Let's give you a quick update about all the major things that happened in the cybersecurity world recently!

North Korean Cybercriminals Swiftly Cash in on Linux-Driven Attacks?

Criminals exploit transaction messages for unauthorized withdrawals despite low funds. FASTCash, identified by the US in October 2018, was used by North Korean hackers in an ATM scheme against banks in Africa and Asia. Originally targeting Windows and IBM AIX, it now targets Linux, manipulating ISO 8583 messages to enable withdrawals of 12,000 to 30,000 lira ($350 to $875). Researchers noted that "the process injection technique should be detectable by any Linux agent monitoring the ptrace system call."?

?

Cisco Shuts Down DevHub Access Following Security Incident?

Cisco has limited public access to its DevHub after hackers stole customer data, now appearing for sale on a cybercrime forum. The breach includes source code, API tokens, and credentials from companies like Microsoft and AT&T. Cisco announced the investigation on Oct. 15 and confirmed the breach three days later, though details were sparse. While no personal or financial data was reported stolen, the investigation is ongoing. To enhance security, public access to the site has been disabled during this inquiry.?

Microsoft: Innovative Exploitation of Cloud Files Strengthens BEC Attacks?

Since April, Microsoft has observed a rise in campaigns using legitimate file-sharing services like Dropbox and OneDrive to deliver malicious files, often bypassing security measures. Attackers exploit social engineering to target trusted contacts, leading to successful phishing of credentials and resulting in financial fraud, data theft, and unauthorized network access. Microsoft notes, "This misuse of legitimate services is effective because recipients trust emails from known vendors," who are often on allow lists, enabling phishing emails to evade detection.?

?

Pokémon Gaming Company Employee Data Breached in Cyberattack?

?

Game Freak, the Pokémon developer, is confronting a "TeraLeak" security breach impacting over 2,600 employees and partners. The leak, first reported on 4chan and social media, exposed gigabytes of sensitive game information.?

On Oct. 10, the company confirmed a data compromise from August but hasn't specified if game data was part of it. Game Freak is currently rebuilding its server and assessing systems to prevent future breaches.?

?

?

Hong Kong Crime Syndicate Scams $46 Million -Fraudsters used deepfake technology during online dating calls to deceive victims.?

Hong Kong police arrested 27 individuals on Monday in connection with a deepfake scam that defrauded $46 million. The scammers created AI-generated fake female personas for online dating, using altered appearances and voices to build trust with victims. They enticed targets with false profit claims, as noted by Fang Chi-kin of the New Territories South crime unit. Victims realized the scam when they couldn’t withdraw funds. Authorities seized computers, phones, over $25,000, and luxury watches, and arrested six associates of cryptocurrency platforms, including five from the Sun Yee On gang. This follows a UN report on the rise of cyber fraud using deepfake technology.?

The Emergence of Open Banking in the United States.?

The CFPB's Personal Financial Data Rights Rule enhances U.S. open banking by allowing consumers to access and share their financial data, promoting transparency and competition. Currently, 100 million consumers enable third-party data access, with 36% using open banking for payments and 55% willing to share data for better loan options. The rule aims to protect consumers while encouraging data sharing.?This initiative boosts transparency, expands choices, and fosters financial innovation. Effective Identity and Access Management (IAM) is crucial for securing interactions among consumers, banks, and third parties, paralleling developments in the EU, U.K., and Australia.?

Trevonix Partner Insights

Saviynt has transformed its Partner Program to enhance enterprise identity security through The Identity Cloud.?

Saviynt has revamped its Accelerate Partner Program to better support global distributors and solution providers. This initiative offers resources, training, certifications, and support to enhance partner growth and customer satisfaction.?

"Partners are vital to our strategy for cloud-first identity solutions," said Mark Francetic, SVP of global alliances at Saviynt. "The program provides a clear growth path for partners, whether reselling or managing our services."?

? Trevonix Insights???

Post Oktane2024 Highlights ?

?Kathy Waynick, US Operations Advisor for Trevonix, attended Oktane2024 in Las Vegas, the annual premier User conference for identity security. The event featured industry announcements; along with a phenomenal launch of new products designed to secure identities across Customer and Workforce platforms. Okta’s leadership, Product, Field Specialists and customers shared their success stories and dove into?the latest trends throughout the jammed pack 3-day conference.?

?

This year was like none other because Okta kicked off its Oktane 2024 conference by announcing the formation of an?OpenID Foundation working group designed to standardize identity management and authentication . Known as Interoperability Profile for Security Identity in the Enterprise (IPSIE) , the effort will look to create the first unified Identity Security standard. This is a game changer with Okta leading the charge, along with a multitude of Technology Giants joining forces. ?The excitement for this new standard was a buzz heard all throughout the sessions and hallway discussion.?

?Kathy engaged in the full-day partner summit sessions, for as a global delivery partner it matters most when you hear the investments Okta is making and more coming towards the partner-first journey they’ve set out to conquer. The Marketing Leadership team filled us in on what’s coming, an all-out year full of new press maturation and campaign material that will launch this year’s major theme “Identity is Security, it truly reflects the critical role identity plays in safeguarding the digital world.” squarely in the hands of the global community of partners leaning in to embrace securing identities and delivering customer success!?

?Takeaways: ??

?Notable Identity security features for Workforce platform include:?

-Governance Analyzer using Okta AI – will provide Managers the insights they need to make informed authorization decision, by providing usage data and previous governance decisions.

-Out of the box - Identity Verification – critical for helping customers mitigate the risk of social engineering and deepfake attacks. ?

-Extended Device Single Sign-On – aids in reducing the risk of user context-based exploits and phishing attacks?

?Notable Identity security features for Customer platform include:?

-Fine Grained Authorization – provides ability to manage complex authorization for customer scenarios, by improving security when defining groups and user permissions for every customer application.?

-Self Service SSO – provides your customer with a hosted workflow to configure single sign-on access to SaaS application.?

-Forms – provides the ability to customize signups and logins using a no-code visual editor, a must have for developers.?

-Highly Regulated Identity – provides ability to safeguard sensitive customer operations such as updating account information, administrator or security settings, accessing sensitive customer data or applications, like money transactions where the customer can review and approve these types of sensitive operations in real-time.?

-Self Service SCIM – long awaited ability to offload SCIM configuration to customers, providing the ability for them to automate provisioning and de-provisioning of user access across all applications. ? ?

?

Oktane2024 was a significant success, and Trevonix was proud to participate.?

?

Sowmiya Attends PingYOUniverse 2024?

?

Our Teammate, Sowmiya Rajamanickam, had an amazing time at Pingyouinverse . She was able to network with industry professionals and gain valuable insights about The Future of Identity. It was a fantastic opportunity for Trevonix to be a part of such an innovative event and learn about the latest trends and technologies in the field. Sowmiya thoroughly enjoyed the experience and is excited to apply her new knowledge and connections to our projects. Overall, the event was a great success, and we look forward to future opportunities to collaborate and learn from other industry leaders.?

? Secure Bytes: Tips from Trevonix?

CHECK OUT our recent Blogs?