Identity and access management (IAM) solutions provider Okta has announced a new, open-source identity security standard for SaaS providers, calling it the Interoperability Profile for Secure Identity in the Enterprise (IPSIE). The new security framework, set to be adopted by Microsoft, Google, Ping Identity, BeyondIdentity, and SGNL among others, is aimed at improving “end-to-end security” […]
Author Archives: Onsite Computing, Inc.
AI from the attacker’s perspective: See how cybercriminals are leveraging AI and exploiting its vulnerabilities to compromise systems, users, and even other AI applications Cybercriminals and AI: The Reality vs. Hype “AI will not replace humans in the near future. But humans who know how to use AI are going to replace those humans who […]
The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE-2024-38178 (CVSS score: 7.5), a memory corruption bug in the Scripting Engine that could result in remote code execution when […]
To defend your organization against cyber threats, you need a clear picture of the current threat landscape. This means constantly expanding your knowledge about new and ongoing threats. There are many techniques analysts can use to collect crucial cyber threat intelligence. Let’s consider five that can greatly improve your threat investigations. Pivoting on С2 IP […]
A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails. “The spear-phishing campaign’s impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected,” Trend Micro said in a new analysis. […]
A few years ago, Olivia Rose lived on adrenaline as an “always-on” corporate CISO. Constant meetings made it hard for her to finish what she had started, and she spent significant time managing a team while also managing upwards to leadership. The constant juggling act was “exhausting,” Rose tells CSO. The work cut deeply into her family time […]
For modern businesses regardless of industry or size, the monetary impact of a data breach is substantial. IBM’s latest Cost of a Data Breach report discovered that, from March 2023 to February 2024, the average cost of a data breach globally reached an all-time high of $4.88 million. This figure represents a 10% increase over the same […]
GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0 “An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-28987 (CVSS score: 9.1), the vulnerability relates to a case of hard-coded credentials that could be abused to gain […]
A new rule by the US Department of Defense to ensure that Defense Industrial Base contractors and subcontractors are implementing information security measures required by the federal government is set to take effect 60 days after their expected publication in the Federal Register on Oct. 15. The rule governs the agency’s Cybersecurity Maturity Model Certification […]