![]() Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel. The thieves may contact you posing as the vendor. 2FA that relies on a FIDO2 device can’t be phished. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Enable two-factor authentication (2FA).Better yet, let a password manager choose one for you. Choose a strong password that you don’t use for anything else. You can make a stolen password useless to thieves by changing it. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer. There are some actions you can take if you are, or suspect you may have been, the victim of a data breach. This feature can be enabled by customers in the early access section of the Okta admin portal.” Data breach Okta administrators are now forced to re-authenticate if we detect a network change. “Okta has released session token binding based on network location as a product enhancement to combat the threat of session token theft against Okta administrators. Okta could have anticipated this behavior and added additional security measures for such an important account.Ī remediation task that is important to note for Okta customers is: When a device gets assigned to an employee, they consider it more or less as “theirs” and there’s a tendency to start using it for personal matters. In general, it’s hard to strictly separate the use of devices for work purposes- in a 2020 survey by Malwarebytes, we found that the majority of people do use work devices for personal use. ![]() “Okta has implemented a specific configuration option within Chrome Enterprise that prevents sign-in to Chrome on their Okta-managed laptop using a personal Google profile.” Okta says it has now locked down personal Google access on company-managed computers: Once in, the attacker was able to use session tokens in the HAR files to impersonate staff and hijack the legitimate Okta sessions of five customers, including 1Password, BeyondTrust, and Cloudflare. How they got from that account into the attacker’s hands is unknown, but likely the attacker compromised that personal account or one of the employee’s devices fell into the attacker’s hands, from where they could accessed the Google account and harvested the credentials. That meant that the credentials of the service account were stored in the employee’s personal Google account. The employee logged into the service account while they were signed in to their personal Google profile in Chrome on their Okta-managed laptop. To gain access to that service account, the attacker compromised an Okta employee. The attacker gained access using stolen credentials of a service account stored in the system itself, which had permissions to view and update customer support cases. Okta says it found that from September 28 to Octoan attacker had unauthorized access to files inside Okta’s customer support system associated with 134 Okta customers. As such, a HAR file can contain sensitive data, including cookies and session tokens, that cybercriminals can use to impersonate valid users.Īfter 1Password, BeyondTrust, and Cloudflare detected unauthorized log-in attempts to their in-house Okta administrator accounts, they reported the incidents to Okta who started an investigation. ![]() Having this file allows the team to troubleshoot issues by replicating what’s going on in the browser. Okta has revealed details about a recent breach which exposed files belonging to customers.Īs we explained in our article about 1Password being a victim of this breach, it’s normal for Okta support to ask customers to upload a file known as an HTTP Archive (HAR) file.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |