24.10.2023., 14:20
|
#135
|
|
McG
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 6,783
|
Citiraj:
1Password discloses security incident linked to Okta breach
Citiraj:
|
1Password, a popular password management platform used by over 100,000 businesses, suffered a security incident after hackers gained access to its Okta ID management tenant. On Friday, Okta disclosed that threat actors breached its support case management system using stolen credentials. In a report released Monday afternoon, 1Password says threat actors breached its Okta tenant using a stolen session cookie for an IT employee. According to the report, a member of the 1Password IT team opened a support case with Okta and provided a HAR file created from the Chrome Dev Tools. This HAR file contains the same Okta authentication session used to gain unauthorized access to the Okta administrative portal. However, there appears to be some confusion about how 1Password was breached, as Okta claims that their logs do not show that the IT employee's HAR file was accessed until after 1Password’s security incident. 1Password states that they have since rotated all of the IT employee's credentials and modified their Okta configuration, including denying logins from non-Okta IDPs, reducing session times for administrative users, tighter rules on MFA for administrative users, and reducing the number of super administrators.
|
Izvor: BleepingComputer
|
__________________
AMD Ryzen 7 Pro 4750G + Vega iGPU | be quiet! Pure Rock 2 Black | MSI B450 Tomahawk Max II | 32GB G.Skill DDR4-2666 Value | 256GB AData SX8200 Pro NVMe | 2x4TB WD Red Plus | Fractal Define 7 Compact | Corsair CX450M
|
|
|