• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Okta CSO: Lapsus Incident Was “Embarrassing”

You are here: Home / General Cyber Security News / Okta CSO: Lapsus Incident Was “Embarrassing”
March 24, 2022

The chief security officer (CSO) of authentication seller Okta has discovered a lot more particulars of an incident that may perhaps have authorized hackers to steal sensitive data from clients.

In a blog site submit yesterday, David Bradbury mentioned that the aid engineer whose laptop computer was hijacked for 5 times by the Lapsus group was operating for contractor Sitel.

Even though the gadget was owned and managed by the firm, the danger actors managed to get hold of remote entry to it through RDP, he spelled out.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“The scenario listed here is analogous to going for walks absent from your computer at a espresso store, whereby a stranger has (pretty much in this situation) sat down at your equipment and is employing the mouse and keyboard,” he extra.

“So although the attacker by no means gained access to the Okta company through account takeover, a equipment that was logged into Okta was compromised and they ended up equipped to get screenshots and command the machine by the RDP session.”

Lapsus shared screenshots of the machine’s desktop last weekend, apparently revealing extensive-ranging access to Okta’s inside units. Bradbury admitted that this was “embarrassing for myself and the whole Okta team” and explained the business should have acted more quickly once it obtained a report on the incident from Sitel last week.

Having said that, he played down the importance of the “superuser” accessibility the hackers had been capable to gain.

“The the vast majority of guidance engineering tasks are performed utilizing an internally-crafted software known as SuperUser or SU for small, which is utilized to conduct standard management features of Okta customer tenants,” Bradbury explained.

“This does not offer ‘god-like access’ to all its users. This is an software crafted with the very least privilege in thoughts to be certain that assist engineers are granted only the distinct accessibility they call for to execute their roles. They are not able to make or delete consumers. They simply cannot download consumer databases. They cannot obtain our supply code repositories.”

That tends to make less probable a idea that Lapsus experienced been ready to use the Okta entry to exfiltrate and leak data on victims, like Microsoft, Nvidia, Vodafone and Samsung not too long ago.

A Microsoft blog released this 7 days suggested that insider access at these companies may well have been the original menace vector.

Bradbury repeated that 2.5% of Okta shoppers ended up impacted by the incident, amounting to 366 companies.


Some elements of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «researchers trace lapsus$ cyber attacks to 16 year old hacker from england Researchers Trace LAPSUS$ Cyber Attacks to 16-Year-Old Hacker from England
Next Post: Ransomware Payments Hit Record Highs in 2021 Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.