Identity & Access Management

Microsoft: Attackers are increasingly using token theft in cyberattacks to bypass MFA

The Microsoft Detection and Response Team (DART) has spotted an increase in attackers using token theft in the cloud to compromise corporate systems while bypassing multi-factor authentication (MFA) and other authentication controls.

Microsoft: Attackers are increasingly using token theft in cyberattacks to bypass MFA Read More »

Okta investigating reports of data breach by Lapsus$ ransomware cybercriminal group (updated)

Identity and authentication services firm Okta is investigating reports that the firm has been breached by the Lapsus$ ransomware cybercriminal group.

Okta investigating reports of data breach by Lapsus$ ransomware cybercriminal group (updated) Read More »

FIPS 201-3: Personal Identity Verification (PIV) of Federal Employees and Contractors

The U.S. Secretary of Commerce has approved the publication of FIPS 201-3, the National Institute of Standards and Technology (NIST) latest revision of “Personal Identity Verification (PIV) of Federal Employees and Contractors.”

FIPS 201-3: Personal Identity Verification (PIV) of Federal Employees and Contractors Read More »

NIST SP 800-204B: Attribute-based Access Control for Microservices-based Applications using a Service Mesh

The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-204B Attribute-based Access Control for Microservices-based Applications using a Service Mesh.

NIST SP 800-204B: Attribute-based Access Control for Microservices-based Applications using a Service Mesh Read More »

Critical ForgeRock Access Management vulnerability (CVE-2021-35464) exploited

A Critical ForgeRock Access Management (AM) vulnerability (CVE-2021-35464) has been exploited in the wild. The issue affects ForgeRock’s OpenAM, open-source AM solution.

Critical ForgeRock Access Management vulnerability (CVE-2021-35464) exploited Read More »

Hacker remotely accesses Florida water treatment plant, bumps chemical level to “dangerous levels”

A hacker remotely accessed a Florida city water treatment plant and attempted to increase the chemical level to “dangerous levels” before the cyberattack was thwarted.

Hacker remotely accesses Florida water treatment plant, bumps chemical level to “dangerous levels” Read More »