Okta’s GitHub source code repositories hacked
Okta, a leading solution provider of identity and access management solutions, has confirmed their private GitHub repositories were hacked this month.
authentication
Microsoft disables Basic authentication in Exchange Online to fight password spray attacks
Microsoft has disabled Basic authentication in Exchange Online tenants to help fight against password spray attacks. Attackers are stepping up attacks in anticipation, Microsoft warns.
Okta investigating reports of data breach by Lapsus$ ransomware cybercriminal group (updated)
Identity and authentication services firm Okta is investigating reports that the firm has been breached by the Lapsus$ ransomware cybercriminal group.
Palo Alto Networks patches Critical PAN-OS authentication bypass vulnerability (CVE-2020-2021)
Palo Alto Networks has issued a Critical security advisory for PAN-OS authentication bypass in SAML authentication vulnerability CVE-2020-2021.
OWASP API Security Top 10 2019
The Open Web Application Security Project (OWASP) has released its OWASP API Security Top 10 2019. This is the first version of the API Top 10. OWASP will likely update the guidelines every three to fours years, similar to the other OWASP Top 10 series.
NIST SP 800-177 Revision 1: “Trustworthy Email”
The National Institute of Standards and Technology (NIST) has releases its Security Publication (SP) 800-177 Revision 1, that include security guidelines and recommendations for achieving “trustworthy email”.
Gentoo reveals hacking root cause of its GitHub repository
Gentoo provided a new security update that describes the impact and root cause of its recent GitHub Linux distribution repository hacking incident.
Secure Authorization, Authentication and Access Control for IoT
To help organizations prepare for Internet of Things (IoT) threats, we outline some key security recommendations for IoT authorization, authentication and access control.