* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Saturday, October 4, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Books about the arts and some haunts for a Denton October – Denton Record-Chronicle

    Uncover Artistic Treasures and Spooky Adventures to Experience in Denton This October

    Taylor Swift Releases New Album The Life of a Showgirl : Listen and Read the Full Credits – Yahoo

    Taylor Swift Releases New Album The Life of a Showgirl : Listen and Read the Full Credits – Yahoo

    Toni Braxton Is Turning Her Biggest Hits Into Lifetime Movies – Yahoo

    Toni Braxton Is Turning Her Biggest Hits Into Lifetime Movies – Yahoo

    Major airline to offer new in-flight entertainment options for passengers – PennLive.com

    Major airline to offer new in-flight entertainment options for passengers – PennLive.com

    Penn State-Themed Restaurant and Entertainment Spot Happy Valley Live Set to Open in State College – StateCollege.com

    Penn State-Themed Restaurant and Entertainment Spot Happy Valley Live Set to Open in State College – StateCollege.com

    The Police Made Chart History With This 1979 Hit Nearly 50 Years Ago – Yahoo

    How The Police Changed Music Forever with Their Iconic 1979 Hit Nearly 50 Years Ago

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    MAC Brings iPad Technology to Football Sidelines Across All 13 Member Schools – Sports Video Group

    MAC Brings iPad Technology to Football Sidelines Across All 13 Member Schools – Sports Video Group

    Technology Is Becoming More Important Than Humans In CX – No Jitter

    Technology Is Becoming More Important Than Humans In CX – No Jitter

    A Tech Expo Shows What China Can Make, but Not Who’ll Buy It All – The New York Times

    Inside China’s Tech Expo: Cutting-Edge Innovations Face Uncertain Demand

    Steampunk Metal Oval Technology Sense Sunglasses Personality Handmade Chain Multicolor Sunglasses UV400 – The San Joaquin Valley Sun

    Steampunk Metal Oval Sunglasses with Handmade Multicolor Chain – Bold UV400 Protection and Unique Style

    STELLA Automotive AI Appoints Fred Seidelman as Chief Technology Officer – Yahoo Finance

    STELLA Automotive AI Appoints Fred Seidelman as New Chief Technology Officer

    Saving Energy and Money with Smart Technology – Terms of Service with Clare Duffy – Podcast on CNN Podcasts – CNN

    Saving Energy and Money with Smart Technology – Terms of Service with Clare Duffy – Podcast on CNN Podcasts – CNN

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Books about the arts and some haunts for a Denton October – Denton Record-Chronicle

    Uncover Artistic Treasures and Spooky Adventures to Experience in Denton This October

    Taylor Swift Releases New Album The Life of a Showgirl : Listen and Read the Full Credits – Yahoo

    Taylor Swift Releases New Album The Life of a Showgirl : Listen and Read the Full Credits – Yahoo

    Toni Braxton Is Turning Her Biggest Hits Into Lifetime Movies – Yahoo

    Toni Braxton Is Turning Her Biggest Hits Into Lifetime Movies – Yahoo

    Major airline to offer new in-flight entertainment options for passengers – PennLive.com

    Major airline to offer new in-flight entertainment options for passengers – PennLive.com

    Penn State-Themed Restaurant and Entertainment Spot Happy Valley Live Set to Open in State College – StateCollege.com

    Penn State-Themed Restaurant and Entertainment Spot Happy Valley Live Set to Open in State College – StateCollege.com

    The Police Made Chart History With This 1979 Hit Nearly 50 Years Ago – Yahoo

    How The Police Changed Music Forever with Their Iconic 1979 Hit Nearly 50 Years Ago

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    MAC Brings iPad Technology to Football Sidelines Across All 13 Member Schools – Sports Video Group

    MAC Brings iPad Technology to Football Sidelines Across All 13 Member Schools – Sports Video Group

    Technology Is Becoming More Important Than Humans In CX – No Jitter

    Technology Is Becoming More Important Than Humans In CX – No Jitter

    A Tech Expo Shows What China Can Make, but Not Who’ll Buy It All – The New York Times

    Inside China’s Tech Expo: Cutting-Edge Innovations Face Uncertain Demand

    Steampunk Metal Oval Technology Sense Sunglasses Personality Handmade Chain Multicolor Sunglasses UV400 – The San Joaquin Valley Sun

    Steampunk Metal Oval Sunglasses with Handmade Multicolor Chain – Bold UV400 Protection and Unique Style

    STELLA Automotive AI Appoints Fred Seidelman as Chief Technology Officer – Yahoo Finance

    STELLA Automotive AI Appoints Fred Seidelman as New Chief Technology Officer

    Saving Energy and Money with Smart Technology – Terms of Service with Clare Duffy – Podcast on CNN Podcasts – CNN

    Saving Energy and Money with Smart Technology – Terms of Service with Clare Duffy – Podcast on CNN Podcasts – CNN

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

1Password confirms attacker tried to pull list of admin users after Okta intrusion

October 24, 2023
in Technology
1Password confirms attacker tried to pull list of admin users after Okta intrusion
Share on FacebookShare on Twitter

1Password is confirming it was attacked by cyber criminals after Okta was breached for the second time in as many years, but says customers’ login details are safe.

The outfit said the attack was initially detected on September 29 by a member of 1Password’s IT team after they received an email indicating that they had ordered a report including a list of all 1Password admins.

Knowing they didn’t order this report, the company’s incident response team was quickly engaged. They found a suspicious IP address and later realized the unknown attacker accessed the company’s Okta instance with admin privileges.

The investigation found no evidence of data exfiltration or access of any systems outside of Okta. Attackers were instead observed attempting to “lay low” and scout for intelligence that might later lead to a bigger, more sophisticated attack.

“We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing,” said Pedro Canahuati, CTO at 1Password, in a blog post.

Before being removed from the network, the attacker performed actions including:

Attempted access to the 1Password IT staffer’s user dashboard (Okta blocked this)

Updated an existing identity provider (IDP) tied to 1Password’s Google production environment to impersonate the company’s users

Activated that IDP

Requested a report of all admin users

How the 1Password attack unfolded

The attack on 1Password began in the same way as others have in this new campaign, with the attacker accessing a HTTP Archive (HAR) file uploaded to Okta’s customer support portal.

Uploading HAR files to Okta’s customer support portal is common practice when Okta support is engaged with a customer. 

Inside this HAR file was information about the traffic to and from Okta’s servers from the IT team member’s browser, but also inside it is other data like the session cookie.

At some point after 1Password engaged Okta’s support and before the support agent interacted with the HAR file, an attacker was able to access it and use the session to access Okta’s admin portal, according to the incident response report.

“It is not known how the actor gained access to this session, though it has been confirmed that the generated HAR file contained the necessary information for an attacker to hijack the user’s session,” the report read.

“This was confirmed by IT creating a HAR file, and Security using Burp Suite to force the browser to use the session cookies captured in the HAR file to reproduce the events of the incident.”

Originally, there was some confusion over how this was carried out. Initial investigations focused on Okta’s side but logs revealed that the attackers’ actions all occurred before the Okta support agent accessed the HAR file, eliminating the possibility of there being a rogue support staffer.

Then attention turned to the 1Password IT worker who uploaded the HAR file over a public Wi-Fi network at a hotel, but this avenue also proved fruitless.

“Based on an analysis of how the file was created and uploaded, Okta’s use of TLS and HSTS, and the prior use of the same browser to access Okta, it is believed that there was no window in which this data could have been exposed to the Wi-Fi network, or otherwise subject to interception.”

Finally, the IT staffer’s macOS machine was scanned for malware but showed no sign of any nasty activity, neither on their machine nor on their user accounts. 

The main suspicion continued to be malware until last week when Okta publicized the issues it was facing with a number of its customers, including 1Password. The attacker was able to compromise Okta’s internal support systems, which is how they were able to access the 1Password IT team member’s HAR file after they sent it to Okta support.

After terminating the intrusion, the IT team member’s credentials were rotated and their Yubikey was the only way to complete MFA safeguards. 

A number of configuration changes were also made to the company’s Okta instance, including the tightening of MFA rules, reducing admin session times and the number of super admin accounts, and denying logins from non-Okta IDPs.

Another Okta nightmare

1Password joins BeyondTrust and Cloudflare in the list of high-profile customers to have mitigated attacks brought on by Okta’s issues.

Cloudflare was quick to highlight that it’s the second time security failings at Okta have led to attacks on the web performance and security company.

In March 2022 it was revealed that during a five-day window, a Lapsus$ attacker had remote access to an Okta support engineer’s computer but Cloudflare found no evidence of real compromise of its Okta tenant.

At the time, according to screenshots posted by the attackers, their level of access suggested they had the power to change customers’ user’s passwords, but it wouldn’t have impacted Cloudflare since it uses a combination of passwords and hardware keys for MFA.

Similar to the 1Password case, a Cloudflare session token was hijacked after it was created with Okta support. Cloudflare said it was able to detect and mitigate the intrusion of its Okta instance more than 24 hours before Okta notified it.

After six days and thousands of pwned users, Cisco poised to patch IOS XE flaw

Casino giant Caesars tells thousands: Yup, ransomware crooks stole your data

Go to security school, GoTo – theft of encryption keys shows you need it

LastPass admits attackers have a copy of customers’ password vaults

It was a similar story at BeyondTrust: Stolen session token, immediate detection and remediation, seemingly knew about it before Okta did.

“We raised our concerns of a breach to Okta on October 2nd,” BeyondTrust said in its disclosure. 

“Having received no acknowledgment from Okta of a possible breach, we persisted with escalations within Okta until October 19th when Okta security leadership notified us that they had indeed experienced a breach and we were one of their affected customers.

Okta confirmed in its October 20 disclosure that all customers that were impacted by the incident have been notified.

“Okta has worked with impacted customers to investigate, and has taken measures to protect our customers, including the revocation of embedded session tokens,” it said. 

“In general, Okta recommends sanitizing all credentials and cookies/session tokens within a HAR file before sharing it. 

“Attacks such as this highlight the importance of remaining vigilant and being on the lookout for suspicious activity.” ®

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : The Register – https://go.theregister.com/feed/www.theregister.com/2023/10/24/1password_confirms_all_logins_are/

Tags: confirmspasswordtechnology
Previous Post

Element users are asking for protection against government encryption busting

Next Post

iFixit pries open Google Pixel 8 Pro with clamps and picks

‘This is unprecedented:’ Ecology restricts surface water use in the Yakima River Basin – Yakima Herald-Republic

Unprecedented Move: Ecology Imposes New Restrictions on Yakima River Basin Surface Water Use

October 4, 2025
Roane State, TCAT Knoxville mark milestone at new health science campus – Oakridger

Roane State and TCAT Knoxville Celebrate Major Milestone at New Health Science Campus

October 4, 2025
Science Hill blanks Morristown East – Johnson City Press

Science Hill Cruises to a Commanding Shutout Over Morristown East

October 4, 2025
Favorite Halloween candies in Missouri, Oklahoma, Kansas, Arkansas – Yahoo

Discover the Most Beloved Halloween Candies in Missouri, Oklahoma, Kansas, and Arkansas!

October 4, 2025
MAC Brings iPad Technology to Football Sidelines Across All 13 Member Schools – Sports Video Group

MAC Brings iPad Technology to Football Sidelines Across All 13 Member Schools – Sports Video Group

October 4, 2025
Dodgers’ Roki Sasaki opens up about pitching in relief – Yahoo Sports

Dodgers’ Roki Sasaki opens up about pitching in relief – Yahoo Sports

October 4, 2025
Ageing and health – World Health Organization (WHO)

Ageing and health – World Health Organization (WHO)

October 3, 2025
CFOs confident in their own companies but not in the economy – CFO.com

CFOs Reveal Unshakable Confidence in Their Companies Amid Economic Uncertainty

October 3, 2025
Books about the arts and some haunts for a Denton October – Denton Record-Chronicle

Uncover Artistic Treasures and Spooky Adventures to Experience in Denton This October

October 3, 2025
WFSD Announces Northwell Mental Health Partnership – William Floyd School District

WFSD Announces Northwell Mental Health Partnership – William Floyd School District

October 3, 2025

Categories

Archives

October 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  
« Sep    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (850)
  • Economy (870)
  • Entertainment (21,744)
  • General (17,397)
  • Health (9,913)
  • Lifestyle (883)
  • News (22,149)
  • People (872)
  • Politics (881)
  • Science (16,081)
  • Sports (21,371)
  • Technology (15,853)
  • World (853)

Recent News

‘This is unprecedented:’ Ecology restricts surface water use in the Yakima River Basin – Yakima Herald-Republic

Unprecedented Move: Ecology Imposes New Restrictions on Yakima River Basin Surface Water Use

October 4, 2025
Roane State, TCAT Knoxville mark milestone at new health science campus – Oakridger

Roane State and TCAT Knoxville Celebrate Major Milestone at New Health Science Campus

October 4, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version