US in cyber warning over log-in apps
PEOPLE who sign into their computers to work from home using identity verification apps could be at risk of cyber attacks by foreign spies, America’s cyber security agency has warned.
Employees who use apps such as Okta and other identity verification services, such as Duo or Microsoft’s Azure AD, were placed at risk due to a bug that originates with a firewall provider many companies use, according to US Cyber Command. Workers could be affected worldwide – including Britain.
The bug, listed as a maximum level ten vulnerability by the team that
‘The bug is listed as a maximum level ten vulnerability by the team that found it’
found it, is thought to be actively at risk of being exploited by advanced cyber attackers, including nation states.
Experts warned such a bug could allow a hacker access to the sensitive records of a company, steal credentials or even to take over the internal system.
US Cyber Command warned that Palo Alto Networks, a US firewall provider used by more than 70,000 companies around the world, had found a bug in its technology that put log-in apps designed to make workers more secure at risk.
The vulnerability in the firewall affects the networks of businesses and governments that use those networks. However, individuals signing into remote desktops could also be affected.
The company has now patched the bug and is advising customers to update their networks.