US in cy­ber warn­ing over log-in apps

The Daily Telegraph - Business - - Front Page - By

Matthew Field

PEO­PLE who sign into their com­put­ers to work from home us­ing iden­tity ver­i­fi­ca­tion apps could be at risk of cy­ber at­tacks by for­eign spies, Amer­ica’s cy­ber se­cu­rity agency has warned.

Em­ploy­ees who use apps such as Okta and other iden­tity ver­i­fi­ca­tion ser­vices, such as Duo or Mi­crosoft’s Azure AD, were placed at risk due to a bug that orig­i­nates with a fire­wall provider many com­pa­nies use, ac­cord­ing to US Cy­ber Com­mand. Work­ers could be af­fected world­wide – in­clud­ing Bri­tain.

The bug, listed as a max­i­mum level ten vul­ner­a­bil­ity by the team that

‘The bug is listed as a max­i­mum level ten vul­ner­a­bil­ity by the team that found it’

found it, is thought to be ac­tively at risk of be­ing ex­ploited by ad­vanced cy­ber at­tack­ers, in­clud­ing na­tion states.

Ex­perts warned such a bug could al­low a hacker ac­cess to the sen­si­tive records of a com­pany, steal cre­den­tials or even to take over the in­ter­nal sys­tem.

US Cy­ber Com­mand warned that Palo Alto Net­works, a US fire­wall provider used by more than 70,000 com­pa­nies around the world, had found a bug in its tech­nol­ogy that put log-in apps de­signed to make work­ers more se­cure at risk.

The vul­ner­a­bil­ity in the fire­wall af­fects the net­works of busi­nesses and gov­ern­ments that use those net­works. How­ever, in­di­vid­u­als sign­ing into re­mote desk­tops could also be af­fected.

The com­pany has now patched the bug and is ad­vis­ing cus­tomers to up­date their net­works.

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.