Security News

Okta has released additional details about the security incident caused by the Lapsus$ gang, and has named the contractor involved: Sitel. "Like many SaaS providers, Okta uses several companies to expand our workforce. These entities help us to deliver for our customers and make them successful with our products. Sitel, through its acquisition of Sykes, is an Okta sub-processor that provides Okta with contract workers for our Customer Support organization," explained David Bradbury, Okta's chief security officer.

Authentication services provider Okta on Wednesday named Sitel as the third-party linked to a security incident experienced by the company in late January that allowed the LAPSUS$ extortion gang to remotely take over an internal account belonging to a customer support engineer. "On January 20, 2022, the Okta Security team was alerted that a new factor was added to a Sitel customer support engineer' Okta account ," Okta's Chief Security Officer, David Bradbury, said in a statement.

Microsoft warns of destructive attacks by Lapsus$ cybercrime group. In a blog post published Tuesday, Microsoft provides insight into the group's tactics and techniques and offers tips on how to protect your organization from these attacks.

Recent claims by the cyber extortion gang have been validated by Okta and Microsoft: Lapsus$ have managed to get their hands on some of Microsoft's source code and have gained access to the laptop of a support engineer working for a third-party contractor for Okta, allowing them to potentially impact approximately 2.5% of the company's customers. After the gang published screenshots from Okta's internal systems and said that they focused their incursion on Okta customers, the company's CEO first said that, in late January 2022, they detected an attempt to compromise the account of a customer support engineer working for one of their subprocessors, and that "There is no evidence of ongoing malicious activity beyond the activity detected in January."

The U.S. government on Monday once again cautioned of potential cyber attacks from Russia in retaliation for economic sanctions imposed by the west on the country following its military assault on Ukraine last month. "It's part of Russia's playbook," U.S. President Joe Biden said in a statement, citing "Evolving intelligence that the Russian Government is exploring options."

ELTA, the state-owned provider of postal services in Greece, has disclosed a ransomware incident detected on Sunday that is still keeping most of the organizations services offline. An initial statement about the attack came on Monday, when ELTA announced the cause of a service disruption, claiming that its immediate response and isolation of the entire data center has helped mitigate the impact.

Moscow-based meat producer and distributor Miratorg Agribusiness Holding has suffered a major cyberattack that encrypted its IT systems, according to a report from Rosselkhoznadzor - the Russian federal veterinary and phytosanitary supervision service. The announcement notes that the attackers leveraged the Windows BitLocker feature to encrypt files, essentially performing a ransomware attack.

Web malware and ransomware now top the list of security threats that organizations are most concerned about. This is according to a research published by Menlo Security, exploring what steps organizations are taking to secure themselves in the wake of a new class of cyber threats - known as Highly Evasive Adaptive Threats.

The novel phishing technique, described last week by a penetration tester and security researcher who goes by the handle mr. The concocted popups simulate a browser window within the browser, spoofing a legitimate domain and making it possible to stage convincing phishing attacks.

A novel phishing technique called browser-in-the-browser attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks. "Combine the window design with an iframe pointing to the malicious server hosting the phishing page, and it's basically indistinguishable," mrd0x said in a technical write-up published last week.