Identity and authentication services firm Okta is investigating reports that the firm has been breached by the Lapsus$ ransomware cybercriminal group.
Identity & Access Management
The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-204B Attribute-based Access Control for Microservices-based Applications using a Service Mesh.
A Critical ForgeRock Access Management (AM) vulnerability (CVE-2021-35464) has been exploited in the wild. The issue affects ForgeRock’s OpenAM, open-source AM solution.
A hacker remotely accessed a Florida city water treatment plant and attempted to increase the chemical level to “dangerous levels” before the cyberattack was thwarted.
The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-210 General Access Control Guidance for Cloud Systems.
Cisco has released a High severity security advisory for a telnet vulnerability that affects Cisco IOS XE software.
Microsoft has released new Zero Trust guidance for Azure Active Directory (Azure AD). The guidance is part of a broader “Zero Trust Security Strategy” to help organizations provide more secure access to corporate resources.
Organizations that are running Pulse Security VPN devices may still be at risk of being exploited, even if previously patched, according to a new Department of Homeland Security (DHS) advisory. The risk is elevated if an actor previously exploited CVE-2019-11510 and stole AD credentials from the victim organization.