Security News

Customers of cloudy identification vendor Okta are reporting social engineering attacks targeting their IT service desks in attempts to compromise user accounts with administrator permissions. "We don't have visibility into which customers were targeted, but we know that four customers were affected within the three-week period since we've begun tracking these activities," he told The Register.

Amid an industry migration away from passwords, Okta has launched Okta Device Access, part of its suite of Workforce Identity Cloud products and an effort to unify passkey access across all devices under a single identity and access management platform. Designed to extend identity access management to the point of device login, the Okta Device Access service is also meant to reduce the likelihood that users, faced with the aggravation of having to wrangle repeatedly with logins for each device, will jettison security protocols.

Must-read security coverage Google offers certificate in cybersecurity, no dorm room required The top 6 enterprise VPN solutions to use in 2023 EY survey: Tech leaders to invest in AI, 5G, cybersecurity, big data, metaverse Electronic data retention policy. Approximately 71% of respondents to a survey of identity and access management company Okta's first Customer Identity Trends Report said they are aware that their online activities leave a data trail.

The 14-year-old company and single sign-on market share leader announced this month that it is adding a key element of visibility, the Security Center, to its Auth0-powered Okta Customer Identity Cloud. The Security Center dashboard is designed to give near real-time asset visibility to teams focused on customer identity, user experience and security.

Threat actors are experimenting with QR codesHackers are diversifying attack methods, including a surge in QR code phishing campaigns, according to HP. A common user mistake can lead to compromised Okta login credentialsLogged failed logins into a company's Okta domain could be used by threat actors to discover access credentials of valid accounts, Mitiga researchers have found. How to best allocate IT and cybersecurity budgets in 2023As 48% of organizations rank ransomware and targeted threats as their number one concern for 2023, how can they allocate that increased cybersecurity budget effectively? In this Help Net Security video, Ian McShane, VP of Strategy at Arctic Wolf, explains.

Logged failed logins into a company's Okta domain could be used by threat actors to discover access credentials of valid accounts, Mitiga researchers have found. Those credentials can then be used log in to any of the organization's platforms that use Okta single sign-on or - if the login credentials belong to an administrator - to gain privileged access to other systems or restricted network areas.

Intruders copied source code belonging to Okta after breaching the identity management company's GitHub repositories. Okta was alerted by Microsoft-owned GitHub earlier this month of "Suspicious access" to its code repositories and determined that miscreants copied code associated with the company's Workforce Identity Cloud, an enterprise-facing access and identity management tool to enable workers and partners to work from anywhere.

Okta, a company that provides identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed in an unauthorized manner earlier this month. The security event, which was first reported by Bleeping Computer, involved unidentified threat actors gaining access to the Okta Workforce Identity Cloud code repositories hosted on GitHub.

Okta, a leading provider of authentication services and Identity and Access Management solutions, says that its private GitHub source code repositories were hacked this month. According to a 'confidential' email notification sent by Okta and seen by BleepingComputer, the security incident involves threat actors stealing Okta's source code.

Okta, a leading provider of authentication services and Identity and Access Management solutions, says that its private GitHub source code repositories were hacked this month. According to a 'confidential' email notification sent by Okta and seen by BleepingComputer, the security incident involves threat actors stealing Okta's source code.