Cloudflare hacked using auth tokens stolen in Okta attack

Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system.
The threat actor first gained access to Cloudflare's self-hosted Atlassian server on November 14 and then accessed the company's Confluence and Jira systems following a reconnaissance stage.
To access its systems, the attackers used one access token and three service account credentials stolen during a previous compromise linked to Okta's breach from October 2023 that Cloudflare failed to rotate.
Cloudflare detected the malicious activity on November 23, severed the hacker's access in the morning of November 24, and its cybersecurity forensics specialists began investigating the incident three days later, on November 26.
The company says that this breach did not impact Cloudflare customer data or systems; its services, global network systems, or configuration were also unaffected.
On October 18, 2023, Cloudflare's Okta instance was breached using an authentication token stolen from Okta's support system.
Following the incident, the company said that its Security Incident Response Team's quick response contained and minimized the impact on Cloudflare systems and data and that no Cloudflare customer information or systems were impacted.
Global fintech firm EquiLend offline after recent cyberattack.
Trezor support site breach exposes personal data of 66,000 customers.
TeamViewer abused to breach networks in new ransomware attacks.
US govt wants BreachForums admin sentenced to 15 years in prison.
Panasonic discloses data breach after December 2022 cyberattack.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 01 Feb 2024 20:58:11 +0000


Cyber News related to Cloudflare hacked using auth tokens stolen in Okta attack

Okta: Breach Affected All Customer Support Users - When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of ...
11 months ago Krebsonsecurity.com
Cloudflare discloses breach related to stolen Okta data - Last fall, Cloudflare announced it mitigated an attempted cyberattack stemming from the infamous Okta breach. Cloudflare disclosed in a blog post that it had been breached by an unnamed nation-state threat actor using an access token and three ...
9 months ago Techtarget.com
Using Falco to Create Custom Identity Detections - Recent months have witnessed a surge in attacks targeting popular identity providers like Okta, underscoring the critical need for timely and effective detection capabilities. Open-source Falco offers a Dedicated plugin for the Okta identity ...
11 months ago Feeds.dzone.com
Okta Breach Widens to Affect 100% of Customer Base - Thus, Okta is warning all of its customers to be prepared for similar phishing and social engineering cyber-scams. "Given that names and email addresses were downloaded, we assess that there is an increased risk of phishing and social engineering ...
11 months ago Darkreading.com
Cloudflare publishes details of Thanksgiving security breach The Register - Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October. In a write-up on Thursday, CEO Matthew Prince, CTO John ...
9 months ago Go.theregister.com
5,000 Okta employees' data accessed in a third-party breach The Register - Updated Okta has sent out breach notifications to almost 5,000 current and former employees, warning them that miscreants breached one of its third-party vendors and stole a file containing staff names, social security numbers, and health or medical ...
11 months ago Theregister.com
Cloudflare hacked using auth tokens stolen in Okta attack - Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system. The threat actor first gained access ...
9 months ago Bleepingcomputer.com
OneLogin vs. Okta: Which IAM Solution Is Better? - OneLogin and Okta are two industry-leading identity and access management platforms used to secure user access to corporate resources and manage information about user identity. OneLogin and Okta are enterprise-grade IAM platforms offering security ...
7 months ago Techrepublic.com
Okta says data leaked on hacking forum not from its systems - Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. Okta is a San Fransisco-based cloud identity and access management solutions provider whose Single ...
7 months ago Bleepingcomputer.com
Cloudflare Dashboard and APIs down after data center power outage - An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces customers use to manage and read service configurations. The complete list of services whose ...
11 months ago Bleepingcomputer.com
Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator - The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected anywhere from 100,000 to tens of millions of websites has been traced to a common operator, according to ...
4 months ago Bleepingcomputer.com
Okta warns of credential stuffing attacks targeting its CORS feature - Okta warns that a Customer Identity Cloud feature is being targeted in credential stuffing attacks, stating that numerous customers have been targeted since April. Okta is a leading identity and access management company providing cloud-based ...
5 months ago Bleepingcomputer.com
Okta Hack: Threat Actors Stolen all Customer Data - In a pivotal update to the Okta security incident divulged in October 2023, Okta Security has unearthed additional intricacies surrounding the unauthorized intrusion into its customer support system. This revelation holds profound implications for ...
11 months ago Cybersecuritynews.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
Why Tokens Are Like Gold for Opportunistic Threat Actors - COMMENTARY. Authentication tokens aren't actual physical tokens, of course. Authentication tokens are an important part of cybersecurity. Which means that anyone with a token has a gold key to corporate systems - without requiring a multifactor ...
5 months ago Darkreading.com
Okta Admits All Customer Support Users Impacted By Breach - Okta has revealed that an October security breach compromised all users of its customer support system rather than a small subset as previously thought. CSO David Bradbury said last month that only 134 customers were impacted after a threat actor ...
11 months ago Infosecurity-magazine.com
How to Arm Yourself With CloudFlare Security Solutions - Securing your website or digital asset is a critical part of running a successful business or website. With the rise of the digital era, the need to protect yourself from cyber-attacks is essential. That's why CloudFlare, the leading cloud solution ...
1 year ago Blog.cloudflare.com
Meta AI Models Cracked Open With Exposed API Tokens - Researchers recently were able to get full read and write access to Meta's Bloom, Meta-Llama, and Pythia large language model repositories in a troubling demonstration of the supply chain risks to organizations using these repositories to integrate ...
11 months ago Darkreading.com
Exposed Hugging Face API tokens jeopardized GenAI models - Lasso Security researchers discovered 1,681 Hugging Face API tokens exposed in code repositories, which left vendors such as Google, Meta, Microsoft and VMware open to potential supply chain attacks. In a blog post published Monday, Lasso Security ...
11 months ago Techtarget.com
Okta - Okta is an enterprise-grade, identity management service that connects any person with any application on any device. It’s built for the cloud, but is also compatible with many on-premises applications. With Okta, IT can manage any employee’s ...
11 months ago
US SEC's X account hacked to announce fake Bitcoin ETF approval - The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. The announcement came this afternoon in a now-deleted tweet from the SEC's hacked X ...
9 months ago Bleepingcomputer.com
Cloudflare Incident on January 24th, 2023 - An Overview - On January 24th, 2023, Cloudflare experienced an incident that impacted its customers globally. In this article, we will provide an overview analysis of the incident, its impacts on SEO, security, threats, etc. ...
1 year ago Blog.cloudflare.com
CVE-2024-10327 - A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a ...
2 weeks ago Tenable.com
Okta to Acquire Spera Security - In a landmark move, Okta, the leading Identity and Access Management provider has announced its acquisition of Spera Security, a rising star in the Identity security space. Spera Security plays a strategic role in enhancing organizations' ...
10 months ago Cybersecuritynews.com
361 million stolen accounts leaked on Telegram added to HIBP - A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check ...
4 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)