Okta

Okta is an enterprise-grade, identity management service that connects any person with any application on any device. It’s built for the cloud, but is also compatible with many on-premises applications. With Okta, IT can manage any employee’s access to any application or device. Okta runs in the cloud, on a secure, reliable, extensively audited platform, which integrates deeply with on-premises applications, directories, and identity management systems. Okta features include Provisioning, Single Sign-On (SSO), Active Directory (AD) and LDAP integration, the centralized deprovisioning of users, multifactor authentication (MFA), mobile identity management, and flexible policies for organization security and control. All of these functions are brought together through a network of pre-integrated applications called the Okta Integration Network (OIN). The OIN provides diverse integration options, enabling SSO login for every app your users need to access during their work day. In summary, Okta is a customizable, secure, and drop-in solution to add authentication and authorization services to your applications. It provides scalable authentication built right into your application without the development overhead, security risks, and maintenance that come from building it yourself.

Cyber News related to Okta

Scattered Spider Malware Targeting Klaviyo, HubSpot, and Pure Storage Services - Security teams should be particularly vigilant for suspicious authentication attempts, unknown devices connecting to corporate networks, and unusual account activity patterns that might indicate successful credential theft through Scattered ...
1 month ago Cybersecuritynews.com Scattered Spider

North Korean Hackers Using GenAI to Get Remote Jobs Around the Globe - In a sophisticated operation that blends social engineering with cutting-edge technology, North Korean operatives have been leveraging generative artificial intelligence tools to secure remote technical positions in companies worldwide. Okta Security ...
1 month ago Cybersecuritynews.com

North Korean IT workers seen using AI tools to scam firms into hiring them | The Record from Recorded Future News - In an effort to improve its own onboarding process and help customers dealing with the scheme, cybersecurity firm Okta conducted research into online services used by individuals identified by U.S. authorities and third parties as agents for the ...
1 month ago Therecord.media

Cookie-Bite attack PoC uses Chrome extension to steal session tokens - A proof-of-concept attack called "Cookie-Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, ...
1 month ago Bleepingcomputer.com

Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities - The CL0P ransomware group exploited vulnerabilities to access sensitive employee data, including names and Social Security numbers. SonicWall has patched three vulnerabilities in its NetExtender VPN client for Windows (versions prior to 10.3.2). ...
2 months ago Cybersecuritynews.com CVE-2025-29824 Scattered Spider SideCopy

Scattered Spider Employs Sophisticated Attacks to Steal Login Credentials & MFA Tokens - To counter this threat, Silent Push has developed Indicators of Future Attack (IOFA) feeds that track Scattered Spider infrastructure, including recently observed domains like “klv1.it.com” targeting Klaviyo and multiple others ...
2 months ago Cybersecuritynews.com Scattered Spider

New 'Atlantis AIO' automates credential stuffing on 140 services - Credential stuffing is a type of cyberattack where threat actors try out a list of credentials (usernames + passwords) they stole or sourced from leaked data breaches against platforms hoping to gain access to accounts. Specifically, Atlantis AIO ...
2 months ago Bleepingcomputer.com

Top 10 Best Passwordless Authentication Tools in 2025 - Auth0 provides a flexible authentication and authorization platform that supports passwordless login methods, enhancing security and user experience by eliminating the need for traditional passwords. Okta provides a robust identity and access ...
3 months ago Cybersecuritynews.com

New Pass-the-Cookie Attack Bypass Microsoft 365 & YouTube MFA Logins - A surge in “Pass-the-Cookie” (PTC) attacks is undermining multi-factor authentication (MFA), enabling cybercriminals to hijack session cookies and bypass security measures to access sensitive accounts. Similarly, Google’s Threat ...
3 months ago Cybersecuritynews.com

CVE-2025-22301 - Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore: from n/a through 3.5.3. ...
5 months ago Tenable.com

CVE-2024-9875 - Okta Privileged Access server agent (SFTD) versions 1.82.0 to 1.84.0 are affected by a privilege escalation vulnerability when the sudo command bundles feature is enabled. To remediate this vulnerability, upgrade the Okta Privileged Access server ...
6 months ago Tenable.com

CVE-2024-9191 - The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The ...
7 months ago

CVE-2024-1900 - Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity ...
7 months ago

CVE-2024-10327 - A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a ...
7 months ago Tenable.com

The Secret Weakness Execs Are Overlooking: Non-Human Identities - By shifting our focus to secrets security and adopting a comprehensive approach that includes robust detection, automated remediation, and integration with identity systems, organizations can significantly reduce their attack surface and bolster ...
8 months ago Thehackernews.com

CVE-2024-43255 - Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore allows Cross-Site Scripting (XSS).This issue affects MyBookTable Bookstore: from n/a through 3.3.9. ...
9 months ago

CVE-2024-7061 - Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2 or greater. ...
10 months ago

CVE-2023-48331 - Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore by Stormhill Media allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore by Stormhill Media: from n/a through 3.3.4. ...
10 months ago

CVE-2024-0981 - Okta Browser Plugin versions 6.5.0 through 6.31.0 (Chrome/Edge/Firefox/Safari) are vulnerable to cross-site scripting. This issue occurs when the plugin prompts the user to save these credentials within Okta Personal. A fix was implemented to ...
10 months ago

Three Ways to Chill Attacks on Snowflake - More than a month after a spate of data theft of Snowflake environments, the full scope of the incident has become more clear: at least 165 likely victims, more than 500 stolen credentials, and suspicious activity connected to known malware from ...
11 months ago Darkreading.com

Okta warns of credential stuffing attacks targeting its CORS feature - Okta warns that a Customer Identity Cloud feature is being targeted in credential stuffing attacks, stating that numerous customers have been targeted since April. Okta is a leading identity and access management company providing cloud-based ...
1 year ago Bleepingcomputer.com LockBit

New Endpoint Protection Platform by Cigent Blocks Ransomware at the Data Level - A new endpoint data protection platform from Cigent Technology refocuses ransomware prevention onto protecting customer data from both encryption and exfiltration. With no loss of data, criminal extortion is prevented. The common approach today is to ...
1 year ago Securityweek.com

Thoma Bravo-owned LogRhythm Announces Merger with Rival Exabeam - There's a major rumble brewing in the Security Information and Event Management landscape with Thoma Bravo-owned LogRhythm announcing plans to merge with rival Exabeam. Financial terms of the planned merger were not released but the price tag is ...
1 year ago Securityweek.com

As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs - Scattered Spider hackers have been tearing through the finance and insurance sectors, all while authorities are preparing legal actions to stop them. A game of cops and robbers is playing out between the FBI and Scattered Spider, the cybercrime ...
1 year ago Darkreading.com Scattered Spider