A vulnerability (CVE-2018-8340) in Microsoft Active Directory Federation Services (ADFS) allows a second authentication factor for one account to be used for all other accounts in an organization, Okta REX Security Engineer Andrew Lee has discovered. By employing some simple phishing and leveraging the flaw, an attacker could compromise …
Reports of malware campaigns invariably focus on two critical conclusions: attribution and who was the intended target of the attack. It is challenging to draw swift conclusions on the former, due to the use of false flags designed to divert attention from the true source of the attack. Those swift conclusions are modified as more information …
Nothing makes security look worse than the false negative – when we miss an attack and damage is suffered. As security professionals, it’s something we all obsess a lot about. However, the number two thing that makes us look bad is the false positive. We experience this all the time in the physical world. A few months ago, I went to buy …
The DevOps methodology is ready to take the next step in its evolution. The first instance incorporated an operational approach to application development to create in-house, custom apps in a fast-paced, iterative environment. The next step must now insert security at each point of the model. It’s well known that using a modern software …
In the August 2018 Patch Tuesday, Microsoft has plugged over 60 vulnerabilities, two of which …
Fake emails targeting Office 365 users via malicious links inserted into SharePoint documents …
Vulnerable IPSec IKE implementations used in Cisco, Huawei, ZyXel and Clavister networking devices can allow attackers to retrieve session keys and decrypt connections, researchers have found. The attack Dennis Felsch, Martin Grothe and Jörg …
DDoS attack volumes have increased by 50% to an average of 3.3 Gbps during May, June and July 2018, compared to 2.2 Gbps during the previous quarter, according to Link11. Attacks are also becoming increasingly complex, with 46% of incidents …
Many organizations are still struggling to master basic firewall hygiene, promising increased complexity and risk associated with network security policy management for those planning to adopt hybrid cloud models and next-gen architectures, …
In the August 2018 Patch Tuesday, Microsoft has plugged over 60 vulnerabilities, two of which are being actively exploited in the wild. In addition to those, the company has also released a critical update advisory that addresses vulnerabilities …
Fake emails targeting Office 365 users via malicious links inserted into SharePoint documents are the latest trick phishers employ to bypass the platform’s built-in security, Avanan researchers warn. The cloud security company says that …
As the second Payment Services Directive continues its rollout, regulations making it obligatory for organisations to implement strong customer authentication (SCA) in online payments will come into force on September 19th this year. Despite the …
If you believe that by turning off Location History on your Android device or iPhone means that Google won’t be able to know your location, think again: Princeton University researchers have confirmed Google services store users’ …
The U.S. Department of Defense (DoD) and HackerOne launched the Department’s sixth bug bounty program, Hack the Marine Corps. The bug bounty challenge will focus on Marine Corps’ public-facing websites and services in order to harden the …
Keysight Technologies announced Cloud Sensor vTap, a new feature of CloudLens from Ixia, a Keysight Business. Cloud Sensor vTap enables organizations to manage their security risk in private and hybrid cloud environments, such as Microsoft Azure …
This issue delivers a ready-to-use GDPR kit packed full of how-to’s and practical tips that companies need to implement so they don’t end up on the wrong side of an audit. You’ll get the actionable insights you need today, without unnecessary …
