CyberSecurityBoard
Sponsor Register Login

Okta warns of credential stuffing attacks targeting its CORS feature

Okta warns that a Customer Identity Cloud feature is being targeted in credential stuffing attacks, stating that numerous customers have been targeted since April.
Okta is a leading identity and access management company providing cloud-based solutions for secure access to apps, websites, and devices.
A credential stuffing attack is when threat actors create large lists of usernames and passwords stolen in data breaches or by information-stealing malware and then use them to try and breach online accounts.
Okta says it identified credential stuffing attacks starting on April 15, 2024, which targeted endpoints utilizing Customer Identity Cloud's cross-origin authentication feature.
Okta's Cross-Origin Resource Sharing feature allows customers to add JavaScript to their websites and applications to send authentication calls to the Okta API hosted.
For this feature to work, customers must grant access to the URLs from which cross-origin requests can originate.
Okta states these URLs are targeted in credential stuffing attacks and should be disabled if they are not in use.
The company has notified customers targeted in these attacks with remediation guidance on securing their accounts.
BleepingComputer contacted Okta to ask how many customers have been impacted by the credential stuffing attacks.
Okta recommends that admins check logs for 'fcoa,' 'scoa,' and 'pwd leak' events that indicate cross-origin authentication and login attempts using leaked credentials.
If cross-origin authentication isn't used on the tenant but 'fcoa' and 'scoa' are present, this indicates you're targeted by credential stuffing attacks.
If cross-origin authentication is used, look for abnormal spikes in 'fcoa' and 'scoa' events.
As the suspicious activity started on April 15, Okta recommends that customers review logs from that point in time.
Rotate compromised user credentials immediately Implement passwordless, phishing-resistant authentication, with passkeys being the recommended option.
Enforce strong password policies and implement multi-factor authentication.
Remove permitted cross-origin devices that are not in use.
Restrict permitted origins for cross-origin authentication if necessary.
Enable breached password detection or Credential Guard, depending on the plan.
Customers needing further assistance can reach out to Okta's Customer Support or its community forums.
LockBit says they stole data in London Drugs ransomware attack.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 29 May 2024 15:50:03 +0000


Cyber News related to Okta warns of credential stuffing attacks targeting its CORS feature

Okta: Breach Affected All Customer Support Users - When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of ...
7 months ago Krebsonsecurity.com
Okta warns of credential stuffing attacks targeting its CORS feature - Okta warns that a Customer Identity Cloud feature is being targeted in credential stuffing attacks, stating that numerous customers have been targeted since April. Okta is a leading identity and access management company providing cloud-based ...
1 month ago Bleepingcomputer.com
Using Falco to Create Custom Identity Detections - Recent months have witnessed a surge in attacks targeting popular identity providers like Okta, underscoring the critical need for timely and effective detection capabilities. Open-source Falco offers a Dedicated plugin for the Okta identity ...
6 months ago Feeds.dzone.com
Okta Breach Widens to Affect 100% of Customer Base - Thus, Okta is warning all of its customers to be prepared for similar phishing and social engineering cyber-scams. "Given that names and email addresses were downloaded, we assess that there is an increased risk of phishing and social engineering ...
7 months ago Darkreading.com
5,000 Okta employees' data accessed in a third-party breach The Register - Updated Okta has sent out breach notifications to almost 5,000 current and former employees, warning them that miscreants breached one of its third-party vendors and stole a file containing staff names, social security numbers, and health or medical ...
7 months ago Theregister.com
OneLogin vs. Okta: Which IAM Solution Is Better? - OneLogin and Okta are two industry-leading identity and access management platforms used to secure user access to corporate resources and manage information about user identity. OneLogin and Okta are enterprise-grade IAM platforms offering security ...
3 months ago Techrepublic.com
What is Credential Harvesting? Examples & Prevention Methods - Credential harvesting is a serious threat to your organization's online security and privacy. Understanding how credential harvesting attacks work is crucial in safeguarding your personal and business data. Common Techniques Used in Credential ...
3 months ago Securityboulevard.com
Okta Hack: Threat Actors Stolen all Customer Data - In a pivotal update to the Okta security incident divulged in October 2023, Okta Security has unearthed additional intricacies surrounding the unauthorized intrusion into its customer support system. This revelation holds profound implications for ...
7 months ago Cybersecuritynews.com
Okta says data leaked on hacking forum not from its systems - Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. Okta is a San Fransisco-based cloud identity and access management solutions provider whose Single ...
3 months ago Bleepingcomputer.com
How to defend against credential stuffing attacks - Protecting against credential stuffing attacks requires a multi-layered approach to security. Implement Multi-Factor Authentication: Require users to provide additional forms of authentication, such as a one-time code sent to their mobile device or a ...
4 months ago Cybersecurity-insiders.com
Okta Admits All Customer Support Users Impacted By Breach - Okta has revealed that an October security breach compromised all users of its customer support system rather than a small subset as previously thought. CSO David Bradbury said last month that only 134 customers were impacted after a threat actor ...
7 months ago Infosecurity-magazine.com
Cloudflare publishes details of Thanksgiving security breach The Register - Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October. In a write-up on Thursday, CEO Matthew Prince, CTO John ...
5 months ago Go.theregister.com
The biggest cybersecurity and cyberattack stories of 2023 - Genetic testing provider 23andMe suffered credential stuffing attacks that led to a major data breach, exposing the data of 6.9 million users. The company states that the attackers only breached a small number of accounts during the ...
6 months ago Bleepingcomputer.com
North Korean Hackers Utilizing Credential Stuffing to Launch Cyberattacks - In an alarming new report, researchers found that North Korean-linked hackers have been using stolen passwords during cyberattacks to gain access to various government, military and financial networks. According to security experts, the creative ...
1 year ago Thehackernews.com
Jason's Deli Restaurant Chain Hit by a Credential Stuffing Attack - The personal information of more than 340,000 customers of popular restaurant chain Jason's Deli may have been victims of a credential stuffing attack, a scheme in which the hacker uses stolen or leaked credentials to log into other online accounts. ...
5 months ago Securityboulevard.com
Okta to Acquire Spera Security - In a landmark move, Okta, the leading Identity and Access Management provider has announced its acquisition of Spera Security, a rising star in the Identity security space. Spera Security plays a strategic role in enhancing organizations' ...
6 months ago Cybersecuritynews.com
PayPal Warns 35,000 Users of Credential Stuffing Attacks - PayPal has warned 35,000 users that they may be vulnerable to credential stuffing attacks after a security breach. Credential stuffing is a type of attack in which hackers use lists of breached user credentials to attempt to gain access to an ...
1 year ago Securityweek.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
6 months ago Esecurityplanet.com
Cloudflare discloses breach related to stolen Okta data - Last fall, Cloudflare announced it mitigated an attempted cyberattack stemming from the infamous Okta breach. Cloudflare disclosed in a blog post that it had been breached by an unnamed nation-state threat actor using an access token and three ...
5 months ago Techtarget.com
US charges two more suspects with DraftKing account hacks - The U.S. Department of Justice arrested and charged two more suspects for their involvement in the hacking of almost 68,000 DraftKings accounts in a November 2022 credential stuffing attack. One month later, DraftKings said it had refunded hundreds ...
5 months ago Bleepingcomputer.com
23andMe failed to detect mega-breach attackers for 5 months The Register - Biotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity for the entire five months attackers were breaking into user accounts. In a collection ...
5 months ago Go.theregister.com
Okta - Okta is an enterprise-grade, identity management service that connects any person with any application on any device. It’s built for the cloud, but is also compatible with many on-premises applications. With Okta, IT can manage any employee’s ...
7 months ago
Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware - Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. BleepingComputer has learned there is more to this attack, with threat actors ...
3 months ago Bleepingcomputer.com
Teenager Who Allegedly Bragged 'Fraud Is Fun' Pleads Guilty To Sports Betting Hack - A Wisconsin man pleaded guilty to a hacking scheme that stole about $600,000 from more than a thousand DraftKings accounts, prosecutors said Wednesday, months after accusing the 19-year-old defendant of telling a co-conspirator "Fraud is fun"-as the ...
7 months ago Forbes.com
Ta444 Turn Credential Harvesting Activity: A Comprehensive Guide - The Ta444 cyber threat group is one of the most active cybercriminals in the world, and one of their notable methods is credential harvesting. Credential harvesting is the process of stealing user’s information, such as usernames, passwords, credit ...
1 year ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)