Bosses blinded by confidence about shadow AI use by workers
More than half of orgs in Okta survey faced an AI-related security incident or near miss last year
Okta is an identity and access management platform whose authentication services affect account security, access control, and breach response.
Search across headline titles and summaries.
Background for this topic.
Okta is a cloud identity and access management platform used to authenticate people, issue access to applications, and administer workforce or customer identities. Its capabilities commonly include single sign-on, multifactor authentication, directory and lifecycle management, and policy-based authorization across SaaS, on-premises, and custom applications.
Because Okta can control access to many systems, its administrator accounts, identity APIs, integrations, and authentication sessions are high-value security surfaces. Organizations should apply least privilege, phishing-resistant MFA where feasible, careful separation of administrative roles, and prompt removal of departing users; misconfigured federation or provisioning can otherwise grant excessive or persistent access. Logs covering administrator activity, authentication events, token use, and changes to applications or policies support detection and incident response. Security advisories and vulnerability assessments should include Okta agents, connectors, browser components, and downstream integrations, while investigations should consider revoking sessions and rotating affected credentials.
Weekly headline count for the current query.
More than half of orgs in Okta survey faced an AI-related security incident or near miss last year
Where are you? What are you working on? Why are you doing that? Identity access and management platform Okta announced the general availability of its Okta for AI Agents, which will give customers the ability to do three things: locate agents, see what they’re doing, and shut them down if need be.…
Atlassian, RingCentral, ZoomInfo also among tech targets ShinyHunters has targeted around 100 organizations in its latest Okta single sign-on (SSO) credential stealing campaign, according to researchers and the criminal group itself.…
'A lot more' victims to come, we're told ShinyHunters has claimed responsibility for an Okta voice-phishing campaign during which the extortionist crew allegedly gained access to Crunchbase and Betterment.…
Identity management vendors like Okta see an opening to calm CISOs worried about agents running amok The fear of AI agents running amok has thus far halted the wide deployment of these digital workhorses, Okta's president of Auth0, Shiv Ramji, told The Register.…
It's not just big tech anymore The North Korean IT worker threat extends well beyond tech companies, with fraudsters interviewing at a "surprising" number of healthcare orgs, according to Okta Threat Intelligence.…
Okta uncovers new phishing-as-a-service operation with 'multiple entities' falling victim Multiple attackers using a new phishing service dubbed VoidProxy to target organizations' Microsoft and Google accounts have successfully stolen users' credentials, multi-factor authentication codes, and session tokens in real time, according to security researchers.…
Mondays are for checking months of logs, apparently, if MFA's not enabled In potentially bad news for those with long names and/or employers with verbose domain names, Okta spotted a security hole that could have allowed crims to pass Okta AD/LDAP Delegated Authentication (DelAuth) using only a username.…
Let Okta lift the lid on customer identity in this series of webinars Sponsored Post Recent reports suggest that stolen identity and privileged access credentials now account for 61 percent of all data breaches.…
Wave of Okta attacks mark what researchers are calling the biggest security trend of the year IT helpdesk workers are increasingly the target of cybercriminals – a trend researchers have described as "the most noteworthy" of the past year.…
Atlassian systen compromised via October Okta intrusion Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October.…
All customer support users told their info was accessed after analysis oversight Okta has admitted that the number of customers affected by its October customer support system data breach is far greater than previously thought.…
Plus: CVSS 4.0 is here, this week's critical vulns, and 'incident' hit loan broker promises no late fees. Generous Infosec in brief Okta has confirmed details of its October breach, reporting that the incident led to the compromise of files belonging to 134 customers, "or less than 1 percent of Okta customers." …
The hits keep on coming for troubled ID management biz Okta has sent out breach notifications to almost 5,000 employees, warning them that miscreants breached one of its third-party vendors and stole a file containing staff names, social security numbers, and health or medical insurance plan numbers.…
Says logins are safe, as high-profile customers complain they knew about the breach before Okta 1Password is confirming it was attacked by cyber criminals after Okta was breached for the second time in as many years, but says customers' login details are safe.…
Oktapus phishing campaign criminals are back in action Customers of cloudy identification vendor Okta are reporting social engineering attacks targeting their IT service desks in attempts to compromise user accounts with administrator permissions.…
The hack wraps up a year of bad security incidents for identity Intruders copied source code belonging to Okta after breaching the identity management company's GitHub repositories.…
Once former supplier Sitel coughed up its logs, it became apparent the attacker was hemmed in Okta has completed its analysis of the March 2022 incident that saw The Lapsus$ extortion crew get a glimpse at some customer information, and concluded that its implementation of zero trust techniques foiled the attack – and that its (former) outsourced customer service provider Sitel was largely to blame for the confusion surrounding the incident.…
Meanwhile, Okta squirms as further details of slow hack response emerge Extortion gang Lapsus$ may to be back at work, despite the arrest of seven alleged operatives.…
Changes story again to say customers weren't in danger, admits it waited for incident report instead of asking tough questions Identity-management-as-a-service outfit Okta has acknowledged that it made an important mistake in its handling of the attack on a supplier by extortion gang Lapsus$.…