Why Okta Hack is a Big Deal: What You Need to Know
Рет қаралды 2,087
2 жыл бұрынLAPSUS$, a ransomware gang, announced that they had superuser access to Okta. To prove their unfettered access to Okta’s backend, they published a bunch of screenshots on their Telegram channel. The screenshots show that hackers gained access to Okta.com backend and several SaaS providers, like Jira and Salesforce, that Okta uses to run their services. Let me back up a little bit. Okta is a San Francisco-based identity and access management provider. They offer services like Single Sign-On or SSO and Multi-factor Authentication or MFA to thousands of enterprise customers. They are a leader in Gartner’s Magic Quadrant for IAM with over 30% market share. They compete with the likes of Microsoft, Ping Identity and OneLogin.
Okta is a Federal Risk and Authorization Management Program (FedRAMP) approved identity vendor.
#lapsus #Okta #identity
★★ WHO AM I ★★
bit.ly/3qZsCLm
/ afaqmkhan
@julianaceansah8316 Жыл бұрын
Nice concise summary of the incident and your concluding comments on how Okta did not manage this incident in the right way resulting in loss of confidence, huge fall in share price and how Lapsus$ has taunted the company with super user access.
@Melosmom 2 жыл бұрын
I think the issues we often overlook is is third party engagements....
@technologyleadership3132 2 жыл бұрын
Indeed. It is the equivalent of using third party open source libraries when building an app. It is safe to assume that some part of your Attack surface is always up for grab.
@technologyleadership3132 2 жыл бұрын
What's your take on the Okta hack? Let's talk. If you liked the video, hit the Like button Will Smith style ;)
@Melosmom 2 жыл бұрын
Hahahha will smith style
@skepticalsheep 2 жыл бұрын
are you saying he done good ?
@skepticalsheep 2 жыл бұрын
i get it, its funny but what he did was barbaric .
@technologyleadership3132 2 жыл бұрын
There is some prior history among them. But based on the actual footage, IMO both crossed the line. We all saw a “joke”, but the husband (Will) saw pain on wife’s face who was trying to hold back tears. None justifies an assault.
@skepticalsheep 2 жыл бұрын
@@technologyleadership3132 I believe wise people don't act on emotions.
@skepticalsheep 2 жыл бұрын
Hi Afagh. what Okta should have done to prevent this hack on their 3rd party contracts?
@technologyleadership3132 2 жыл бұрын
No matter what you do, virtually there is no prevention. There will always be some unmanaged attack surface out there. It is a tall order. Okta could have done the following: 1. Use External Attack Surface Management (EASM) solution (e.g. Cyberpion) 2. As you alluded to, the contract should include cyber incident response. It won't stop attacks but it does help to have a clear well-documented process if and when a third party is compromised. It is just getting started, there will be a lot more collateral damage. Identity management cannot work without Trust. www.wired.com/story/lapsus-okta-hack-sitel-leak/
@skepticalsheep 2 жыл бұрын
@@technologyleadership3132 never heard about EASM, interesting.
@Dr.Octogon Жыл бұрын
@@technologyleadership3132 That particular technology would not have been effective here and there are a few points in this video that was not accurate.
@billytheweasel Жыл бұрын
Ugh, my IRA account requires Okta or Google Authenticator. Is Google Authenticator trustworthy? (checking your vids now, lol)
@winiikumari4411 10 ай бұрын
Okta are real platform?
Comedy Club
Рет қаралды 6 МЛН
Ash Anderson
Рет қаралды 365
Elestio
Рет қаралды 2,8 М.