Security News

Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. The leaked data includes user IDs, full names, company names, office addresses, phone numbers, email addresses, positions/roles, and other information.

OneLogin and Okta are enterprise-grade IAM platforms offering security products that customers can mix-and-match to create a customized solution. Feature comparison: OneLogin vs. Okta Single Sign-On. Both OneLogin and Okta offer SSO for on-premises and cloud-based applications, as well as endpoint devices like laptops and mobile phones.

A new phishing campaign is using fake Okta single sign-on pages for the Federal Communications Commission and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered. The victims are then prompted to resolve a captcha using hCaptcha - a tactic that prevents the phishing site from being identified and adds to its credibility - and are presented with a spoofed Okta SSO page.

A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission employees, using specially crafted single sign-on pages for Okta that appear remarkably similar to the originals. The same campaign also targets users and employees of cryptocurrency platforms, such as Binance, Coinbase, Kraken, and Gemini, using phishing pages that impersonate Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL. The attackers orchestrate a complex phishing and social engineering attack consisting of email, SMS, and voice phishing to deceive victims into entering sensitive information on the phishing pages, such as their usernames, passwords, and, in some cases, even photo IDs.

Ping Identity and Okta are among the top IAM tools on the market today and provide many of the functions large and small companies need when initiating identity and access management systems for their networks. In comparison, Okta is a leading IAM provider that offers enterprise-grade identity management for companies around the world.

This all makes IAM solutions critical to any modern business, and two popular options in that category are Okta and Microsoft Entra ID. Okta vs. Microsoft Entra ID: Comparison. Entra ID Free Entra ID P1 Entra ID P2 Entra ID Governance Free $6.00 per user, per month $9 per user, per month $7 per user, per month Identity governance.

Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system."They then returned on November 22 and established persistent access to our Atlassian server using ScriptRunner for Jira, gained access to our source code management system, and tried, unsuccessfully, to access a console server that had access to the data center that Cloudflare had not yet put into production in São Paulo, Brazil," Cloudflare said.

Strategies for cultivating a supportive culture in zero-trust adoptionIn this Help Net Security interview, Wolfgang Goerlich, Advisory CISO at Cisco, discusses the benefits of implementing a mature zero-trust model for both security and business outcomes, revealing a decrease in reported security incidents and enhanced adaptability. Vigil: Open-source LLM security scannerVigil is an open-source security scanner that detects prompt injections, jailbreaks, and other potential threats to Large Language Models.

Okta has admitted that the number of customers affected by its October customer support system data breach is far greater than previously thought. In the process of figuring out how the mistake came to be, it also identified additional reports accessed by the attackers, including employee information and the contact details of all Okta certified users and some Okta Customer Identity Cloud customers.

Okta's investigation into the breach of its Help Center environment last month revealed that the hackers obtained data belonging to all customer support system users. The company notes that the threat actor also accessed additional reports and support cases with contact information for all contact information of all Okta certified users.