Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label IAM system. Show all posts
Ransom Demand
CloudSEK Customer Data Customer Data Exposed Cybersecurity Breach Data Breach Fortnite IAM system MFA Ransom Demand

Fortinet Cybersecurity Breach Exposes Sensitive Customer Data

 

Fortinet experienced a significant cybersecurity breach involving a third-party cloud drive, where 440 GB of data was leaked by a hacker named “Fortibitch” after the company refused to pay the ransom. The breach affected about 0.3% of Fortinet’s customers, roughly 1,500 corporate users, and included sensitive information such as financial documents, HR data, customer details, and more. Experts highlight that the breach underscores the critical need for implementing rigorous cybersecurity measures like multi-factor authentication (MFA) and robust identity access management (IAM) systems. 

Multi-factor authentication is particularly emphasized as a vital layer of defense against unauthorized access, significantly reducing the risk of data exposure when combined with strong identity access management. Organizations need to ensure that they enforce MFA and other identity management protocols consistently, especially for accessing essential systems like SharePoint and cloud storage services. Jim Routh, Chief Trust Officer at Saviynt, pointed out the growing concern over cloud security, given its increased adoption in software development and data storage. He stressed that without proper safeguards, such as MFA and secure access controls, sensitive data is at risk of exposure. 

Cybersecurity analyst Koushik Pal from CloudSEK echoed this sentiment, advocating for stricter IAM policies and urging organizations to regularly monitor repositories for potential misconfigurations, exposed credentials, or sensitive data leaks. This kind of vigilance is necessary for all teams to adhere to security best practices and minimize vulnerabilities. Relying on third-party vendors for data storage, as Fortinet did, is not inherently dangerous but introduces additional risks if strict security protocols are not enforced. The breach serves as a reminder that even established cybersecurity companies can fall victim to attacks, highlighting the need for ongoing vigilance. 

According to Routh, it’s crucial for system administrators to manage accounts meticulously, ensuring that identity access management protocols are properly configured and that privileged access is monitored effectively. The breach exemplifies how cybercriminals exploit security weaknesses to gain unauthorized access to sensitive data. As cloud technologies continue to be integrated into businesses, the responsibility to protect data becomes increasingly important. Cybersecurity experts emphasize that organizations must invest in proper training, regularly update security measures, and remain vigilant to adapt to evolving cyber threats. 

Ensuring that MFA, identity management systems, and monitoring practices are in place can go a long way in protecting against similar breaches in the future. This Fortinet incident serves as a wake-up call, showing that no organization is entirely immune to cyber threats, regardless of its expertise in cybersecurity.
Read more »
Okta senior senior security research
Authomize researchers Cyber Attacks IAM system Identity Access and Management Mitiga Okta senior senior security research

Okta Post-Exploitation Method Reveals User Passwords


Post-exploitation attack technique has been discovered that enables adversaries to read cleartext user passwords for Okta, the identity access, and management (IAM) provider, acquiring extensive access to the corporate environment. 

Mitiga researchers found that if users unintentionally type their passwords in the "username" field when logging in, the IAM system saves them to audit logs. Threat actors who have acquired access to a company's system can then quickly harvest them, lift privileges, and gain access to several corporate assets that make use of Okta. 

In a post, Doron Karmi, Okta senior security researcher and principal security researcher and developer wrote, "In our research, we could easily use the logs to match the password with the valid user, resulting in gaining credentials to the Okta user account." They added further when adversaries log in to Okta as those users, it "expands the blast radius of the attack to the many platforms that Okta secures, and gaining further access to systems." 

Since Okta audit logs include specific data pertaining to user activity, such as usernames, IP addresses, and login timestamps, the vulnerability exists. The logs also reveal whether login attempts were made using a web browser or a mobile app and whether they were successful or failed. 

In Defense of Okta Features 

The cloud-based enterprise-grade IAM service, Okta, which links business users across applications and devices is now utilized by more than 17,000 customers around the globe. Although it was designed for cloud-based systems, many on-premises apps can also use it. 

According to a statement from the company released by Mitiga, representatives from Okta agree that preserving cleartext passwords in audit logs is "expected behavior when users mistakenly enter their password in the username field." Furthermore, only platform administrators, who are the system's most privileged users, have access to audit logs that store cleartext passwords, and they "should be trusted not to engage in malicious activities." 

It is not the first time the business has had to defend a platform feature that governs how user passwords are handled. In response to a report by Authomize researchers, Okta's architecture for password syncing allows malicious actors signed in as an app administrator of a downstream app to access passwords in plaintext, including admin credentials, even over encrypted channels, the company published a blog post in July of last year. 

The news followed claims made by the threat organization Lapsus$, which posted screenshots they claimed were taken from internal systems and claimed to have breached Okta using "superuser" account credentials. Although Okta later claimed it only discovered two actual breaches, it was revealed that 366 Okta customers could have been negatively impacted by that incident.   

Read more »
Subscribe to: Posts (Atom)