December 27, 2023 at 09:24AM In 2023, ransomware attacks and zero-day vulnerabilities in supply chains were the leading cyber threats, prompting the need for organizations to reassess their cybersecurity strategies. Despite increased spending in 2024, concerns about the effectiveness of security investments persist. To enhance security posture, organizations should prioritize data integrity, identity management, and … Read more
December 12, 2023 at 06:36AM The year 2023 witnessed a surge in cyber attacks, particularly through non-human access credentials like API keys, tokens, and service accounts. These credentials lack robust security measures and are often over-permissive and unused, making them an ideal target for cybercriminals. Several high-profile attacks exploited non-human access, prompting the need for … Read more
November 29, 2023 at 08:32AM Okta’s customer support system was breached, affecting all support system users and exposing names, emails, and other details. Less than 1% of customers had session tokens stolen. Okta advises all users, especially unsecured admins, to implement multi-factor authentication and increase vigilance against phishing. No credentials were exposed. Previous attacks included … Read more
November 6, 2023 at 09:11AM Okta has confirmed that its October breach resulted in the compromise of files belonging to 134 customers, which is less than 1 percent of their customer base. Among the affected customers are 1Password, BeyondTrust, and Cloudflare. The breach involved an employee signing into their personal Google account on a company-managed … Read more
November 4, 2023 at 05:24AM Identity and authentication management provider, Okta, reported a recent data breach that affected 134 out of its 18,400 customers. The breach occurred from September 28 to October 17, 2023, and resulted in unauthorized access to session tokens. The company revealed that 5 customers had their legitimate Okta sessions hijacked. Okta … Read more
October 30, 2023 at 03:08AM The COVID-19 pandemic led to a surge in remote work, prompting organizations to quickly adopt remote collaboration tools. However, ensuring robust security for remote access has been a challenge. To address this, Cisco partnered with Forgepoint Capital, NightDragon, and Team8 to create the 2023 CISO Survival Guide, a framework for … Read more
October 24, 2023 at 04:19PM Password manager 1Password is the second victim of Okta’s recent customer support breach. Okta, a cloud-based identity and access management service, suffered a cyberattack that compromised access to customer support systems, allowing the attacker to infiltrate some customers, including 1Password. Fortunately, no user or employee data was compromised. Okta has … Read more
October 24, 2023 at 04:23AM SANS has developed a training and certification program focused on cloud security. They are offering a free webinar called ‘Bridge to the Clouds: Unifying Worlds with Entra ID in Hybrid Landscapes’ on November 7th. The webinar will explore how Microsoft’s Entra ID improves identity and access management in hybrid cloud … Read more
October 20, 2023 at 05:48PM Hackers breached Okta’s support case management system and accessed sensitive data that can be used for identity impersonation. The stolen data includes cookies and session tokens, which can be used for further attacks. Okta has taken steps to protect its customers, but recommends sanitizing credentials and tokens before sharing them. … Read more
October 18, 2023 at 07:00AM In the first half of October 2023, there were over a dozen cybersecurity-related merger and acquisition (M&A) deals announced. Some notable acquisitions include Arctic Wolf’s acquisition of Revelstoke to enhance their security orchestration capabilities, KPMG’s acquisition of IMagosoft to expand their identity and access management services, and Okta’s acquisition of … Read more