Tag: SSO

New Microsoft 365 outage impacts Teams, causes call failures
Summary: Microsoft is currently investigating an outage affecting Microsoft 365 services, particularly impacting Teams users who are experiencing call failures and authentication issues. Affected users report broader connectivity problems with other Microsoft applications, including Outlook and Exchange. Microsoft is analyzing the situation to identify the root cause and potential solutions.…
Read More
Microsoft links recent Microsoft 365 outage to buggy update
Summary: Microsoft has resolved a coding issue that caused a widespread outage affecting Microsoft 365 apps, particularly Outlook and Exchange Online, over the weekend. The incident also led to degraded functionality of Teams and Power Platform, but was addressed by reverting the problematic code change. Additionally, ongoing issues with Exchange Online on iOS have been reported, related to authentication token errors linked to a third-party application.…
Read More
Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363)
Summary: A high-severity vulnerability (CVE-2025-23363) in Siemens Teamcenter PLM software could enable attackers to steal valid session data through an open redirect in the single sign-on (SSO) service. The vulnerability affects all versions of the software and poses risks if users click on malicious links. Siemens is working on a new fix and advises users to avoid untrusted links in the meantime.…
Read More
89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals
Summary: The “Enterprise GenAI Data Security Report 2025” by LayerX sheds light on the adoption and risks associated with GenAI tools within enterprises, revealing that significant usage occurs beyond IT’s visibility. The report highlights that a considerable portion of GenAI engagement involves corporate data, prompting a critical reassessment of security strategies.…
Read More
Mastering Multi-Cloud Security: Strategies to Overcome Challenges & Maximize Protection
Organizations are increasingly adopting multi-cloud strategies to avoid vendor lock-in, optimize costs, ensure business continuity, and leverage best-in-class services. However, they face challenges such as inconsistent identity management models, lack of unified visibility, and expanded attack surfaces that complicate security across multiple platforms. Affected: Organizations, Cloud Service Providers

Keypoints :

Multi-cloud approaches are utilized to avoid vendor lock-in and optimize costs.…
Read More
Infostealing Malware Infections in the U.S. Military & Defense Sector: A Cybersecurity Disaster in the Making
The article by Alon Gal highlights a significant national security threat posed by Infostealer malware infections among U.S. defense contractors and military personnel. Employees from companies like Lockheed Martin, Boeing, and Honeywell have unwittingly downloaded malware, resulting in the theft of sensitive credentials and exposing classified information.…
Read More
Microsoft Patch Tuesday, February 2025 Security Update Review – Qualys ThreatPROTECT
Microsoft’s February 2025 Patch Tuesday release addressed 67 vulnerabilities, including three critical and 53 important ones, with key updates targeting Microsoft Edge, Windows services, and multiple software vulnerabilities. Notably, four zero-day vulnerabilities were patched, two of which were actively exploited. Users are advised to implement these updates promptly to enhance system security.…
Read More
4 Ways to Keep MFA From Becoming too Much of a Good Thing
Summary: Multi-factor authentication (MFA) is becoming a standard security measure for businesses but faces various challenges that hinder its universal implementation. These challenges include perceptions of cost, user experience issues, hidden pitfalls in deployment, and the understanding that MFA is not infallible. A successful MFA strategy requires careful planning, balancing costs, and prioritizing user experience while integrating it into a broader security approach.…
Read More
Update: GitHub Enterprise SAML Bypass Flaw Uncovered With Technical Analysis and Exploit PoC
Summary: Security researcher Hakivvi has identified a significant vulnerability (CVE-2025-23369) affecting SAML authentication in GitHub Enterprise, enabling attackers to bypass security checks and gain unauthorized access. The flaw is rooted in the libxml2 library, which can be exploited to manipulate SAML responses. GitHub has released a fix, and organizations are urged to apply patches immediately to mitigate risks.…
Read More
A Cybersecurity Leader’s Guide to SecVal in 2025
Summary: Security validation has emerged as a critical priority for security leaders, especially following Gartner™’s CTEM framework introduction in 2022. The article details three key methods to enhance security through validation against ransomware, user credentials, and patched vulnerabilities, emphasizing the importance of proactive management. Additionally, it highlights the need for clear remediation guidance and a shift from reactive to proactive security measures.…
Read More
The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025
Summary: Privileged Access Management (PAM) is becoming a pivotal element in cybersecurity strategies, with a projected market growth reaching .96 billion by 2037. This significance arises from PAM’s ability to combat insider threats, third-party vulnerabilities, and evolving cyber threats while ensuring regulatory compliance. Syteca’s PAM solution enhances operational efficiency and integrates seamlessly into existing cybersecurity frameworks to address these challenges.…
Read More
Hackers spoof Microsoft ADFS login pages to steal credentials
Summary: A phishing campaign has targeted Microsoft Active Directory Federation Services (ADFS) used by various organizations, including education, healthcare, and government entities, by leveraging spoofed login pages to steal credentials and bypass multi-factor authentication (MFA). The attackers aim to gain access to corporate email accounts for further exploits, including business email compromise.…
Read More
Hudson Rock’s Cybercrime and Threat Intelligence Researcher, Leonid Rozenberg, Shares Insights About Infostealers and Security
Hudson Rock specializes in providing cybersecurity intelligence, focusing on Infostealer malware and cybercrime. Founded in 2020, the company offers free tools to help users assess their exposure to cyber threats and has developed products like Cavalier and Bayonet for monitoring and sales prospecting. Hudson Rock emphasizes the importance of cybersecurity training for all employees across sectors and continually analyzes infection trends to inform their services.…
Read More
US-CERT Vulnerability Summary for the Week of January 27, 2025 – RedPacket Security
The CISA Vulnerability Bulletin highlights a range of new vulnerabilities reported in various software and systems, emphasizing their classification based on severity levels. It includes notable CVEs affecting several platforms, detailing the potential impacts and exploit details for critical, high, and medium vulnerabilities. Affected vulnerabilities can lead to SQL injection, unauthorized data access, buffer overflows, and other severe consequences.…
Read More
Bitwarden makes it harder to hack password vaults without MFA
Summary: Bitwarden is implementing an additional security measure for users without two-factor authentication (2FA), requiring email verification for accessing accounts from unrecognized devices. This step aims to enhance account safety by prompting users for a verification code before granting access to their password vaults. Users are encouraged to activate 2FA for optimal protection against potential threats.…
Read More
Multiple Cybersecurity Giants’ Account Credentials Leaked and Sold on Dark Web; Ministry of Industry and Information Technology Warns: Beware of Androxgh0st Botnet Risks | NiuLan – Security Niu
A recent report reveals that multiple cybersecurity firms have had their account credentials leaked and are being sold on the dark web. This poses risks not only to the companies involved but also to their customers. Additionally, the Ministry of Industry and Information Technology highlights the ongoing threat of the Androxgh0st botnet, which targets IoT devices and network infrastructure.…
Read More