Crosswire

We hope everyone had a fun and safe holiday season! Here’s our first Identity Security TL;DR recap of the year: ❄ #Okta recently acquired posture management startup #Spera in a $100 million deal set to finalize on February 1st of this year. 🍪 #CloudSEK reported on a new technique allowing attackers to restore #Google cookies even when users have signed out or changed their password. 🖥 It was recently reported that Russian threat actors (thought to be "Sandworm") were inside Ukraine's biggest telecoms operator #Kyivstar's system from at least May 2023 on, knocking out services for approximately 24 million users from Dec. 12-20th. Is there anything else we missed from the last few weeks in #infosec? Happy New Year!🎆

Happy Friday from Crosswire! Here’s your Identity Security TL;DR recap from the week of December 11th: 🔏 Yesterday, Johnny Wang (co-founder of Crosswire) hosted a webinar with Joe Sullivan (former CSO at Cloudflare, Uber, and Meta) where they discussed the role of a CSO in 2024 and the implications of recent SEC enforcement actions for the community. This webinar followed Joe Sullivan’s keynote address at Black Hat Europe last Thursday: “My Lessons From the Uber Case.” 📃 There's a new #SEC mandatory cyber incident disclosure rule going into effect next week, requiring companies to "report 'material' cybersecurity incidents on a Form 8-K within four business days of materiality determination." ☁️ The Microsoft incident response team (formerly DART) published a comprehensive guide to best practices for identity and access (#IAM), specifically focused on preventing cloud identity compromise. 👤 The Identity Theft Resource Center - Nonprofit created a new advisory board and released their 2024 #identitysecurity predictions, forecasting a rise in credential misuse, social engineering (especially impersonation) attempts, and a growing emotional toll on identity theft victims. Safe travels and happy holidays!

🤔 Somehow, we got a dozen security people to think about something other than breaches in the middle of December A big thank you to everyone who attended Crosswire's axe-throwing holiday party at #LiveAxe last Tuesday, and a special shoutout to Teleskope for co-hosting! It was such a pleasure to host this wonderful community of NYC #infosec leaders and thinkers (we learned that the only thing more adrenaline-inducing than throwing axes was talking about the current state of #identitysecurity 🎯) Hope everyone has a safe and happy holiday ☃ Elizabeth Nammour, Julie Trias, and Lucya Koroleva -- Teleskope Cedric Fitzgerald -- PagerDuty Juan Taveras -- CertiK Chris Fulton -- FloQast Justin Hershkowitz -- JRM Construction Management Galina Schwartzberg -- Apple Bank Andre Hu -- SeatGeek Jamie brim -- Corelight

What does personal liability mean for the CISO community? Join Johnny Wang and our panel next Thursday for a lively discussion on CISO personal liability and the future of the industry!

Hope everyone had a lovely holiday! Here's your Identity Security TL;DR recap from the week of November 27th: 🗓️ As the end of the year approaches, "2023 in Cybersecurity" reviews abound, with generative #AI, geopolitical conflicts, and #identity breaches appearing on most of the lists. 🛡️ Crosswire sources, along with public reports, have confirmed that Okta's #Salesforce instance experienced a breach in September 2023. This incident is part of the larger #Okta breach reported last month, revealing the number of affected users to be larger than the 1% of customers previously reported. ☁️ Amazon Web Services (AWS) re:Invent 2023 took place in Las Vegas this week, with a number of announcements surrounding their security practices, such as: 🌐 Amazon Detective has added new #security capabilities including automated investigations for IoCs within your AWS #IAM and "finding group summaries" powered by generative AI. 🌐 A new capability in Amazon GuardDuty can now detect runtime security events (such as file access, process execution, and network connections that may indicate runtime threats) within Amazon ECS clusters running on AWS Fargate and Amazon EC2. Is there anything else we missed from last week in #infosec? Safe travels to everyone traveling for conferences!

Here's your Identity Security TL;DR recap from the week of November 16th: ⚖️ The #SEC charges against SolarWinds CISO have increased the pressure felt by security professionals when writing attack reports. For example, even if a CISO's report is flawless, any changes made by another C-suite member that the SEC may deem as problematic must be reported by the #CISO to avoid potential fraud accessory charges. ⭕ The "2023 State of Zero Trust Security" report by Okta found that 61% of IT and security decision-makers surveyed have a defined #zerotrust initiative in place at their org, with another 35% planning to implement one soon. 🤖 Google has filed a lawsuit against five unidentified individuals who created and spread a fake Bard AI #chatbot. This chatbot contained #malware which enabled the individuals to steal social media login credentials and potentially compromised other sensitive data. 🛡️ On Tuesday, Microsoft released patches for over five dozen security vulnerabilities in its Microsoft Windows operating systems and related software, including three "zero-day" vulnerabilities already actively exploited. 🔌 Resecurity, Inc. has reported that #ransomware attacks targeting the energy sector (particularly nuclear and oil & gas) have risen an alarming rate in 2023 and are major targets going into 2024. Anything else we missed from last week in #infosec? Safe travels to everyone traveling next week for the holidays!🍂

Are you at the NYC Official Cyber Security Summit today and looking to chat #ITDR? Find or reach out to our Crosswire team member Montana Ames (montana@crosswire.io)!

We hope everyone had a safe long weekend! Here's your Identity Security TL;DR recap from the week of November 6th: 🔍 Okta has finalized its investigation and confirmed that its support breach last month was linked to an employee's personal #Google account and affected 134 Okta customers between September 28th and October 17th, 2023. 🌐 The OpenID Foundation's SSWG released a new draft of the "Shared Signals Framework," a specification used for #identity systems to talk to each other by enabling the "sharing of signals and events between cooperating peers." 📱 Facebook ranks as the most secure major social media site according to a study released by Cerby this past Tuesday. The most prevalent concern across these major players (Facebook, Twitter, Instagram, TikTok, and YouTube) was "poor support for enterprise-grade authentication and authorization technology." 📃 European Union Agency for Cybersecurity (ENISA) released their "Foresight 2030 Threats" report, highlighting the importance of "The Human Element"—advanced #socialengineering, exploited legacy systems, and #identitytheft— for the next decade of #cybersecurity. ⛄ The holiday season is fast approaching, and Iris® Powered by Generali has reported that more people than ever are worried about protecting their identities, with 73% of respondents concerned about the safety of their personal and financial information while #holidayshopping. Anything else we missed from last week in #infosec?