Twilio Hackers Scarf 10K Okta Credentials in Sprawling Supply Chain Attack

The "0ktapus" cyberattackers set up a well-planned spear-phishing effort that affected at least 130 orgs beyond Twilio and Cloudflare, including Digital Ocean and Mailchimp. [TechWeb]( Follow Dark Reading: [RSS]( August 26, 2022 LATEST SECURITY NEWS & COMMENTARY [Twilio Hackers Scarf 10K Okta Credentials in Sprawling Supply Chain Attack]( The "0ktapus" cyberattackers set up a well-planned spear-phishing effort that affected at least 130 orgs beyond Twilio and Cloudflare, including Digital Ocean and Mailchimp. [More Bang for the Buck: Cross-Platform Ransomware Is the Next Problem]( As cryptocurrency valuations make strikes less lucrative, ransomware gangs like the new RedAlert and Monster groups are modifying their tools to attack across platforms. [Senior-Level Women Leaders in Cybersecurity Form New Nonprofit]( The Forte Group, which gained momentum as an informal organization during the pandemic, will offer career development and advocacy for women execs in cybersecurity as well as newcomers. [Thousands of Organizations Remain at Risk From Critical Zero-Click IP Camera Bug]( The US Cybersecurity and Infrastructure Security Agency had wanted federal agencies to implement the fix for the RCE flaw in Hikvision cameras by Jan. 24, 2022. [What You Need to Know About the Psychology Behind Cyber Resilience]( Understanding how and why people respond to cyber threats is key to building cyber-workforce resilience. [New Exterro FTK Update Accelerates Mobile Digital Forensics]( The FTK 7.6 portfolio promises better integration with other security and network resources, as well as unified analysis of mobile and computer evidence. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Why Empathy Is the Key to Better Threat Modeling]( Avoid the disconnect between seeing the value in threat modeling and actually doing it with coaching, collaboration, and integration. Key to making it "everybody's thing" is communication between security and development teams. [DevSecOps Gains Traction — but Security Still Lags]( Almost half of teams develop and deploy software using a DevSecOps approach, but security remains the top area of investment, a survey finds. [Mudge Blows Whistle on Alleged Twitter Security Nightmare]( Lawmakers and cybersecurity insiders are reacting to a bombshell report from former Twitter security head Mudge Zatko, alleging reckless security lapses that could be exploited by foreign adversaries. [MORE]( EDITORS' CHOICE [CISA: Just-Disclosed Palo Alto Networks Firewall Bug Under Active Exploit]( The bug tracked as CVE-2022-0028 allows attackers to hijack firewalls without authentication, in order to mount DDoS hits on their targets of choice. LATEST FROM THE EDGE [Cybercriminals Weaponizing Ransomware Data for BEC Attacks]( Attacked once, victimized multiple times: Data marketplaces are making it easier for threat actors to find and use data exfiltrated during ransomware attacks in follow-up attacks. LATEST FROM DR TECHNOLOGY [New Exterro FTK Update Accelerates Mobile Digital Forensics]( The FTK 7.6 portfolio promises better integration with other security and network resources, as well as unified analysis of mobile and computer evidence. WEBINARS - [Manage Your Unmanaged Cloud Attack Surface]( Have recent events forced your organization to accelerate your digital transformation projects? With IT, DevOps and security teams running at redline, attackers are constantly looking for configuration mistakes or vulnerabilities to exploit. While many security teams have worked to develop ... - [Malicious Bots: What Enterprises Need to Know]( Bots are launching more complex and targeted attacks such as price scraping, credential stuffing, scalping, and credit card fraud, but many security defenders are still focused on only the most obvious attacks. Automated bot attacks are on the rise, but ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [Eight Best Practices for a Data-Driven Approach to Cloud Migration]( - [Sumo Logic for Continuous Intelligence]( - [The Many Facets of Modern Application Development]( - [Optimizing Endpoint Protection]( - [Ambush Attackers at the Endpoint with the Endpoint Detection Net (EDN) Suite]( [View More White Papers >>]( FEATURED REPORTS - [6 Elements of a Solid IoT Security Strategy]( - [Practical Network Security Approaches for a Multicloud, Hybrid IT World]( The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network - [State of the Cloud: A Security Perspective]( Cloud computing has evolved over the years from a nice-to-have item on the IT wish list to a core technology driving business initiatives. But despite widespread adoption, cloud-based IT systems continue to be saddled with issues related to data security, ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [ReasonLabs Launches Free Online Security Tool to Power Secure Web Experience for Millions of Global Users]( [Wyden Renews Call to Encrypt Twitter DMs, Secure Americans' Data From Unfriendly Foreign Governments]( [Cyberstarts Closes $60M in Seed Fund III]( [The (Nation) State of Cyber: 64% of Businesses Suspect They've Been Targeted or Impacted by Nation-State Attacks]( [Penetration Testing Market Worth $2.7B By 2027: MarketsandMarkets(TM) Report]( [Optiv's Annual $40K Scholarship for Black, African-American-Identifying STEM Students Now Open for Applicants]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Living on the Edge: Building and Maintaining Security at the Network Edge]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)