Potential access management customers got a new option from Okta Wednesday, as the identity and access management (IAM) provider announced a newly streamlined Consumer Identity Cloud system designed to simplify the deployment and use of its various products.
Okta said that the new cloud program is split into two main components—those aimed at providing identity validation services for consumers, and those aimed at enterprise customers. The former is focused on providing high-security options for online transactions, support for passkeys (instead of passwords, which are thought to be less secure), and providing an all-in-one security center monitoring system for quick response to suspicious activity.
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.
Insufficient verification of missing size check in ‘LoadModule’ may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.
Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.
An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.
Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
Over the past several years, hackers have targeted public-facing network devices such as routers, VPN concentrators, and load balancers to gain a foothold into corporate networks. While finding remote code execution vulnerabilities in such devices is not uncommon, incidents where attackers were able to deploy malware on them that can survive restarts or firmware upgrades have been rare and generally attributed with sophisticated APT groups.
Because they use flash memory that degrades over time if subjected to many write operations, embedded network devices typically store their firmware in read-only filesystems and load their contents into RAM at each restart. This means that all changes and files generated by the various running services during the device’s normal operation are temporary because they only occur in RAM and are never saved to the file system, which is restored to its initial state when the device is restarted reboot.