Okta Post-Exploitation Method Exposes User Passwords

Accidentally typing a password in the username field of the platform saves them to audit logs, to which threat actors can gain access and use to compromise enterprise services. [TechWeb]( Follow Dark Reading: [RSS]( March 24, 2023 LATEST SECURITY NEWS & COMMENTARY [Okta Post-Exploitation Method Exposes User Passwords]( Accidentally typing a password in the username field of the platform saves them to audit logs, to which threat actors can gain access and use to compromise enterprise services. [New Android Malware Targets Customers of 450 Financial Institutions Worldwide]( "Nexus" is the latest in a vast and growing array of Trojans targeting mobile banking and cryptocurrency applications. [Epidemic of Insecure Storage, Backup Devices Is a Windfall for Cybercriminals]( Enterprise storage devices have 14 security weaknesses on average, putting them at risk of compromise by cyberattackers and especially ransomware attacks. [Bundestag Bungle: Political Microtargeting of Facebook Users Draws Ire]( With shades of the Cambridge Analytica scandal, German political parties skirted consumer data privacy regulations during the country's last parliamentary election, a privacy watchdog warns. [MITRE Rolls Out Supply Chain Security Prototype]( Cloud-based System of Trust application now available for test-driving quantitative risk assessment of suppliers of hardware, software, services. [Are You Talking to a Carbon, Silicon, or Artificial Identity?]( In the triumvirate of identity types, protecting the identity, privacy, and data of carbon-based forms — humans — is key. Safeguards must be in place as AI becomes more interactive. [The Board of Directors Will See You Now]( Help the board understand where the business is vulnerable, where controls end, and where exposure begins. [Just 1% of Nonprofit Domains Have Basic DMARC Email Security Protections]( DMARC blocks spam and phishing emails sent from spoofed domains, and it's vastly underutilized, a new report says. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Cybersecurity Skills Shortage, Recession Fears Drive 'Upskilling' Training Trend]( For companies, training an existing worker is cheaper than hiring, while for employees, training brings job security and more interesting work. [How to Keep Incident Response Plans Current]( Review and update plans to minimize recovery time. Practice and a well-thumbed playbook that considers different scenarios will ensure faster recovery of critical data. [Name That Toon: It's E-Live!]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [MORE]( EDITORS' CHOICE [Chinese Warships Suspected of Signal-Jamming Passenger Jets]( Attackers claiming to be part of the Chinese navy are making calls to commercial Qantas pilots midair, while GPS, comms systems, and altimeter instruments are all experiencing denial of service. LATEST FROM THE EDGE [How CISOs Can Work With the CFO to Get the Best Security Budget]( CISOs can and should push back when they're presented with budget costs that affect the business. Here's how. LATEST FROM DR TECHNOLOGY [Technology Firms Delivering Much-Sought Encryption-in-Use]( If the approaches stand up to scrutiny, companies may soon be able to encrypt most databases in a way that allows using data without the need to decrypt to plaintext. WEBINARS - [ChatGPT: Defending Your Business Against AI-Supercharged Ransomware]( This webinar will dig into the ways criminals are projected to take advantage of ChatGPT and other AI tools to improve the reach and effectiveness of their ransomware attacks. The session will conclude with a review of a 12-step plan ... - [Building Out the Best Response Playbook for Ransomware Attacks]( When ransomware locks up your business's critical data and essential gear, there is no time to panic. The organization needs answers fast: Is the infection going to spread to other endpoints? Will the attackers publicly dump the stolen information? How ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Relationship Between Security Maturity and Business Enablement]( - [Making Cybersecurity Mesh a Reality]( - [How to Simplify Security with a Cybersecurity Mesh Architecture]( - [Why Account Security Doesn't Stop at Login]( - [Empower Digital Transformation by Protecting Converged IT and OT]( - [IT/OT Convergence Enables Security Operations Synergies]( - [Cloud Journey Migration Stage: Adaptive Cloud Security]( [View More White Papers >>]( FEATURED REPORTS - [Shoring Up the Software Supply Chain Across Enterprise Applications]( Supply chain security attacks are growing at an alarming pace, and things are going to keep getting worse until DevSecOps teams get on the same page. A little help from the feds could also be welcome Modern-day software development depends ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Vectra Unifies AI-Driven Behavior-Based Detection and Signature-Based Detection]( [BigID's Data Security Posture Management Solution Integrates With SOAR Platforms]( [BlackBerry Announces New Patent Sale Transaction With Patent Monetization Company for Up to $900M]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The 10 Most Impactful Types of Vulnerabilities for Enterprises Today]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)