SAML vulnerability puts single sign-on systems in jeopardy

Security Digest Information security news and advice from TechTarget's network| February 28, 2018 FEATURED STORY New SAML vulnerability enables abuse of single sign-on by Rob Wright, Executive Editor Duo Security discovered a new SAML flaw affecting several single sign-on vendors that allows attackers to fool SSO systems and log in as other users without their passwords. (SearchSecurity.com) Advertisement NEWS   Ad network cryptojacking attack bypasses ad blockers Qihoo 360's Netlab team discovered an online ad network has been bypassing ad blockers and running cryptomining software in the browsers of unsuspecting visitors. (SearchSecurity.com)   SEC cybersecurity disclosure rules get a guidance update The U.S. Securities and Exchange Commission introduced new SEC cybersecurity disclosure rules to prevent insider trading related to data breaches and other security incidents. (SearchSecurity.com)   Risk & Repeat: Intel bug bounty tackles side channel attacks In this week's Risk & Repeat podcast, SearchSecurity editors examine Intel's new bug bounty for side channel attacks and what it says about Meltdown and Spectre. (SearchSecurity.com)   Hackers used SWIFT-based attacks to steal millions from banks News roundup: Hackers once again used SWIFT-based attacks to steal millions from Russian and Indian banks. Plus, hackers used an L.A. Times website for cryptojacking, and more. (SearchSecurity.com)   Cryptojacking attacks hit enterprises' cloud servers Cloud security vendor RedLock discovered threat actors had gained access to several enterprise cloud environments, including Tesla's, and used them for cryptojacking schemes. (SearchSecurity.com)   Google discloses Microsoft Edge vulnerability without a patch Google's Project Zero publicly published an Edge browser vulnerability after the 90-day disclosure deadline expired, and Microsoft has yet to patch the flaw. (SearchSecurity.com) EXPERT ADVICE   Web vulnerability scanners: What you won't learn from vendors Web security flaws are a serious issue that web vulnerability scanners can manage. Discover your best fit scanner as expert Kevin Beaver shares tips that vendors won't tell you. (SearchSecurity.com)   How hard will the GDPR right to be forgotten be to get right? Under GDPR, the right to be forgotten is granted to all EU data subjects. Mimecast's Marc French explains why enterprises will need to be careful about how they manage the process. (SearchSecurity.com)   How cloud access security brokers have evolved Cloud access security brokers keep being acquired by bigger security companies. Expert Rob Shapland looks at how these acquisitions have changed the CASB industry. (SearchCloudSecurity.com)   Uber breach: How did a private GitHub repository fail Uber? The recent Uber breach calls into question the use of code repositories. Expert Matt Pascucci explains how the breach of GitHub and Amazon Web Services occurred. (SearchSecurity.com) About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Security Digest, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.