Security News > 2024 > May

Okta is warning that a cross-origin authentication feature in Customer Identity Cloud (CIC) is susceptible to credential stuffing attacks orchestrated by threat actors. "We observed that the...

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 59% of applications in the public sector, compared to the overall rate of 42%. The research analyzed public sector organizations in more than 25 countries across the globe. Veracode researchers found that while slightly fewer public sector organizations have security debt than other industries, they tend to accumulate more of it.

The program comes shortly after several recent announcements by NIST around the 180-day mark of the Executive Order on trustworthy AI and the U.S. AI Safety Institute's unveiling of its strategic vision and international safety network. "With the ARIA program, and other efforts to support Commerce's responsibilities under President Biden's Executive Order on AI, NIST and the U.S. AI Safety Institute are pulling every lever when it comes to mitigating the risks and maximizing the benefits of AI," Raimondo continued.

An astonishing 84% of identity stakeholders said incidents directly impacted their business, up from 68% in 2023. 22% of businesses see managing and securing digital identities as the number one priority of their security program, up from 17% in 2023.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware-answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware. Sonatype researcher Ax Sharma discovered this new PyPi package is part of a previously known 'Cool package' campaign, named after a string in the package's metadata, that targeted Windows users last year.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Microsoft has released the May 2024 non-security preview update for Windows 11 versions 22H2 and 23H2, which includes 32 fixes and changes. Among this cumulative update's highlights, Microsoft mentions fixing an issue causing the Windows File Explorer to freeze when swiping from the screen edge after turning off edge swiping and a second bug fix that causes it to start with a two-minute delay after pining a folder on a network share to Quick Access.

Microsoft has released the optional KB5037849 Preview cumulative update for Windows 10 22H2 with nine fixes or changes. Windows users can install this update by going into Settings, clicking on Windows Update, and manually performing a 'Check for Updates.