Security News

A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission employees, using specially crafted single sign-on pages for Okta that appear remarkably similar to the originals. The same campaign also targets users and employees of cryptocurrency platforms, such as Binance, Coinbase, Kraken, and Gemini, using phishing pages that impersonate Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL. The attackers orchestrate a complex phishing and social engineering attack consisting of email, SMS, and voice phishing to deceive victims into entering sensitive information on the phishing pages, such as their usernames, passwords, and, in some cases, even photo IDs.

Ping Identity and Okta are among the top IAM tools on the market today and provide many of the functions large and small companies need when initiating identity and access management systems for their networks. In comparison, Okta is a leading IAM provider that offers enterprise-grade identity management for companies around the world.

This all makes IAM solutions critical to any modern business, and two popular options in that category are Okta and Microsoft Entra ID. Okta vs. Microsoft Entra ID: Comparison. Entra ID Free Entra ID P1 Entra ID P2 Entra ID Governance Free $6.00 per user, per month $9 per user, per month $7 per user, per month Identity governance.

Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system."They then returned on November 22 and established persistent access to our Atlassian server using ScriptRunner for Jira, gained access to our source code management system, and tried, unsuccessfully, to access a console server that had access to the data center that Cloudflare had not yet put into production in São Paulo, Brazil," Cloudflare said.

Strategies for cultivating a supportive culture in zero-trust adoptionIn this Help Net Security interview, Wolfgang Goerlich, Advisory CISO at Cisco, discusses the benefits of implementing a mature zero-trust model for both security and business outcomes, revealing a decrease in reported security incidents and enhanced adaptability. Vigil: Open-source LLM security scannerVigil is an open-source security scanner that detects prompt injections, jailbreaks, and other potential threats to Large Language Models.

Okta has admitted that the number of customers affected by its October customer support system data breach is far greater than previously thought. In the process of figuring out how the mistake came to be, it also identified additional reports accessed by the attackers, including employee information and the contact details of all Okta certified users and some Okta Customer Identity Cloud customers.

Okta's investigation into the breach of its Help Center environment last month revealed that the hackers obtained data belonging to all customer support system users. The company notes that the threat actor also accessed additional reports and support cases with contact information for all contact information of all Okta certified users.

The scope of the recent breach of the Okta customer support system is much wider than initially established, the company has admitted on Tuesday: the attackers downloaded a report that contained the names and email addresses of all Okta customer support system users. Initial and latest findings about the Okta customer support system breach.

Identity services provider Okta has disclosed that it detected "additional threat actor activity" in connection with the October 2023 breach of its support case management system. "The threat...

The recent breach of the Okta Support system was carried out via a compromised service account with permissions to view and update customer support cases. The threat actor took advantage of the access they had gained to the Okta Support system and to unsanitized HAR files provided by the customers to Okta Support.