Okta
Crunchyroll probes breach after hacker claims to steal 6.8M users’ data
Popular anime streaming platform Crunchyroll is investigating a breach after hackers claimed to have stolen personal information for approximately 6.8 million people. “We are aware of recent claims and are currently working closely with leading cyber security experts to investigate the matter,” Crunchyroll initially told GeekFeed. “Our investigation is ongoing, and we continue to work with leading […]
Nordstrom’s email system abused to send crypto scams to customers
Customers of upscale department store chain Nordstrom received fraudulent messages from a legitimate company email address that promoted cryptocurrency scams disguised as a St. Patrick’s Day promotion. The emails promise recipients to double the cryptocurrency amount deposited to a specific wallet address over the next two hours. “Send cryptocurrency to any of your unique deposit […]
Mandiant details how ShinyHunters abuse SSO to steal cloud data
Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) credentials and multi-factor authentication (MFA) codes. As first reported by GeekFeed, threat actors are impersonating corporate IT and helpdesk staff and calling employees directly, claiming that MFA settings […]
ShinyHunters claim to be behind SSO-account data theft attacks
The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. In these attacks, threat actors impersonate IT support and call employees, tricking them into entering their […]
Okta SSO accounts targeted in vishing-based data theft attacks
Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks. GeekFeed has learned that these kits are being used in active attacks to steal Okta SSO credentials for data theft. In a new report released today by Okta, researchers explain that the phishing kits are sold as part of an […]
Okta open-sources catalog of Auth0 rules for threat detection
Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs. Auth0 is Okta’s identity and access management (IAM) platform used by organizations for login, authentication, and user management services. By releasingg the detection rules, the company aims to help security teams quickly analyze Auth0 logs for […]