News

Okta support system breach and Google Ads fake KeePass campaign

Dan Virgillito
October 23, 2023 by
Dan Virgillito

Okta discloses support system hack caused by stolen credentials, researchers identify fake KeePass site using Google Ads to spread malware and the North Korean IT scam crackdown. Catch all this and more in this week’s edition of Cybersecurity Weekly.

Should you pay the ransom?

Should you pay the ransom?

Download The Ransomware Paper for real-world ransomware examples, mistakes and lessons learned.

1. Okta says hackers used stolen credentials to breach its support system

Software vendor Okta revealed a breach in its support management system last week. Attackers accessed customer files containing cookies and session tokens using stolen credentials. David Bradbury, Okta's Chief Security Officer, confirmed the primary Okta service remains secure. The system in question stored HTTP Archive (HAR) files potentially laden with sensitive data, posing a risk of impersonation by malicious actors. In response, Okta advised customers to clean HAR files before sharing, revoked compromised session tokens and notified affected customers.

Read more »

2. Researchers identify fake KeePass site using Google Ads and Punycode to distribute malware

Malwarebytes recently discovered a Google Ads campaign promoting a fake KeePass download site. The campaign used Punycode to imitate the official KeePass domain, misleading even cautious users. Those duped downloaded malware-laden KeePass installers. Researchers found similar deceptive ads and noted other software, such as WinSCP and PyCharm Professional, were also targeted.

Read more »

3. U.S. DoJ cracks down on North Korean IT workers using deceptive schemes

The U.S. Department of Justice has seized 17 domains linked to North Korean IT workers accused of defrauding businesses, evading sanctions and funding North Korea's missile program. Confiscating $1.5 million from the operations, these workers, predominantly in China and Russia, posed as legitimate IT professionals to channel funds to North Korea. The domains mimicked authentic U.S. IT companies, prompting the FBI to advise firms to thoroughly vet IT recruits.

Read more »

4. TetrisPhantom threat actors steal data from encrypted USBs on government computers

Security experts have identified 'TetrisPhantom' as a sophisticated threat utilizing compromised secure USB drives to infiltrate Asia-Pacific government systems. These USBs contain encrypted files, with hackers using decryption software like UTetris.exe. to gain access. Recent findings highlight trojanized UTetris versions on these drives, targeting APAC governments for years. With espionage as its main objective, TetrisPhantom appears to have a specific focus on certain government entities.

Read more » 

5. Casio reveals data breach impacting users across 149 nations

Casio has reported a security breach affecting its ClassPad.net education platform. Intruders accessed a database, compromising details of over 90,000 Japanese customers, including 1,108 educational entities, and data from 35,049 international customers across 149 countries. The information exposed includes names, emails, residence countries, service usage and purchase specifics. Casio cited disabled network security settings due to operational errors as the cause.

Read more »

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Dan Virgillito
Dan Virgillito

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news.