TLDR:
- Credential stuffing attacks are targeting firms using Okta ID management solutions
- Malware disguised as job postings tricking software developers
Credential stuffing attacks have increased for organizations using Okta’s identity and access management solutions, leading to a warning from the company. Cisco Systems also warned about large-scale brute force attacks on gateways and web application authentication services. Defensive steps include enabling security features in cloud-based authentication services, using phishing-resistant multifactor authentication, and blocking login requests from unauthorized countries. Beware of malware disguised as job postings, targeting software developers. Additionally, data breaches affecting millions of individuals have been reported, including leaks from Kaiser Permanente, a debt collection agency, an accounting and consulting firm, and a Los Angeles County Health Services agency phishing scam. A new Android malware known as Brokewell is stealing bank login information from smartphones. The debate over licensing requirements for cybersecurity professionals continues, with Malaysia recently passing legislation. Whether this approach will help or hinder the cybersecurity industry remains to be seen.