Recently, a team of experts from JumpSEC Labs discovered a vulnerability in Microsoft Teams that allows malicious actors to bypass policy controls and introduce malware through external communication channels. Leaving end-users susceptible to phishing attacks. Microsoft’s advice is to educate end-users to detect phishing attempts. One workaround would be to disable Microsoft Teams collaboration with external organizations.

In this article, we will see how to enable Enterprise SSO login (based on the SAML single sign-on protocol) using Okta for your Next.js app and relay role-based access directly from the Identity Provider to Cerbos. We'll be using BoxyHQ's open-source Enterprise SSO solution (called SAML Jackson) to interface with Okta. We'll use the principle of minimal UI and include only the necessary interface in our example application.

The US Federal Bureau of Investigation (FBI) has warned of an increase in tech support scams that attempt to trick users into sending cash via snail mail.

Vulnerability disclosure programs (VDPs) are structured frameworks or processes for organizations to document, submit, and report security vulnerabilities to all other relevant organizations. Being ready and able to address vulnerabilities before they become problems is an essential part of any cybersecurity strategy. While VDPs are not currently required by law, the U.S. government encourages vulnerability disclosure programs as a proactive approach to cybersecurity.

According to the latest cybersecurity report of CNIL, the French data protection supervisor, France has seen a record of personal data breaches in 2021 — a near 80% increase from 2020. The CNIL carried out strict regulatory measures on French businesses and organizations in 2021, sending 135 formal notices that resulted in €214 million in fines and 18 sanctions. Nine sanctions were for inefficient data security.

On July 24, a group of researchers at Midnight Blue announced TETRA:BURST, a set of five new vulnerabilities affecting the TETRA standard for radio communication.

In recent years, there has been a significant rise in the number of API attacks, posing a growing threat to businesses and organizations across various industries. APIs, or application programming interfaces, have become essential for enabling communication and data exchange between different software systems. However, this increased reliance on APIs has also made them an attractive target for cybercriminals.

Avoiding common integration pitfalls that set your organization back is critical in today’s fast-paced software development landscape. In today’s fast-paced software development landscape, DevOps has become the go-to approach for organizations looking to accelerate their application delivery. However, ensuring the security of applications in a DevOps environment is no small feat.

Kroll has identified two different file exfiltration methodologies leveraged by threat actors, primarily CLOP, during recent engagements involving the exploitation of the MOVEit vulnerability (CVE-2023-34362) throughout May and June 2023. In the vast majority of Kroll’s global MOVEit investigations, the primary data exfiltration method consisted of utilizing the dropped web shell to inject a session or create a malicious account (named Method 1 for this piece).

Clickjacking, also known as a clickjacking attack or a clickjack, is a cyberattack in which hidden links trick users into completing an unintended action which results in the exposure of sensitive information and hacking. Keep reading to understand more about clickjacking and how it works.