Tag Archive for: acted.

Up To 366 Clients Had Data ‘Acted Upon’ in Lapsus$ Hack


As many as 366 Okta customers might have had their data ‘acted upon’ following the Lapsus$ cyberattack against the identity security giant’s customer support subcontractor.

“A small percentage of customers – approximately 2.5 percent – have potentially been impacted and whose data may have been viewed or acted upon,” Okta Chief Security Officer David Bradbury wrote in an update posted at 9:31 p.m. ET Tuesday.

The San Francisco-based company didn’t provide details around how these customers were impacted but said affected customers will receive a report that shows the actions performed on their Okta tenant during the period in question. Okta said impacted customers might want to complete their own analysis, noting the report the company is providing should allow clients to assess the situation for themselves.

[Related: Okta Breached By Lapsus$, Exposing Customer Data, Group Claims]

“Our customers are our pride, purpose, and #1 priority,” Bradbury wrote in the update. “We take our responsibility to protect and secure customers’ information very seriously. We deeply apologize for the inconvenience and uncertainty this has caused.”

The cyberattack came to light early Tuesday when data extortion gang Lapsus$ posted screenshots to its Telegram channel of what it alleged was data from Okta customers. Lapsus$ claimed it acquired “superuser/admin” access to Okta.com and used that to access Okta’s customer data. Okta’s stock fell $2.98 (1.76 percent) to $166.43 per share in trading Tuesday, and another $0.04 in after-hours trading.

The screenshots Lapsus$ published online were taken from a computer used by a Sitel employee, which Okta contracts with for customer support work. The hacker obtained remote access to the Sitel support engineer’s computer using remote desktop protocol (RDP) and was able to control the machine. The machine was logged into Okta at the time of compromise, though there wasn’t account takeover.

The majority of support engineering tasks are performed using an internally built application called SuperUser, which allows for the performing of basic management functions on Okta customer tenants. The threat actor had…

Source…

U.S. Military Has Acted Against Ransomware Groups, General Acknowledges


SIMI VALLEY, Calif. — The U.S. military has taken actions against ransomware groups as part of its surge against organizations launching attacks against American companies, the nation’s top cyberwarrior said on Saturday, the first public acknowledgment of offensive measures against such organizations.

Gen. Paul M. Nakasone, the head of U.S. Cyber Command and the director of the National Security Agency, said that nine months ago, the government saw ransomware attacks as the responsibility of law enforcement.

But the attacks on Colonial Pipeline and JBS beef plants demonstrated that the criminal organizations behind them have been “impacting our critical infrastructure,” General Nakasone said.

In response, the government is taking a more aggressive, better coordinated approach against this threat, abandoning its previous hands-off stance. Cyber Command, the N.S.A. and other agencies have poured resources into gathering intelligence on the ransomware groups and sharing that better understanding across the government and with international partners.

“The first thing we have to do is to understand the adversary and their insights better than we’ve ever understood them before,” General Nakasone said in an interview on the sidelines of the Reagan National Defense Forum, a gathering of national security officials.

General Nakasone would not describe the actions taken by his commands, nor what ransomware groups were targeted. But he said one of the goals was to “impose costs,” which is the term military officials use to describe punitive cyberoperations.

“Before, during and since, with a number of elements of our government, we have taken actions and we have imposed costs,” General Nakasone said. “That’s an important piece that we should always be mindful of.”

In September, Cyber Command diverted traffic around servers being used by the Russia-based REvil ransomware group, officials briefed on the operation have said. The operation came after government hackers from an allied country penetrated the servers, making it more difficult for the group to collect ransoms. After REvil detected the U.S. action, it shut down at least temporarily. That Cyber Command operation…

Source…

FEC says Twitter acted legally in blocking Hunter Biden laptop stories, pointing to claim of intel warnings about hacking


The Federal Elections Commission said on Wednesday its members unanimously rejected complaints from the Republican National Committee and others that Twitter’s decision to block the sharing of links to articles from the New York Post related to Hunter Biden’s laptop constituted an illegal contribution to now-President Joe Biden’s candidacy.

In announcing the decision, the FEC pointed to Twitter’s assertion that part of the reason it stopped the spread of the New York Post articles in October was over concerns that foreign actors obtained the salacious materials through hacking. The social media giant claimed the U.S. Intelligence Community was warning about such an effort in the lead-up to the 2020 election. No evidence has emerged that the Hunter Biden laptop story stemmed from a foreign hacking operation.

The FEC said there was a 6-0 vote in finding “no reason to believe” that Twitter violated the law “by making corporate in-kind contributions” and “no reason to believe” that Twitter CEO Jack Dorsey or Brandon Borrman, who was Twitter vice president of global communications, broke the law.

In response to reporting on the decision published on Monday, RNC spokeswoman Emma Vaughn said the group was “weighing its options for appealing this disappointing decision from the FEC.”

An October complaint  from the RNC alleged: “Through its ad hoc, partisan oppression of media critical of Biden, [Twitter] is making illegal, corporate in-kind contributions as it provides unheard-of media services for Joe Biden’s campaign.” The RNC argued at the time that Twitter was “doing so for the clear purpose of supporting the Biden campaign.”

Robert Kelner, a lawyer who had represented retired Lt. Gen. Mike Flynn before Sidney Powell took over his representation, helped represent Twitter in the FEC complaint, writing in December that “Twitter undertook, for bona fide commercial reasons” actions to block potentially hacked content.

A lengthy statement from Yoel Roth, head of site integrity for Twitter, was included in Kelner’s response.

“Since 2018, I have…

Source…

Consumers have filed thousands of complaints about the Equifax data breach. The government still hasn’t acted.

  1. Consumers have filed thousands of complaints about the Equifax data breach. The government still hasn’t acted.  Vox
  2. Cyber saviours: Insurers paid tens of millions to data breach firm Equifax  Insurance Times
  3. Equifax cyber breach bill continues to soar  Insurance Business
  4. Full coverage

data breach – read more