December 11, 2024 at 03:50PM Researchers at Oasis Security exploited a Microsoft Azure multifactor authentication vulnerability, dubbed “AuthQuake,” allowing unauthorized access to user accounts, including Microsoft 365 services. The flaw, caused by a lack of rate limits during MFA sign-in attempts, was fixed by Microsoft in October 2023. Recommendations for improved security were provided. ### … Read more
October 30, 2024 at 03:22PM Microsoft will mandate multifactor authentication (MFA) registration for all users when security defaults are enabled, enhancing security across Entra tenants. This requirement, part of the Secure Future Initiative, starts for new tenants on December 2, 2024, and for existing tenants in January 2025, reducing account compromise risks. **Meeting Takeaways: Microsoft … Read more
October 22, 2024 at 10:52AM Terrance Michael Ciszek, a US police detective, is charged with purchasing stolen account credentials from the Genesis Market on the dark web. **Meeting Takeaways:** 1. **Key Individual:** Terrance Michael Ciszek has been charged with a crime. 2. **Allegation:** He is accused of purchasing stolen account credentials. 3. **Marketplace Involvement:** The … Read more
September 18, 2024 at 02:43PM GitLab has released security updates for a critical SAML authentication bypass vulnerability affecting self-managed installations of GitLab CE and EE. The flaw arises from a problem in the OmniAuth-SAML and Ruby-SAML libraries, allowing attackers to gain unauthorized access. GitLab strongly recommends immediate upgrades and suggests enabling two-factor authentication as a … Read more
August 27, 2024 at 11:25AM Park’N Fly issued a warning about a data breach that compromised the personal and account details of 1 million Canadian customers. The breach resulted from hackers infiltrating the company’s network. It seems like the meeting notes are relaying important information about a data breach at Park’N Fly, where personal and … Read more
July 2, 2024 at 06:08PM Many online accounts using passkey technology are still vulnerable to adversary-in-the-middle (AitM) attacks, allowing attackers to manipulate the login screen and remove passkey authentication. This discovery by security researcher Joe Stewart highlights the need for more secure authentication methods and account recovery options. Enterprises can mitigate this risk by implementing … Read more
June 19, 2024 at 09:33AM Amtrak notifies customers of a hacking incident involving username and password combinations obtained from other data breaches. Threat actors accessed accounts, changing email addresses and accessing personal and financial information. Amtrak urges affected individuals to reset passwords, review account statements, and consider placing fraud alerts on credit files. The company … Read more
June 19, 2024 at 09:09AM Amtrak’s Guest Rewards program experienced a three-day security breach, with miscreants accessing user data between May 15-18. The breach potentially compromised email addresses, contact information, payment details, and more. Amtrak is mandating two-factor authentication for affected users and advising them to change their passwords. This is the second breach for … Read more
June 18, 2024 at 06:27PM Amtrak disclosed a data breach affecting Guest Rewards accounts, emphasizing it was not a hack of their systems. Account data was accessed, including personal information, payment details, and loyalty points. Amtrak urged customers to rotate passwords and implement multifactor authentication. The incident is not the first for Amtrak, highlighting the … Read more
April 15, 2024 at 04:19PM Roku is enforcing mandatory two-factor authentication for all users following two incidents where customer accounts were compromised. Approximately 591,000 customers were affected, with 400 having their accounts used for unauthorized purchases. The breach did not expose sensitive financial or personal information, and Roku has reset passwords for the affected accounts. … Read more