Okta has paused product development and internal projects for 90 days to beef up its security architecture and operations for applications, hardware and third-party vendors. Okta will move to strengthen its cyber posture, including a security action plan and engaging with third-party cyber firms.
Days after announcing a security compromise, cloud-based identity and authentication management provider Okta said that an unknown threat actor had accessed files of 134 customers after an employee signed in to a personal Google profile on the Chrome browser of an Okta-managed laptop.
Stolen and compromised credentials continue to be the crux of major health data security incidents involving cloud environments. But stronger credential management practices and a focused approach to "least privilege engineering" would help, said Taylor Lehmann of Google Cloud.
Social media single sign-on standard OAuth has an implementation weakness that hackers could exploit to obtain unauthorized access, say researchers. "We expect that 1,000s of other websites are vulnerable to the attack," wrote Salt Security, "putting billions of additional internet users at risk."
Widely used password management software provider 1Password said a hacker breached had one of its systems but failed to steal any sensitive data, after stealing a valid session cookie from the customer support system of its access and identity management provider, Okta.
A breach of Okta's support case management system using a stolen credential allowed attackers to access sensitive files uploaded by the identity security giant's customers. San Francisco-based Okta said the threat actor could view filed uploaded by certain customers as part of recent support cases.
Okta bought a password manager founded by a former Google engineer and backed by Andreessen Horowitz to get a foothold in the consumer identity market. Okta was impressed by Uno's experience in building consumer-first, design-focused and easy-to-use password management and personal identity tools.
Palo Alto Networks remains a leader in Forrester's zero trust platform rankings while Microsoft and Check Point entered the leaders category for the first time. Vendors in the zero trust platform space ditched point products and pursued organic investments or M&A to create a broader offering.
Microsoft updated Windows 11 on Tuesday to simplify passwordless adoption, protect against malicious code and have the ability to refresh configuration in the event of tampering. Updates to Windows 11 allow users to replace passwords with passkeys to stop hackers from exploiting stolen passwords.
CyberArk, BeyondTrust and Delinea maintained their spots atop Gartner's privileged access management Magic Quadrant, while One Identity, Wallix and Arcon fell from the leader ranks. Over the past half-decade, PAM has gone from being required for large companies to being an insurance prerequisite.
In the aftermath of the pandemic and global political unrest, the risks
of identity and credential theft have surged, and a deluge of scams are
exploiting the crisis. Consumers facing disrupted incomes seek credit
solutions, and fraudsters seek to exploit them by using application
In this eBook,...
Welcome to the report summarizing the survey conducted in spring/summer 2023. It attracted 214
responses from senior cybersecurity professionals in the NA,
APAC, UKI and EU regions.
The goals for this study were to identify:
The top organizational challenges in securing non-SSO
Financially motivated hackers developed custom malware to exploit a likely zero-day flaw in popular vacation resort management software, say security researchers. Hackers target the hospitality industry with regularity, given the massive amounts of personal and payment data inside the sector.
In the latest weekly update, Jeremy Grant of Venable joins three ISMG editors to discuss why the U.S. government is taking a back seat on digital identity issues, the risks of artificial intelligence, and takeaways from the U.S. Cyber Safety Review Board's recent report on cybercrime group Lapsus$.
The shift from traditional malware-led attacks to identity-based attacks in the realm of cybersecurity has become more prominent than ever. Attackers continuously adapt their tactics, seek the path of least resistance and focus on exploiting vulnerabilities in identity-related weaknesses.