That was unexpected
| https://mobile.twitter.com/breditor | |
| Okta Security team | https://sec.okta.com/articles |
Breditor
- 274 Followers
- 55 Following
- 45 Posts
This machine kills passwords.
Jeremy KirkGreat story about a Microsoft security person who discovered the Golden SAML issue in ADFS and lobbied unsuccessfully to get it fixed long before SolarWinds. Particularly relevant now as Microsoft says it will pivot to doing security first over new features. #infosec https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Whistleblower Says Microsoft Dismissed Warnings About a Security Flaw That Russians Later Used to Hack U.S. Government
Former employee says software giant dismissed his warnings about a critical flaw because it feared losing government business. Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others.
Ben WerdmullerThis is a damning story: Microsoft knowingly chose its own profits over fixing a major SSO vulnerability that allowed the SolarWinds hack to take place. #technology #security https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Whistleblower Says Microsoft Dismissed Warnings About a Security Flaw That Russians Later Used to Hack U.S. Government
Former employee says software giant dismissed his warnings about a critical flaw because it feared losing government business. Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others.
Dan GoodinFrom @paulbradleycarr of @sfstandard:
https://sfstandard.com/opinion/2024/06/12/opinion-crypto-bros-trump-fundraiser/
By framing Trump as the crypto candidate (as opposed to something else), the right hopes to unlock millions in donations from Bitcoin billionaires and NFT moguls who sold at the top of the market. In return, the crypto bros expect a president who will slash regulation and thus reduce the risk of their peers becoming bunkmates with Sam Bankman-Fried.
...
The truth is, what we’re seeing is not a change in Valley politics but a shift in power and attention away from the kind of leaders and companies who would sign a letter opposing Trump, towards the kind who would do whatever it takes to elect the guy who will keep their pals out of jail. An industry that once elevated innovators and mavericks today elevates grifters and jailbirds.
Sophos X-OpsWe already did a large package of RDP-related articles a few months back; this article focuses on abuse related to the RD Gateway, RD Web Access, and RD Session Host roles.
https://news.sophos.com/en-us/2024/03/20/remote-desktop-protocol-the-series/
BrianKrebsThere is something potentially huge popping up now. Has to do with a compromise at business intelligence vendor Sisense. I'm hearing this is a supply chain attack affecting many millions of credentials and hundreds of tenants. This is a message the Sisense CISO just sent to customers.
Dare ObasanjoAs an ex-Microsoft guy, it’s the end of an era. We can no longer say we will always need desktop apps because they can’t put Photoshop on the web.
https://blog.adobe.com/en/publish/2023/09/27/photoshop-streamlines-power-precision-web
Ars TechnicaRansomware crooks exploit unpatched 0-day in Cisco security appliances
With no patch available yet, users must enable workarounds. The best: enforce MFA.
ᴉpᴉǝH 🐐💕New blog from Okta recommends phishing-resistant methods, restricting privileged accounts, and monitoring anomalies after they observed attackers using social engineering to gain privileged roles, abuse accounts, and impersonate users
https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection
https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection