The global e-commerce company will pay millions of dollars in two separate lawsuits because of privacy and security violations, the FTC says. Read More
Related Posts
Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data
Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data
In a pivotal update to the Okta security incident divulged in October 2023, Okta Security has unearthed additional intricacies surrounding the unauthorized intrusion into its customer support system.
This revelation holds profound implications for the security of Okta’s clientele, particularly those immersed in the Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) products.
The investigation highlighted that the threat actor not only infiltrated the customer support system but also appropriated a report containing all users’ names and email addresses.
This report, compiled on September 28, 2023, comprised an exhaustive list of customer support system users, excluding those within the FedRamp High and DoD IL4 environments, operating on a distinct, unaffected support system.
Document
Protect Your Storage With SafeGuard
Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard
StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.
Data Compromised and the Looming Impact
The downloaded report encompassed a spectrum of information for each affected user, from creation dates to time zones.
While most fields were void of sensitive personal data, including full names and email addresses, it elevated the risk of phishing and social engineering attacks targeting Okta customers.
In response to the breach, Okta strongly advocates for implementing multi-factor authentication (MFA) for administrators—an indispensable security measure transcending conventional password protection.
Okta recommends phishing-resistant authenticators, such as Okta Verify FastPass, FIDO2 WebAuthn, or PIV/CAC Smart Cards, to fortify this layer of defense.
Fortifying Security – Okta’s Recommendations
Beyond MFA, Okta proposes additional measures to enhance security, encompassing admin session binding, admin session timeout, and a heightened focus on phishing awareness.
These measures aim to fortify Okta’s security infrastructure and shield users from potential threats.
Okta reaffirms its commitment to customer security, pledging continuous evaluation and implementation of enhanced security measures.
The company’s proactive stance underscores its dedication to safeguarding customer data and preempting future breaches.
Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.
The post Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data appeared first on Cyber Security News.
Cyber Security News
I’ll make you an offer you can’t refuse…
I’ll make you an offer you can’t refuse…
How to prevent malicious advertisements from ruining your day. Read More
Token Infrastructure Platform Hacked: $44.5 Million Stolen in Cryptos
Token Infrastructure Platform Hacked: $44.5 Million Stolen in Cryptos
[[{“value”:”
Hedgey Finance, a prominent token infrastructure platform, has reported a massive theft of approximately $44.5 million in cryptocurrencies.
This incident unfolded rapidly over two hours, affecting operations on Ethereum’s layer-2 network Arbitrum and Binance Smart Chain.
Overview of the Attack
According to a detailed analysis by blockchain security firm Cyvers, the theft was executed by exploiting a vulnerability in Hedgey’s “createLockedCampaign” function.
Is Your Network Under Attack? – Read CISO’s Guide to Avoiding the Next Breach – Download Free Guide
The attacker utilized flash-loaned funds to initiate the theft, demonstrating a sophisticated understanding of both the platform’s operational mechanics and existing security flaws.
The initial phase of the attack saw the theft of $1.9 million, which was quickly converted into the DAI stablecoin and moved to an external address.
The assailant then replicated the attack on the Arbitrum chain, siphoning off a staggering $42.8 million after securing funding on the ETH Chain via FixedFloat.
Despite Cyvers’s rapid anomaly detection, efforts to contact Hedgey Finance’s team for an immediate response were futile.
This incident underscores the critical need for enhanced communication and collaboration between decentralized applications (dApps) and security firms to mitigate risks and restore trust within the community effectively.
As per the latest report from Cryptostale, a Token Infrastructure Platform was hacked, resulting in the theft of $44.5 million worth of cryptocurrencies.
Impact on the Cryptocurrency Market
Following the breach, the suspicious address linked to the attack became the largest holder of the BONUS token, the native cryptocurrency of BonusBlock.
This project is known for its focus on acquiring and integrating high-quality users into the Web3 ecosystem.
As a result of the attack, the value of BONUS has plummeted by approximately 10%, currently priced at $0.5084, according to CoinMarketCap.
Document
Integrate ANY.RUN in Your Company for Effective Malware Analysis
Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:
Real-time Detection
Interactive Malware Analysis
Easy to Learn by New Security Team members
Get detailed reports with maximum data
Set Up Virtual Machine in Linux & all Windows OS Versions
Interact with Malware Safely
If you want to test all these features now with completely free access to the sandbox:
The attacker has not remained idle post-theft.
Over 200,000 BONUS tokens, worth around $110,000, have been transferred to the Bybit exchange.
This move indicates an attempt to liquidate the stolen assets swiftly, complicating recovery efforts.
Response from Hedgey Finance
In reaction to the breach, Hedgey Finance has launched a comprehensive investigation to understand the attack’s mechanics and prevent further vulnerabilities.
The platform has advised users with active claims to cancel them using the “End Token Claim” feature on their website.
The company stated: “We are actively working with our auditors and team to understand the attack and stop any ongoing attack.
We will share more information as we learn more.”
The theft from Hedgey Finance is a stark reminder of the vulnerabilities that persist in the digital asset space.
It emphasizes the urgent need for robust security measures, real-time threat detection systems, and proactive collaboration between technology providers and security firms to safeguard user assets effectively.
As the investigation continues, the crypto community will be watching closely, hoping for recovery of the stolen funds and more vital security implementations in the future.
Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training -> Try Free Demo
The post Token Infrastructure Platform Hacked: $44.5 Million Stolen in Cryptos appeared first on Cyber Security News.
“}]] Read More
Cyber Security News