November 4, 2024 at 04:07PM Okta has resolved an authentication bypass vulnerability affecting long usernames and complex domain names, which could have enabled unauthorized access under specific conditions. Discovered on October 30, it remained undetected for three months. Customers are urged to check logs for unusual activity and implement multifactor authentication for added security. **Meeting … Read more
October 14, 2024 at 05:08AM Recent reports indicate that stolen identity credentials account for 61% of data breaches, with the average breach costing $4.88 million in 2024. Organizations are urged to adopt proactive security measures, such as customer identity and access management (CIAM) platforms, to enhance protection against cyber attacks. Okta offers insightful webinars on … Read more
May 30, 2024 at 11:53AM Okta, an identity management service provider, is warning of credential-stuffing attacks against its Customer Identity Cloud’s cross-origin authentication feature. The company has provided guidance for mitigating the attacks and preventing them, including monitoring event logs for specific indicators and enabling breached password detection. Further defense measures include passwordless authentication, strong … Read more
April 29, 2024 at 07:19AM Okta has warned of a surge in credential stuffing attacks utilizing anonymity services, such as Tor, and residential proxies. These attacks leverage stolen credentials to compromise online accounts. The increase in activity may be linked to a recent global brute-force campaign on VPN and SSH services. Okta recommends measures such … Read more
March 2, 2024 at 11:35AM The new phishing kit CryptoChameleon targets FCC employees and cryptocurrency platforms like Binance and Coinbase. It employs complex phishing methods, including email, SMS, and voice phishing to obtain sensitive information. Attackers use closely resembling domains and well-designed phishing pages to deceive victims and may redirect them to genuine platforms or … Read more
February 1, 2024 at 08:20PM Cloudflare revealed that suspected government spies infiltrated their system by using credentials stolen from the October 2023 Okta security breach. The intruders gained access to Atlassian and other systems, potentially extracting source code and sensitive information. Cloudflare, assisted by a security firm, is working to bolster their security measures following … Read more
February 1, 2024 at 03:59PM Cloudflare revealed today that its internal Atlassian server was infiltrated by a ‘nation state’ attacker, who gained access to its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system. The company detected the breach on November 23, severed access on November 24, and assured that customer data … Read more
December 20, 2023 at 11:39AM Okta has agreed to acquire Israeli startup Spera Security to bolster its Identity threat detection and security capabilities. The deal, valued at around $100-130 million, aims to provide customers with enhanced technology for identifying and addressing identity-driven attacks. Spera’s platform offers continuous protection from identity-based attacks through proactive monitoring and … Read more
November 7, 2023 at 05:24AM October 2023 saw a total of 31 cybersecurity-related merger and acquisition (M&A) deals. Some notable acquisitions include Arctic Wolf’s acquisition of Revelstoke to enhance its security orchestration, automation, and response (SOAR) capabilities, and Okta’s acquisition of Uno to accelerate the release of its consumer password manager. Other acquisitions were made … Read more
November 2, 2023 at 05:53PM Okta experienced a cybersecurity incident through a breach of its third-party vendor, Rightway Healthcare, resulting in the exposure of personal and healthcare data of around 5,000 Okta employees. The breach occurred on September 23 and was discovered on October 12. Okta reassured that only its employees, not customers, were affected. … Read more