Security News > 2023 > November

Okta has admitted that the number of customers affected by its October customer support system data breach is far greater than previously thought. In the process of figuring out how the mistake came to be, it also identified additional reports accessed by the attackers, including employee information and the contact details of all Okta certified users and some Okta Customer Identity Cloud customers.

The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. Today, the Treasury's Office of Foreign Assets Control has sanctioned Sinbad.io for its alleged use by North Korean hackers who have performed large-scale crypto heists, leading to hundreds of millions of dollars in losses.

This article describes why threat actors target web apps and highlights the value of continuous monitoring in securing modern web apps. One of the key attractions of web apps from a hacker's perspective is how easy they are to target.

Arcserve has fixed critical security vulnerabilities in its Unified Data Protection solution, PoCs for which have been published by Tenable researchers on Monday. Arcserve UDP is a popular enterprise data protection, backup and disaster recovery solution that improves organizations' resilience to ransomware attacks.

Okta's investigation into the breach of its Help Center environment last month revealed that the hackers obtained data belonging to all customer support system users. The company notes that the threat actor also accessed additional reports and support cases with contact information for all contact information of all Okta certified users.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that it's responding to a cyber attack that involved the active exploitation of Unitronics programmable logic controllers...

The Rhysida ransomware group has published most of the data it claimed to have stolen from the British Library a month after the attack was disclosed. The Register has not examined any of the data posted online, but a cursory perusal of the file trees leaked to Rhysida's website appears to show data related to various British Library departments, functions, and stakeholders.

Security researchers Jesse D'Aguanno and Timo Teräs write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN sensor in one of Microsoft's own Surface Pro Type Covers. These are just three laptop models from the wide universe of PCs, but one of these three companies usually does make the fingerprint sensor in every laptop we've reviewed in the last few years.

Google has released an urgent security update to fix a number of vulnerabilities in Chrome browser, including a zero-day vulnerability that is being actively exploited in the wild.CVE-2023-6345, reported by Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group, is due to an integer overflow in Skia - an open source 2D graphics library commonly used as a graphics engine for Google Chrome, ChromeOS, Android, Flutter, and others.

The scope of the recent breach of the Okta customer support system is much wider than initially established, the company has admitted on Tuesday: the attackers downloaded a report that contained the names and email addresses of all Okta customer support system users. Initial and latest findings about the Okta customer support system breach.