Security News > 2022 > June

A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data. In a paper titled "MEGA: Malleable Encryption Goes Awry," the researchers point out how MEGA's system does not protect its users against a malicious server, thereby enabling a rogue actor to fully compromise the privacy of the uploaded files.

Middle market companies face an increasingly volatile cybersecurity environment, with threats coming from more directions than ever before and more skilled criminals targeting the segment,...

Okta has completed its analysis of the March 2022 incident that saw The Lapsus$ extortion crew get a glimpse at some customer information, and concluded that its implementation of zero trust techniques foiled the attack - and that its outsourced customer service provider Sitel was largely to blame for the confusion surrounding the incident. Winterford explained that the incident started in January when an Okta analyst observed a Sitel support engineer attempting to reset a password - but did so from outside the expected network range, did not attempt to fulfil a multifactor authentication challenge, and requested the new login details be sent to a Sitel email address managed under Microsoft 365 rather than the expected Okta address managed under Google Workspaces.

One of the strong points of the Enzoic for Active Directory solution is that it's fully compliant with NIST's password guidelines helping organizations easily achieve industry best practices for passwords. In its most recent release, Enzoic for Active Directory is going beyond just checking passwords to see whether they've been compromised generally - it now also checks full credential pairs.

In this video for Help Net Security, Christofer Hoff, Chief Secure Technology Officer at LastPass, talks about the benefits of passwordless authentication. To enable all the various components to work together across devices, operating systems, browsers and applications.

DevOps teams have historically viewed security teams as the "Release prevention department" with overly conservative approaches to risk mitigation. Security teams think accelerated software releases pose too great a risk to governance, security and regulatory controls.

"Most often associated with digital art, NFTs are considered to be the modern equivalent of an art collection. Only a certain number of NFTs are produced for a project and they have a variety of traits, which can contribute to the value of an NFT from a rarity standpoint," Narang explains. "Most of the popular NFT projects are what are called PFPs projects like CryptoPunks or Bored Apes. Buyers acquire these and use them as their profile pictures on social media, because social media has become our digital art gallery. While it's true that anyone can right click and save a PFP from one of these projects and claim it for their own, because these are blockchain based projects, there is a way to verifiably prove ownership. Twitter recognized the value of NFTs as PFPs, which is why they started offering the ability for cryptocurrency enthusiasts to verify ownership of their NFTs on the blockchain in a more transparent way."

A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021. To that end, it has come to light that two malware domains identified as hosting credit card skimmer code - "Scanalytic[.]org" and "Js.staticounter[.]net" - are part of a broader infrastructure used to carry out the intrusions, Malwarebytes said in a Tuesday analysis.

What is the price for personal information, including credit cards and bank accounts, on the dark web? Privacy Affairs researchers concluded criminals using the dark web need only spend $1,115 for a complete set of a person's account details, enabling them to create fake IDs and forge private documents, such as passports and driver's licenses.

77% of security leaders agree that their company must increase protection for messages and documents sent via email. What market shifts are impacting security strategies and data breaches? How are companies building customer trust and making email encryption easier to use?