Access Control

Threat actor deploys malicious OAuth apps on compromised cloud tenants to spread spam

Access Control, Authentication, Cloud Security, Cybersecurity Attacks, Messaging Security / By Frank Crast / September 25, 2022 / AAD, Cloud, MFA, Microsoft, Oauth

Microsoft has been monitoring a threat actor deploying malicious OAuth apps on compromised cloud tenants to spread spam.

Varonis discovers MFA bypass for Box accounts

Access Control, Authentication, Vulnerabilities & Exploits / By Frank Crast / January 27, 2022

Varonis Threat Labs has discovered a multi-factor authentication (MFA) bypass vulnerability for Box accounts that use an SMS code for login verification.

NSA and CISA release guidance on securing remote access VPNs

Access Control, Cybersecurity Articles, Identity & Access Management, Network Security / By Frank Crast / September 29, 2021 / CISA, CNSSP, NSA, TLS, VPN

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint Cybersecurity Information Sheet selecting and securing remote access VPNs.

Search for:

Most Recent Posts

Home
Blog
Standards & Guidelines
About Us
Contact Us
Privacy Policy