CyberSecurity Updates

20 Oct

Okta Support System Hacked, Sensitive Customer Data Stolen

Data Breaches, Information, News

Identity and access management tech firm Okta on Friday warned that hackers broke into its support case management system and stole sensitive data that can be used to impersonate valid users. A security notice from Okta security chief David Bradbury said the company found “adversarial activity” that leveraged access to a stolen credential to access the support case management system. “The threat actor was able to view files uploaded by certain Okta customers as part…

Read More
20 Oct

Hackers Stole Access Tokens from Okta’s Support Unit

Data Breaches, Information, Insights

Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a “very small number” of customers, however it appears the hackers responsible had access to Okta’s support platform for at least two weeks before the company fully contained the intrusion. In an advisory sent to an undisclosed…

Read More
20 Oct

In Other News: Energy Services Firm Hacked, Tech CEO Gets Prison Time, X Glitch Leads to CIA Channel Hijack

Data Breaches, Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
20 Oct

Philippine Military Ordered to Stop Using Artificial Intelligence Apps Due to Security Risks

Information, News

The Philippine defense chief has ordered all defense personnel and the 163,000-member military to refrain from using digital applications that harness artificial intelligence to generate personal portraits, saying they could pose security risks. Defense Secretary Gilberto Teodoro Jr. issued the order in an Oct. 14 memorandum, as Philippine forces have been working to weaken decades-old communist and Muslim insurgencies and defend territorial interests in the disputed South China Sea. The Department of National Defense on…

Read More
20 Oct

CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

Attacks, Insights, Malware

Today, CISA, in response to active, widespread exploitation, released guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). An unauthenticated remote actor could exploit these vulnerabilities to take control of an affected system. Specifically, these vulnerabilities allow the actor to create a privileged account that provides complete control over the device.    CISA urges organizations running Cisco IOS XE Web UI to review CISA’s guidance…

Read More
20 Oct

CISA Releases Fact Sheet on Effort to Revise the National Cyber Incident Response Plan (NCIRP)

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet on the effort to revise the National Cyber Incident Response Plan (NCIRP). Through the Joint Cyber Defense Collaborative (JCDC), CISA will work to ensure that the updated NCIRP addresses significant changes in policy and cyber operations since the initial NCIRP was released. First published in 2016, the NCIRP was developed in accordance with Presidential Policy Directive 41 (PPD-41) on U.S. Cyber Incident Coordination…

Read More
20 Oct

Better safe than sorry: 10 tips to build an effective business backup strategy

Information

Business Security How robust backup practices can help drive resilience and improve cyber-hygiene in your company Phil Muncaster 18 Oct 2023  •  , 5 min. read Could your company survive if its most critical data stores were suddenly encrypted or wiped out by cybercriminals? This is the worst-case scenario many organizations have been plunged into as a result of ransomware. But there are also many other scenarios that could create serious business risk for companies.…

Read More
19 Oct

Harmonic Lands $7M Funding to Secure Generative AI Deployments

Information, News

A British startup called Harmonic Security has attracted $7 million in seed-stage investment to build technology to help secure generative AI deployments in the enterprise. Harmonic, based in London and San Francisco, said it is working on software to mitigate against the ‘wild west’ of unregulated AI apps harvesting company data at scale. The company said the early-stage financing was led by Ten Eleven Ventures, an investment firm actively investing in cybersecurity startups. Storm Ventures…

Read More
19 Oct

CISA, NSA, FBI, and MS-ISAC Release Update to #StopRansomware Guide

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released an updated version of the joint #StopRansomware Guide. The update includes new prevention tips such as hardening SMB protocols, revised response steps, and added threat hunting insights. Developed through the U.S. Joint Ransomware Task Force (JRTF), #StopRansomware Guide is designed to be a one-stop resource to…

Read More
19 Oct

Oracle Releases October 2023 Critical Patch Update Advisory

Attacks, Insights, Malware

Oracle has released its Critical Patch Update Advisory for October 2023 to address 387 vulnerabilities across multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle Critical Patch Update Advisory – October 2023 and apply the necessary updates.  

Read More