The main item this week is Okta's breach. You can tell from my description below that I'm less than impressed with them at the moment. I hope you find the summary, and the rest of the news, interesting at least :-)
Have a good one!
This is worth a section of its own. Attackers breached the Okta support case management system, which held session cookies and tokens from customers that were being used to troubleshoot issues.
What makes this bad thing (much) worse, is that Okta was notified two weeks earlier by security firm BeyondTrust that they had stopped an attacker who was using a cookie that seemed to come from Okta's support system. Okta didn't seem to take them seriously though.
Then one day before Okta admitted to the breach, Cloudflare also detected a similar incident. And 1Password was also already working with Okta to determine the cause of a breakin attempt through Okta systems, where Okta missed certain activity logs related to 1Password's case. Ugh.
It's not great when Okta, the treasure trove of so many corporate identities, has to be schooled by other companies. We expect better, Okta, much better. The same goes for their communications, because when Okta finally did come clean, they didn't mention anything about BeyondTrust's disclosure, and their post leaves much to be desired.
Fair to say that Okta isn't the infosec sweetheart of the moment.
- BeyondTrust post: link.
- Cloudflare post: link.
- 1Password post: link.
- Okta post: link.
- Hackernews discussion: link.
Interesting Spectre-like attack with some practical seeming implications. Fortunately there's no evidence of it being used in the wild, and the researchers themselves note that it would be difficult to do. Hackernews thread here.
I am pretty excited with the possibility of having an AI "assistant" when triaging security incidents. Make sure your manager realises that it is -just- an assistant though :-) The idea would be that you can ask questions rather then crafting queries, that it performs real-time malware analysis and can provide incident summaries, stuff like that. Lot's of potential here I think.
If you feel like doing a quick pentest every few quarters isn't enough, you are correct. Take a look at the combination of continuous vulnerability assessments and real-time pentesting that GlitchSecure offers. Every finding is verified by highly skilled (and wonderful) humans. (Sponsored)
We often read about malware that is attributed to China or Russia, it's rare to read about something that might have been created by the US. It's hard to be sure, but the sophistication and effort that went into it, like writing a custom Tor client from scratch, likely points to the NSA, according to Kaspersky.
Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers. That's the tagline anyway. I don't know what to make of it, but generally when Google tells me it's to "protect privacy" I raise an eyebrow.
Nothing that jumps out as Earth-shattering, but always interesting to read through which hacks were succesfull and how much was paid out. As of the latest post the total payout was over $900,000. The day one writeup can be found here, day two here.
This blogpost was written by 1Password for Cybersecurity Awareness Month, focusing on how to safely manage shadow IT, which is the hardware and software that employees use that isn't managed by your company. (Sponsored)
Breaches and leaks
- European govt email servers hacked using Roundcube zero-day: link.
- International Criminal Court systems breached for cyber espionage: link.
- American Family Insurance confirms cyberattack is behind IT outages: link.
- D.C. Board of Elections: Hackers may have breached entire voter roll: link.
- City of Philadelphia discloses data breach after five months: link.
- University of Michigan breached, employee and student data stolen: link.
- Cyberattack on health services provider impacts 5 Canadian hospitals: link.
- Philadelphia: Hackers spent three months accessing city gov’t email accounts: link.
- Seiko says ransomware attack led to leak of 60,000 ‘items’ of personal data: link.
- US energy firm shares how Akira ransomware hacked its systems: link.
Issues and fixes
- Critical RCE flaws found in SolarWinds access audit solution: link.
- Citrix Bleed exploit lets hackers hijack NetScaler accounts: link.
- Cisco discloses new IOS XE zero-day exploited to deploy malware implant: link.
- VMWare fixes critical vulnerability: link.