May 13, 2024 at 10:07AM Authentication tokens, crucial for cybersecurity, allow secure logins and app access. However, they pose risks if compromised. Threat actors exploit unexpired tokens, leading to breaches. Companies should adopt aggressive token management, including expiring tokens every seven days and limiting access from personal devices. These actions can significantly mitigate the risk … Read more
January 2, 2024 at 03:06PM Info-stealing malware can still access compromised Google accounts even after passwords are changed, due to a zero-day exploit first mentioned by the cybercriminal “PRISMA.” The exploit involves regenerating session tokens to access emails and cloud storage. CloudSEK identified the exploit in the undocumented Google OAuth endpoint “MultiLogin.” The discover reveals … Read more
December 19, 2023 at 06:00PM 35 million customers of Comcast Xfinity have been affected by the CitrixBleed vulnerability, leading to a breach of customer data, including sensitive information. Although Comcast promptly patched and mitigated the vulnerability, attackers were still able to exfiltrate a large amount of data over a three-day period. The ongoing threat of … Read more
November 3, 2023 at 03:42PM Threat actors breached Okta’s customer support system, stealing files related to 134 customers. Five specific customers, including BeyondTrust, 1Password, and Cloudflare, were targeted with the stolen data. The breach was due to compromised employee credentials on a personal device. Okta has revoked the affected session tokens and implemented measures to … Read more
October 31, 2023 at 04:48PM The critical information-disclosure bug known as Citrix Bleed is being heavily exploited. Over 5,000 vulnerable servers have been identified on the public internet. Even after patching the flaw, session tokens can still be used. Multiple ransomware gangs are involved in the mass exploitation, and the vulnerability is being targeted across … Read more
October 23, 2023 at 06:40PM Hackers breached the Okta support case management system, impacting 1Password. No user data from 1Password was compromised, but the breach involved an IT employee’s stolen session cookie. The threat actor attempted to manipulate authentication flows and gain unauthorized access. Okta confirmed the breach and both companies have taken steps to … Read more
October 20, 2023 at 05:48PM Hackers breached Okta’s support case management system and accessed sensitive data that can be used for identity impersonation. The stolen data includes cookies and session tokens, which can be used for further attacks. Okta has taken steps to protect its customers, but recommends sanitizing credentials and tokens before sharing them. … Read more
October 20, 2023 at 02:48PM Attackers breached Okta’s support management system using stolen credentials, gaining access to files containing cookies and session tokens uploaded by customers. The incident did not impact the production Okta service or the Auth0/CIC case management system. Okta notified affected customers and advised all customers to sanitize their HAR files to … Read more