3/28/2024 0 Comments Dreambox hack![]() BeyondTrust Chief Technology Officer Marc Maiffret said that alert came more than two weeks after his company alerted Okta to a potential problem. The security firm BeyondTrust is among the Okta customers who received Thursday’s alert from Okta. “In general, Okta recommends sanitizing all credentials and cookies/session tokens within a HAR file before sharing it.” ![]() “Okta has worked with impacted customers to investigate, and has taken measures to protect our customers, including the revocation of embedded session tokens,” their notice continued. These are sensitive files because they can include the customer’s cookies and session tokens, which intruders can then use to impersonate valid users. Okta explained that when it is troubleshooting issues with customers it will often ask for a recording of a Web browser session (a.k.a. The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases.” 19, Okta said it “has identified adversarial activity that leveraged access to a stolen credential to access Okta’s support case management system. In an advisory sent to an undisclosed number of customers on Oct. Okta says the incident affected a “very small number” of customers, however it appears the hackers responsible had access to Okta’s support platform for at least two weeks before the company fully contained the intrusion. Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |