Identity & Access Management

GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.

Accidentally typing a password in the username field of the platform saves them to audit logs, to which threat actors can gain access and use to compromise enterprise services.

The ransomware group sent a message directly to Elon Musk: Pay or the confidential SpaceX information goes up for grabs on the Dark Web.

AT&T is notifying customers of a Customer Proprietary Network Information compromise, exposing years-old upgrade details.

More than five out of every 1,000 commits to GitHub included a software secret, half again the rate in 2021, putting applications and businesses at risk.

Will stricter cybersecurity requirements make flying safer? The TSA says yes, and sees it as a time-sensitive imperative.

A two-month-long automated credential-stuffing campaign exposed personal information of Chick-fil-A customers, including birthdays, phone numbers, and membership details.

Access-as-a-service took off in underground markets with more than 775 million credentials for sale and thousands of ads for access-as-a-service.

As companies increasingly adopt MFA, cybercriminals are developing a variety of strategies to steal credentials and gain access to high-value accounts anyway.

The opportunistic "SCARLETEEL" attack on a firm's Amazon Web Services account turns into targeted data theft after the intruder uses an overpermissioned service to jump into cloud system.

A tailored spear-phishing attack successfully convinced a Reddit employee to hand over their credentials and their one-time password, but soon after, the same worker notified security.

Despite growing awareness, organizations remain plagued with unpatched vulnerabilities and weaknesses in credential policies.

The group's wanton attacks demonstrate that business email compromise is everything a hacker can want in one package: low risk, high reward, quick, easy, and low effort.

An OpSec slip from the North Korean threat group helps researchers attribute what was first suspected as a ransomware attack to nation-state espionage.

Everyone on Twitter wants a blue check mark. But Microsoft Azure's blue badges are even more valuable to a threat actor stealing your data via malicious OAuth apps.