On Friday, Okta - the authentication firm-cum-Lapsus$-victim - admitted that it "made a mistake" in handling the recently revealed Lapsus$ attack. The mistake: trusting that a service provider had told Okta everything it needed to know about an "unsuccessful" account takeover (ATO) at one of its service providers and that the attackers wouldn't reach their tentacles back to drag in Okta or its customers. READ MORE...
Threat hunters at Checkmarx on Monday raised an alarm after discovering a threat actor fully automating the creation and delivery of "hundreds of malicious packages" into the NPM ecosystem. The Checkmarx warning comes on the heels of Snyk's discovery of "deliberate sabotage" of NPM package managers and raises new concerns about the software supply chain threat landscape. READ MORE...
Security researchers are warning of a relatively new malware loader, that they track as Verblecon, which is sufficiently complex and powerful for rannsomware and erespionage attacks, although it is currently used for low-reward attacks. Despite being around for more than a year, Verblecon samples enjoy a low detection rate due to the polymorphic nature of the code. READ MORE...
The global energy sector needs to stay alert for Triton malware, the Federal Bureau of Investigation said in a recent warning. Triton (also known as Trisis and HatMan) is designed to "cause physical safety systems to cease operating or to operate in an unsafe manner," the FBI says in its Private Industry Notification (PIN 20220324-001). The malware was used in a cyberattack in 2017 against a Middle East petrochemical facility. READ MORE...
Multifactor authentication (MFA) is a core defense that is among the most effective at preventing account takeovers. In addition to requiring that users provide a username and password, MFA ensures they must also use an additional factor-be it a fingerprint, physical security key, or one-time password-before they can access an account. Nothing in this article should be construed as saying MFA isn't anything other than essential. READ MORE...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies to patch a Google Chome zero-day and a critical Redis vulnerability within the next three weeks, both actively exploited in the wild. According to a Google advisory published on Friday, the Chrome zero-day security flaw (tracked as CVE-2022-1096) is a high severity type confusion weakness in the Chrome V8 JavaScript engine that could allow threat actors to execute arbitrary code on targeted devices. READ MORE...