Okta PostExploitation Method Exposes User Passwords
Accidentally typing a password in the username field of the platform saves them to audit logs, to which threat actors can gain access and use to compromise enterprise services.
Are You Talking to a Carbon Silicon or Artificial Identity
In the triumvirate of identity types, protecting the identity, privacy, and data of carbon-based forms — humans — is key. Safeguards must be in place as AI becomes more interactive.
CISA Warns on Unpatched ICS Vulnerabilities Lurking in Critical Infrastructure
The advisory comes the same week as a warning from the EUs ENISA about potential for ransomware attacks on OT systems in the transportation sector.
36M BEC Fraud Attempt Narrowly Thwarted by AI
With more than $36M nearly swindled away, an almost-successful BEC attempt in the commercial real estate space shows how sophisticated and convincing fraud attacks are becoming.
Chinese Warships Suspected of SignalJamming Passenger Jets
Attackers claiming to be part of the Chinese navy are making calls to commercial Qantas pilots midair, while GPS, comms systems, and altimeter instruments are all experiencing denial of service.
Attackers Are Probing for ZeroDay Vulns in Edge Infrastructure Products
Nearly 20% of the zero-day flaws that attackers exploited in 2022 were in network, security, and IT management products, Mandiant says.
BreachForums Shuts Down in Wake of Leaders Arrest
Administrator shutters the forum on fears that it had been breached by federal authorities but assured members its not the end for the popular underground hacking site.
Pipeline Cybersecurity Rules Show the Need for PublicPrivate Partnerships
The government should not issue infrastructure regulations without the involvement of the industries its regulating.
How to Keep Incident Response Plans Current
Review and update plans to minimize recovery time. Practice and a well-thumbed playbook that considers different scenarios will ensure faster recovery of critical data.
NET Devs Targeted With Malicious NuGet Packages
In a possible first for the NuGet repository, more than a dozen components in the .NET code repository run a malicious script upon installation, with no warning or alert.