Okta investigating reports of data breach by Lapsus$ ransomware cybercriminal group (updated)
Identity and authentication services firm Okta is investigating reports that the firm has been breached by the Lapsus$ ransomware cybercriminal group.
Identity and authentication services firm Okta is investigating reports that the firm has been breached by the Lapsus$ ransomware cybercriminal group.
Varonis Threat Labs has discovered a multi-factor authentication (MFA) bypass vulnerability for Box accounts that use an SMS code for login verification.
Cisco has fixed a Critical authentication bypass vulnerability CVE-2021-34746 in NFV Infrastructure Software (NFVIS) TACACS+ authentication, authorization and accounting (AAA) feature.
A security researcher has discovered a seven-year old polkit privileged escalation vulnerability CVE-2021-3560 that could allow a remote attacker root shell access on Linux systems.
A complex Linux malware dubbed Kobalos is targeting high performance cluster (HPC) computers around the globe.
A vulnerability in open-source sudo utility could allow regular users to gain root privileges on vulnerable Linux hosts without authentication.
Security experts have warned about a high risk hardcoded credential vulnerability in Zyxel firewalls and AP controllers. Some sources have confirmed that bad actors have already ramped up exploits against the vulnerability.
The National Security Agency (NSA) has issued new guidance to eliminate obsolete Transport Layer Security (TLS) protocol configurations (such as TLS 1.0, TLS 1.1, SSLv2, SSLv3 and weak ciphers).
The National Institute of Standards and Technology (NIST) has released its Security Publication (SP) 800-52 Rev. 2: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations.