Security News
Key ways to manage shadow APIs entail API documentation and inventory, API Discovery, API validation, and comprehensive visibility into the security of API endpoints. This requires a solid process for publishing APIs with proper documentation which records how the API behaves and how it interacts with other APIs.
Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October. The October Okta security breach involved more than 130 customers of that IT access management biz, in which snoops swiped data from Okta in hope of drilling further into those organizations.
Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people. The FTC's complaint alleges that the company "Failed to monitor attempts by hackers to breach its networks, segment data to prevent hackers from easily accessing its networks and databases, ensure data that is no longer needed is deleted, adequately implement multifactor authentication, and test, review and assess its security controls" and "Allowed employees to use default, weak, or identical passwords for their accounts."
Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system."They then returned on November 22 and established persistent access to our Atlassian server using ScriptRunner for Jira, gained access to our source code management system, and tried, unsuccessfully, to access a console server that had access to the data center that Cloudflare had not yet put into production in São Paulo, Brazil," Cloudflare said.
Microsoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts. "For Outlook 2013 and Outlook 2016, if you are still seeing authentication prompts, please ensure you've enabled two step verification and create an app password. Use the app password in place of your normal password when Outlook prompts for authentication."
Cyber attacks using AI-generated deepfakes to bypass facial biometrics security will lead a third of organizations to doubt the adequacy of identity verification and authentication tools as standalone protections. Remote account recovery, for example, might rely on an image of the individual's face to unlock security.
An Android remote access trojan known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023. The malicious apps, which have now been removed from Google Play but remain available on third-party app stores, are disguised as messaging or news apps.
The Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission's strict data breach reporting rule. The SEC's rule require public companies hit by cybercriminals to report the incident within four days.
The Computer Emergency Response Team in Ukraine is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. The exact impact of this widespread infection and whether it has affected state organizations or regular people's computers hasn't been determined, but the agency has shared detailed information on how to locate infections and remove the malware.
The Computer Emergency Response Team in Ukraine is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. PurpleFox is a modular Windows botnet malware first spotted in 2018 that comes with a rootkit module allowing it to hide and persist between device reboots.