Remove 2023 Remove Authentication Remove Social Engineering
article thumbnail

Microsoft Patch Tuesday, November 2023 Edition

Krebs on Security

The zero-day threats targeting Microsoft this month include CVE-2023-36025 , a weakness that allows malicious content to bypass the Windows SmartScreen Security feature. Microsoft says it is relatively straightforward for attackers to exploit CVE-2023-36036 as a way to elevate their privileges on a compromised PC.

article thumbnail

Microsoft Patch Tuesday, June 2023 Edition

Krebs on Security

” Top of the list on that front is CVE-2023-29357 , which is a “critical” bug in Microsoft SharePoint Server that can be exploited by an unauthenticated attacker on the same network. This SharePoint flaw earned a CVSS rating of 9.8 is the most dangerous).

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Social engineering attacks target Okta customers to achieve a highly privileged role

Security Affairs

Identity services provider Okta warned customers of social engineering attacks carried out by threat actors to obtain elevated administrator permissions. Okta is warning customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator permissions.

article thumbnail

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

The Last Watchdog

A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up , just as they have, year-to-year, for the past 20 years. Eyal Benishti , CEO, IRONSCALES Benishti Generative AI (GenAI) reshaped cybersecurity in 2023. What should I be most concerned about – and focus on – in 2024?

article thumbnail

Mobile Malware Uses Deepfakes, Social Engineering to Bypass Biometric Authentication

SecureWorld News

A sophisticated form of mobile malware dubbed "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps. The malware has been active since 2023, specifically targeting victims in Vietnam and Thailand.

article thumbnail

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

The Last Watchdog

Last Watchdog posed two questions: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization? Matt Wilson , Principal Product Manager, SynSaber Wilson In 2023, we witnessed a renewed focus on asset discovery and monitoring. What should I be most concerned about – and focus on – in 2024?

article thumbnail

Okta reveals additional attackers’ activities in October 2023 Breach

Security Affairs

Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach. Okta provided additional details about the October 2023 breach and revealed additional threat actor malicious activities. On Thursday, October 19, Okta advised customers of a security incident.