Security News
A new phishing campaign is using fake Okta single sign-on pages for the Federal Communications Commission and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered. The victims are then prompted to resolve a captcha using hCaptcha - a tactic that prevents the phishing site from being identified and adds to its credibility - and are presented with a spoofed Okta SSO page.
While SSO is an important step in securing SaaS apps and their data, having just SSOs in place to secure the SaaS stack in its entirety is not enough. SSO alone won't prevent a threat actor from accessing a SaaS app.
Okta, a leading provider of authentication services, has shared a workaround for ongoing issues preventing customers from logging into their accounts using Microsoft Office 365 Single Sign-On. Based on a new incident added to the company's status page, the outage affects users across the United States, EMEA, and Japan. "We have deployed a fix across all cells. After deploying the fix, we are still seeing a number of issues. We are still actively investigating these issues to isolate a fix. We are also actively monitoring the systems," the company said in a recent update.
Microsoft has announced this week that Azure Virtual Desktop support for passwordless authentication has now entered public preview. "Today we're announcing the public preview for enabling an Azure AD-based single sign-on experience and support for passwordless authentication, using Windows Hello and security devices," said David Bélanger, a Senior Program Manager for Azure Virtual Desktop at Microsoft.
Avatier Corporation has released Avatier for ServiceNow, the latest addition to the Avatier Anywhere platform. Avatier for ServiceNow is a certified ServiceNow app that adds a unified, passwordless approach to Identity Access Management with single sign-on to the Now platform to improve workforce efficiency.
RIPE NCC is warning members that they suffered a credential stuffing attack attempting to gain access to single sign-on accounts. RIPE NCC is a not-for-profit regional Internet registry for Europe, the Middle East, and parts of Central Asia.
Some people are also concerned that their ID and password could be stored locally by third parties when they provide them to the SSO mechanism. In an effort to address these problems, Associate Professor Satoshi Iriyama from Tokyo University of Science and his colleague Dr Maki Kihara have recently developed a new SSO algorithm that on principle prevents such holistic information exchange.
Among the many news shared during Apple’s annual developer conference there’s one that stands out: the introduction of “Sign in with Apple”. About the “Sign in with Apple” feature Apple’s new...
Last May, around one million Gmail and G Suite users using SAML single sign-on (SSO) were targeted by a clever type of phishing attack that Google seemed keen for everyone to know it had shut down...
Uber patched an authentication bypass vulnerability in its homegrown SSO solution that allowed attackers to take over subdomains and steal session cookies.