Security News

New iShield FIDO2 USB-A / NFC security key protects access to applications and online services. With iShield FIDO2, the industrial storage and security products specialist Swissbit now introduces its first authenticator for the FIDO2 open authentication standard.

Okta is a large company that provides authentication services for companies like FedEx and Moody's to enable access to their networks. Those support engineers have limited access to data.

The Lapsus$ extortion crew has turned its attention to identity platform Okta and published screenshots purportedly showing the group gaining access to the company's internals. Oliver Pinson-Roxburgh, CEO of security outfit Bulletproof, warned: "As the gatekeeper to the networks and data of thousands of organizations, a breach at Okta would have significant consequences."

Microsoft and authentication services provider Okta said they are investigating claims of a potential breach alleged by the LAPSUS$ extortionist gang. The leaked 37GB archive shows that the group may have accessed the repositories related to Microsoft's Bing, Bing Maps, and Cortana, with the images highlighting Okta's Atlassian suite and in-house Slack channels.

One of the most effective ways cybercriminals can execute ransomware attacks? Email. Given that emails deliver 96% of all social engineering attacks, email authentication provides the best first-line defense against ransomware attacks.

An identity and access management research report from Enterprise Strategy Group, finds organizations, frustrated with poor user experience and weak security, are moving towards adopting passwordless, continuous authentication. The impact of adopting passwordless authentication 40% of organizations using multi-factor authentication for customers make it optional.

Hackers have begun adapting to wider use of multi-factor authentication. Security researchers at Proofpoint are warning of a new threat that's only likely to become more serious as time goes on: Hackers who publish phishing kits are beginning to add multi-factor authentication bypassing capabilities to their software.

A group of academics at South Korea's Gwangju Institute of Science and Technology have utilized natural silk fibers from domesticated silkworms to build an environmentally friendly digital security system that they say is "Practically unbreachable." "The first natural physical unclonable function [] takes advantage of the diffraction of light through natural microholes in native silk to create a secure and unique digital key for future security solutions," the researchers said.

Cybersecurity researchers have disclosed details of a now-patched bug in Box's multi-factor authentication mechanism that could be abused to completely sidestep SMS-based login verification. "Using this technique, an attacker could use stolen credentials to compromise an organization's Box account and exfiltrate sensitive data without access to the victim's phone," Varonis researchers said in a report shared with The Hacker News.

Zoho has addressed a new critical severity vulnerability that affects the company's Desktop Central and Desktop Central MSP unified endpoint management solutions. ManageEngine Desktop Central is an endpoint management platform that allows admins to deploy patches and software over the network and troubleshoot them remotely.