Okta breached. Safari iLeakage attack. Security Copilot early access.  27th October 2023

Okta breached, attackers use stolen session tokens to breach Okta customers

This is worth a section of its own. Attackers breached the Okta support case management system, which held session cookies and tokens from customers that were being used to troubleshoot issues.

What makes this bad thing (much) worse, is that Okta was notified two weeks earlier by security firm BeyondTrust that they had stopped an attacker who was using a cookie that seemed to come from Okta's support system. Okta didn't seem to take them seriously though.
Then one day before Okta admitted to the breach, Cloudflare also detected a similar incident. And 1Password was also already working with Okta to determine the cause of a breakin attempt through Okta systems, where Okta missed certain activity logs related to 1Password's case. Ugh.

It's not great when Okta, the treasure trove of so many corporate identities, has to be schooled by other companies. We expect better, Okta, much better. The same goes for their communications, because when Okta finally did come clean, they didn't mention anything about BeyondTrust's disclosure, and their post leaves much to be desired.

Fair to say that Okta isn't the infosec sweetheart of the moment.

• BeyondTrust post: link.
• Cloudflare post: link.
• 1Password post: link.
• Okta post: link.
• Hackernews discussion: link.

iLeakage: side channel attack targeting the Safari web browser

Interesting Spectre-like attack with some practical seeming implications. Fortunately there's no evidence of it being used in the wild, and the researchers themselves note that it would be difficult to do. Hackernews thread here.

Microsoft announces Security Copilot early access program

I am pretty excited with the possibility of having an AI "assistant" when triaging security incidents. Make sure your manager realises that it is -just- an assistant though :-) The idea would be that you can ask questions rather then crafting queries, that it performs real-time malware analysis and can provide incident summaries, stuff like that. Lot's of potential here I think.

GlitchSecure: real-time and continuous security testing

If you feel like doing a quick pentest every few quarters isn't enough, you are correct. Take a look at the combination of continuous vulnerability assessments and real-time pentesting that GlitchSecure offers. Every finding is verified by highly skilled (and wonderful) humans. (Sponsored)

Kaspersky reveals 'elegant' malware resembling NSA code

We often read about malware that is attributed to China or Russia, it's rare to read about something that might have been created by the US. It's hard to be sure, but the sophistication and effort that went into it, like writing a custom Tor client from scratch, likely points to the NSA, according to Kaspersky.

Google Chrome's new "IP Protection" will hide users' IP addresses

Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers. That's the tagline anyway. I don't know what to make of it, but generally when Google tells me it's to "protect privacy" I raise an eyebrow.

Pwn2Own Toronto 2023 - Day Three Results

Nothing that jumps out as Earth-shattering, but always interesting to read through which hacks were succesfull and how much was paid out. As of the latest post the total payout was over $900,000. The day one writeup can be found here, day two here.

Learn how to embrace shadow IT safely in your business, by 1Password

This blogpost was written by 1Password for Cybersecurity Awareness Month, focusing on how to safely manage shadow IT, which is the hardware and software that employees use that isn't managed by your company. (Sponsored)