📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #44/2023 is out! It includes the following and much more:
➝ 🔓 #Okta hit by another #breach, this one stealing employee data from 3rd-party vendor
➝ 🔓 💸 #LastPass breach linked to theft of $4.4 million in crypto
➝ 🇮🇳 #India's Biggest Data Leak So Far? Covid-19 Test Info of 81.5Cr Citizens With ICMR Up for Sale
➝ 🔓 ✈️ #Lockbit ransomware group claims to have hacked #Boeing
➝ 🇳🇱 ⚖️ Dutch hacker jailed for extortion, selling stolen data on RaidForums
➝ 🇷🇺 🇺🇸 Russian Reshipping Service ‘SWAT USA Drop’ Exposed
➝ 🇮🇷 🦠 Iranian Cyber Spies Use ‘#LionTail’ Malware in Latest Attacks
➝ 📉 Security researchers observed ‘deliberate’ takedown of notorious #Mozi#botnet
➝ 🇮🇳 📱 Apple warns Indian opposition leaders of state-sponsored #iPhone attacks
➝ 🌍 Four dozen countries declare they won’t pay #ransomware ransoms
➝ 🇷🇺 How #Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate #Cybercrime
➝ 🇪🇺 EU digital ID reforms should be ‘actively resisted’, say experts
➝ 🇷🇺 🇺🇦 #FSB arrests Russian hackers working for Ukrainian cyber forces
➝ 🇺🇸 FTC orders non-bank financial firms to report breaches in 30 days
➝ 🇨🇦 📱 #Canada Bans #WeChat and #Kaspersky Apps On Government Devices
➝ 🇺🇸 #SEC Charges #SolarWinds and Its #CISO With Fraud and Cybersecurity Failures
➝ 🇺🇸 🤖 #Biden Wants to Move Fast on AI Safeguards and Will Sign an Executive Order to Address His Concerns
➝ 🦠 📱 #Avast confirms it tagged Google app as #malware on Android phones
➝ 🦠 🇰🇵 North Korean Hackers Targeting Crypto Experts with #KANDYKORN#macOS Malware
➝ 👥 💸 EleKtra-Leak #Cryptojacking Attacks Exploit #AWS IAM Credentials Exposed on #GitHub
➝ 🦠 🐍 Trojanized #PyCharm Software Version Delivered via #Google Search Ads
➝ ✅ 🤖 #GooglePlay adds security audit badges for Android #VPN apps
➝ 🔐 Microsoft pledges to bolster security as part of ‘Secure Future’ initiative
➝ 🆕 FIRST Releases #CVSS 4.0 Vuln Scoring Standard
➝ 🆕 #MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile
➝ ⛔️ 🦠 #Samsung Galaxy gets new Auto Blocker anti-malware feature
➝ 🍏 🔐 #Apple Improves #iMessage Security With Contact Key Verification
➝ 🔓 Researchers Find 34 #Windows Drivers Vulnerable to Full Device Takeover
➝ 🔓 🪶 3,000 #Apache#ActiveMQ servers vulnerable to RCE attacks exposed online
➝ 🗣️ #Atlassian CISO Urges Quick Action to Protect #Confluence Instances From Critical #Vulnerability
➝ 🔓 🩸 “This vulnerability is now under mass exploitation.” #CitrixBleed bug bites hard
➝ 🐛 💰 HackerOne paid ethical hackers over $300 million in #bugbounties
📚 This week's recommended reading is: "Permanent Record" by Edward Snowden
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
True or false: #FinServ organizations are more likely to have mature crisis management programs inclusive of testing #tabletop exercises and different data #breach scenarios to ensure optimal operation.
Discover the answer for yourself when you download the #PonemonInstitute#offensivesecurity report focusing on the financial services industry.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #43/2023 is out! It includes the following and much more:
➝ 🇺🇸 🎰 Hackers that breached Las Vegas casinos rely on violent threats, research shows
➝ 🔓 🇺🇸 University of Michigan employee, student data stolen in #cyberattack
➝ 🔓 #1Password discloses security incident linked to #Okta breach
➝ 🇺🇸 Cyber attacks hit NY state #casino operation, two Hudson Valley hospitals
➝ 🇺🇸 🗳️ D.C. Board of Elections: Hackers may have breached entire voter roll
➝ 🔓 🇮🇪 Thousands of drivers have sensitive data exposed to hackers in major IT #breach
➝ 🇷🇺 📨 Pro-Russia hackers target inboxes with #0day in webmail app used by millions
➝ 🇫🇷 🇷🇺 #France says Russian state hackers breached numerous critical networks
➝ 🇳🇬 Nigerian Police dismantle #cybercrime recruitment, mentoring hub
➝ 🇵🇸 💸 #Palestine#crypto donation scams emerge amid Israel-Hamas war
➝ 🇪🇸 👮🏻♂️ #Spain arrests 34 #cybercriminals who stole data of 4 million people
➝ 🇨🇦 🇨🇳 #Canada: Lawmakers Targeted by China-Linked ‘#Spamouflage’ Disinformation
➝ 🇺🇸 🇷🇺 Ex-NSA Employee Pleads Guilty to Leaking Classified Data to #Russia
➝ 🦠 🇰🇵 N. Korean #Lazarus Group Targets Software Vendor Using Known Flaws
➝ 🦠 🇮🇷 Iranian Group #Tortoiseshell Launches New Wave of IMAPLoader #Malware Attacks
➝ 🦠 🪰 #StripedFly malware framework infects 1 million #Windows, #Linux hosts
➝ 🦠 📱 #iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation
➝ 🔓 📱 #Samsung Galaxy S23 hacked two more times at #Pwn2Own Toronto
➝ 🔓 Critical #OAuth Flaws Uncovered in #Grammarly, #Vidio, and #Bukalapak Platforms
➝ 🔓 🩺 Critical Flaw in NextGen's Mirth Connect Could Expose #Healthcare Data
➝ 🔓 #F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP
➝ 🔓 🍏 Hackers can force iOS and #macOS browsers to divulge #passwords and much more
➝ 🩹 #Citrix warns admins to patch #NetScaler CVE-2023-4966 bug immediately
➝ 🔓 ✌🏻 #Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops
➝ 🔓 Critical RCE flaws found in #SolarWinds access audit solution
📚 This week's recommended reading is: "Click Here to Kill Everybody: Security and Survival in a Hyper-connected World" by Bruce Schneier
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
So Okta was breached (Oct 2023) and the Threat Actor(s) pivot tired to pivot to other services. According to @vxunderground the Threat Actor(s) successfully pivoted to 1Password. Cloudflare is also reporting the attempt to pivot to them but they managed to contain and minimize the impact. More on it here: https://cfl.re/3Q6VpuR #okta#breach
On Wednesday, October 18, 2023, we @cloudflare] discovered attacks on our system that we were able to trace back to Okta – threat actors were able to leverage an authentication token compromised at Okta to pivot into Cloudflare’s Okta instance.
.. and they wrap up with recommendations...
Take any report of compromise seriously and act immediately to limit damage; in this case Okta was first notified on October 2, 2023 by @beyondtrust but the attacker still had access to their support systems at least until October 18, 2023.