-01 at 07:01 By Mirko Zorz In this Help Net Security interview, Omer Cohen, Chief Security Officer at Descope, discusses the impact of identity federation on organizational security and user experience. He explains how this approach streamlines credential management and enhances security by leveraging trusted identity providers while simplifying
React to this headline:
Reducing credential complexity with identity federation Read More »
Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts 2024-09-30 at 17:01 By Zeljka Zorz Storm-0501, an affiliate of several high-profile ransomware-as-a-service outfits, has been spotted compromising targets’ cloud environments and on-premises systems. “Storm-0501 is the latest threat actor observed to exploit weak credentials and over-privileged accounts to move from organizations’
React to this headline:
Hackers breaching construction firms via specialized accounting software 2024-09-18 at 17:16 By Zeljka Zorz Firms in the construction industry are getting breached by hackers via internet-exposed servers running Foundation accounting software, Huntress researchers are warning. “We’re seeing active intrusions among plumbing, HVAC, concrete, and similar sub-industries,” they noted. A way into corporate networks Ohio-based Foundation
React to this headline:
Hackers breaching construction firms via specialized accounting software Read More »
Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) 2024-08-28 at 12:02 By Zeljka Zorz Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB, the attacker can perform malicious operations in the database. For
React to this headline:
Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) Read More »
Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom 2024-08-15 at 17:16 By Zeljka Zorz Cybercriminals are breaking into organizations’ cloud storage containers, exfiltrating their sensitive data and, in several cases, have been paid off by the victim organizations to not leak or sell the stolen data. “The attackers
React to this headline:
Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds 2024-08-08 at 18:01 By Kevin Townsend SaaS app log analysis highlights the rapid smash and grab raid: in, steal, and leave in 30 minutes. The post Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
React to this headline:
Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds Read More »
Risk related to non-human identities: Believe the hype, reject the FUD 2024-07-15 at 08:01 By Help Net Security The hype surrounding unmanaged and exposed non-human identities (NHIs), or machine-to-machine credentials – such as service accounts, system accounts, certificates and API keys – has recently skyrocketed. A steady stream of NHI-related breaches is causing some of
React to this headline:
Risk related to non-human identities: Believe the hype, reject the FUD Read More »
From passwords to passkeys: Enhancing security and user satisfaction 2024-06-20 at 07:01 By Mirko Zorz In this Help Net Security interview, Julianna Lamb, Stytch CTO, discusses the advantages of passwordless authentication. Eliminating passwords reduces data breaches and improves user experience by simplifying the login process. Lamb also addresses the technical challenges and economic implications of
React to this headline:
From passwords to passkeys: Enhancing security and user satisfaction Read More »
Medibank breach: Security failures revealed (lack of MFA among them) 2024-06-18 at 17:31 By Zeljka Zorz The 2022 Medibank data breach / extortion attack perpetrated by the REvil ransomware group started by the attackers leveraging login credentials stolen from a private computer of an employee of a Medibank’s IT contractor. According to a statement by
React to this headline:
Medibank breach: Security failures revealed (lack of MFA among them) Read More »
The number of known Snowflake customer data breaches is rising 2024-06-10 at 15:46 By Zeljka Zorz LendingTree subsidiary QuoteWizard and automotive parts provider Advance Auto Parts have been revealed as victims of attackers who are trying to sell data stolen from Snowflake-hosted cloud databases. Snowflake says that their investigation is still ongoing, but continues to
React to this headline:
The number of known Snowflake customer data breaches is rising Read More »
361 million account credentials leaked on Telegram: Are yours among them? 2024-06-04 at 15:03 By Zeljka Zorz A new trove of 361 million email addresses has been added to Have I Been Pwned? (HIBP), the free online service through which users can check whether their account credentials and other data has been compromised in one
React to this headline:
361 million account credentials leaked on Telegram: Are yours among them? Read More »
Snowflake compromised? Attackers exploit stolen credentials 2024-05-31 at 22:17 By Zeljka Zorz Have attackers compromised Snowflake or just their customers’ accounts and databases? Conflicting claims muddy the situation. What is Snowflake? Snowflake is cloud-based data storage and analytics company based in the US, and claims nearly 9,500 organizations around the world as customers. “From an
React to this headline:
Snowflake compromised? Attackers exploit stolen credentials Read More »