Recent Security News
-
Oleria Secures $33M Investment to Grow ID Authentication Business
January 18, 2024 at 08:18AM Seattle-based startup Oleria, founded by former Salesforce CISO Jim Alkove, secured a $33 million Series A round led by Evolution Equity Partners. The funding, supported by previous investors, aims to further develop its adaptive and autonomous identity security technology. Oleria’s approach emphasizes providing seamless access management and continuously assessing and…
-
List Containing Millions of Credentials Distributed on Hacking Forum, but Passwords Old
January 18, 2024 at 08:18AM Australian researcher Troy Hunt discovered a credential stuffing list named Naz.API, consisting of over 70 million unique email addresses and passwords, sourced from malware and a defunct OSINT tool. One-third of the addresses were not previously known, and the data has been added to Have I Been Pwned and Pwned…
-
TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks
January 18, 2024 at 08:03AM Misconfigurations in TensorFlow’s CI/CD system enabled potential supply chain attacks. GitHub-hosted runners are not vulnerable, but self-hosted runners executed without approval, permitting unauthorized code execution. Ephemeral runner security measures were bypassed, allowing for breaches of GitHub repository and PyPI registry integrity. Project maintainers addressed the issues post-disclosure, mitigating the risks.…
-
MFA Spamming and Fatigue: When Security Measures Go Wrong
January 18, 2024 at 08:03AM Multi-factor authentication (MFA) is increasingly used by organizations to bolster security, as traditional password-only systems are vulnerable to cyberattacks. However, MFA spamming, a tactic where attackers inundate users with verification requests, poses a threat. Mitigation strategies include strong password policies, end-user training, rate limiting, and monitoring systems. Strengthening security measures…
-
Customer Information of Toyota Insurance Company Exposed Due to Misconfigurations
January 18, 2024 at 07:24AM Security researcher Eaton Zveare gained unauthorized access to customer information in Toyota Tsusho Insurance Broker India’s email account due to misconfigurations and vulnerabilities. Zveare accessed the [email protected] email account, exposing customer data, OTPs, and access to TTIBIās Microsoft cloud account. TTIBI took two months to address the issues, but the…