Security News

GitHub has announced that it will require two factor authentication for users who contribute code on its service. "The software supply chain starts with the developer," wrote GitHub chief security officer Mike Hanley on the company blog.

Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira's authentication framework, Jira Seraph.

Atlassian has published a security advisory to alert that its Jira and Jira Service Management products are affected by a critical authentication bypass vulnerability in Seraph, the company's web application security framework.Seraph is used in Jira and Confluence for handling all login and logout requests via a system of pluggable core elements.

Some forms of MFA are stronger than others, and recent events show that these weaker forms aren't much of a hurdle for some hackers to clear. Sending a bunch of MFA requests and hoping the target finally accepts one to make the noise stop.

New iShield FIDO2 USB-A / NFC security key protects access to applications and online services. With iShield FIDO2, the industrial storage and security products specialist Swissbit now introduces its first authenticator for the FIDO2 open authentication standard.

Okta is a large company that provides authentication services for companies like FedEx and Moody's to enable access to their networks. Those support engineers have limited access to data.

The Lapsus$ extortion crew has turned its attention to identity platform Okta and published screenshots purportedly showing the group gaining access to the company's internals. Oliver Pinson-Roxburgh, CEO of security outfit Bulletproof, warned: "As the gatekeeper to the networks and data of thousands of organizations, a breach at Okta would have significant consequences."

Microsoft and authentication services provider Okta said they are investigating claims of a potential breach alleged by the LAPSUS$ extortionist gang. The leaked 37GB archive shows that the group may have accessed the repositories related to Microsoft's Bing, Bing Maps, and Cortana, with the images highlighting Okta's Atlassian suite and in-house Slack channels.

One of the most effective ways cybercriminals can execute ransomware attacks? Email. Given that emails deliver 96% of all social engineering attacks, email authentication provides the best first-line defense against ransomware attacks.

An identity and access management research report from Enterprise Strategy Group, finds organizations, frustrated with poor user experience and weak security, are moving towards adopting passwordless, continuous authentication. The impact of adopting passwordless authentication 40% of organizations using multi-factor authentication for customers make it optional.