CINXE.COM

<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"><channel><title><![CDATA[Okta Security RSS Feed]]></title><description><![CDATA[The Okta security team's goal is to provide practical web security tools, solutions, and education to help make all applications safer. Read our security research and find our Github projects.]]></description><link>https://sec.okta.com</link><generator>GatsbyJS</generator><lastBuildDate>Wed, 19 Mar 2025 17:24:58 GMT</lastBuildDate><item><title><![CDATA[CSO Conversations: Matthew Hansen, Regional CSO of Americas West]]></title><description><![CDATA[CSO Conversations is a blog series interviewing Okta’s Regional CSOs supporting David Bradbury, Okta’s Chief Security Officer in providing the best service for our customers. Okta’s Regional CSOs are integral to Okta’s Security Trust and Culture team, building and strengthening trusted advisor relationships with global security thought leadership.]]></description><link>https://sec.okta.com/articles/2025/03/cso-conversations-matthew-hansen/</link><guid isPermaLink="false">https://sec.okta.com/articles/2025/03/cso-conversations-matthew-hansen/</guid><pubDate>Wed, 19 Mar 2025 00:00:00 GMT</pubDate></item><item><title><![CDATA[Empowering Security with Customer Trust Solutions]]></title><description><![CDATA[This is the second blog publication in our series on Security Customer Trust. In our first blog, we explored how Okta’s Security Customer Trust team proactively maintains transparency and introduced our mission: to bolster security outcomes for Okta and the communities we serve. In this blog, we’ll touch on how we’ve introduced efficiencies in supporting these challenges through enablement, automation and self-service accesses.]]></description><link>https://sec.okta.com/articles/2025/03/empowering-security-with-customer-trust-solutions/</link><guid isPermaLink="false">https://sec.okta.com/articles/2025/03/empowering-security-with-customer-trust-solutions/</guid><pubDate>Wed, 12 Mar 2025 00:00:00 GMT</pubDate></item><item><title><![CDATA[Putting Security First with Secure Development]]></title><description><![CDATA[At Okta, prioritizing security at the earliest stages of technology development and throughout the Software Development Lifecycle (SDLC) is of utmost importance. This blog article introduces our new Secure Development Lifecycle (SDL) whitepaper and highlights the importance of secure development practices throughout the technology lifecycle.]]></description><link>https://sec.okta.com/articles/2025/03/putting-security-first-with-secure-development/</link><guid isPermaLink="false">https://sec.okta.com/articles/2025/03/putting-security-first-with-secure-development/</guid><pubDate>Wed, 05 Mar 2025 00:00:00 GMT</pubDate></item><item><title><![CDATA[One trick finds the root of any Okta troubles]]></title><description><![CDATA[Use these two System Log queries to see every event during a given user session, or every event that used a given API token.]]></description><link>https://sec.okta.com/articles/rootsessionidroottokenid/</link><guid isPermaLink="false">https://sec.okta.com/articles/rootsessionidroottokenid/</guid><pubDate>Mon, 03 Mar 2025 06:00:00 GMT</pubDate></item><item><title><![CDATA[CSO Conversations: Stephen McDermid, Regional CSO of EMEA]]></title><description><![CDATA[CSO Conversations is a blog series interviewing Okta’s Regional CSOs supporting David Bradbury, Okta’s Chief Security Officer in providing the best service for our customers. Okta’s Regional CSOs are integral to Okta’s Security Trust and Culture team, building and strengthening trusted advisor relationships with global security thought leadership.]]></description><link>https://sec.okta.com/articles/2025/02/cso-conversations-stephen-mcdermid/</link><guid isPermaLink="false">https://sec.okta.com/articles/2025/02/cso-conversations-stephen-mcdermid/</guid><pubDate>Wed, 26 Feb 2025 11:00:00 GMT</pubDate></item><item><title><![CDATA[Content-Security-Policy in a Complex Environment]]></title><description><![CDATA[Content-Security-Policy (CSP) is essentially allow-list policy that dictates what a web page can load. CSP is complex to implement and rollout - even a minor mistake could mean that important parts of the page will not load, which in Okta’s case could mean trouble authenticating. This blog article aims to provide a glimpse into our secure implementation journey and guidance for the industry based on lessons learned.]]></description><link>https://sec.okta.com/articles/2025/02/content-security-policy-in-a-complex-environment/</link><guid isPermaLink="false">https://sec.okta.com/articles/2025/02/content-security-policy-in-a-complex-environment/</guid><pubDate>Wed, 19 Feb 2025 00:00:00 GMT</pubDate></item><item><title><![CDATA[CSO Conversations: Keiko Itakura, Regional CSO of Japan]]></title><description><![CDATA[CSO Conversations is a blog series interviewing Okta’s Regional CSOs supporting David Bradbury, Okta’s Chief Security Officer in providing the best service for our customers. Okta’s Regional CSOs are integral to Okta’s Security Trust and Culture team, building and strengthening trusted advisor relationships with global security thought leadership.]]></description><link>https://sec.okta.com/articles/2025/02/cso-conversations-keiko-itakura/</link><guid isPermaLink="false">https://sec.okta.com/articles/2025/02/cso-conversations-keiko-itakura/</guid><pubDate>Wed, 12 Feb 2025 11:00:00 GMT</pubDate></item><item><title><![CDATA[How Okta Embraces Identity Verification Using Persona]]></title><description><![CDATA[Given the current geopolitical environment and remote work becoming a norm, it is increasingly common for individuals to use fraudulent, or stolen Identities to apply for employment with highly targeted companies, especially in the cybersecurity industry. This article details how Okta leverages Persona's technology for secure Identity verification.]]></description><link>https://sec.okta.com/articles/2025/02/how-okta-embraces-identity-verification-using-persona/</link><guid isPermaLink="false">https://sec.okta.com/articles/2025/02/how-okta-embraces-identity-verification-using-persona/</guid><pubDate>Wed, 05 Feb 2025 10:00:00 GMT</pubDate></item><item><title><![CDATA[CSO Conversations: Matt Immler, Regional CSO of Americas East]]></title><description><![CDATA[CSO Conversations is a blog series interviewing Okta’s Regional CSOs supporting David Bradbury, Okta’s Chief Security Officer in providing the best service for our customers. Okta’s Regional CSOs are integral to Okta’s Security Trust and Culture team, building and strengthening trusted advisor relationships with global security thought leadership.]]></description><link>https://sec.okta.com/articles/2025/01/cso-conversations-matt-immler/</link><guid isPermaLink="false">https://sec.okta.com/articles/2025/01/cso-conversations-matt-immler/</guid><pubDate>Wed, 22 Jan 2025 00:00:00 GMT</pubDate></item><item><title><![CDATA[Raising the Bar for our Industry with IPSIE]]></title><description><![CDATA[To set the stage and advance the tech sector, the OpenID Foundation (OIDF) recently announced the formation of a new working group with support from Okta, Ping Identity, Microsoft, SGNL, Beyond Identity, and Capital One. The Interoperability Profiling for Secure Identity in the Enterprise, or IPSIE, is the name of the OpenID Foundation working group tasked with establishing this new Identity standard.]]></description><link>https://sec.okta.com/articles/2025/01/raising-the-bar-for-the-industry-with-ipsie/</link><guid isPermaLink="false">https://sec.okta.com/articles/2025/01/raising-the-bar-for-the-industry-with-ipsie/</guid><pubDate>Wed, 15 Jan 2025 10:00:00 GMT</pubDate></item><item><title><![CDATA[Cyber-Safety over the Holidays]]></title><description><![CDATA[At Okta, we believe in sharing valuable, actionable security insights because we Love our Customers. Check out our Security Culture team’s cyber-safety checklist to help keep your digital Identity safe this holiday season.]]></description><link>https://sec.okta.com/articles/2024/cyber-safety-over-the-holidays/</link><guid isPermaLink="false">https://sec.okta.com/articles/2024/cyber-safety-over-the-holidays/</guid><pubDate>Wed, 18 Dec 2024 11:00:00 GMT</pubDate></item><item><title><![CDATA[Okta Social Engineering Impersonation Report - Response and Recommendation]]></title><description><![CDATA[Okta has identified an increase in phishing social engineering attempts. This report provides guidance on what you can expect when getting technical assistance from Okta Support, or contact from Okta.]]></description><link>https://sec.okta.com/articles/2024/okta-social-engineering-report-response-and-recommendation/</link><guid isPermaLink="false">https://sec.okta.com/articles/2024/okta-social-engineering-report-response-and-recommendation/</guid><pubDate>Wed, 11 Dec 2024 11:00:00 GMT</pubDate></item><item><title><![CDATA[Five Reasons to Upgrade your Org to Okta Identity Engine]]></title><description><![CDATA[Okta’s Identity Engine offers the most modern way to customize your Okta experience and implement flexible, customized Identity use cases.]]></description><link>https://sec.okta.com/articles/2024/five-reasons-to-upgrade-to-oie/</link><guid isPermaLink="false">https://sec.okta.com/articles/2024/five-reasons-to-upgrade-to-oie/</guid><pubDate>Wed, 20 Nov 2024 10:00:00 GMT</pubDate></item><item><title><![CDATA[Okta’s Ongoing Commitment to Secure By Design]]></title><description><![CDATA[Our progress against the CISA Secure By Design Pledge.]]></description><link>https://sec.okta.com/articles/cisasecurebydesign1/</link><guid isPermaLink="false">https://sec.okta.com/articles/cisasecurebydesign1/</guid><pubDate>Thu, 31 Oct 2024 00:00:00 GMT</pubDate></item><item><title><![CDATA[Unveiling the Essence of the Security Customer Trust Function]]></title><description><![CDATA[Trust plays a pivotal role in getting new prospects interested and retaining current customers. Earning and maintaining customer trust isn't just a goal; it's a commitment guiding every decision.]]></description><link>https://sec.okta.com/articles/2024/09/unveiling-essence-security-customer-trust/</link><guid isPermaLink="false">https://sec.okta.com/articles/2024/09/unveiling-essence-security-customer-trust/</guid><pubDate>Tue, 17 Sep 2024 12:14:00 GMT</pubDate></item><item><title><![CDATA[Security Education Through the Art of Storytelling]]></title><description><![CDATA[In today's digital world, cybersecurity isn't just a technical issue, it's a human one. ]]></description><link>https://sec.okta.com/articles/security-education-storytelling/</link><guid isPermaLink="false">https://sec.okta.com/articles/security-education-storytelling/</guid><pubDate>Thu, 05 Sep 2024 08:00:00 GMT</pubDate></item><item><title><![CDATA[Seven Ways to Reduce Super Admins in Okta]]></title><description><![CDATA[The first step in your journey to Zero Standing Privileges is to reduce the standing assignment of highly privileged roles.]]></description><link>https://sec.okta.com/articles/seven-fewer-super-admins/</link><guid isPermaLink="false">https://sec.okta.com/articles/seven-fewer-super-admins/</guid><pubDate>Mon, 02 Sep 2024 00:00:00 GMT</pubDate></item><item><title><![CDATA[The Case for Zero Standing Privileges ]]></title><description><![CDATA[Why privileged users need to embrace Just-In-Time role assignment.]]></description><link>https://sec.okta.com/articles/caseforzerostandingprivileges/</link><guid isPermaLink="false">https://sec.okta.com/articles/caseforzerostandingprivileges/</guid><pubDate>Mon, 19 Aug 2024 00:00:00 GMT</pubDate></item><item><title><![CDATA[FastPass: The battle-hardened authenticator]]></title><description><![CDATA[A short history of hardening Okta FastPass.]]></description><link>https://sec.okta.com/articles/fastpasshardening/</link><guid isPermaLink="false">https://sec.okta.com/articles/fastpasshardening/</guid><pubDate>Thu, 08 Aug 2024 01:00:00 GMT</pubDate></item><item><title><![CDATA[Detecting Cross-Origin Authentication Credential Stuffing Attacks]]></title><description><![CDATA[Summary Okta has determined that the cross-origin authentication feature in Customer Identity Cloud (CIC) is prone to being targeted by threat actors orchestrating credential-stuffing attacks. As part of our Okta Secure Identity Commitment and commit ...]]></description><link>https://sec.okta.com/articles/2024/05/detecting-cross-origin-authentication-credential-stuffing-attacks/</link><guid isPermaLink="false">https://sec.okta.com/articles/2024/05/detecting-cross-origin-authentication-credential-stuffing-attacks/</guid><pubDate>Tue, 28 May 2024 16:38:31 GMT</pubDate></item><item><title><![CDATA[How to Block Anonymizing Services using Okta]]></title><description><![CDATA[Over the last month, Okta has observed an increase in the frequency and scale of credential stuffing attacks targeting online services, facilitated by the broad availability of residential proxy services, lists of previously stolen credentials (“comb ...]]></description><link>https://sec.okta.com/articles/blockanonymizers/</link><guid isPermaLink="false">https://sec.okta.com/articles/blockanonymizers/</guid><pubDate>Sat, 27 Apr 2024 03:59:59 GMT</pubDate></item><item><title><![CDATA[Why Cyber-heroes need a Zero Trust CAEP!]]></title><description><![CDATA[In the modern digital landscape, where threats evolve and organizational perimeters extend into the cloud, maintaining a strong security posture requires more than static defense mechanisms. This is where the Continuous Access Evaluation Profile (CAE ...]]></description><link>https://sec.okta.com/articles/2024/04/why-cyber-heroes-need-zero-trust-caep/</link><guid isPermaLink="false">https://sec.okta.com/articles/2024/04/why-cyber-heroes-need-zero-trust-caep/</guid><pubDate>Tue, 23 Apr 2024 23:12:34 GMT</pubDate></item><item><title><![CDATA[ Okta Verify Vulnerability Disclosure Report - Response and Remediation]]></title><description><![CDATA[Summary Okta has confirmed and remediated a reported Okta Verify vulnerability. No action is needed by customers, and outside of the original proof of concept Okta did not identify any evidence of attempts to exploit this vulnerability. As part of ou ...]]></description><link>https://sec.okta.com/articles/2024/04/okta-verify-vulnerability-disclosure-report-response-and-remediation/</link><guid isPermaLink="false">https://sec.okta.com/articles/2024/04/okta-verify-vulnerability-disclosure-report-response-and-remediation/</guid><pubDate>Tue, 23 Apr 2024 22:59:10 GMT</pubDate></item><item><title><![CDATA[Defensive Domain Registration is a Mug’s Game ]]></title><description><![CDATA[Summary: The time and effort spent on defensive domain registration would be better invested in writing phishing-resistant authentication policies. Today I want to make the case that registering domains for the sole purpose of protecting against phis ...]]></description><link>https://sec.okta.com/articles/2024/04/defensive-domain-registration-mugs-game/</link><guid isPermaLink="false">https://sec.okta.com/articles/2024/04/defensive-domain-registration-mugs-game/</guid><pubDate>Wed, 03 Apr 2024 16:49:17 GMT</pubDate></item><item><title><![CDATA[Protecting Administrative Sessions in Okta]]></title><description><![CDATA[Privileged users have always been and should always expect to be under constant attack from motivated adversaries. Over the last 90 days, Okta has devoted many of our most skilled resources into a program of work that dramatically hardens the Okta Ad ...]]></description><link>https://sec.okta.com/articles/protectingadminsessions/</link><guid isPermaLink="false">https://sec.okta.com/articles/protectingadminsessions/</guid><pubDate>Thu, 21 Mar 2024 08:13:16 GMT</pubDate></item><item><title><![CDATA[How to Secure the SaaS Apps of the Future]]></title><description><![CDATA[Over the past few years we’ve observed a fundamental shift in the threat model for highly targeted organizations. Today, if an attacker can’t manage to steal user credentials for highly targeted organizations, they will pivot to instead stealing a us ...]]></description><link>https://sec.okta.com/articles/appsofthefuture/</link><guid isPermaLink="false">https://sec.okta.com/articles/appsofthefuture/</guid><pubDate>Tue, 05 Mar 2024 06:42:25 GMT</pubDate></item><item><title><![CDATA[Okta October 2023 Security Incident Investigation Closure]]></title><description><![CDATA[Related Posts: Recommended Actions - Nov 29, 2023 / Root Cause Analysis [RCA] - Nov 3, 2023 / Security Incident - Oct 20, 2023 Stroz Friedberg, a leading cybersecurity forensics firm engaged by Okta, has concluded its independent investigation of the ...]]></description><link>https://sec.okta.com/articles/harfiles/</link><guid isPermaLink="false">https://sec.okta.com/articles/harfiles/</guid><pubDate>Thu, 08 Feb 2024 12:34:22 GMT</pubDate></item><item><title><![CDATA[October Customer Support Security Incident - Update and Recommended Actions ]]></title><description><![CDATA[Related Posts: Root Cause Analysis [RCA] - Nov 3, 2023 / Security Incident - Oct 20, 2023 In the wake of the security incident Okta disclosed in October 2023 affecting our customer support management system (also known as the Okta Help Center), Okta ...]]></description><link>https://sec.okta.com/articles/october-security-incident-recommended-actions/</link><guid isPermaLink="false">https://sec.okta.com/articles/october-security-incident-recommended-actions/</guid><pubDate>Wed, 29 Nov 2023 08:03:19 GMT</pubDate></item><item><title><![CDATA[Unauthorized Access to Okta's Support Case Management System: Root Cause and Remediation]]></title><description><![CDATA[Executive Summary We offer our apologies to those affected customers, and more broadly to all our customers that trust Okta as their identity provider. We are deeply committed to providing up-to-date information to all our customers. On Thursday, Oct ...]]></description><link>https://sec.okta.com/articles/2023/11/unauthorized-access-oktas-support-case-management-system-root-cause/</link><guid isPermaLink="false">https://sec.okta.com/articles/2023/11/unauthorized-access-oktas-support-case-management-system-root-cause/</guid><pubDate>Fri, 03 Nov 2023 09:08:48 GMT</pubDate></item><item><title><![CDATA[Tracking Unauthorized Access to Okta's Support System]]></title><description><![CDATA[Okta Security has identified adversarial activity that leveraged access to a stolen credential to access Okta's support case management system. The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases ...]]></description><link>https://sec.okta.com/articles/2023/10/tracking-unauthorized-access-oktas-support-system/</link><guid isPermaLink="false">https://sec.okta.com/articles/2023/10/tracking-unauthorized-access-oktas-support-system/</guid><pubDate>Fri, 20 Oct 2023 14:41:32 GMT</pubDate></item><item><title><![CDATA[Go “Secure by Default” With Custom Admin Roles for IT support staff]]></title><description><![CDATA[The Takeaway: Creating custom roles for your help desk staff supports a “least privilege” approach. In late August, Okta’s Defensive Cyber Operations team outlined a social engineering campaign in which a target’s IT support staff - that is, the team ...]]></description><link>https://sec.okta.com/articles/2023/09/go-secure-default-custom-admin-roles-it-support-staff/</link><guid isPermaLink="false">https://sec.okta.com/articles/2023/09/go-secure-default-custom-admin-roles-it-support-staff/</guid><pubDate>Thu, 14 Sep 2023 20:54:01 GMT</pubDate></item><item><title><![CDATA[Cross-Tenant Impersonation: Prevention and Detection]]></title><description><![CDATA[Summary Okta has observed attacks in which a threat actor used social engineering to attain a highly privileged role in an Okta customer Organization (tenant). When successful, the threat actor demonstrated novel methods of lateral movement and defen ...]]></description><link>https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection/</link><guid isPermaLink="false">https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection/</guid><pubDate>Thu, 31 Aug 2023 18:31:36 GMT</pubDate></item><item><title><![CDATA[BYO Telephony and the future of SMS at Okta]]></title><description><![CDATA[SMS has long played an important role as a universally applicable method of verifying a user’s identity via one-time passcodes. And over the last decade, SMS and voice-based Multi-factor Authentication has prevented untold attempts to compromise user ...]]></description><link>https://sec.okta.com/articles/2023/08/byo-telephony-and-future-sms-okta/</link><guid isPermaLink="false">https://sec.okta.com/articles/2023/08/byo-telephony-and-future-sms-okta/</guid><pubDate>Mon, 28 Aug 2023 21:23:39 GMT</pubDate></item><item><title><![CDATA[Saying “No Thanks” to nOAuth]]></title><description><![CDATA[You may have heard about a vulnerability called, “nOAuth”, where, per Microsoft, “use of the email claim from access tokens for authorization can lead to an escalation of privilege.” What is this vulnerability, how can Okta help, and what are the mit ...]]></description><link>https://sec.okta.com/articles/2023/08/saying-no-thanks-noauth/</link><guid isPermaLink="false">https://sec.okta.com/articles/2023/08/saying-no-thanks-noauth/</guid><pubDate>Fri, 04 Aug 2023 22:26:49 GMT</pubDate></item><item><title><![CDATA[Telling More Okta Detection Stories with Google Chronicle ]]></title><description><![CDATA[Robust protection comes from layers, and many of you are already familiar with the Swiss Cheese Model. Simply stated, even when you're confident in your primary controls, that confidence only grows with each additional layer added. Because who wants ...]]></description><link>https://sec.okta.com/articles/2023/08/telling-more-okta-detection-stories-google-chronicle/</link><guid isPermaLink="false">https://sec.okta.com/articles/2023/08/telling-more-okta-detection-stories-google-chronicle/</guid><pubDate>Wed, 02 Aug 2023 17:42:12 GMT</pubDate></item><item><title><![CDATA[An Unexpected Endorsement for WebAuthn]]></title><description><![CDATA[Okta Security endorses phishing resistant authentication at every opportunity. We’ve long argued enrolling users in Okta FastPass, FIDO2 WebAuthn authenticators or Smart Cards, and enforcing phishing resistant authentication flows will: Protect users ...]]></description><link>https://sec.okta.com/articles/2023/07/unexpected-endorsement-webauthn/</link><guid isPermaLink="false">https://sec.okta.com/articles/2023/07/unexpected-endorsement-webauthn/</guid><pubDate>Thu, 27 Jul 2023 01:43:04 GMT</pubDate></item><item><title><![CDATA[Social Engineering is Getting More Extreme, but the Fixes Can Be Simple]]></title><description><![CDATA[Social engineering is a hacking technique older than the internet itself, and it's tempting to think you've already seen it all. But recently, we've noted a trend among threat actors pursuing more sophisticated and aggressive techniques to trick, or ...]]></description><link>https://sec.okta.com/articles/2023/07/social-engineering-getting-more-extreme-fixes-can-be-simple/</link><guid isPermaLink="false">https://sec.okta.com/articles/2023/07/social-engineering-getting-more-extreme-fixes-can-be-simple/</guid><pubDate>Wed, 19 Jul 2023 18:14:39 GMT</pubDate></item><item><title><![CDATA[Study up on Okta Logs for Splunk’s Boss of the SOC!]]></title><description><![CDATA[Okta Security is pleased to announce another collaboration with our friends at Splunk - our security teams have joined forces to come up with a range of Okta-relevant scenarios for this year’s “Boss of the SOC'' competition at Splunk .conf23. Per Spl ...]]></description><link>https://sec.okta.com/articles/BOTS2023/</link><guid isPermaLink="false">https://sec.okta.com/articles/BOTS2023/</guid><pubDate>Thu, 06 Jul 2023 07:21:51 GMT</pubDate></item><item><title><![CDATA[Keeping Phishing Adversaries Out of the Middle]]></title><description><![CDATA[Okta’s Identity Defense Operations frequently observes the use of Adversary-in-the-Middle (AiTM) phishing proxies in high-volume, non-targeted attacks against users of corporate email services. Real-time phishing proxies have been used in red team ac ...]]></description><link>https://sec.okta.com/articles/phishingasaservice/</link><guid isPermaLink="false">https://sec.okta.com/articles/phishingasaservice/</guid><pubDate>Fri, 12 May 2023 06:41:26 GMT</pubDate></item><item><title><![CDATA[Using Workflows to Respond to Anomalous Push Requests]]></title><description><![CDATA[“Push fatigue” is a noisy form of attack that generates numerous detection opportunities. In a “push fatigue” attack (sometimes called “MFA bombing”), an attacker already in possession of a user password triggers push notifications, often in rapid su ...]]></description><link>https://sec.okta.com/articles/pushfatigueworkflows/</link><guid isPermaLink="false">https://sec.okta.com/articles/pushfatigueworkflows/</guid><pubDate>Mon, 24 Apr 2023 05:57:22 GMT</pubDate></item><item><title><![CDATA[Okta and Splunk Combine to Detect Common Attacks ]]></title><description><![CDATA[In an ideal world, every security function would have a Detection Engineering team. Regrettably, even organizations that are stewards of highly sensitive data often can’t afford (or don’t prioritize) the capabilities required for effective security m ...]]></description><link>https://sec.okta.com/articles/shareddetections/</link><guid isPermaLink="false">https://sec.okta.com/articles/shareddetections/</guid><pubDate>Thu, 06 Apr 2023 05:50:49 GMT</pubDate></item><item><title><![CDATA[Setting the Right Levels of Assurance for Zero Trust]]></title><description><![CDATA[Okta Identity Engine (OIE) is an incredibly powerful platform. What other platform allows you to have this level of security, granularity and control? “Only allow access to a highly sensitive application if the user authenticates with multiple authen ...]]></description><link>https://sec.okta.com/articles/2023/03/setting-right-levels-assurance-zero-trust/</link><guid isPermaLink="false">https://sec.okta.com/articles/2023/03/setting-right-levels-assurance-zero-trust/</guid><pubDate>Fri, 31 Mar 2023 16:10:06 GMT</pubDate></item><item><title><![CDATA[Catch-All's and Canary Rules]]></title><description><![CDATA[Okta Identity Engine offers admins the ability to vary authentication flows to applications based on everything from group membership, device management, device posture, network zones, risk evaluation, user behaviour and more. Generally speaking, the ...]]></description><link>https://sec.okta.com/articles/catchallsandcanaryrules/</link><guid isPermaLink="false">https://sec.okta.com/articles/catchallsandcanaryrules/</guid><pubDate>Thu, 23 Feb 2023 02:56:02 GMT</pubDate></item><item><title><![CDATA[User Sign-in and Recovery Events in the Okta System Log]]></title><description><![CDATA[During a security incident, it's critical that SOC analysts (or Okta admins) can rapidly identify all activity associated with a suspicious session, user or IP. We are often asked to provide some sort of "cheat sheet" for new analysts that are unfami ...]]></description><link>https://sec.okta.com/articles/2023/02/user-sign-and-recovery-events-okta-system-log/</link><guid isPermaLink="false">https://sec.okta.com/articles/2023/02/user-sign-and-recovery-events-okta-system-log/</guid><pubDate>Tue, 07 Feb 2023 05:50:22 GMT</pubDate></item><item><title><![CDATA[Okta Code Repositories]]></title><description><![CDATA[SUMMARY: In alignment with our core value of transparency, we are sharing context and details around a recent security event affecting Okta code repositories. There is no impact to any customers, including any HIPAA, FedRAMP or DoD customers. No acti ...]]></description><link>https://sec.okta.com/articles/2022/12/okta-code-repositories/</link><guid isPermaLink="false">https://sec.okta.com/articles/2022/12/okta-code-repositories/</guid><pubDate>Wed, 21 Dec 2022 17:09:19 GMT</pubDate></item><item><title><![CDATA[Detecting Real-Time Phishing Attacks]]></title><description><![CDATA[In the last two installments in our series on phishing resistance, we discussed phishing resistant authenticators and how to gather signals about phishing lures directly from your users. Now let’s drill down into detection and response: what signals ...]]></description><link>https://sec.okta.com/articles/fastpassphishingdetection/</link><guid isPermaLink="false">https://sec.okta.com/articles/fastpassphishingdetection/</guid><pubDate>Wed, 09 Nov 2022 23:13:28 GMT</pubDate></item><item><title><![CDATA[Okta’s Response to OpenSSL Security Update]]></title><description><![CDATA[The OpenSSL Project has announced the availability of a security update (version 3.07) that addresses a vulnerability affecting OpenSSL versions 3.0 and above (3.0.0 - 3.0.6). The two CVE’s are listed below: CVE-2022-3602 CVE-2022-3786 Response Okta’ ...]]></description><link>https://sec.okta.com/articles/2022-OpenSSL/</link><guid isPermaLink="false">https://sec.okta.com/articles/2022-OpenSSL/</guid><pubDate>Tue, 01 Nov 2022 03:59:25 GMT</pubDate></item><item><title><![CDATA[Monitoring for Abuse of Administrative Privileges]]></title><description><![CDATA[All applications require a highly-privileged administrator role to deploy and maintain that application. The monitoring and oversight (audit) of actions performed by users with these roles is a cornerstone of any well-designed security program. A num ...]]></description><link>https://sec.okta.com/articles/leastprivilege/</link><guid isPermaLink="false">https://sec.okta.com/articles/leastprivilege/</guid><pubDate>Tue, 25 Oct 2022 05:34:21 GMT</pubDate></item><item><title><![CDATA[System Log: a Window into Supporting the Okta Cloud]]></title><description><![CDATA[Transparency is a core value at Okta. In April 2022, Okta committed to a range of initiatives that aim to drive greater transparency in how we respond to security incidents. One of those commitments was to provide our customers with insights into all ...]]></description><link>https://sec.okta.com/articles/supportactions/</link><guid isPermaLink="false">https://sec.okta.com/articles/supportactions/</guid><pubDate>Tue, 18 Oct 2022 01:54:50 GMT</pubDate></item><item><title><![CDATA[The Human Factor in Phishing Resistance]]></title><description><![CDATA[In the wake of recent security events at Uber and Twilio, organizations are understandably interested in pivoting to authenticators that offer the most resistance to phishing attacks. In this second part of our series on phishing resistance, we consi ...]]></description><link>https://sec.okta.com/articles/2022/10/human-factor-phishing-resistance/</link><guid isPermaLink="false">https://sec.okta.com/articles/2022/10/human-factor-phishing-resistance/</guid><pubDate>Wed, 05 Oct 2022 20:23:27 GMT</pubDate></item><item><title><![CDATA[Auth0 Code Repository Archives From 2020 and Earlier]]></title><description><![CDATA[Notification of Auth0 Code Repository Archives Security Event - No Customer Action Required, Auth0 Fully Operational In alignment with our core value of transparency, we are communicating about a recent security event related to certain Auth0 archiva ...]]></description><link>https://sec.okta.com/articles/2022/09/auth0-code-repository-archives-2020-and-earlier/</link><guid isPermaLink="false">https://sec.okta.com/articles/2022/09/auth0-code-repository-archives-2020-and-earlier/</guid><pubDate>Mon, 26 Sep 2022 12:39:34 GMT</pubDate></item><item><title><![CDATA[Phishing Resistance and Why it Matters]]></title><description><![CDATA[In the wake of recent security events at Uber and Twilio, organizations are understandably interested in pivoting to authenticators that offer the most resistance to phishing attacks. So what is phishing resistance, and why does it matter? Credential ...]]></description><link>https://sec.okta.com/articles/2022/09/phishing-resistance-and-why-it-matters/</link><guid isPermaLink="false">https://sec.okta.com/articles/2022/09/phishing-resistance-and-why-it-matters/</guid><pubDate>Thu, 22 Sep 2022 20:47:16 GMT</pubDate></item><item><title><![CDATA[Detecting Scatter Swine: Insights into a Relentless Phishing Campaign ]]></title><description><![CDATA[Summary Twilio recently identified unauthorized access to information related to 163 Twilio customers, including Okta. Access was gained to internal Twilio systems, where data of some Okta customers was accessible to a threat actor (detailed below). ...]]></description><link>https://sec.okta.com/articles/scatterswine/</link><guid isPermaLink="false">https://sec.okta.com/articles/scatterswine/</guid><pubDate>Thu, 25 Aug 2022 11:49:59 GMT</pubDate></item><item><title><![CDATA[Defending against Session Hijacking]]></title><description><![CDATA[Multi-factor Authentication (MFA) is very effective at limiting what an adversary can do with a stolen password. According to research commissioned by Google in 2019, MFA thwarted 99% of automated credential-based attacks and 93% of phishing campaign ...]]></description><link>https://sec.okta.com/articles/sessioncookietheft/</link><guid isPermaLink="false">https://sec.okta.com/articles/sessioncookietheft/</guid><pubDate>Tue, 09 Aug 2022 06:00:56 GMT</pubDate></item><item><title><![CDATA[Unlocking the Mystery of 700+ Okta System Log Events]]></title><description><![CDATA[Update 06-21-2022: Eleven new System Log events have been added to the Github project to bring the total number of cataloged events to a lucky 777. When I started writing this post, there were 766 potential System Log types that can appear in System ...]]></description><link>https://sec.okta.com/articles/2022/06/unlocking-mystery-700-okta-system-log-events/</link><guid isPermaLink="false">https://sec.okta.com/articles/2022/06/unlocking-mystery-700-okta-system-log-events/</guid><pubDate>Wed, 01 Jun 2022 04:01:21 GMT</pubDate></item><item><title><![CDATA[Okta's Response to CVE-2022-22965 ("Spring4Shell")]]></title><description><![CDATA[Last Updated: 3/4/2022 1.30pm Pacific Time Three critical vulnerabilities have been identified affecting the Java Spring Framework and related software components - with one specific CVE being known as Spring4Shell/SpringShell (CVE-2022-22965). CVE-2 ...]]></description><link>https://sec.okta.com/articles/2022/04/oktas-response-cve-2022-22965-spring4shell/</link><guid isPermaLink="false">https://sec.okta.com/articles/2022/04/oktas-response-cve-2022-22965-spring4shell/</guid><pubDate>Sun, 03 Apr 2022 04:36:12 GMT</pubDate></item><item><title><![CDATA[Official Okta Statement on LAPSUS$ Claims]]></title><description><![CDATA[Last updated: 03/22/2022 12.00pm, Pacific Time Please note - Following this update all further information will be published at: https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/ The Okta service has not been breached and remains fu ...]]></description><link>https://sec.okta.com/articles/2022/03/official-okta-statement-lapsus-claims/</link><guid isPermaLink="false">https://sec.okta.com/articles/2022/03/official-okta-statement-lapsus-claims/</guid><pubDate>Tue, 22 Mar 2022 09:22:26 GMT</pubDate></item><item><title><![CDATA[Protection, without perimeters]]></title><description><![CDATA[Given the premise that “identity is the new perimeter”, we’re often asked about the role network attributes should play in restricting access to applications, servers and data. Can we, and should we, for example, deny access requests originating in h ...]]></description><link>https://sec.okta.com/articles/2022/03/protection-without-perimeters/</link><guid isPermaLink="false">https://sec.okta.com/articles/2022/03/protection-without-perimeters/</guid><pubDate>Mon, 14 Mar 2022 00:47:12 GMT</pubDate></item><item><title><![CDATA[Everything is Yes: Detecting and Preventing MFA Fatigue Attacks]]></title><description><![CDATA[UPDATE 17/04/23: Okta has published internal detection logic for abuse of Push notifications and shared these detections with security analytics partners. I’m the proud parent of 13-year-old fraternal twins. Most of the time they’re wonderful smaller ...]]></description><link>https://sec.okta.com/articles/everythingisyes/</link><guid isPermaLink="false">https://sec.okta.com/articles/everythingisyes/</guid><pubDate>Wed, 09 Mar 2022 00:42:47 GMT</pubDate></item><item><title><![CDATA[We (still) need to talk about RDP]]></title><description><![CDATA[Quarter by quarter, for three years now, abuse of Remote Desktop Protocol (RDP) has been the most common root cause of all ransomware events. It’s no surprise why RDP makes for an attractive target: RDP is the primary vehicle for remote access to Win ...]]></description><link>https://sec.okta.com/articles/weneedtotalkaboutrdp/</link><guid isPermaLink="false">https://sec.okta.com/articles/weneedtotalkaboutrdp/</guid><pubDate>Tue, 08 Mar 2022 07:48:54 GMT</pubDate></item><item><title><![CDATA[Just How Risky is Legacy Authentication?]]></title><description><![CDATA[Does your organization still allow users to authenticate to Office 365 or other Microsoft services using only a username and password? If you do, you’re 53x more likely to be targeted in credential-based attacks. (No, not 53% more likely. It’s 53 tim ...]]></description><link>https://sec.okta.com/articles/legacyauthrisk/</link><guid isPermaLink="false">https://sec.okta.com/articles/legacyauthrisk/</guid><pubDate>Thu, 27 Jan 2022 06:19:29 GMT</pubDate></item><item><title><![CDATA[Okta’s response to CVE-2021-44228 (“Log4Shell”)]]></title><description><![CDATA[Last Updated: 1/12/2022 3.30pm Pacific Time The Okta Security team continues to investigate and evaluate the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell. Log4j is a Java-based logging utility ...]]></description><link>https://sec.okta.com/articles/2021/12/log4shell/</link><guid isPermaLink="false">https://sec.okta.com/articles/2021/12/log4shell/</guid><pubDate>Sat, 11 Dec 2021 20:54:42 GMT</pubDate></item><item><title><![CDATA[Auditing your Okta org for Legacy Authentication]]></title><description><![CDATA[Using Okta System Logs to monitor use of basic authentication to Office 365 As promised on the Risky Business podcast, here are some System Log queries to help Okta administrators weed out examples of clients connecting to their Office 365 tenant ove ...]]></description><link>https://sec.okta.com/articles/2021/09/auditing-your-okta-org-legacy-authentication/</link><guid isPermaLink="false">https://sec.okta.com/articles/2021/09/auditing-your-okta-org-legacy-authentication/</guid><pubDate>Mon, 20 Sep 2021 22:03:10 GMT</pubDate></item><item><title><![CDATA[Malware Detection Using Yara And YarGen]]></title><description><![CDATA[Malware can often be detected by scanning for a particular string or a sequence of bytes that identifies a family of malware. Yara is a tool that helps you do that. “Yara rules” are descriptions that look for certain characteristics in files. Using Y ...]]></description><link>https://sec.okta.com/articles/2021/08/malware-detection-using-yara-and-yargen/</link><guid isPermaLink="false">https://sec.okta.com/articles/2021/08/malware-detection-using-yara-and-yargen/</guid><pubDate>Fri, 20 Aug 2021 17:27:18 GMT</pubDate></item><item><title><![CDATA[Why BGP Hijacking is Still a Threat]]></title><description><![CDATA[When the Internet goes down, rendering everything inaccessible from mission-critical business services to mental stability-critical meme generators, is it because of an accident or malicious hackers? In the case of BGP hijacking, it could be either—a ...]]></description><link>https://sec.okta.com/articles/2021/05/why-bgp-hijacking-still-threat/</link><guid isPermaLink="false">https://sec.okta.com/articles/2021/05/why-bgp-hijacking-still-threat/</guid><pubDate>Thu, 20 May 2021 19:59:37 GMT</pubDate></item><item><title><![CDATA[Executive Order on Improving the Nation’s Cybersecurity — Ushering in a New Age of Security]]></title><description><![CDATA[Yesterday, President Biden took a major step forward in ensuring that the US government has the resources and focus needed to address our cybersecurity needs with the issuance of Executive Order on Improving the Nation’s Cybersecurity. This focus is ...]]></description><link>https://sec.okta.com/articles/2021/05/executive-order-improving-nations-cybersecurity-ushering-new-age/</link><guid isPermaLink="false">https://sec.okta.com/articles/2021/05/executive-order-improving-nations-cybersecurity-ushering-new-age/</guid><pubDate>Thu, 13 May 2021 16:10:06 GMT</pubDate></item><item><title><![CDATA[Uncovering and Disclosing a Signature Spoofing Vulnerability in Windows Installer: CVE-2021-26413]]></title><description><![CDATA[Okta Security has discovered and disclosed a new bypass in Windows Installer (MSI) Authenticode signature validation that could allow an attacker to disguise an altered package as legitimate software.]]></description><link>https://sec.okta.com/articles/2021/04/uncovering-and-disclosing-signature-spoofing-vulnerability-windows/</link><guid isPermaLink="false">https://sec.okta.com/articles/2021/04/uncovering-and-disclosing-signature-spoofing-vulnerability-windows/</guid><pubDate>Mon, 19 Apr 2021 23:05:25 GMT</pubDate></item><item><title><![CDATA[A CSO’s perspective on the recent Verkada cyber attack]]></title><description><![CDATA[At Okta we are committed to ensuring the safety of our employees and workplaces. Nothing is more important to us than the trust of our employees, customers and partners. Transparency is one of our core values and in that spirit, I wanted to offer a r ...]]></description><link>https://sec.okta.com/articles/2021/03/csos-perspective-recent-verkada-cyber-attack/</link><guid isPermaLink="false">https://sec.okta.com/articles/2021/03/csos-perspective-recent-verkada-cyber-attack/</guid><pubDate>Thu, 11 Mar 2021 02:58:34 GMT</pubDate></item><item><title><![CDATA[Why Is It So Hard To Prevent Open Redirects?]]></title><description><![CDATA[In my last post, we talked about how open redirects can allow attackers to steal tokens from OAuth systems. Today, let’s take a deeper dive into open redirects and explore why it’s so prevalent in web applications! Sites often have HTTP or URL parame ...]]></description><link>https://sec.okta.com/articles/2021/02/why-it-so-hard-prevent-open-redirects/</link><guid isPermaLink="false">https://sec.okta.com/articles/2021/02/why-it-so-hard-prevent-open-redirects/</guid><pubDate>Thu, 11 Feb 2021 18:49:02 GMT</pubDate></item><item><title><![CDATA[Stealing OAuth Tokens With Open Redirects]]></title><description><![CDATA[SSO is a feature that allows users to access multiple services belonging to the same organization without logging in multiple times. For example, if you are logged into “facebook.com”, you won’t have to re-enter your credentials to use the services o ...]]></description><link>https://sec.okta.com/articles/2021/02/stealing-oauth-tokens-open-redirects/</link><guid isPermaLink="false">https://sec.okta.com/articles/2021/02/stealing-oauth-tokens-open-redirects/</guid><pubDate>Thu, 11 Feb 2021 18:38:06 GMT</pubDate></item><item><title><![CDATA[SAML Certificate Security: The Latest Findings and Potential Impacts]]></title><description><![CDATA[Recently, the National Security Agency (NSA) published new findings that reference how previously discovered tactics, techniques, and procedures (TTPs) abusing federated authentication could be used in conjunction with on-premises network access to g ...]]></description><link>https://sec.okta.com/articles/2020/12/saml-certificate-security-latest-findings-and-potential-impacts/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/12/saml-certificate-security-latest-findings-and-potential-impacts/</guid><pubDate>Mon, 21 Dec 2020 23:10:10 GMT</pubDate></item><item><title><![CDATA[More Than Subdomain Takeover: Ways To Takeover, Hijack And Impersonate Your Website]]></title><description><![CDATA[In my last post about subdomain takeovers, we talked about what subdomain takeovers are and how hackers can use them to attack shared-session SSO. Today, let’s dive deeper into subdomain takeovers and some other ways hackers can hijack your website. ...]]></description><link>https://sec.okta.com/articles/2020/12/more-subdomain-takeover-ways-takeover-hijack-and-impersonate-your/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/12/more-subdomain-takeover-ways-takeover-hijack-and-impersonate-your/</guid><pubDate>Tue, 15 Dec 2020 22:53:27 GMT</pubDate></item><item><title><![CDATA[Building A Subdomain Takeover Monitor]]></title><description><![CDATA[In a previous article, we talked about the different types of subdomain takeovers and how hackers can use them to attack SSO systems. The impact of a subdomain takeover can vary. At the very least, subdomain takeovers enable attackers to launch sophi ...]]></description><link>https://sec.okta.com/articles/2020/12/building-subdomain-takeover-monitor/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/12/building-subdomain-takeover-monitor/</guid><pubDate>Tue, 15 Dec 2020 22:32:17 GMT</pubDate></item><item><title><![CDATA[Password Spraying Attacks and How to Prevent Them]]></title><description><![CDATA[Have you heard of password brute-force attacks? A brute-force attack is when attackers try to compromise an account by guessing its password. Let’s say an attacker is trying to compromise the account of the user “john” by brute-forcing the account pa ...]]></description><link>https://sec.okta.com/articles/2020/12/password-spraying-attacks-and-how-prevent-them/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/12/password-spraying-attacks-and-how-prevent-them/</guid><pubDate>Sat, 12 Dec 2020 00:57:25 GMT</pubDate></item><item><title><![CDATA[Tightening Up Your Github Security]]></title><description><![CDATA[GitHub reconnaissance is a tactic attackers use to gather information about their targets. Attackers analyze an organization’s GitHub repositories and check for sensitive data that has been accidentally committed or information, potentially leading t ...]]></description><link>https://sec.okta.com/articles/2020/12/tightening-your-github-security/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/12/tightening-your-github-security/</guid><pubDate>Sat, 12 Dec 2020 00:30:28 GMT</pubDate></item><item><title><![CDATA[SQL Injection in Java: Practices to Avoid]]></title><description><![CDATA[SQL injection is one of the most common types of vulnerabilities found in web applications. Today, I'm going to explain what SQL injection attacks are and walk you through the process of exploiting a simple Spring Boot-based application. After we've ...]]></description><link>https://sec.okta.com/articles/2020/12/sql-injection-java-practices-avoid/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/12/sql-injection-java-practices-avoid/</guid><pubDate>Tue, 01 Dec 2020 20:43:42 GMT</pubDate></item><item><title><![CDATA[Why Bitsquatting Attacks Are Here to Stay]]></title><description><![CDATA[Typos have a long history, by turns serious and silly, going back to the dawn of the printed page. But thanks to the peculiarities of computer technology and the ingenuity of hackers, correctly typing website locations into your browser is no guarant ...]]></description><link>https://sec.okta.com/articles/2020/11/why-bitsquatting-attacks-are-here-stay/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/11/why-bitsquatting-attacks-are-here-stay/</guid><pubDate>Fri, 13 Nov 2020 20:43:54 GMT</pubDate></item><item><title><![CDATA[The State of Election Security]]></title><description><![CDATA[Clichéd as the concept of a perfect storm is, it also feels more apt than ever to describe this year’s American election—and that’s only taking into consideration the cybersecurity challenges voters face. Since 2016, cybersecurity and election expert ...]]></description><link>https://sec.okta.com/articles/2020/10/state-election-security/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/10/state-election-security/</guid><pubDate>Wed, 28 Oct 2020 19:09:43 GMT</pubDate></item><item><title><![CDATA[kPop Fans: Non-Traditional, Non-State Actors]]></title><description><![CDATA[kPop Fans The nature of a strategic cyber force is far richer and more varied than is traditionally acknowledged. Earlier this year, Korean pop (“kPop”) music fans came to wider attention when they actively engaged with online political discussions a ...]]></description><link>https://sec.okta.com/articles/2020/10/kpop-fans-non-traditional-non-state-actors/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/10/kpop-fans-non-traditional-non-state-actors/</guid><pubDate>Tue, 20 Oct 2020 17:15:55 GMT</pubDate></item><item><title><![CDATA[A Quick Look at the 2020 Threat Landscape]]></title><description><![CDATA[There’s no doubt 2020 has already been a turbulent year: COVID-19, civil unrest, contentious elections, widespread economic instability, and major natural disasters like wildfires and hurricanes across the US are just a few of the major events making ...]]></description><link>https://sec.okta.com/articles/2020/09/quick-look-2020-threat-landscape/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/09/quick-look-2020-threat-landscape/</guid><pubDate>Fri, 25 Sep 2020 20:23:58 GMT</pubDate></item><item><title><![CDATA[Looking Back on Disclosure]]></title><description><![CDATA[With our second Disclosure conference in the bag, I wanted to take a look back at how things changed and what some of the key takeaways were. This year, like every other conference, we were forced to shift gears into a virtual format. This meant a lo ...]]></description><link>https://sec.okta.com/articles/2020/09/looking-back-disclosure/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/09/looking-back-disclosure/</guid><pubDate>Tue, 15 Sep 2020 17:24:10 GMT</pubDate></item><item><title><![CDATA[Get Ready for Disclosure: What You Need to Know]]></title><description><![CDATA[Time flies and Disclosure is just a few days away (September 2 from 9:00am–6:00pm PDT)! Everyone involved is looking forward to experiencing this event together and, to make sure it is a safe environment for all participants, please take a quick look ...]]></description><link>https://sec.okta.com/articles/2020/08/get-ready-disclosure-what-you-need-know/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/08/get-ready-disclosure-what-you-need-know/</guid><pubDate>Fri, 28 Aug 2020 18:39:38 GMT</pubDate></item><item><title><![CDATA[Your Company Needs YOU: How to Stay Safe from Phishing and Other Human Attacks]]></title><description><![CDATA[Now more than ever, people are targets. For years attackers have been evolving their attacks, looking for new opportunities to find a way in. Attacks against people—so-called social engineering attacks are perhaps the oldest in the world. All you need is a single person to successfully fool another.]]></description><link>https://sec.okta.com/articles/2020/08/your-company-needs-you-how-stay-safe-phishing-and-other-human-attacks/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/08/your-company-needs-you-how-stay-safe-phishing-and-other-human-attacks/</guid><pubDate>Mon, 10 Aug 2020 21:49:28 GMT</pubDate></item><item><title><![CDATA[CrimeOps: The Operational Art of Cyber Crime]]></title><description><![CDATA[Cyber Crime Innovation Is Lucrative Cybercrime rewards innovative organizations. These can innovate at the tactical level (e.g. new or updated tactics, techniques, and procedures (TTP)), the strategic level (e.g. new monetisation methods), or at the ...]]></description><link>https://sec.okta.com/articles/2020/08/crimeops-operational-art-cyber-crime/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/08/crimeops-operational-art-cyber-crime/</guid><pubDate>Tue, 04 Aug 2020 15:57:48 GMT</pubDate></item><item><title><![CDATA[How Attackers Bypass MFA]]></title><description><![CDATA[To verify your identity, applications typically ask you to provide something you know, such as a password or a secret key. They may also ask you to prove ownership of something you have, such as a phone or device. Finally, they may ask for proof of w ...]]></description><link>https://sec.okta.com/articles/2020/07/how-attackers-bypass-mfa/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/07/how-attackers-bypass-mfa/</guid><pubDate>Wed, 29 Jul 2020 22:08:47 GMT</pubDate></item><item><title><![CDATA[WebAuthn In Enterprise Is Great and It Has Challenges]]></title><description><![CDATA[FIDO2 and WebAuthn hold great promise not only for consumers but for enterprise users as well. There are caveats however, and the challenges for IT departments are very different than for consumer websites. A FIDO2 Security Key What Is WebAuthn Again ...]]></description><link>https://sec.okta.com/articles/2020/07/webauthn-enterprise-great-and-it-has-challenges/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/07/webauthn-enterprise-great-and-it-has-challenges/</guid><pubDate>Wed, 22 Jul 2020 21:21:55 GMT</pubDate></item><item><title><![CDATA[Dangerous Regular Expressions]]></title><description><![CDATA[In previous posts, we’ve discussed what regex is along with ReDoS, a regex-specific vulnerability. Now it’s time for us to dig deeper into regex security.]]></description><link>https://sec.okta.com/articles/2020/07/dangerous-regular-expressions/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/07/dangerous-regular-expressions/</guid><pubDate>Wed, 15 Jul 2020 15:52:10 GMT</pubDate></item><item><title><![CDATA[Automating Vulnerable Dependency Checking in CI Using Open Source]]></title><description><![CDATA[Learn how to conduct automatic security scans on your application's dependencies using continuous integration and open-source software.]]></description><link>https://sec.okta.com/articles/2020/07/automating-vulnerable-dependency-checking-ci-using-open-source/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/07/automating-vulnerable-dependency-checking-ci-using-open-source/</guid><pubDate>Wed, 08 Jul 2020 17:47:06 GMT</pubDate></item><item><title><![CDATA[Security Audits: Do you need them?]]></title><description><![CDATA[An overview of a recent security audit on an OSS project.]]></description><link>https://sec.okta.com/articles/2020/07/security-audits-do-you-need-them/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/07/security-audits-do-you-need-them/</guid><pubDate>Mon, 06 Jul 2020 22:25:44 GMT</pubDate></item><item><title><![CDATA[Palo Alto Networks SAML Vulnerability]]></title><description><![CDATA[Today, Palo Alto Networks announced a critical security vulnerability affecting SAML certificate management across a range of their devices. While this vulnerability is isolated to Palo Alto Networks Firewalls, it impacts customers using these device ...]]></description><link>https://sec.okta.com/articles/2020/06/palo-alto-networks-saml-vulnerability/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/06/palo-alto-networks-saml-vulnerability/</guid><pubDate>Mon, 29 Jun 2020 16:34:58 GMT</pubDate></item><item><title><![CDATA[Adaptive, Step-Up Multi-Factor Authentication]]></title><description><![CDATA[Plain-old authentication is boring. Today I'm going to show you how you can enhance your application's security by providing smart multi-factor authentication (MFA), the kind that takes contextual and behavior-based factors into account. Through this ...]]></description><link>https://sec.okta.com/articles/2020/06/adaptive-step-multi-factor-authentication/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/06/adaptive-step-multi-factor-authentication/</guid><pubDate>Wed, 24 Jun 2020 15:12:37 GMT</pubDate></item><item><title><![CDATA[Intro to Log Analysis: Harnessing Command Line Tools to Analyze Linux Logs]]></title><description><![CDATA[Log analysis is one of the most important tools of a security researcher. In this article, we'll take a quick look at how you can analyze Linux logs using common command-line tools.]]></description><link>https://sec.okta.com/articles/2020/06/intro-log-analysis-harnessing-command-line-tools-analyze-linux-logs/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/06/intro-log-analysis-harnessing-command-line-tools-analyze-linux-logs/</guid><pubDate>Wed, 17 Jun 2020 15:52:57 GMT</pubDate></item><item><title><![CDATA[The Escalation of Cybercrime]]></title><description><![CDATA[A look at how cybercriminals are attacking the financial sector during the COVID-19 pandemic.]]></description><link>https://sec.okta.com/articles/2020/06/escalation-cybercrime/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/06/escalation-cybercrime/</guid><pubDate>Wed, 10 Jun 2020 15:37:34 GMT</pubDate></item><item><title><![CDATA[Common Pitfalls Of Custom SAML Implementations]]></title><description><![CDATA[SAML is a widely-used protocol for single sign-on, but it can be dangerous. In this article, we'll talk about why.]]></description><link>https://sec.okta.com/articles/2020/05/common-pitfalls-custom-saml-implementations/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/05/common-pitfalls-custom-saml-implementations/</guid><pubDate>Thu, 28 May 2020 17:34:54 GMT</pubDate></item><item><title><![CDATA[What’s The Best Security Key to Buy?]]></title><description><![CDATA[There are dozens of security keys, authenticator apps, and password managers available. Which one should you use?]]></description><link>https://sec.okta.com/articles/2020/05/whats-best-security-key-buy/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/05/whats-best-security-key-buy/</guid><pubDate>Wed, 20 May 2020 14:38:39 GMT</pubDate></item><item><title><![CDATA[SMS Two-Factor Authentication – Worse Than Just a Good Password?]]></title><description><![CDATA[If a website offers SMS-based authentication, should you enroll? Maybe not! In some cases, it’s worse than not having a second factor at all!]]></description><link>https://sec.okta.com/articles/2020/05/sms-two-factor-authentication-worse-just-good-password/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/05/sms-two-factor-authentication-worse-just-good-password/</guid><pubDate>Wed, 13 May 2020 17:29:30 GMT</pubDate></item><item><title><![CDATA[Mobile Phone-Based COVID-19 Contact Tracing]]></title><description><![CDATA[Using technology as a reliable method of tracking carriers of COVID-19 is a great idea, but it is extremely hard to do without creating huge privacy challenges. What Is Contact Tracing and Why Is It Important? Contact tracing is a way of identifying ...]]></description><link>https://sec.okta.com/articles/2020/05/mobile-phone-based-covid-19-contact-tracing/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/05/mobile-phone-based-covid-19-contact-tracing/</guid><pubDate>Wed, 06 May 2020 21:54:05 GMT</pubDate></item><item><title><![CDATA[Attacking SSO With Subdomain Takeovers]]></title><description><![CDATA[A brief look at how subdomain takeovers can give attackers a meaningful way to compromise single sign-on solutions.]]></description><link>https://sec.okta.com/articles/2020/04/attacking-sso-subdomain-takeovers/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/04/attacking-sso-subdomain-takeovers/</guid><pubDate>Wed, 29 Apr 2020 12:00:00 GMT</pubDate></item><item><title><![CDATA[Factors & Dongles & Tokens, Oh My - Strong Auth Terminology in 7 minutes]]></title><description><![CDATA[MFA, 2FA, SMS, TOTP, U2F, FIDO2,... SMH, OMG. Strong authentication terminology explained.]]></description><link>https://sec.okta.com/articles/2020/04/factors-dongles-tokens-oh-my-strong-auth-terminology-7-minutes/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/04/factors-dongles-tokens-oh-my-strong-auth-terminology-7-minutes/</guid><pubDate>Thu, 23 Apr 2020 22:32:49 GMT</pubDate></item><item><title><![CDATA[WebAuthn Is Great and It Sucks]]></title><description><![CDATA[WebAuthn and FIDO2 promise a great future. Let's see if we can have it today.]]></description><link>https://sec.okta.com/articles/2020/04/webauthn-great-and-it-sucks/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/04/webauthn-great-and-it-sucks/</guid><pubDate>Thu, 16 Apr 2020 17:06:06 GMT</pubDate></item><item><title><![CDATA[Attacking Evil Regex: Understanding Regular Expression Denial of Service Attacks (ReDoS)]]></title><description><![CDATA[A quick look at how Regular Expression Denial of Service Attacks work and what you need to be aware of.]]></description><link>https://sec.okta.com/articles/2020/04/attacking-evil-regex-understanding-regular-expression-denial-service/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/04/attacking-evil-regex-understanding-regular-expression-denial-service/</guid><pubDate>Thu, 09 Apr 2020 20:05:16 GMT</pubDate></item><item><title><![CDATA[A Quick Introduction to Regular Expressions for Security Professionals]]></title><description><![CDATA[A short introduction to regex. We'll explain how to use it and why it's so helpful for security analysis.]]></description><link>https://sec.okta.com/articles/2020/04/quick-introduction-regular-expressions-security-professionals/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/04/quick-introduction-regular-expressions-security-professionals/</guid><pubDate>Thu, 02 Apr 2020 16:52:45 GMT</pubDate></item><item><title><![CDATA[How the COVID-19 Pandemic Has Dramatically Changed the Cybersecurity Landscape]]></title><description><![CDATA[Over the past two decades working in the security space, I’ve observed that there’s always an uptick in attackers looking to exploit the chaos during disasters or periods of civil unrest or political instability. As people panic or try to act with mo ...]]></description><link>https://sec.okta.com/articles/2020/03/how-covid-19-pandemic-has-dramatically-changed-cybersecurity/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/03/how-covid-19-pandemic-has-dramatically-changed-cybersecurity/</guid><pubDate>Mon, 30 Mar 2020 20:00:12 GMT</pubDate></item><item><title><![CDATA[The Case for Host Security Logs]]></title><description><![CDATA[A look at why host security logs should be at the top of your list when establishing a security program.]]></description><link>https://sec.okta.com/articles/2020/01/case-host-security-logs/</link><guid isPermaLink="false">https://sec.okta.com/articles/2020/01/case-host-security-logs/</guid><pubDate>Fri, 31 Jan 2020 16:46:12 GMT</pubDate></item><item><title><![CDATA[Using hack_url_re to Auto Detect Website Spoofing Vulnerabilities]]></title><description><![CDATA[Phishing attacks often spoof websites in order to steal passwords, tricking users into entering credentials to a website that looks identical to the one they routinetly access. To avoid such trickery, account holders can trust their passwords to pass ...]]></description><link>https://sec.okta.com/articles/2018/10/using-hackurlre-to-auto-detect-website-spoofing-vulnerabilities/</link><guid isPermaLink="false">https://sec.okta.com/articles/2018/10/using-hackurlre-to-auto-detect-website-spoofing-vulnerabilities/</guid><pubDate>Wed, 10 Oct 2018 00:34:18 GMT</pubDate></item><item><title><![CDATA[Multi-Factor Mixup: Who Were You Again?]]></title><description><![CDATA[Summary: A weakness in the Microsoft ADFS protocol for integration with MFA products allows a second factor for one account to be used for second-factor authentication to all other accounts in an organization. After being notified about the vulnerabi ...]]></description><link>https://sec.okta.com/articles/2018/08/multi-factor-authentication-microsoft-adfs-vulnerability/</link><guid isPermaLink="false">https://sec.okta.com/articles/2018/08/multi-factor-authentication-microsoft-adfs-vulnerability/</guid><pubDate>Tue, 14 Aug 2018 21:34:05 GMT</pubDate></item><item><title><![CDATA[I can be Apple, and so can you]]></title><description><![CDATA[A Public Disclosure of Issues Around Third Party Code Signing Checks Summary: A bypass found in third party developers’ interpretation of code signing API allowed for unsigned malicious code to appear to be signed by Apple. Known affected vendors and ...]]></description><link>https://sec.okta.com/articles/2018/06/issues-around-third-party-apple-code-signing-checks/</link><guid isPermaLink="false">https://sec.okta.com/articles/2018/06/issues-around-third-party-apple-code-signing-checks/</guid><pubDate>Tue, 12 Jun 2018 12:02:41 GMT</pubDate></item><item><title><![CDATA[Hey Chef, What's the Length of your Encrypted Password?]]></title><description><![CDATA[TL;DR This post takes a quick look at Chef Data-Bags and SaltStack Pillar (GPG.Renderer) and identifies methods to determine if encrypted information leaks details about the plaintext, such as password length, that could aid an attacker. Introduction ...]]></description><link>https://sec.okta.com/articles/2017/09/hey-chef-whats-the-length-of-your-encrypted-password/</link><guid isPermaLink="false">https://sec.okta.com/articles/2017/09/hey-chef-whats-the-length-of-your-encrypted-password/</guid><pubDate>Wed, 20 Sep 2017 22:49:26 GMT</pubDate></item><item><title><![CDATA[Teaching Shellcode New Tricks - DEF CON 25 Addition]]></title><description><![CDATA[My REcon Brussels talk of the same title was accepted for DEF CON 25. It was supposed to be a release of x64 bit Import Address Table (IAT) based payload parsing stubs to get them into the Metasploit Framework as a feature. It was supposed to be stra ...]]></description><link>https://sec.okta.com/articles/2017/07/teaching-shellcode-new-tricks-def-con-25-addition/</link><guid isPermaLink="false">https://sec.okta.com/articles/2017/07/teaching-shellcode-new-tricks-def-con-25-addition/</guid><pubDate>Fri, 28 Jul 2017 21:30:00 GMT</pubDate></item><item><title><![CDATA[Down the SAML Code]]></title><description><![CDATA[Working for an identity company like Okta forces you to constantly be aware of new, old and obscure authentication methods — and also encourages you to dive deep into the underlying protocol to discover whether engineers have correctly implemented th ...]]></description><link>https://sec.okta.com/articles/2017/05/down-saml-code/</link><guid isPermaLink="false">https://sec.okta.com/articles/2017/05/down-saml-code/</guid><pubDate>Wed, 03 May 2017 18:45:20 GMT</pubDate></item><item><title><![CDATA[Fido: Teaching Old Shellcode New Tricks]]></title><description><![CDATA[Last month at the initial REcon Security Conference in Brussels, I gave a talk on ‘Teaching Old Shellcode New Tricks’ or breathing new life into existing MetaSploit Framework (MSF) Windows exploit payloads. During the talk, I released Fido, a tool th ...]]></description><link>https://sec.okta.com/articles/2017/02/fido-teaching-old-shellcode-new-tricks/</link><guid isPermaLink="false">https://sec.okta.com/articles/2017/02/fido-teaching-old-shellcode-new-tricks/</guid><pubDate>Thu, 16 Feb 2017 19:07:51 GMT</pubDate></item><item><title><![CDATA[A Peek at 0patch]]></title><description><![CDATA[TL;DRThere has been some recent buzz around hot-patching with 0patch and the longevity it could add to end-of-life, unsupported software via crowd sourced community patches. This post provides a primer on hot patching and explores some of the vulnera ...]]></description><link>https://sec.okta.com/articles/2016/11/a-peek-at-0patch/</link><guid isPermaLink="false">https://sec.okta.com/articles/2016/11/a-peek-at-0patch/</guid><pubDate>Fri, 11 Nov 2016 08:09:00 GMT</pubDate></item><item><title><![CDATA[New Vectors, New Keys – Updated EBOWLA]]></title><description><![CDATA[Six months ago, Okta’s Infosec team built on the work of Riordan and Schneier to create an open source, environmentally-targeted keying solution, EBOWLA, for the security community to research, tear apart and learn from. Today, we’re pleased to share ...]]></description><link>https://sec.okta.com/articles/2016/10/new-vectors-new-keys-–-updated-ebowla/</link><guid isPermaLink="false">https://sec.okta.com/articles/2016/10/new-vectors-new-keys-–-updated-ebowla/</guid><pubDate>Mon, 31 Oct 2016 16:00:00 GMT</pubDate></item><item><title><![CDATA[Deploying JAMF Server Software: Just Check the Box]]></title><description><![CDATA[Overview We came across a default setting in JAMF Software Server (JSS), which we believe can put companies leveraging the solution at risk. Organizations should make sure they have enabled a very simple configuration setting, e.g. checking a box. We ...]]></description><link>https://sec.okta.com/articles/2016/09/deploying-jamf-server-software-just-check-the-box/</link><guid isPermaLink="false">https://sec.okta.com/articles/2016/09/deploying-jamf-server-software-just-check-the-box/</guid><pubDate>Thu, 08 Sep 2016 16:00:00 GMT</pubDate></item><item><title><![CDATA[The EMET Serendipity: EMET's (In)Effectiveness Against Non-Exploitation Uses]]></title><description><![CDATA[TL;DR This post discusses a method of bypassing Microsoft’s Enhanced Mitigation Toolkit (EMET) protections post Address Space Layout Randomization/Data Execution Prevention (ASLR/DEP) protections. The closer your position independent execution shellc ...]]></description><link>https://sec.okta.com/articles/2016/07/the-emet-serendipity-emets-ineffectiveness-against-non-exploitation-uses/</link><guid isPermaLink="false">https://sec.okta.com/articles/2016/07/the-emet-serendipity-emets-ineffectiveness-against-non-exploitation-uses/</guid><pubDate>Fri, 01 Jul 2016 20:13:17 GMT</pubDate></item><item><title><![CDATA[DIY Genetic Malware: EBOWLA]]></title><description><![CDATA[Back in 1998, the year that Mongolia went from a 46 hour to a 40 hour work week, another ground breaking event happened— the publishing of Environmental Key Generation towards Clueless Agents by Riordan and Schneier. This paper discussed using enviro ...]]></description><link>https://sec.okta.com/articles/2016/06/diy-genetic-malware-ebowla/</link><guid isPermaLink="false">https://sec.okta.com/articles/2016/06/diy-genetic-malware-ebowla/</guid><pubDate>Tue, 14 Jun 2016 16:00:00 GMT</pubDate></item></channel></rss>