Google Cloud to Enforce MFA on Accounts in 2025

November 6, 2024 at 07:17PM Google will mandate multi-factor authentication (MFA) for all Google Cloud users by the end of 2025, starting phased implementation this month. This requirement aims to enhance account security, although general consumer accounts are exempt. Similar measures are being adopted across the industry, but MFA alone is not infallible against threats. … Read more

Why the long name? Okta discloses auth bypass bug affecting 52-character usernames

November 4, 2024 at 06:41AM Okta identified a security flaw that could let attackers exploit usernames of 52 characters or more for AD/LDAP Delegated Authentication. This bug persisted for over three months before it was fixed on October 30. Okta advises customers to implement multi-factor authentication and check logs for suspicious activity since July 23. … Read more

Feds Warn on Russian Actors Targeting Critical Infrastructure

September 6, 2024 at 03:56PM The US and allies accuse Russia of cyberattacks targeting global critical infrastructure. They identify Russian cyber actors affiliated with GRU 161st Specialist Training Center deploying WhisperGate malware since 2020. Targets include Ukraine, NATO, Latin America, and Central Asia. The advisory warns of potential infiltration into critical infrastructure sectors. Mitigation strategies … Read more

Okta Warns Once Again of Credential-Stuffing Attacks

May 30, 2024 at 11:53AM Okta, an identity management service provider, is warning of credential-stuffing attacks against its Customer Identity Cloud’s cross-origin authentication feature. The company has provided guidance for mitigating the attacks and preventing them, including monitoring event logs for specific indicators and enabling breached password detection. Further defense measures include passwordless authentication, strong … Read more