A weakness in Google’s OAuth “Sign in with Google” feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to various software-as-a-service (SaaS) platforms. […]
BforeAI Raises $10 Million for Predictive Attack Intelligence
BforeAI has raised $10 million in Series B funding, which brings the total raised by the security firm to more than $30 million.
The post BforeAI Raises $10 Million for Predictive Attack Intelligence appeared first on SecurityWeek.
How to Eliminate “Shadow AI” in Software Development
With a security-first culture fully in play, developers will view the protected deployment of AI as a marketable skill, and respond accordingly.
The post How to Eliminate “Shadow AI” in Software Development appeared first on SecurityWeek.
Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as “root” to bypass the operating system’s System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions.
The vulnerability in question is CVE-2024-44243 (CVSS score: 5.5), a medium-severity bug
The vulnerability in question is CVE-2024-44243 (CVSS score: 5.5), a medium-severity bug
Snyk Says ‘Malicious’ NPM Packages Part of Research Project
Apparently malicious NPM packages linked to Snyk raised some concerns, but the security firm clarified that it’s part of a research project.
The post Snyk Says ‘Malicious’ NPM Packages Part of Research Project appeared first on SecurityWeek.
Orchid Security Banks Hefty $36M Seed Round
New York identity management startup raises $36 million in an unusually large seed round co-led by Team8 and Intel Capital.
The post Orchid Security Banks Hefty $36M Seed Round appeared first on SecurityWeek.
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains
New research has pulled back the curtain on a “deficiency” in Google’s “Sign in with Google” authentication flow that exploits a quirk in domain ownership to gain access to sensitive data.
“Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees,” Truffle Security co-founder and CEO Dylan Ayrey said
“Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees,” Truffle Security co-founder and CEO Dylan Ayrey said
FBI wipes Chinese PlugX malware from over 4,000 US computers
The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. […]
Hackers use FastHTTP in new high-speed Microsoft 365 password attacks
Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. […]
Fortinet warns of auth bypass zero-day exploited to hijack firewalls
Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. […]