Okta explains hack source and response timeline. Looney Tunables now being exploited. Lazarus Group uses KandyKorn against blockchain engineers. Cyber attack via Discord and attacks on mortgage company and Ontario hospitals. Ransomware attacks on hospitals and American Airlines pilots union.
Ensure vigilant monitoring and better security measures to prevent breaches caused by internal lapses.
Regularly patch vulnerabilities and implement robust security measures to protect cloud-native infrastructures from threats like Kinsing.
Deep dives
Okta explains hack source and response timeline
Okta's security head, David Bradbury, attributes a recent hack to an internal lapse where an employee signed into their personal Google account on a work laptop, inadvertently saving the username and password of the service account. Okta discovered the compromised account two weeks after being notified by OnePassword and Cloudflare, attributing the delay to the inability to identify suspicious downloads in logs. The incident highlights the need for better security measures and vigilant monitoring to prevent such breaches.
Looney Toonables exploited by Kinsing group
Cloud security researchers at Aqua have uncovered actors exploiting the Linux vulnerability known as Looney Toonables, targeting cloud native environments like Kubernetes clusters, Docker API, Redis servers, and Jenkins servers. The group, identified as Kinsing, poses a significant threat to these environments. This emphasizes the importance of regularly patching vulnerabilities and ensures robust security measures to protect cloud-native infrastructures.
Lazarus Group uses KandyKorn against blockchain engineers
Thanks to today's episode sponsor, OffSec
And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th.During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce.Save your seat and equip yourself with actionable takeaways to help shape the future of your organization's security.Register now at offsec.com/evolve
For the stories behind the headlines, head to CISOseries.com.
Get the Snipd podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered podcast player
Listen to all your favourite podcasts with AI-powered features
Discover highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share & Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered podcast player
Listen to all your favourite podcasts with AI-powered features
Discover highlights
Listen to the best highlights from the podcasts you love and dive into the full episode