* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Saturday, June 7, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Entertainment lineup released for 2025 Mississippi State Fair – WAPT

    Exciting Entertainment Lineup Unveiled for the 2025 Mississippi State Fair!

    After Denzel Washington Said He Would Be In Black Panther 3, Ryan Coogler Explained Why He’s ‘Fine’ With That Information Being Revealed So Early – Yahoo

    Ryan Coogler Shares Why He’s Cool with Denzel Washington’s Black Panther 3 Reveal!

    Traveling Tacos and Tequila Festival to stop at Florence Yall’s stadium this October – Cincinnati Enquirer

    Get Ready for a Flavor Fiesta: Traveling Tacos and Tequila Festival Hits Florence Y’all’s Stadium This October!

    9 things to do this weekend in Lake County plus a look ahead – Leesburg Daily Commercial

    Discover 9 Exciting Weekend Adventures in Lake County and What’s Coming Up!

    Shows to Watch – The Advocate

    Must-See Shows You Can’t Miss!

    Fox News Entertainment Newsletter: Celebrities mentioned during Diddy’s high-profile sex trafficking trial – Fox News

    Fox News Entertainment Newsletter: Celebrities mentioned during Diddy’s high-profile sex trafficking trial – Fox News

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    ECS Professor Pankaj K. Jha Receives NSF Grant to Develop Quantum Technology – Syracuse University News

    Unlocking the Future: ECS Professor Pankaj K. Jha Secures NSF Grant for Groundbreaking Quantum Technology Development

    Fire Tech Brief: 5 Fire Apparatus Technology Upgrades – firehouse.com

    Revving Up Safety: 5 Innovative Upgrades for Fire Apparatus Technology

    U.S. FDA Grants Platform Technology Designation to the Viral Vector Used in SRP-9003, Sarepta’s Investigational Gene Therapy for the Treatment of Limb Girdle Muscular Dystrophy Type 2E/R4 – Sarepta Therapeutics

    Breakthrough for Gene Therapy: FDA Designates Viral Vector in Sarepta’s SRP-9003 for Limb Girdle Muscular Dystrophy Treatment

    Waunakee Fifth-Graders Dive into the Future at Exciting Tech Day!

    Property Technology Magazine Unveils “PropTech Top 50 Index” and the “2025 PropTech Trends Report – The Great Rebuild.” – Business Wire

    Property Technology Magazine Unveils “PropTech Top 50 Index” and the “2025 PropTech Trends Report – The Great Rebuild.” – Business Wire

    Micron Technology (NASDAQ:MU) Stock Price Expected to Rise, UBS Group Analyst Says – MarketBeat

    UBS Analyst Predicts Surge in Micron Technology Stock Price!

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Entertainment lineup released for 2025 Mississippi State Fair – WAPT

    Exciting Entertainment Lineup Unveiled for the 2025 Mississippi State Fair!

    After Denzel Washington Said He Would Be In Black Panther 3, Ryan Coogler Explained Why He’s ‘Fine’ With That Information Being Revealed So Early – Yahoo

    Ryan Coogler Shares Why He’s Cool with Denzel Washington’s Black Panther 3 Reveal!

    Traveling Tacos and Tequila Festival to stop at Florence Yall’s stadium this October – Cincinnati Enquirer

    Get Ready for a Flavor Fiesta: Traveling Tacos and Tequila Festival Hits Florence Y’all’s Stadium This October!

    9 things to do this weekend in Lake County plus a look ahead – Leesburg Daily Commercial

    Discover 9 Exciting Weekend Adventures in Lake County and What’s Coming Up!

    Shows to Watch – The Advocate

    Must-See Shows You Can’t Miss!

    Fox News Entertainment Newsletter: Celebrities mentioned during Diddy’s high-profile sex trafficking trial – Fox News

    Fox News Entertainment Newsletter: Celebrities mentioned during Diddy’s high-profile sex trafficking trial – Fox News

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    ECS Professor Pankaj K. Jha Receives NSF Grant to Develop Quantum Technology – Syracuse University News

    Unlocking the Future: ECS Professor Pankaj K. Jha Secures NSF Grant for Groundbreaking Quantum Technology Development

    Fire Tech Brief: 5 Fire Apparatus Technology Upgrades – firehouse.com

    Revving Up Safety: 5 Innovative Upgrades for Fire Apparatus Technology

    U.S. FDA Grants Platform Technology Designation to the Viral Vector Used in SRP-9003, Sarepta’s Investigational Gene Therapy for the Treatment of Limb Girdle Muscular Dystrophy Type 2E/R4 – Sarepta Therapeutics

    Breakthrough for Gene Therapy: FDA Designates Viral Vector in Sarepta’s SRP-9003 for Limb Girdle Muscular Dystrophy Treatment

    Waunakee Fifth-Graders Dive into the Future at Exciting Tech Day!

    Property Technology Magazine Unveils “PropTech Top 50 Index” and the “2025 PropTech Trends Report – The Great Rebuild.” – Business Wire

    Property Technology Magazine Unveils “PropTech Top 50 Index” and the “2025 PropTech Trends Report – The Great Rebuild.” – Business Wire

    Micron Technology (NASDAQ:MU) Stock Price Expected to Rise, UBS Group Analyst Says – MarketBeat

    UBS Analyst Predicts Surge in Micron Technology Stock Price!

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Business

What you need to know about Okta’s security breach

October 25, 2023
in Business
What you need to know about Okta’s security breach
Share on FacebookShare on Twitter

The SOC guide to responding and defending against IdP vendor compromise.

On October 20, 2023, Okta Security identified adversarial activity that used a stolen credential to gain access to the company’s support case management system. Once inside the system, the hacker gained access to files uploaded by Okta customers using valid session tokens from recent support cases. As a result of using the extracted tokens from the Okta support system and support cases, the threat actor subsequently gained complete access to many of their customers’ systems. In reaction to the attack, Okta support asked customers to upload an HTTP Archive (HAR) file to help troubleshoot issues. HAR files often contain sensitive data that malicious actors can use to imitate valid users.

Zscaler ThreatLabz, an embedded team of security experts, researchers, and network engineers responsible for analyzing and eliminating threats and investigating the global threat landscape, described the impact of identity provider (IdP) breaches and how organizations can dramatically improve the protection against these types of sophisticated attacks by leveraging industry-wide best practices.

The potential damage of identity provider compromise

Identity threats targeting IdPs have quickly become the attack vector of choice for many threat actors. The recent compromise of a leading IdP provider isn’t the first time adversaries gained access to critical customer information, and it won’t be the last.

When an IdP is compromised, the consequences can be severe. Unauthorized access to user accounts and sensitive information becomes a significant concern, leading to potential data breaches, financial loss, and unauthorized activity.

Identity attacks use social engineering, prompt-bombing, bribing employees for 2FA codes, and session hijacking (among many techniques) to get privileged access. The theft of user credentials, such as usernames and passwords or session tokens, can enable attackers to infiltrate other systems and services and grant access to sensitive systems and resources. The exposure of personal or sensitive information can lead to identity theft, phishing attacks, and other forms of cybercrime. The recent breach is a stark reminder of the importance of robust security measures and continuous monitoring to safeguard identity provider systems and protect against these potential impacts.

Traditional security controls are bypassed in such attacks as bad actors assume a user’s identity and their malicious activity is indistinguishable from routine behavior.

Unfortunately, every time a breach like this is reported, the security community is bombarded with pseudo-silver bullets claiming how the compromise could have been averted if only a particular solution had been deployed.

There is no silver bullet in cybersecurity. Adversaries can bypass even the best laid defense plans.

This post explains several recommendations for better preventing, detecting, and/or containing a security incident targeting IdPs. By leveraging a combination of zero trust principles, deception & honeypots for detecting threats that bypass existing controls, and Identity Threat Detection & Response (ITDR) for maintaining strong identity hygiene, you can get visibility into active sessions and credential exposure on endpoints, while also being able to detect identity-specific attacks.

Zero Trust Network Access (ZTNA) replaces network-level based access and reduces excessive implicit trust for access to resources, primarily from remote locations, by employees, contractors, and other third parties.

In this breach, the user unknowingly uploaded a file that had sensitive information to Okta’s support management system. The adversary leveraged the session cookies from the uploaded information to further advance the breach. A DLP-like technology can be effective in preventing users from uploading files with sensitive data unknowingly.

Using posture control, organizations can limit access to applications on managed devices only. Access will be prohibited if the adversaries try to access the critical applications or servers from unmanaged devices. It is imperative to make unmanaged device access a mandatory part of the ZTNA architecture.

The blast radius from the attack can be reduced by enforcing stringent segmentation policies. An administrator should define the policies for combining user attributes and services to enforce who has access to what. It is important to determine if a universal access policy is needed when users are on and off premises.

In this recent OKTA breach, no reports suggest major incidents so far. But in most cyberattacks, the threat actors are after the crown jewel systems and the data. Once the attackers have established a network foothold, they move laterally in the network, identifying the systems that are critical for the organizations to launch further attacks, including data theft. Defense-in-Depth (DiD) plays a very critical role in breaking the attack chain. This layered security approach enforces a very strong defense against sophisticated attacks such that if one layer fails to detect an advancement of a threat actor in the attack chain, then the next layer can still detect the attacker’s next move and break the chain to neutralize the attack.  

Leveraging deception and ITDR using the Zero Trust platform for defense

While Zero Trust reduces your attack surface by making resources invisible to the internet and minimizes the blast radius by connecting users directly to applications, deception, and ITDR are two additional tools in your arsenal that can help prevent, detect, and contain identity-driven attacks.

Deception

Adversaries rely on human error, policy gaps, and poor security hygiene to circumvent defenses and stay hidden as they escalate privileges and move laterally. No security team can be 100% certain that their defenses are bulletproof all the time–this is what adversaries take advantage of.

Deception changes the dynamics by injecting uncertainty into your environment. After hijacking a session token or using credentials, the attacker will scan the environment to find accounts and keys in an attempt to access critical applications and sensitive data.

A simple deception strategy can help detect adversary presence before an attacker establishes persistence or exfiltrates data.

Kill chainAttack techniqueDeception defenseInitial AccessUses stolen/purchased credentials to access internet-facing applications like IdPs, VPNs, RDP, and VDI.Creates decoys of internet-facing applications like IdPs, VPNs, and Citrix servers that attackers are very likely to target.ReconnaissanceUses AD explorer to enumerate users, computers, and groups.  Creates decoy users, user groups, and computers in your Active Directory.Privilege EscalationExploit vulnerabilities in collaboration platforms like Confluence, JIRA, and GitLab to get credentials of a privileged account.  Creates decoys of internal apps like Confluence, JIRA, and Gitlab that intercept the use of credentials to access this system.Privilege EscalationUses Mimikatz to extract credentials from memory in Windows. These credentials are then used to access higher privileged accounts.  Plants decoy credentials in Windows memory.  Lateral MovementMoves laterally to core business applications and cloud environments to gain access to the victim organization’s data.Plants decoys of internal apps like code repositories, customer databases, business applications, and objects like S3 buckets and AWS keys in your cloud tenants.ExfiltrationThe adversary uses their access to download sensitive data and extort the victim.Plants decoy files and other sensitive-seeming information on endpoints that detect any attempt to copy, modify, delete, or exfiltrate the files.

Using deception will not always stop an identity attack, but it will act as a last line of defense to detect a post-breach adversarial presence. This can help prevent a compromise from turning into a breach.

ITDR

ITDR is an emerging security discipline that sits at the intersection of threat detection and identity and access management.

It is becoming a top security priority for CISOs due to the rise of identity attacks and ITDR’s ability to provide visibility into an organization’s identity posture, implement hygiene best practices, and detect identity-specific attacks.

Augment your Zero Trust implementation with ITDR to prevent and detect identity attacks using the following principles:

Identity Posture Management: Continuously assess identity stores like Active Directory, AzureAD, and Okta to get visibility into misconfigurations, excessive permissions, and Indicators or Exposure (IOEs) that could give attackers access to higher privileges and lateral movement paths.

Implement identity hygiene: Use posture management best practices to revoke permissions and configure default policies that minimize attack paths and privileges.

Threat Detection: Monitor endpoints for specific activities like DCSync, DCShadow, Kerberoasting, LDAP enumeration, and similar changes that correlate to malicious behavior.

An effective Security Operations Center (SOC) playbook plays a crucial role in proactively identifying and mitigating potential IdP attack vectors. By implementing a comprehensive monitoring and detection strategy, organizations can swiftly respond to IdP attack attempts, safeguard user identities, and protect critical resources.

A SOC playbook for the IdP and MFA threat vectors contains detection alerts that are essential to identifying and responding to potential security incidents.

Monitor and alert for:

Permission changes implemented by suspicious users Admin with an unusual location Admin with an unusual user agent

 Admin with an unusual agent version

Failed Okta authentications for privileged users without a follow-up successful authentication

Failed Okta authentications for different users coming from the same source

Reused session IDs Same session ID with different user agents

 Same session ID coming from different countries

MFA resets

For Okta customers, it is advisable to contact the company directly to obtain more information regarding the potential impact on their organization. Additionally, we offer the following recommendations as immediate action:

Perform a thorough investigation for any of the following recent events in your environment:

Recent password resets or MFA resets performed by helpdesk or support personnel

Review all recently created Okta administrators

Review that all password resets are valid

Review all MFA-related events, such as MFA resets or changes to any MFA configuration

Ensure MFA is enabled for all user accounts and administrator accounts, and review actions performed by the administrator accounts

Employing security best practices in managing your identities and MFA configuration is paramount in establishing a robust security posture and effectively mitigating the risks associated with unauthorized access and data breaches. By diligently implementing the following measures and best practices, organizations can greatly fortify the safeguarding of identities and bolster the efficacy of their MFA deployment.

Protect user identities

Use Strong and Unique Passwords: Encourage users to create strong, complex, and unique passwords for their accounts. Implement password policies that enforce minimum length, complexity, and regular password changes.

Implement Least Privilege: Follow the principle of least privilege, granting users only the minimum access necessary to perform their tasks. By limiting user privileges, you reduce the potential impact of compromised credentials.

Educate Users: User awareness and education play a vital role in maintaining security. Train users on the importance of strong passwords, how to recognize phishing attempts, and how to properly use MFA methods. Regularly remind users to follow security best practices and report any suspicious activities.

Protect against MFA attacks

Traditional MFA methods, such as SMS codes or email-based one-time passwords (OTPs), can be susceptible to phishing attacks. Phishers can intercept these codes or trick users into entering them into fake login pages, bypassing the additional security layer provided by MFA. To address this vulnerability, phish-resistant MFA methods have been developed. These methods aim to ensure that even if users are tricked into entering their credentials on a phishing website, the attacker cannot gain access without the additional authentication factor.

Use FIDO2-Based MFA: FIDO2 (Fast Identity Online) is a strong authentication standard that provides secure and passwordless authentication. It is recommended to implement FIDO2-based MFA, which uses public key cryptography to enhance security and protect against phishing attacks.

Utilize Hardware Tokens: Hardware tokens, such as USB security keys or smart cards, can provide an extra level of security for MFA. These physical devices generate one-time passwords or use public key cryptography for authentication, making it difficult for attackers to compromise.

Zscaler’s ThreatLabZ and security teams will continue to monitor the Okta breach. If any further information is disclosed by Okta or discovered through other sources, we will publish an update to this post.

To learn more, visit us here.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : CIO – https://www.cio.com/article/657106/what-you-need-to-know-about-oktas-security-breach.html

Tags: businessOkta’ssecurity
Previous Post

Generative AI: 5 enterprise predictions for AI and security — for 2023, 2024, and beyond

Next Post

How medical technology helps us live the best version of ourselves

ECS Professor Pankaj K. Jha Receives NSF Grant to Develop Quantum Technology – Syracuse University News

Unlocking the Future: ECS Professor Pankaj K. Jha Secures NSF Grant for Groundbreaking Quantum Technology Development

June 7, 2025
Tom Rafferty, longtime Cowboys offensive lineman and Super Bowl champion, dies at 70 – CBS Sports

Remembering Tom Rafferty: Celebrated Cowboys Lineman and Super Bowl Champion Passes Away at 70

June 7, 2025
Drought expanded to 19 more watersheds – Washington State Department of Ecology (.gov)

Severe Drought Worsens: 19 Additional Watersheds Affected!

June 7, 2025
CULT Food Science Closes Debt Settlement – TradingView

CULT Food Science Closes Debt Settlement – TradingView

June 7, 2025
Harmony Public Schools’ science-focused campus to open soon at City Place – Community Impact

Harmony Public Schools’ science-focused campus to open soon at City Place – Community Impact

June 7, 2025
Ladies Lifestyle Network cuts ribbon – haysfreepress.com

Ladies Lifestyle Network cuts ribbon – haysfreepress.com

June 7, 2025
Watch fans celebrate as Uzbekistan secures debut World Cup qualification – CNN

Watch fans celebrate as Uzbekistan secures debut World Cup qualification – CNN

June 7, 2025
Dollar advances against peers after strong US economic data – Reuters

Dollar advances against peers after strong US economic data – Reuters

June 7, 2025
Entertainment lineup released for 2025 Mississippi State Fair – WAPT

Exciting Entertainment Lineup Unveiled for the 2025 Mississippi State Fair!

June 7, 2025
Water-cleaning bacteria can produce health, economic benefits – ASU News

Revolutionary Water-Cleaning Bacteria: Unlocking Health and Economic Benefits!

June 7, 2025

Categories

Archives

June 2025
MTWTFSS
 1
2345678
9101112131415
16171819202122
23242526272829
30 
« May    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (673)
  • Economy (687)
  • Entertainment (21,593)
  • General (15,267)
  • Health (9,728)
  • Lifestyle (690)
  • News (22,149)
  • People (688)
  • Politics (694)
  • Science (15,905)
  • Sports (21,191)
  • Technology (15,673)
  • World (672)

Recent News

ECS Professor Pankaj K. Jha Receives NSF Grant to Develop Quantum Technology – Syracuse University News

Unlocking the Future: ECS Professor Pankaj K. Jha Secures NSF Grant for Groundbreaking Quantum Technology Development

June 7, 2025
Tom Rafferty, longtime Cowboys offensive lineman and Super Bowl champion, dies at 70 – CBS Sports

Remembering Tom Rafferty: Celebrated Cowboys Lineman and Super Bowl Champion Passes Away at 70

June 7, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version