RiskXchange

Meet RiskXchange at Infosecurity Europe 2024 📌 Find us in the Discovery Zone, Stand B151 📌 to discover the latest Third-party Risk Management Solutions and discuss how RiskXchange can help your organisation stay secure and prevent third-party attacks. #InfosecurityEurope #InfosecurityEurope2024 #RiskXchange #Cybersecurity

Okta Issues Warning Over Credential Stuffing Attacks Exploiting CORS Feature Okta, a leader in identity and access management, has issued a warning about a series of credential stuffing attacks targeting the Customer Identity Cloud (CIC) feature, particularly its cross-origin authentication capabilities. The attacks, which have been occurring since April 15, 2024, exploit the Cross-Origin Resource Sharing (CORS) feature, putting numerous customer accounts at risk. 📌 Understanding the Threat Credential stuffing attacks involve using stolen username and password lists from data breaches to gain unauthorized access to user accounts. Okta identified that the CORS feature, which allows customers to embed JavaScript for authentication purposes via Okta API, is particularly vulnerable. The company noted that threat actors are exploiting this feature by targeting URLs permitted for cross-origin requests, urging customers to disable these if they're not actively in use. 📌 Okta's Response Okta has taken steps to mitigate this issue by proactively monitoring and reviewing suspicious activities and notifying affected customers with specific guidance on how to secure their accounts. This includes recommendations for disabling unnecessary CORS permissions and implementing stronger security measures. In response to these attacks, Okta advises all customers to: 1. Rotate compromised user credentials; 2. Implement passwordless, phishing-resistant authentication methods, such as passkeys; 3. Have robust password policies and enable multi-factor authentication (MFA) in place; 4. Disable cross-origin authentication features if they are not required; 5. Remove any permitted cross-origin devices that are no longer in use; 6. Restrict permitted origins for cross-origin authentication to tighten security. Okta also recommends that administrators review their system logs for specific events such as 'fcoa,' 'scoa,' and 'pwd_leak' that indicate unauthorized authentication attempts or the use of leaked credentials. These logs can help identify whether credential stuffing attacks are targeting a system and help trace any abnormal spikes in authentication requests. 📌 Broader Implications The situation highlights a broader trend of increased credential stuffing attacks across the industry, underlining the importance of continuous vigilance and adaptive security measures in safeguarding sensitive user data. RiskXchnage can help you detect stolen or leaked sensitive data with our Digital Risk Protection feature. Find out more here: https://lnkd.in/dFipvAVg #RiskXchange #Cybersecurity #CybersecurityNews

UK Military Suffers Major Data Breach Through Third-Party Payroll Contractor 📌 Third-party Exposure The UK military has experienced a significant data breach, affecting over 225,000 individuals, including active, reserve, and former members. The breach was facilitated through a third-party payroll processing system managed by Shared Services Connected Ltd, revealing sensitive information such as names, bank account details, etc. This incident underscores the ongoing vulnerabilities associated with outsourcing critical data handling to external contractors. 📌 Nation-State Attack Suspicions According to the UK's Secretary of State for Defence, Grant Shapps, the breach has been attributed to a threat actor suspected to be backed by a nation-state. Although some officials have hinted at China being the likely perpetrator, Shapps has refrained from directly naming any country. Instead, he has criticized the third-party contractor for inadequate security measures that possibly eased the attackers' access. 📌 Government Response and Contractor Review The UK government has launched a special security review of the contractor's operations in response to the breach. This follows a troubling pattern, as this is not the first instance of a third-party contractor compromising UK military data. A previous incident involved the LockBit ransomware gang, which managed to extract significant amounts of data through another military contractor, exposing the persistent risks in the defence supply chain. 📌Future of Cybersecurity Assessments Continuous cyber risk assessments are becoming increasingly recognized as essential for mitigating third-party risks. RiskXchange can help you avoid third-party breaches by continuosly monitoring your third-party network: https://lnkd.in/eqw7yKZa Innovative initiatives, such as those launched by the US Navy and the DoD's Cyber Operational Readiness Assessment (CORA) program, are being developed to provide more effective and realistic testing of security measures. These efforts represent crucial steps toward enhancing the cybersecurity posture within critical sectors and minimizing the risks associated with third-party contractors...read the full article in our cybersecurity community - RiskXchange Connect. #RiskXchange #Thirdpartyrisk #Thirdpartysecurity #DataBreach

We are proud to announce the launch of our latest addition to RiskXchange security compliance solutions - the ESG Compliance Monitoring tool. This feature is designed to assess, score, and monitor third-party vendors' Environmental, Social, and Governance (ESG) compliance, ensuring that companies can effectively uphold and streamline their ESG compliance practices. #RiskXchange #ESG #Compliance #Cybersecurity

Home Depot Was Breached Through A Third-Party SaaS Vendor 📌A New Vulnerability Exposed Home Depot, a leading home improvement retailer, has found itself at the centre of a data breach, with employee information compromised through a third-party software vendor.  The breach has resulted in the leak of sensitive data, including names, corporate IDs, and email addresses of a subset of Home Depot's employees, now circulating on a Dark Web forum. This breach underscores the persistent cyber risks associated with third-party software-as-a-service (SaaS) vendors. 📌The Crucial Importance of Vendor Selection The incident highlights the critical need for enterprises to carefully assess the cybersecurity measures of SaaS vendors before integrating their services. It is imperative to thoroughly test a vendor's workflow without using real employee data. “The exposure of sensitive information due to a vendor's mistake highlights the complex web of cybersecurity risks facing today's digital enterprises," security experts remark, advocating for robust security and privacy protocols even in non-production environments. 📌Strengthening Cyber Defenses In response to such vulnerabilities, experts recommend continuous vigilance and proactive measures to mitigate potential cyber threats. Here at RiskXchange we cannot stress the the importance of ongoing audits, continuous Vendor Risk Management and security training to arm employees and security professionals with the knowledge to recognize and respond to emerging threats, particularly those originating from third-party sources. 📌A Look Back at Past Breaches This isn't the first time Home Depot has navigated the turbulent waters of a data breach. A decade ago, the retailer was hit by a significant breach that compromised customer credit card data across the US and Canada, marking one of the largest incidents of its kind at the time. This latest breach, though smaller in scale, serves as a reminder of the ever-present cyber risks and the need for stringent cybersecurity practices, especially in the age of widespread third-party SaaS integration. To find out more about Third-party Risk Management and how RiskXchange can help your business, visit https://lnkd.in/eHeKiWUB #RiskXchange #SaaS #Cybersecurity #CybersecurityNews #Thirdpartyrisk

RiskXchange is coming to the Financial Services Risk & Compliance Conference! Book your tickets with £200 off by using the code Partner200: https://buff.ly/3TGmuqS ⌚ When: April 18 🗺 Where: London See you there! #RiskXchange #Compliance #FinancialServices

DarkGate Malware - A Sophisticated Exploit of Microsoft Vulnerability In a concerning development in the cyber threat landscape, a recent malware campaign, dubbed DarkGate, has been observed exploiting a freshly patched vulnerability in Microsoft Windows, CVE-2024-21412, to conduct zero-day attacks through deceptive software installers. CVE-2024-21412, rated with a CVSS score of 8.1, highlights... Continue reading the full article by clicking the link below. #RiskXchange #Malware #CVE #CybersecurityNews

Navigating the Privacy Maze of X's New Calling Feature Elon Musk, in his ambitious drive to morph the Twitter app into X, an all-encompassing platform striving to master everything but falling short on execution, recently introduced a significant update: audio and video calling features now embedded within X. This new capability, while innovative, raises substantial privacy concerns, as it is set to active by default, potentially exposing users' IP addresses to their conversational partners and adding layers of complexity to the user experience...Continue reading by clicking the link below. #Cybersecurity #Privacy #CybersecurityNews

Online impersonation comes in different forms... Impersonation of a business or an individual from an organisation is almost always related to that of a criminal nature since the hacker is seeking financial reward or is intent on harming the business. Online impersonation in this regard can take many forms and all of them will most certainly harm your business. Read our blog to find out how you can safeguard yourself and your company. #RiskXchange #Onlinesafety #Cybersecurity #Impersonation

LockBit Ransomware Operation Dismantled, Key Figures Apprehended In a major breakthrough, law enforcement agencies have dealt a significant blow to the LockBit ransomware operation, dismantling its infrastructure and apprehending key individuals involved in the criminal enterprise. The operation, which spanned multiple countries, has been the focus of a coordinated international effort aimed at disrupting its malicious activities... Read the full story of LockBit's takedown: