Security News

Mondays are for checking months of logs, apparently, if MFA's not enabled In potentially bad news for those with long names and/or employers with verbose domain names, Okta spotted a security hole...

Okta is warning that a cross-origin authentication feature in Customer Identity Cloud (CIC) is susceptible to credential stuffing attacks orchestrated by threat actors. "We observed that the...

Okta warns that a Customer Identity Cloud feature is being targeted in credential stuffing attacks, stating that numerous customers have been targeted since April. Okta says it identified credential stuffing attacks starting on April 15, 2024, which targeted endpoints utilizing Customer Identity Cloud's cross-origin authentication feature.

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgradesThere are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has confirmed on Monday, but they are "Not aware at this time of any malicious attempts to use these persistence techniques in active exploitation of the vulnerability." Okta warns customers about credential stuffing onslaughtCredential stuffing attacks have exploded this April, Okta warns, and advises its customers to use available tools to block access requests originating from residential proxies before authentication takes place.

Credential stuffing attacks have exploded this April, Okta warns, and advises its customers to use available tools to block access requests originating from residential proxies before authentication takes place. "In credential stuffing attacks, adversaries attempt to sign-in to online services using large lists of usernames and passwords obtained from previous data breaches of unrelated entities, or from phishing or malware campaigns," Okta's Moussa Diallo and Brett Winterford explained.

Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks,...

Okta warns of an "Unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks. In an advisory today, Okta says the attacks seem to originate from the same infrastructure used in the brute-force and password-spraying attacks previously reported by Cisco Talos [1, 2]. In all attacks that Okta observed the requests came through the TOR anonymization network and various residential proxies.

Okta is one of the most well-known companies in the IAM space, but up-and-coming competitor JumpCloud has recently challenged Okta's dominance. This review compares the essential features of JumpCloud and Okta to help you choose the right IAM software for your business.

Auth0 and Okta are powerful IAM tools with distinct strengths that solve this problem. The key difference perhaps lies in how Auth0 and Okta approach identity.

While both Okta and Duo offer strong identity management features like multi-factor authentication, user provisioning, single sign-on and endpoint visibility, there are still notable differences in how each vendor approaches IAM. Duo, which is now part of Cisco Security, takes a more unified approach to IAM, while Okta uses a two-pronged approach: workforce identity cloud and customer identity cloud. While pricing in both Okta and Duo is based on the number of users, Okta's is further determined by the product you choose.