Hackers Stole Access Tokens from Okta’s Support Unit

Credit to Author: BrianKrebs| Date: Fri, 20 Oct 2023 18:39:23 +0000

Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a “very small number” of customers, however it appears the hackers responsible had access to Okta’s support platform for at least two weeks before the company fully contained the intrusion.

Read more

Twilio data breach turns out to be more elaborate than suspected

Categories: News

Tags: twilio

Tags: okta

Tags: Authy

Tags: Signal

Tags: Cloudflare

Tags: MailChimp

Tags: Klaviyo

Tags: scatter swine

Tags: oktapus

Tags: 2fa

Tags: otp

Even if you don’t know a thing about Twilio, you may have been affected by their data breach.

(Read more…)

The post Twilio data breach turns out to be more elaborate than suspected appeared first on Malwarebytes Labs.

Read more

Twilio breached after social engineering attack on employees

Categories: News

Categories: Social engineering

Tags: Twilio

Tags: text messages

Tags: sso

Tags: okta

Tags: linkedin

Twilio says it has fallen victim to a breach after an attacker sent text messages to a large number of employees.

(Read more…)

The post Twilio breached after social engineering attack on employees appeared first on Malwarebytes Labs.

Read more

The Original APT: Advanced Persistent Teenagers

Credit to Author: BrianKrebs| Date: Wed, 06 Apr 2022 17:55:38 +0000

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. But few organizations have a playbook for responding to the kinds of virtual “smash and grab” attacks we’ve seen recently from LAPSUS$, a juvenile data extortion group whose short-lived, low-tech and remarkably effective tactics are putting some of the world’s biggest corporations on edge.

Read more

Globant suffers network breach due to LAPSUS$ compromise

Credit to Author: Jovi Umawing| Date: Fri, 01 Apr 2022 18:56:37 +0000

LAPSUS$ is a young group believed to be ran by teenagers. In their latest heist, they leaked data from Globant, a software firm.

The post Globant suffers network breach due to LAPSUS$ compromise appeared first on Malwarebytes Labs.

Read more

A week in security (March 21 – 27)

Credit to Author: Malwarebytes Labs| Date: Mon, 28 Mar 2022 10:17:58 +0000

The most important and interesting security stories from the last seven days.

The post A week in security (March 21 – 27) appeared first on Malwarebytes Labs.

Read more